diff --git a/apps/asn1parse.c b/apps/asn1parse.c index 5f1d955807..4f882396d0 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv) dump = strtol(opt_arg(), NULL, 0); break; case OPT_STRPARSE: - sk_OPENSSL_STRING_push(osk, opt_arg()); + if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0) + goto end; break; case OPT_GENSTR: genstr = opt_arg(); diff --git a/apps/cms.c b/apps/cms.c index c225f07ac0..b1ce8a8bd0 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -505,13 +505,15 @@ int cms_main(int argc, char **argv) if (rr_from == NULL && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_from, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0) + goto end; break; case OPT_RR_TO: if (rr_to == NULL && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(rr_to, opt_arg()); + if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0) + goto end; break; case OPT_PRINT: noout = print = 1; @@ -588,13 +590,15 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -612,12 +616,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -671,7 +677,8 @@ int cms_main(int argc, char **argv) key_param->next = nparam; key_param = nparam; } - sk_OPENSSL_STRING_push(key_param->param, opt_arg()); + if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0) + goto end; break; case OPT_V_CASES: if (!opt_verify(o, vpm)) @@ -758,12 +765,14 @@ int cms_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (keyfile == NULL) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); @@ -1045,8 +1054,15 @@ int cms_main(int argc, char **argv) pwri_tmp = NULL; } if (!(flags & CMS_STREAM)) { - if (!CMS_final(cms, in, NULL, flags)) + if (!CMS_final(cms, in, NULL, flags)) { + if (originator != NULL + && ERR_GET_REASON(ERR_peek_error()) + == CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) { + BIO_printf(bio_err, "Cannot use originator for encryption\n"); + goto end; + } goto end; + } } } else if (operation == SMIME_ENCRYPTED_ENCRYPT) { cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key, @@ -1297,6 +1313,7 @@ int cms_main(int argc, char **argv) X509_free(cert); X509_free(recip); X509_free(signer); + X509_free(originator); EVP_PKEY_free(key); EVP_CIPHER_free(cipher); EVP_CIPHER_free(wrap_cipher); diff --git a/apps/engine.c b/apps/engine.c index c3e8e4a27b..c1943bf3ab 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -352,10 +352,12 @@ int engine_main(int argc, char **argv) test_avail++; break; case OPT_PRE: - sk_OPENSSL_STRING_push(pre_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0) + goto end; break; case OPT_POST: - sk_OPENSSL_STRING_push(post_cmds, opt_arg()); + if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0) + goto end; break; } } diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 4ae8d8a1b9..e94c5d6121 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -243,10 +243,10 @@ static const char *get_sigtype(int nid) return "ECDSA"; case NID_ED25519: - return "Ed25519"; + return "ed25519"; case NID_ED448: - return "Ed448"; + return "ed448"; case NID_id_GostR3410_2001: return "gost2001"; @@ -292,6 +292,26 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared) SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash); if (i) BIO_puts(out, ":"); + switch (rsign | rhash << 8) { + case 0x0809: + BIO_puts(out, "rsa_pss_pss_sha256"); + continue; + case 0x080a: + BIO_puts(out, "rsa_pss_pss_sha384"); + continue; + case 0x080b: + BIO_puts(out, "rsa_pss_pss_sha512"); + continue; + case 0x081a: + BIO_puts(out, "ecdsa_brainpoolP256r1_sha256"); + continue; + case 0x081b: + BIO_puts(out, "ecdsa_brainpoolP384r1_sha384"); + continue; + case 0x081c: + BIO_puts(out, "ecdsa_brainpoolP512r1_sha512"); + continue; + } sstr = get_sigtype(sign_nid); if (sstr) BIO_printf(out, "%s", sstr); diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index f7454053cf..a1935bcce2 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -410,6 +410,12 @@ int do_server(int *accept_sock, const char *host, const char *port, BIO_closesocket(asock); break; } + + if (naccept != -1) + naccept--; + if (naccept == 0) + BIO_closesocket(asock); + BIO_set_tcp_ndelay(sock, 1); i = (*cb)(sock, type, protocol, context); @@ -440,11 +446,12 @@ int do_server(int *accept_sock, const char *host, const char *port, BIO_closesocket(sock); } else { + if (naccept != -1) + naccept--; + i = (*cb)(asock, type, protocol, context); } - if (naccept != -1) - naccept--; if (i < 0 || naccept == 0) { BIO_closesocket(asock); ret = i; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index afdb719ccd..9964faf21a 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -328,7 +328,8 @@ int pkcs12_main(int argc, char **argv) if (canames == NULL && (canames = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(canames, opt_arg()); + if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0) + goto end; break; case OPT_IN: infile = opt_arg(); @@ -829,6 +830,12 @@ int pkcs12_main(int argc, char **argv) const ASN1_OBJECT *macobj; PKCS12_get0_mac(NULL, &macalgid, NULL, NULL, p12); + + if (macalgid == NULL) { + BIO_printf(bio_err, "Warning: MAC is absent!\n"); + goto dump; + } + X509_ALGOR_get0(&macobj, NULL, NULL, macalgid); if (OBJ_obj2nid(macobj) != NID_pbmac1) { diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index b73ef3297b..6e301e50d8 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,7 +65,7 @@ const OPTIONS pkeyutl_options[] = { {"verify", OPT_VERIFY, '-', "Verify with public key"}, {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"}, - {"derive", OPT_DERIVE, '-', "Derive shared secret"}, + {"derive", OPT_DERIVE, '-', "Derive shared secret from own and peer (EC)DH keys"}, {"decap", OPT_DECAP, '-', "Decapsulate shared secret"}, {"encap", OPT_ENCAP, '-', "Encapsulate shared secret"}, OPT_CONFIG_OPTION, @@ -86,10 +86,11 @@ const OPTIONS pkeyutl_options[] = { OPT_SECTION("Output"), {"out", OPT_OUT, '>', "Output file - default stdout"}, {"secret", OPT_SECOUT, '>', "File to store secret on encapsulation"}, - {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"}, + {"asn1parse", OPT_ASN1PARSE, '-', + "parse the output as ASN.1 data to check its DER encoding and print errors"}, {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, {"verifyrecover", OPT_VERIFYRECOVER, '-', - "Verify with public key, recover original data"}, + "Verify RSA signature, recovering original signature input data"}, OPT_SECTION("Signing/Derivation/Encapsulation"), {"digest", OPT_DIGEST, 's', @@ -309,7 +310,11 @@ int pkeyutl_main(int argc, char **argv) goto opthelp; } else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) { BIO_printf(bio_err, - "%s: no peer key given (-peerkey parameter).\n", prog); + "%s: -peerkey option not allowed without -derive.\n", prog); + goto opthelp; + } else if (peerkey == NULL && pkey_op == EVP_PKEY_OP_DERIVE) { + BIO_printf(bio_err, + "%s: missing -peerkey option for -derive operation.\n", prog); goto opthelp; } @@ -705,9 +710,10 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, ENGINE *e) { + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); EVP_PKEY *peer = NULL; ENGINE *engine = NULL; - int ret; + int ret = 1; if (peerform == FORMAT_ENGINE) engine = e; @@ -716,8 +722,14 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, BIO_printf(bio_err, "Error reading peer key %s\n", file); return 0; } - - ret = EVP_PKEY_derive_set_peer(ctx, peer) > 0; + if (strcmp(EVP_PKEY_get0_type_name(peer), EVP_PKEY_get0_type_name(pkey)) != 0) { + BIO_printf(bio_err, + "Type of peer public key: %s does not match type of private key: %s\n", + EVP_PKEY_get0_type_name(peer), EVP_PKEY_get0_type_name(pkey)); + ret = 0; + } else { + ret = EVP_PKEY_derive_set_peer(ctx, peer) > 0; + } EVP_PKEY_free(peer); return ret; diff --git a/apps/smime.c b/apps/smime.c index d5a4feb489..e412ed285a 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -315,13 +315,15 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (keyfile == NULL) keyfile = signerfile; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; keyfile = NULL; } signerfile = opt_arg(); @@ -346,12 +348,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; signerfile = NULL; if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } keyfile = opt_arg(); break; @@ -424,12 +428,14 @@ int smime_main(int argc, char **argv) if (sksigners == NULL && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); + if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0) + goto end; if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (!keyfile) keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); + if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0) + goto end; } if (sksigners == NULL) { BIO_printf(bio_err, "No signer certificate specified\n"); diff --git a/apps/speed.c b/apps/speed.c index be4b8c570f..6f392d2ade 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -514,6 +514,14 @@ static double sigs_results[MAX_SIG_NUM][3]; /* keygen, sign, verify */ #define COND(unused_cond) (run && count < (testmode ? 1 : INT_MAX)) #define COUNT(d) (count) +#define TAG_LEN 16 + +static unsigned int mode_op; /* AE Mode of operation */ +static unsigned int aead = 0; /* AEAD flag */ +static unsigned char aead_iv[12]; /* For AEAD modes */ +static unsigned char aad[EVP_AEAD_TLS1_AAD_LEN] = { 0xcc }; +static int aead_ivlen = sizeof(aead_iv); + typedef struct loopargs_st { ASYNC_JOB *inprogress_job; ASYNC_WAIT_CTX *wait_ctx; @@ -522,6 +530,7 @@ typedef struct loopargs_st { unsigned char *buf_malloc; unsigned char *buf2_malloc; unsigned char *key; + unsigned char tag[TAG_LEN]; size_t buflen; size_t sigsize; size_t encsize; @@ -874,12 +883,8 @@ static int EVP_Update_loop(void *args) unsigned char *buf = tempargs->buf; EVP_CIPHER_CTX *ctx = tempargs->ctx; int outl, count, rc; - unsigned char faketag[16] = { 0xcc }; if (decrypt) { - if (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) { - (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(faketag), faketag); - } for (count = 0; COND(c[D_EVP][testnum]); count++) { rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); if (rc != 1) { @@ -907,44 +912,71 @@ static int EVP_Update_loop(void *args) } /* + * To make AEAD benchmarking more relevant perform TLS-like operations, + * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as + * payload length is not actually limited by 16KB... * CCM does not support streaming. For the purpose of performance measurement, * each message is encrypted using the same (key,iv)-pair. Do not use this * code in your application. */ -static int EVP_Update_loop_ccm(void *args) +static int EVP_Update_loop_aead_enc(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; + unsigned char *key = tempargs->key; EVP_CIPHER_CTX *ctx = tempargs->ctx; - int outl, count, realcount = 0, final; - unsigned char tag[12]; + int outl, count, realcount = 0; - if (decrypt) { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), - tag) > 0 - /* reset iv */ - && EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0 - /* counter is reset on every update */ - && EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0) - realcount++; + for (count = 0; COND(c[D_EVP][testnum]); count++) { + /* Set length of iv (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + aead_ivlen, NULL)) { + BIO_printf(bio_err, "\nFailed to set iv length\n"); + dofail(); + exit(1); + } } - } else { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - /* restore iv length field */ - if (EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]) > 0 - /* counter is reset on every update */ - && EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0) - realcount++; + /* Set tag_len (Not for GCM/SIV at encryption stage) */ + if (mode_op != EVP_CIPH_GCM_MODE + && mode_op != EVP_CIPH_SIV_MODE + && mode_op != EVP_CIPH_GCM_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + TAG_LEN, NULL)) { + BIO_printf(bio_err, "\nFailed to set tag length\n"); + dofail(); + exit(1); + } + } + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) { + BIO_printf(bio_err, "\nFailed to set key and iv\n"); + dofail(); + exit(1); + } + /* Set total length of input. Only required for CCM */ + if (mode_op == EVP_CIPH_CCM_MODE) { + if (!EVP_EncryptUpdate(ctx, NULL, &outl, + NULL, lengths[testnum])) { + BIO_printf(bio_err, "\nCouldn't set input text length\n"); + dofail(); + exit(1); + } } + if (aead) { + if (!EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) { + BIO_printf(bio_err, "\nCouldn't insert AAD when encrypting\n"); + dofail(); + exit(1); + } + } + if (!EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum])) { + BIO_printf(bio_err, "\nFailed to encrypt the data\n"); + dofail(); + exit(1); + } + if (EVP_EncryptFinal_ex(ctx, buf, &outl)) + realcount++; } - if (decrypt) - final = EVP_DecryptFinal_ex(ctx, buf, &outl); - else - final = EVP_EncryptFinal_ex(ctx, buf, &outl); - - if (final == 0) - BIO_printf(bio_err, "Error finalizing ccm loop\n"); return realcount; } @@ -952,34 +984,87 @@ static int EVP_Update_loop_ccm(void *args) * To make AEAD benchmarking more relevant perform TLS-like operations, * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as * payload length is not actually limited by 16KB... + * CCM does not support streaming. For the purpose of performance measurement, + * each message is decrypted using the same (key,iv)-pair. Do not use this + * code in your application. + * For decryption, we will use buf2 to preserve the input text in buf. */ -static int EVP_Update_loop_aead(void *args) +static int EVP_Update_loop_aead_dec(void *args) { loopargs_t *tempargs = *(loopargs_t **) args; unsigned char *buf = tempargs->buf; + unsigned char *outbuf = tempargs->buf2; + unsigned char *key = tempargs->key; + unsigned char tag[TAG_LEN]; EVP_CIPHER_CTX *ctx = tempargs->ctx; int outl, count, realcount = 0; - unsigned char aad[13] = { 0xcc }; - unsigned char faketag[16] = { 0xcc }; - if (decrypt) { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0 - && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - sizeof(faketag), faketag) > 0 - && EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)) > 0 - && EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0 - && EVP_DecryptFinal_ex(ctx, buf + outl, &outl) > 0) - realcount++; + for (count = 0; COND(c[D_EVP][testnum]); count++) { + /* Set the length of iv (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + aead_ivlen, NULL)) { + BIO_printf(bio_err, "\nFailed to set iv length\n"); + dofail(); + exit(1); + } } - } else { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0 - && EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)) > 0 - && EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0 - && EVP_EncryptFinal_ex(ctx, buf + outl, &outl) > 0) - realcount++; + + /* Set the tag length (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE + && mode_op != EVP_CIPH_GCM_MODE + && mode_op != EVP_CIPH_GCM_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + TAG_LEN, NULL)) { + BIO_printf(bio_err, "\nFailed to set tag length\n"); + dofail(); + exit(1); + } + } + if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) { + BIO_printf(bio_err, "\nFailed to set key and iv\n"); + dofail(); + exit(1); + } + /* Set iv before decryption (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE) { + if (!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, aead_iv)) { + BIO_printf(bio_err, "\nFailed to set iv\n"); + dofail(); + exit(1); + } + } + memcpy(tag, tempargs->tag, TAG_LEN); + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + TAG_LEN, tag)) { + BIO_printf(bio_err, "\nFailed to set tag\n"); + dofail(); + exit(1); + } + /* Set the total length of cipher text. Only required for CCM */ + if (mode_op == EVP_CIPH_CCM_MODE) { + if (!EVP_DecryptUpdate(ctx, NULL, &outl, + NULL, lengths[testnum])) { + BIO_printf(bio_err, "\nCouldn't set cipher text length\n"); + dofail(); + exit(1); + } } + if (aead) { + if (!EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) { + BIO_printf(bio_err, "\nCouldn't insert AAD when decrypting\n"); + dofail(); + exit(1); + } + } + if (!EVP_DecryptUpdate(ctx, outbuf, &outl, buf, lengths[testnum])) { + BIO_printf(bio_err, "\nFailed to decrypt the data\n"); + dofail(); + exit(1); + } + if (EVP_DecryptFinal_ex(ctx, outbuf, &outl)) + realcount++; } return realcount; } @@ -1444,6 +1529,24 @@ static int SIG_verify_loop(void *args) return count; } +static int check_block_size(EVP_CIPHER_CTX *ctx, int length) +{ + const EVP_CIPHER *ciph = EVP_CIPHER_CTX_get0_cipher(ctx); + int blocksize = EVP_CIPHER_CTX_get_block_size(ctx); + + if (ciph == NULL || blocksize <= 0) { + BIO_printf(bio_err, "\nInvalid cipher!\n"); + return 0; + } + if (length % blocksize != 0) { + BIO_printf(bio_err, + "\nRequested encryption length not a multiple of block size for %s!\n", + EVP_CIPHER_get0_name(ciph)); + return 0; + } + return 1; +} + static int run_benchmark(int async_jobs, int (*loop_function) (void *), loopargs_t *loopargs) { @@ -1784,14 +1887,14 @@ int speed_main(int argc, char **argv) OPTION_CHOICE o; int async_init = 0, multiblock = 0, pr_header = 0; uint8_t doit[ALGOR_NUM] = { 0 }; - int ret = 1, misalign = 0, lengths_single = 0, aead = 0; + int ret = 1, misalign = 0, lengths_single = 0; STACK_OF(EVP_KEM) *kem_stack = NULL; STACK_OF(EVP_SIGNATURE) *sig_stack = NULL; long count = 0; unsigned int size_num = SIZE_NUM; unsigned int i, k, loopargs_len = 0, async_jobs = 0; unsigned int idx; - int keylen; + int keylen = 0; int buflen; size_t declen; BIGNUM *bn = NULL; @@ -2664,6 +2767,8 @@ int speed_main(int argc, char **argv) } algindex = D_CBC_DES; for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[D_CBC_DES], lengths[testnum], seconds.sym); Time_F(START); count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); @@ -2684,6 +2789,8 @@ int speed_main(int argc, char **argv) } algindex = D_EDE3_DES; for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[D_EDE3_DES], lengths[testnum], seconds.sym); Time_F(START); count = @@ -2708,6 +2815,8 @@ int speed_main(int argc, char **argv) } for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[algindex], lengths[testnum], seconds.sym); Time_F(START); count = @@ -2733,6 +2842,8 @@ int speed_main(int argc, char **argv) } for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[algindex], lengths[testnum], seconds.sym); Time_F(START); count = @@ -2757,6 +2868,8 @@ int speed_main(int argc, char **argv) } for (testnum = 0; st && testnum < size_num; testnum++) { + if (!check_block_size(loopargs[0].ctx, lengths[testnum])) + break; print_message(names[algindex], lengths[testnum], seconds.sym); Time_F(START); count = @@ -2810,12 +2923,20 @@ int speed_main(int argc, char **argv) } } + /*- + * There are three scenarios for D_EVP: + * 1- Using authenticated encryption (AE) e.g. CCM, GCM, OCB etc. + * 2- Using AE + associated data (AD) i.e. AEAD using CCM, GCM, OCB etc. + * 3- Not using AE or AD e.g. ECB, CBC, CFB etc. + */ if (doit[D_EVP]) { if (evp_cipher != NULL) { - int (*loopfunc) (void *) = EVP_Update_loop; + int (*loopfunc) (void *); + int outlen = 0; + unsigned int ae_mode = 0; - if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { + if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) + & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { multiblock_speed(evp_cipher, lengths_single, &seconds); ret = 0; goto end; @@ -2823,16 +2944,27 @@ int speed_main(int argc, char **argv) names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher); - if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { - loopfunc = EVP_Update_loop_ccm; - } else if (aead && (EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_AEAD_CIPHER)) { - loopfunc = EVP_Update_loop_aead; + mode_op = EVP_CIPHER_get_mode(evp_cipher); + + if (aead) { if (lengths == lengths_list) { lengths = aead_lengths_list; size_num = OSSL_NELEM(aead_lengths_list); } } + if (mode_op == EVP_CIPH_GCM_MODE + || mode_op == EVP_CIPH_CCM_MODE + || mode_op == EVP_CIPH_OCB_MODE + || mode_op == EVP_CIPH_SIV_MODE + || mode_op == EVP_CIPH_GCM_SIV_MODE) { + ae_mode = 1; + if (decrypt) + loopfunc = EVP_Update_loop_aead_dec; + else + loopfunc = EVP_Update_loop_aead_enc; + } else { + loopfunc = EVP_Update_loop; + } for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_EVP], lengths[testnum], seconds.sym); @@ -2843,38 +2975,145 @@ int speed_main(int argc, char **argv) BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n"); exit(1); } + + /* + * For AE modes, we must first encrypt the data to get + * a valid tag that enables us to decrypt. If we don't + * encrypt first, we won't have a valid tag that enables + * authenticity and hence decryption will fail. + */ if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, - NULL, iv, decrypt ? 0 : 1)) { - BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); + NULL, NULL, ae_mode ? 1 : !decrypt)) { + BIO_printf(bio_err, "\nCouldn't init the context\n"); dofail(); exit(1); } + /* Padding isn't needed */ EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx); loopargs[k].key = app_malloc(keylen, "evp_cipher key"); EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); - if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, - loopargs[k].key, NULL, -1)) { - BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); - dofail(); - exit(1); - } - OPENSSL_clear_free(loopargs[k].key, keylen); - /* GCM-SIV/SIV mode only allows for a single Update operation */ - if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE - || EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_GCM_SIV_MODE) - (void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, - EVP_CTRL_SET_SPEED, 1, NULL); + if (!ae_mode) { + if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, + loopargs[k].key, iv, -1)) { + BIO_printf(bio_err, "\nFailed to set the key\n"); + dofail(); + exit(1); + } + } else if (mode_op == EVP_CIPH_SIV_MODE + || mode_op == EVP_CIPH_GCM_SIV_MODE) { + EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_SET_SPEED, 1, NULL); + } + if (ae_mode && decrypt) { + /* Set length of iv (Doesn't apply to SIV mode) */ + if (mode_op != EVP_CIPH_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_AEAD_SET_IVLEN, + aead_ivlen, NULL)) { + BIO_printf(bio_err, "\nFailed to set iv length\n"); + dofail(); + exit(1); + } + } + /* Set tag_len (Not for GCM/SIV at encryption stage) */ + if (mode_op != EVP_CIPH_GCM_MODE + && mode_op != EVP_CIPH_SIV_MODE + && mode_op != EVP_CIPH_GCM_SIV_MODE) { + if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_AEAD_SET_TAG, + TAG_LEN, NULL)) { + BIO_printf(bio_err, + "\nFailed to set tag length\n"); + dofail(); + exit(1); + } + } + if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, + loopargs[k].key, aead_iv, -1)) { + BIO_printf(bio_err, "\nFailed to set the key\n"); + dofail(); + exit(1); + } + /* Set total length of input. Only required for CCM */ + if (mode_op == EVP_CIPH_CCM_MODE) { + if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL, + &outlen, NULL, + lengths[testnum])) { + BIO_printf(bio_err, + "\nCouldn't set input text length\n"); + dofail(); + exit(1); + } + } + if (aead) { + if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL, + &outlen, aad, sizeof(aad))) { + BIO_printf(bio_err, + "\nCouldn't insert AAD when encrypting\n"); + dofail(); + exit(1); + } + } + if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf, + &outlen, loopargs[k].buf, + lengths[testnum])) { + BIO_printf(bio_err, + "\nFailed to to encrypt the data\n"); + dofail(); + exit(1); + } + + if (!EVP_EncryptFinal_ex(loopargs[k].ctx, + loopargs[k].buf, &outlen)) { + BIO_printf(bio_err, + "\nFailed finalize the encryption\n"); + dofail(); + exit(1); + } + + if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, EVP_CTRL_AEAD_GET_TAG, + TAG_LEN, &loopargs[k].tag)) { + BIO_printf(bio_err, "\nFailed to get the tag\n"); + dofail(); + exit(1); + } + + EVP_CIPHER_CTX_free(loopargs[k].ctx); + loopargs[k].ctx = EVP_CIPHER_CTX_new(); + if (loopargs[k].ctx == NULL) { + BIO_printf(bio_err, + "\nEVP_CIPHER_CTX_new failure\n"); + exit(1); + } + if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, + NULL, NULL, NULL, 0)) { + BIO_printf(bio_err, + "\nFailed initializing the context\n"); + dofail(); + exit(1); + } + + EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); + + /* GCM-SIV/SIV only allows for a single Update operation */ + if (mode_op == EVP_CIPH_SIV_MODE + || mode_op == EVP_CIPH_GCM_SIV_MODE) + EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, + EVP_CTRL_SET_SPEED, 1, NULL); + } } Time_F(START); count = run_benchmark(async_jobs, loopfunc, loopargs); d = Time_F(STOP); - for (k = 0; k < loopargs_len; k++) + for (k = 0; k < loopargs_len; k++) { + OPENSSL_clear_free(loopargs[k].key, keylen); EVP_CIPHER_CTX_free(loopargs[k].ctx); + } print_result(D_EVP, testnum, count, d); } } else if (evp_md_name != NULL) { @@ -4852,7 +5091,6 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, print_message(alg_name, mblengths[j], seconds->sym); Time_F(START); for (count = 0; run && COND(count); count++) { - unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; int packlen; diff --git a/crypto/aes/asm/aesv8-armx-64.S b/crypto/aes/asm/aesv8-armx-64.S index df7b0369c5..2f7b8a900b 100644 --- a/crypto/aes/asm/aesv8-armx-64.S +++ b/crypto/aes/asm/aesv8-armx-64.S @@ -2227,7 +2227,7 @@ aes_v8_ctr32_encrypt_blocks_unroll12_eor3: ldp d8,d9,[sp, #16] ldp d10,d11,[sp, #32] ldp d12,d13,[sp, #48] - ldp d15,d16,[sp, #64] + ldp d14,d15,[sp, #64] ldr x29,[sp],#80 ret .size aes_v8_ctr32_encrypt_blocks_unroll12_eor3,.-aes_v8_ctr32_encrypt_blocks_unroll12_eor3 diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index 33a2dd53da..16fbc9b48d 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2493,7 +2493,7 @@ () ldp d8,d9,[sp, #16] ldp d10,d11,[sp, #32] ldp d12,d13,[sp, #48] - ldp d15,d16,[sp, #64] + ldp d14,d15,[sp, #64] ldr x29,[sp],#80 ret .size ${prefix}_ctr32_encrypt_blocks_unroll12_eor3,.-${prefix}_ctr32_encrypt_blocks_unroll12_eor3 diff --git a/crypto/armv4cpuid.S b/crypto/armv4cpuid.S index 2984c8b035..843f3dda55 100644 --- a/crypto/armv4cpuid.S +++ b/crypto/armv4cpuid.S @@ -268,5 +268,5 @@ atomic_add_spinlock: .word 0 #endif -.comm OPENSSL_armcap_P,4,4 + .hidden OPENSSL_armcap_P diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl index 04b342551c..9b933c70c4 100644 --- a/crypto/armv4cpuid.pl +++ b/crypto/armv4cpuid.pl @@ -293,6 +293,7 @@ #endif .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P ___ print $code; diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index d394070632..a87cb15b44 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -36,25 +36,30 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) if (a->data[len - 1]) break; } - j = a->data[len - 1]; - if (j & 0x01) + + if (len == 0) { bits = 0; - else if (j & 0x02) - bits = 1; - else if (j & 0x04) - bits = 2; - else if (j & 0x08) - bits = 3; - else if (j & 0x10) - bits = 4; - else if (j & 0x20) - bits = 5; - else if (j & 0x40) - bits = 6; - else if (j & 0x80) - bits = 7; - else - bits = 0; /* should not happen */ + } else { + j = a->data[len - 1]; + if (j & 0x01) + bits = 0; + else if (j & 0x02) + bits = 1; + else if (j & 0x04) + bits = 2; + else if (j & 0x08) + bits = 3; + else if (j & 0x10) + bits = 4; + else if (j & 0x20) + bits = 5; + else if (j & 0x40) + bits = 6; + else if (j & 0x80) + bits = 7; + else + bits = 0; /* should not happen */ + } } } else bits = 0; diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 99ac2aed11..8f85971130 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,10 +39,10 @@ unsigned long ASN1_STRING_get_default_mask(void) * This function sets the default to various "flavours" of configuration. * based on an ASCII string. Currently this is: * MASK:XXXX : a numerical mask value. - * nobmp : Don't use BMPStrings (just Printable, T61). - * pkix : PKIX recommendation in RFC2459. - * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). - * default: the default value, Printable, T61, BMP. + * default : use Printable, IA5, T61, BMP, and UTF8 string types + * nombstr : any string type except variable-sized BMPStrings or UTF8Strings + * pkix : PKIX recommendation in RFC2459 + * utf8only : this is the default, use UTF8Strings */ int ASN1_STRING_set_default_mask_asc(const char *p) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 7dfbc5faab..194504415d 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -490,9 +490,9 @@ int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) { char *v; - int gmt = 0, l; + int l; struct tm stm; - const char upper_z = 0x5A, period = 0x2E; + const char period = 0x2E; /* ossl_asn1_time_to_tm will check the time type */ if (!ossl_asn1_time_to_tm(&stm, tm)) @@ -500,8 +500,6 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) l = tm->length; v = (char *)tm->data; - if (v[l - 1] == upper_z) - gmt = 1; if (tm->type == V_ASN1_GENERALIZEDTIME) { char *f = NULL; @@ -512,39 +510,36 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) * 'fraction point' in a GeneralizedTime string. */ if (tm->length > 15 && v[14] == period) { - f = &v[14]; - f_len = 1; - while (14 + f_len < l && ossl_ascii_isdigit(f[f_len])) + /* exclude the . itself */ + f = &v[15]; + f_len = 0; + while (15 + f_len < l && ossl_ascii_isdigit(f[f_len])) ++f_len; } - if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { - return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s", - stm.tm_year + 1900, stm.tm_mon + 1, - stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, f_len, f, - (gmt ? "Z" : "")) > 0; - } - else { - return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", - _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900, - (gmt ? " GMT" : "")) > 0; + if (f_len > 0) { + if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { + return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d.%.*sZ", + stm.tm_year + 1900, stm.tm_mon + 1, + stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, f_len, f) > 0; + } else { + return BIO_printf(bp, "%s %2d %02d:%02d:%02d.%.*s %d GMT", + _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, f_len, f, + stm.tm_year + 1900) > 0; + } } - } else { - if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { - return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s", + } + if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { + return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02dZ", stm.tm_year + 1900, stm.tm_mon + 1, stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, - (gmt ? "Z" : "")) > 0; - } - else { - return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", + stm.tm_min, stm.tm_sec) > 0; + } else { + return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d GMT", _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, stm.tm_year + 1900, - (gmt ? " GMT" : "")) > 0; - } + stm.tm_min, stm.tm_sec, stm.tm_year + 1900) > 0; } } diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 6f73449cf4..50b4db97aa 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -499,7 +499,8 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, static int asn1_str2tag(const char *tagstr, int len) { unsigned int i; - static const struct tag_name_st *tntmp, tnst[] = { + const struct tag_name_st *tntmp; + static const struct tag_name_st tnst[] = { ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), ASN1_GEN_STR("NULL", V_ASN1_NULL), diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c index 4b2cef6936..b9b540f7e5 100644 --- a/crypto/bio/bio_addr.c +++ b/crypto/bio/bio_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -571,8 +571,13 @@ int BIO_parse_hostserv(const char *hostserv, char **host, char **service, *service = NULL; } else { *service = OPENSSL_strndup(p, pl); - if (*service == NULL) + if (*service == NULL) { + if (h != NULL && host != NULL) { + OPENSSL_free(*host); + *host = NULL; + } return 0; + } } } diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 272189a9a6..85ab4afe18 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -126,7 +126,7 @@ int BIO_free(BIO *a) if (CRYPTO_DOWN_REF(&a->references, &ret) <= 0) return 0; - REF_PRINT_COUNT("BIO", a); + REF_PRINT_COUNT("BIO", ret, a); if (ret > 0) return 1; REF_ASSERT_ISNT(ret < 0); @@ -191,7 +191,7 @@ int BIO_up_ref(BIO *a) if (CRYPTO_UP_REF(&a->references, &i) <= 0) return 0; - REF_PRINT_COUNT("BIO", a); + REF_PRINT_COUNT("BIO", i, a); REF_ASSERT_ISNT(i < 2); return i > 1; } diff --git a/crypto/bio/bio_sock.c b/crypto/bio/bio_sock.c index ea28fd2826..358014f5d3 100644 --- a/crypto/bio/bio_sock.c +++ b/crypto/bio/bio_sock.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -257,7 +257,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) return INVALID_SOCKET; if (BIO_sock_init() != 1) - return INVALID_SOCKET; + goto err; if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0) goto err; diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 1ab8c5fd70..ea2550859c 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -66,7 +66,7 @@ #undef NO_RECVMSG #define NO_RECVMSG # endif -# if defined(__ANDROID_API__) && __ANDROID_API__ < 21 +# if (defined(__ANDROID_API__) && __ANDROID_API__ < 21) || defined(_AIX) # undef NO_RECVMMSG # define NO_RECVMMSG # endif diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 05d87cfe90..2743a14417 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -235,15 +235,6 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) _setmode(fd, _O_TEXT); else _setmode(fd, _O_BINARY); - /* - * Reports show that ftell() isn't trustable in text mode. - * This has been confirmed as a bug in the Universal C RTL, see - * https://developercommunity.visualstudio.com/content/problem/425878/fseek-ftell-fail-in-text-mode-for-unix-style-text.html - * The suggested work-around from Microsoft engineering is to - * turn off buffering until the bug is resolved. - */ - if ((num & BIO_FP_TEXT) != 0) - setvbuf((FILE *)ptr, NULL, _IONBF, 0); # elif defined(OPENSSL_SYS_MSDOS) int fd = fileno((FILE *)ptr); /* Set correct text/binary mode */ diff --git a/crypto/bn/asm/armv8-mont.S b/crypto/bn/asm/armv8-mont.S index a867dbb2d1..dcaaa63ab7 100644 --- a/crypto/bn/asm/armv8-mont.S +++ b/crypto/bn/asm/armv8-mont.S @@ -16,10 +16,12 @@ bn_mul_mont: cmp x5,#32 b.le .Lscalar_impl #ifndef __KERNEL__ +#ifndef __AARCH64EB__ adrp x17,OPENSSL_armv8_rsa_neonized ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized] cbnz w17, bn_mul8x_mont_neon #endif +#endif .Lscalar_impl: tst x5,#7 diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl index 21ab12bdf0..1641a9880c 100755 --- a/crypto/bn/asm/armv8-mont.pl +++ b/crypto/bn/asm/armv8-mont.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -85,10 +85,12 @@ cmp $num,#32 b.le .Lscalar_impl #ifndef __KERNEL__ +#ifndef __AARCH64EB__ adrp x17,OPENSSL_armv8_rsa_neonized ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized] cbnz w17, bn_mul8x_mont_neon #endif +#endif .Lscalar_impl: tst $num,#7 diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index b876edbfac..862543f167 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, * out by Colin Percival, * http://www.daemonology.net/hyperthreading-considered-harmful/) */ -int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, +int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { @@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, unsigned int t4 = 0; #endif - bn_check_top(a); - bn_check_top(p); - bn_check_top(m); - if (!BN_is_odd(m)) { ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; @@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; } else #endif - if (!BN_from_montgomery(rr, &tmp, mont, ctx)) + if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx)) goto err; ret = 1; err: @@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, return ret; } +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) +{ + bn_check_top(a); + bn_check_top(p); + bn_check_top(m); + if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont)) + return 0; + bn_correct_top(rr); + return 1; +} + int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { diff --git a/crypto/bn/bn_s390x.c b/crypto/bn/bn_s390x.c index 5449143f4f..0b60f4ec1d 100644 --- a/crypto/bn/bn_s390x.c +++ b/crypto/bn/bn_s390x.c @@ -28,7 +28,7 @@ static int s390x_mod_exp_hw(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, size_t size; int res = 0; - if (OPENSSL_s390xcex == -1) + if (OPENSSL_s390xcex == -1 || OPENSSL_s390xcex_nodev) return 0; size = BN_num_bytes(m); buffer = OPENSSL_zalloc(4 * size); @@ -47,12 +47,21 @@ static int s390x_mod_exp_hw(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (ioctl(OPENSSL_s390xcex, ICARSAMODEXPO, &me) != -1) { if (BN_bin2bn(me.outputdata, size, r) != NULL) res = 1; - } else if (errno == EBADF) { - /*- + } else if (errno == EBADF || errno == ENOTTY) { + /* * In this cases, someone (e.g. a sandbox) closed the fd. * Make sure to not further use this hardware acceleration. + * In case of ENOTTY the file descriptor was already reused for another + * file. Do not attempt to use or close that file descriptor anymore. */ OPENSSL_s390xcex = -1; + } else if (errno == ENODEV) { + /* + * No crypto card(s) available to handle RSA requests. + * Make sure to not further use this hardware acceleration, + * but do not close the file descriptor. + */ + OPENSSL_s390xcex_nodev = 1; } dealloc: OPENSSL_clear_free(buffer, 4 * size); @@ -75,7 +84,7 @@ int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q, size_t size, plen, qlen; int res = 0; - if (OPENSSL_s390xcex == -1) + if (OPENSSL_s390xcex == -1 || OPENSSL_s390xcex_nodev) return 0; /*- * Hardware-accelerated CRT can only deal with p>q. Fall back to @@ -115,12 +124,21 @@ int s390x_crt(BIGNUM *r, const BIGNUM *i, const BIGNUM *p, const BIGNUM *q, if (ioctl(OPENSSL_s390xcex, ICARSACRT, &crt) != -1) { if (BN_bin2bn(crt.outputdata, crt.outputdatalength, r) != NULL) res = 1; - } else if (errno == EBADF) { - /*- + } else if (errno == EBADF || errno == ENOTTY) { + /* * In this cases, someone (e.g. a sandbox) closed the fd. * Make sure to not further use this hardware acceleration. + * In case of ENOTTY the file descriptor was already reused for another + * file. Do not attempt to use or close that file descriptor anymore. */ OPENSSL_s390xcex = -1; + } else if (errno == ENODEV) { + /* + * No crypto card(s) available to handle RSA requests. + * Make sure to not further use this hardware acceleration, + * but do not close the file descriptor. + */ + OPENSSL_s390xcex_nodev = 1; } dealloc: OPENSSL_clear_free(buffer, 9 * size + 24); diff --git a/crypto/buildinf.h b/crypto/buildinf.h index 5b136200f1..c2ee462055 100644 --- a/crypto/buildinf.h +++ b/crypto/buildinf.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by util/mkbuildinf.pl * - * Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ */ #define PLATFORM "platform: linux-armv4" -#define DATE "built on: Wed Dec 4 13:03:23 2024 UTC" +#define DATE "built on: Wed Feb 12 11:21:41 2025 UTC" /* * Generate compiler_flags as an array of individual characters. This is a diff --git a/crypto/chacha/asm/chacha-loongarch64.pl b/crypto/chacha/asm/chacha-loongarch64.pl index 48e9b52794..17ca12d2dc 100644 --- a/crypto/chacha/asm/chacha-loongarch64.pl +++ b/crypto/chacha/asm/chacha-loongarch64.pl @@ -1,6 +1,6 @@ #! /usr/bin/env perl # Author: Min Zhou -# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -72,7 +72,7 @@ beqz $len,.Lno_data ori $t3,$zero,64 - la.pcrel $t0,OPENSSL_loongarch_hwcap_P + la.global $t0,OPENSSL_loongarch_hwcap_P ld.w $t0,$t0,0 bleu $len,$t3,.LChaCha20_1x # goto 1x when len <= 64 diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 9628f0500a..f57597b817 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -330,7 +330,7 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) != NULL && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) goto err; - if (ctx->reqExtensions != NULL /* augment/override existing ones */ + if (sk_X509_EXTENSION_num(ctx->reqExtensions) > 0 /* augment/override existing ones */ && X509v3_add_extensions(&exts, ctx->reqExtensions) == NULL) goto err; if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index 9cee01793a..b68ca9c26e 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -35,7 +35,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if (OBJ_obj2nid(aoid) != NID_dhpublicnumber) goto err; /* Only absent parameters allowed in RFC XXXX */ - if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL) + if (atype != V_ASN1_UNDEF && atype != V_ASN1_NULL) goto err; pk = EVP_PKEY_CTX_get0_pkey(pctx); diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index 40aeb7088c..98d6bea5f0 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,77 +20,79 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT), - "certificate already present"}, + "certificate already present"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID), - "certificate has no keyid"}, + "certificate has no keyid"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, + "certificate verify error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_AEAD_SET_TAG_ERROR), - "cipher aead set tag error"}, + "cipher aead set tag error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_GET_TAG), "cipher get tag"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR), - "cipher initialisation error"}, + "cipher initialisation error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), - "cipher parameter initialisation error"}, + "cipher parameter initialisation error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR), - "cms datafinal error"}, + "cms datafinal error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH), - "contentidentifier mismatch"}, + "contentidentifier mismatch"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH), - "content type mismatch"}, + "content type mismatch"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), - "content type not compressed data"}, + "content type not compressed data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), - "content type not enveloped data"}, + "content type not enveloped data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), - "content type not signed data"}, + "content type not signed data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR), - "content verify error"}, + "content verify error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECODE_ERROR), "decode error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY), - "error getting public key"}, + "error getting public key"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), - "error reading messagedigest attribute"}, + "error reading messagedigest attribute"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO), - "error setting recipientinfo"}, + "error setting recipientinfo"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT), + "error unsupported static key agreement"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR), - "ess signing certid mismatch error"}, + "ess signing certid mismatch error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), - "invalid encrypted key length"}, + "invalid encrypted key length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), - "invalid key encryption parameter"}, + "invalid key encryption parameter"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_LABEL), "invalid label"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_OAEP_PARAMETERS), - "invalid oaep parameters"}, + "invalid oaep parameters"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_KDF_PARAMETER_ERROR), - "kdf parameter error"}, + "kdf parameter error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), - "messagedigest attribute wrong length"}, + "messagedigest attribute wrong length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH), - "messagedigest wrong length"}, + "messagedigest wrong length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), - "msgsigdigest verification failure"}, + "msgsigdigest verification failure"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH), - "msgsigdigest wrong length"}, + "msgsigdigest wrong length"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT), - "not a signed receipt"}, + "not a signed receipt"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "not supported for this key type"}, + "not supported for this key type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"}, @@ -100,9 +102,9 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT), - "no matching recipient"}, + "no matching recipient"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE), - "no matching signature"}, + "no matching signature"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"}, @@ -110,59 +112,59 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_OPERATION_UNSUPPORTED), - "operation unsupported"}, + "operation unsupported"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PEER_KEY_ERROR), "peer key error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, + "private key does not match certificate"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR), - "receipt decode error"}, + "receipt decode error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SHARED_INFO_ERROR), "shared info error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, + "signer certificate not found"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA), - "type not compressed data"}, + "type not compressed data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA), - "type not digested data"}, + "type not digested data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA), - "type not encrypted data"}, + "type not encrypted data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA), - "type not enveloped data"}, + "type not enveloped data"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT), - "unable to finalize context"}, + "unable to finalize context"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM), - "unknown digest algorithm"}, + "unknown digest algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), - "unsupported compression algorithm"}, + "unsupported compression algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM), - "unsupported content encryption algorithm"}, + "unsupported content encryption algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, + "unsupported content type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE), - "unsupported encryption type"}, + "unsupported encryption type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM), - "unsupported kek algorithm"}, + "unsupported kek algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), - "unsupported key encryption algorithm"}, + "unsupported key encryption algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_LABEL_SOURCE), - "unsupported label source"}, + "unsupported label source"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE), - "unsupported recipientinfo type"}, + "unsupported recipientinfo type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), - "unsupported recipient type"}, + "unsupported recipient type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM), - "unsupported signature algorithm"}, + "unsupported signature algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE), - "verification failure"}, + "verification failure"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"}, {0, NULL} }; diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index a2f422a78d..8e9e6a5d14 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -502,6 +502,13 @@ int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey); if (!oik->d.originatorKey) return 0; + } else { + /* + * Currently it is not possible to get public key as it is not stored + * during kari initialization. + */ + ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT); + return 0; } /* Initialise KDF algorithm */ if (!ossl_cms_env_asn1_ctrl(ri, 0)) diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c index 1d7cd7e31f..a115a3b900 100644 --- a/crypto/cms/cms_lib.c +++ b/crypto/cms/cms_lib.c @@ -15,6 +15,7 @@ #include #include #include "internal/sizes.h" +#include "internal/cryptlib.h" #include "crypto/x509.h" #include "cms_local.h" @@ -620,59 +621,92 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) { STACK_OF(X509) *certs = NULL; + + if (!ossl_cms_get1_certs_ex(cms, &certs)) + return NULL; + if (sk_X509_num(certs) == 0) { + sk_X509_free(certs); + return NULL; + } + return certs; +} + +int ossl_cms_get1_certs_ex(CMS_ContentInfo *cms, STACK_OF(X509) **certs) +{ CMS_CertificateChoices *cch; STACK_OF(CMS_CertificateChoices) **pcerts; int i, n; + if (certs == NULL) + return 0; + *certs = NULL; pcerts = cms_get0_certificate_choices(cms); if (pcerts == NULL) - return NULL; + return 0; - /* make sure to return NULL only on error */ + /* make sure to return NULL *certs only on error */ n = sk_CMS_CertificateChoices_num(*pcerts); - if ((certs = sk_X509_new_reserve(NULL, n)) == NULL) - return NULL; + if ((*certs = sk_X509_new_reserve(NULL, n)) == NULL) + return 0; for (i = 0; i < n; i++) { cch = sk_CMS_CertificateChoices_value(*pcerts, i); if (cch->type == 0) { - if (!ossl_x509_add_cert_new(&certs, cch->d.certificate, - X509_ADD_FLAG_UP_REF)) { - OSSL_STACK_OF_X509_free(certs); - return NULL; + if (!X509_add_cert(*certs, cch->d.certificate, + X509_ADD_FLAG_UP_REF)) { + OSSL_STACK_OF_X509_free(*certs); + *certs = NULL; + return 0; } } } - return certs; + return 1; } STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) { STACK_OF(X509_CRL) *crls = NULL; + + if (!ossl_cms_get1_crls_ex(cms, &crls)) + return NULL; + if (sk_X509_CRL_num(crls) == 0) { + sk_X509_CRL_free(crls); + return NULL; + } + return crls; +} + +int ossl_cms_get1_crls_ex(CMS_ContentInfo *cms, STACK_OF(X509_CRL) **crls) +{ STACK_OF(CMS_RevocationInfoChoice) **pcrls; CMS_RevocationInfoChoice *rch; int i, n; + if (crls == NULL) + return 0; + *crls = NULL; pcrls = cms_get0_revocation_choices(cms); if (pcrls == NULL) - return NULL; + return 0; - /* make sure to return NULL only on error */ + /* make sure to return NULL *crls only on error */ n = sk_CMS_RevocationInfoChoice_num(*pcrls); - if ((crls = sk_X509_CRL_new_reserve(NULL, n)) == NULL) - return NULL; + if ((*crls = sk_X509_CRL_new_reserve(NULL, n)) == NULL) + return 0; for (i = 0; i < n; i++) { rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i); if (rch->type == 0) { - if (!sk_X509_CRL_push(crls, rch->d.crl) - || !X509_CRL_up_ref(rch->d.crl)) { - sk_X509_CRL_pop_free(crls, X509_CRL_free); - return NULL; + if (!X509_CRL_up_ref(rch->d.crl) + || !ossl_assert(sk_X509_CRL_push(*crls, rch->d.crl))) { + /* push cannot fail on reserved stack */ + sk_X509_CRL_pop_free(*crls, X509_CRL_free); + *crls = NULL; + return 0; } } } - return crls; + return 1; } int ossl_cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h index fd5c7c9a6f..1d03fd7d7e 100644 --- a/crypto/cms/cms_local.h +++ b/crypto/cms/cms_local.h @@ -485,6 +485,9 @@ int ossl_cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt); int ossl_cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt); int ossl_cms_rsa_sign(CMS_SignerInfo *si, int verify); +int ossl_cms_get1_certs_ex(CMS_ContentInfo *cms, STACK_OF(X509) **certs); +int ossl_cms_get1_crls_ex(CMS_ContentInfo *cms, STACK_OF(X509_CRL) **crls); + DECLARE_ASN1_ITEM(CMS_CertificateChoices) DECLARE_ASN1_ITEM(CMS_DigestedData) DECLARE_ASN1_ITEM(CMS_EncryptedData) diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 6b1ab927f5..27abae7461 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -361,7 +361,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, if (si_chains == NULL) goto err; } - if ((untrusted = CMS_get1_certs(cms)) == NULL) + if (!ossl_cms_get1_certs_ex(cms, &untrusted)) goto err; if (sk_X509_num(certs) > 0 && !ossl_x509_add_certs_new(&untrusted, certs, @@ -370,7 +370,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, goto err; if ((flags & CMS_NOCRL) == 0 - && (crls = CMS_get1_crls(cms)) == NULL) + && !ossl_cms_get1_crls_ex(cms, &crls)) goto err; for (i = 0; i < scount; i++) { si = sk_CMS_SignerInfo_value(sinfos, i); diff --git a/crypto/context.c b/crypto/context.c index 96216abcda..271effcefe 100644 --- a/crypto/context.c +++ b/crypto/context.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,17 +57,23 @@ struct ossl_lib_ctx_st { int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx) { - return CRYPTO_THREAD_write_lock(ossl_lib_ctx_get_concrete(ctx)->lock); + if ((ctx = ossl_lib_ctx_get_concrete(ctx)) == NULL) + return 0; + return CRYPTO_THREAD_write_lock(ctx->lock); } int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx) { - return CRYPTO_THREAD_read_lock(ossl_lib_ctx_get_concrete(ctx)->lock); + if ((ctx = ossl_lib_ctx_get_concrete(ctx)) == NULL) + return 0; + return CRYPTO_THREAD_read_lock(ctx->lock); } int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx) { - return CRYPTO_THREAD_unlock(ossl_lib_ctx_get_concrete(ctx)->lock); + if ((ctx = ossl_lib_ctx_get_concrete(ctx)) == NULL) + return 0; + return CRYPTO_THREAD_unlock(ctx->lock); } int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx) @@ -421,7 +427,7 @@ static OSSL_LIB_CTX *get_default_context(void) { OSSL_LIB_CTX *current_defctx = get_thread_default_context(); - if (current_defctx == NULL) + if (current_defctx == NULL && default_context_inited) current_defctx = &default_context_int; return current_defctx; } diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index d311158d77..70715e7d6a 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -120,7 +120,7 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider, * It is *expected* that the put function increments the refcnt * of the passed method. */ - data->mcm->put(data->store, method, provider, algo->algorithm_names, + data->mcm->put(no_store ? data->store : NULL, method, provider, algo->algorithm_names, algo->property_definition, data->mcm_data); /* refcnt-- because we're dropping the reference */ diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c index ead9a38ad7..1083b14d79 100644 --- a/crypto/core_namemap.c +++ b/crypto/core_namemap.c @@ -24,10 +24,8 @@ HT_END_KEY_DEFN(NAMENUM_KEY) * ================== */ -typedef char STRING; -typedef STACK_OF(STRING) NAMES; +typedef STACK_OF(OPENSSL_STRING) NAMES; -DEFINE_STACK_OF(STRING) DEFINE_STACK_OF(NAMES) struct ossl_namemap_st { @@ -49,7 +47,7 @@ static void name_string_free(char *name) static void names_free(NAMES *n) { - sk_STRING_pop_free(n, name_string_free); + sk_OPENSSL_STRING_pop_free(n, name_string_free); } /* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */ @@ -125,17 +123,17 @@ int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, names = sk_NAMES_value(namemap->numnames, number - 1); if (names != NULL) - names = sk_STRING_dup(names); + names = sk_OPENSSL_STRING_dup(names); CRYPTO_THREAD_unlock(namemap->lock); if (names == NULL) return 0; - for (i = 0; i < sk_STRING_num(names); i++) - fn(sk_STRING_value(names, i), data); + for (i = 0; i < sk_OPENSSL_STRING_num(names); i++) + fn(sk_OPENSSL_STRING_value(names, i), data); - sk_STRING_free(names); + sk_OPENSSL_STRING_free(names); return i > 0; } @@ -194,7 +192,7 @@ const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, names = sk_NAMES_value(namemap->numnames, number - 1); if (names != NULL) - ret = sk_STRING_value(names, idx); + ret = sk_OPENSSL_STRING_value(names, idx); CRYPTO_THREAD_unlock(namemap->lock); @@ -216,7 +214,7 @@ static int numname_insert(OSSL_NAMEMAP *namemap, int number, } } else { /* a completely new entry */ - names = sk_STRING_new_null(); + names = sk_OPENSSL_STRING_new_null(); if (names == NULL) return 0; } @@ -224,8 +222,9 @@ static int numname_insert(OSSL_NAMEMAP *namemap, int number, if ((tmpname = OPENSSL_strdup(name)) == NULL) goto err; - if (!sk_STRING_push(names, tmpname)) + if (!sk_OPENSSL_STRING_push(names, tmpname)) goto err; + tmpname = NULL; if (number <= 0) { if (!sk_NAMES_push(namemap->numnames, names)) @@ -236,7 +235,7 @@ static int numname_insert(OSSL_NAMEMAP *namemap, int number, err: if (number <= 0) - sk_STRING_free(names); + sk_OPENSSL_STRING_pop_free(names, name_string_free); OPENSSL_free(tmpname); return 0; } diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 9d5a6b0b6c..93e08b3f8c 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -141,7 +141,7 @@ void DH_free(DH *r) return; CRYPTO_DOWN_REF(&r->references, &i); - REF_PRINT_COUNT("DH", r); + REF_PRINT_COUNT("DH", i, r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -171,7 +171,7 @@ int DH_up_ref(DH *r) if (CRYPTO_UP_REF(&r->references, &i) <= 0) return 0; - REF_PRINT_COUNT("DH", r); + REF_PRINT_COUNT("DH", i, r); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 7997c2ac25..db6e3b059b 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -218,7 +218,7 @@ void DSA_free(DSA *r) return; CRYPTO_DOWN_REF(&r->references, &i); - REF_PRINT_COUNT("DSA", r); + REF_PRINT_COUNT("DSA", i, r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -249,7 +249,7 @@ int DSA_up_ref(DSA *r) if (CRYPTO_UP_REF(&r->references, &i) <= 0) return 0; - REF_PRINT_COUNT("DSA", r); + REF_PRINT_COUNT("DSA", i, r); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 8f3387e9b8..65579cb8b3 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -54,7 +54,7 @@ int DSO_free(DSO *dso) if (CRYPTO_DOWN_REF(&dso->references, &i) <= 0) return 0; - REF_PRINT_COUNT("DSO", dso); + REF_PRINT_COUNT("DSO", i, dso); if (i > 0) return 1; REF_ASSERT_ISNT(i < 0); @@ -96,7 +96,7 @@ int DSO_up_ref(DSO *dso) if (CRYPTO_UP_REF(&dso->references, &i) <= 0) return 0; - REF_PRINT_COUNT("DSO", dso); + REF_PRINT_COUNT("DSO", i, dso); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 05224b31a4..681488e3f3 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -76,7 +76,7 @@ void EC_KEY_free(EC_KEY *r) return; CRYPTO_DOWN_REF(&r->references, &i); - REF_PRINT_COUNT("EC_KEY", r); + REF_PRINT_COUNT("EC_KEY", i, r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -197,7 +197,7 @@ int EC_KEY_up_ref(EC_KEY *r) if (CRYPTO_UP_REF(&r->references, &i) <= 0) return 0; - REF_PRINT_COUNT("EC_KEY", r); + REF_PRINT_COUNT("EC_KEY", i, r); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 284fc05951..23bae07e93 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -21,6 +21,7 @@ #include #include #include "crypto/ec.h" +#include "crypto/bn.h" #include "internal/nelem.h" #include "ec_local.h" @@ -1265,10 +1266,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, if (!BN_sub(e, group->order, e)) goto err; /*- - * Exponent e is public. - * No need for scatter-gather or BN_FLG_CONSTTIME. + * Although the exponent is public we want the result to be + * fixed top. */ - if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data)) + if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data)) goto err; ret = 1; diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 9eb007cdf9..e9092a6c9d 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -85,7 +85,7 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) return; CRYPTO_DOWN_REF(&pre->references, &i); - REF_PRINT_COUNT("EC_ec", pre); + REF_PRINT_COUNT("EC_ec", i, pre); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 325ace67bc..eaf9dddbc8 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1876,7 +1876,7 @@ void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre) return; CRYPTO_DOWN_REF(&pre->references, &i); - REF_PRINT_COUNT("EC_nistp256", pre); + REF_PRINT_COUNT("EC_nistp256", i, pre); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c index e2a0e36488..44ac1cea3d 100644 --- a/crypto/ec/ecp_nistp384.c +++ b/crypto/ec/ecp_nistp384.c @@ -1560,7 +1560,7 @@ void ossl_ec_nistp384_pre_comp_free(NISTP384_PRE_COMP *p) return; CRYPTO_DOWN_REF(&p->references, &i); - REF_PRINT_COUNT("ossl_ec_nistp384", p); + REF_PRINT_COUNT("ossl_ec_nistp384", i, p); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 55ae2651ac..36b1d164f4 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1238,7 +1238,7 @@ void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre) return; CRYPTO_DOWN_REF(&pre->references, &i); - REF_PRINT_COUNT("EC_nistz256", pre); + REF_PRINT_COUNT("EC_nistz256", i, pre); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c index ba725eb573..aeaf5783d1 100644 --- a/crypto/ec/ecx_key.c +++ b/crypto/ec/ecx_key.c @@ -69,7 +69,7 @@ void ossl_ecx_key_free(ECX_KEY *key) return; CRYPTO_DOWN_REF(&key->references, &i); - REF_PRINT_COUNT("ECX_KEY", key); + REF_PRINT_COUNT("ECX_KEY", i, key); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -92,7 +92,7 @@ int ossl_ecx_key_up_ref(ECX_KEY *key) if (CRYPTO_UP_REF(&key->references, &i) <= 0) return 0; - REF_PRINT_COUNT("ECX_KEY", key); + REF_PRINT_COUNT("ECX_KEY", i, key); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c index 29060c5f9d..7b23d71838 100644 --- a/crypto/encode_decode/encoder_pkey.c +++ b/crypto/encode_decode/encoder_pkey.c @@ -189,9 +189,13 @@ encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg) const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder); if (k_prov != e_prov) { + int selection = data->selection; + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; data->encoder_inst = encoder_inst; - if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection, + if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, selection, &encoder_import_cb, data)) return NULL; data->obj = data->constructed_obj; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 8b39e3dec7..cc4fe96218 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -422,7 +422,11 @@ static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, EVP_PKEY *key; fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id); +# if defined(OPENSSL_SYS_WINDOWS) + in = BIO_new_file(key_id, "rb"); +# else in = BIO_new_file(key_id, "r"); +# endif if (!in) return NULL; key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 404be7517a..1e7b56c226 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -331,6 +331,8 @@ CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\ error reading messagedigest attribute CMS_R_ERROR_SETTING_KEY:115:error setting key CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo +CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT:196:\ + error unsupported static key agreement CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR:183:ess signing certid mismatch error CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter @@ -407,17 +409,15 @@ CMS_R_UNWRAP_FAILURE:180:unwrap failure CMS_R_VERIFICATION_FAILURE:158:verification failure CMS_R_WRAP_ERROR:159:wrap error COMP_R_BROTLI_DECODE_ERROR:102:brotli decode error -COMP_R_BROTLI_DEFLATE_ERROR:103:brotli deflate error -COMP_R_BROTLI_ENCODE_ERROR:106:brotli encode error -COMP_R_BROTLI_INFLATE_ERROR:104:brotli inflate error -COMP_R_BROTLI_NOT_SUPPORTED:105:brotli not supported +COMP_R_BROTLI_ENCODE_ERROR:103:brotli encode error +COMP_R_BROTLI_NOT_SUPPORTED:104:brotli not supported COMP_R_ZLIB_DEFLATE_ERROR:99:zlib deflate error COMP_R_ZLIB_INFLATE_ERROR:100:zlib inflate error COMP_R_ZLIB_NOT_SUPPORTED:101:zlib not supported -COMP_R_ZSTD_COMPRESS_ERROR:107:zstd compress error -COMP_R_ZSTD_DECODE_ERROR:108:zstd decode error -COMP_R_ZSTD_DECOMPRESS_ERROR:109:zstd decompress error -COMP_R_ZSTD_NOT_SUPPORTED:110:zstd not supported +COMP_R_ZSTD_COMPRESS_ERROR:105:zstd compress error +COMP_R_ZSTD_DECODE_ERROR:106:zstd decode error +COMP_R_ZSTD_DECOMPRESS_ERROR:107:zstd decompress error +COMP_R_ZSTD_NOT_SUPPORTED:108:zstd not supported CONF_R_ERROR_LOADING_DSO:110:error loading dso CONF_R_INVALID_PRAGMA:122:invalid pragma CONF_R_LIST_CANNOT_BE_NULL:115:list cannot be null diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 406343f0a8..a932d38c06 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -1208,6 +1208,8 @@ static int fix_ecdh_cofactor(enum state state, /* The initial value for |ctx->action_type| must not be zero. */ if (!ossl_assert(ctx->action_type != NONE)) return 0; + } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == NONE) { + ctx->action_type = GET; } if ((ret = default_check(state, translation, ctx)) <= 0) @@ -1233,6 +1235,8 @@ static int fix_ecdh_cofactor(enum state state, } } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { ctx->p1 = -2; + } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) { + ctx->p1 = ret; } return ret; @@ -2868,8 +2872,14 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, /* * In POST, we pass the return value as p1, allowing the fixup_args * function to put it to good use, or maybe affect it. + * + * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented + * as return positive on Success and 0 or negative on falure. There + * maybe parameters (e.g. ecdh_cofactor), which actually return 0 + * as success value. That is why we do POST_PARAMS_TO_CTRL for 0 + * value as well */ - if (ret > 0) { + if (ret >= 0) { ctx.p1 = ret; fixup(POST_PARAMS_TO_CTRL, translation, &ctx); ret = ctx.p1; diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 8845148176..9ab0cb6767 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -738,13 +738,17 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, { EVP_PKEY_CTX *pctx = ctx->pctx; + if (pctx == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return -1; + } + if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) { ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); return 0; } - if (pctx != NULL - && pctx->operation == EVP_PKEY_OP_VERIFYCTX + if (pctx->operation == EVP_PKEY_OP_VERIFYCTX && pctx->op.sig.algctx != NULL && pctx->op.sig.signature != NULL) { if (pctx->op.sig.signature->digest_verify != NULL) { @@ -760,8 +764,8 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, #else } else { /* legacy */ - if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL) - return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); + if (pctx->pmeth != NULL && pctx->pmeth->digestverify != NULL) + return pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); } if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) return -1; diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 09bd185a25..2eb142fa76 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -1671,7 +1671,7 @@ int EVP_PKEY_up_ref(EVP_PKEY *pkey) if (CRYPTO_UP_REF(&pkey->references, &i) <= 0) return 0; - REF_PRINT_COUNT("EVP_PKEY", pkey); + REF_PRINT_COUNT("EVP_PKEY", i, pkey); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -1792,7 +1792,7 @@ void EVP_PKEY_free(EVP_PKEY *x) return; CRYPTO_DOWN_REF(&x->references, &i); - REF_PRINT_COUNT("EVP_PKEY", x); + REF_PRINT_COUNT("EVP_PKEY", i, x); if (i > 0) return; REF_ASSERT_ISNT(i < 0); diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c index 5a403097c4..8dca5584cb 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.c @@ -841,6 +841,7 @@ OSSL_HPKE_CTX *OSSL_HPKE_CTX_new(int mode, OSSL_HPKE_SUITE suite, int role, err: EVP_CIPHER_free(ctx->aead_ciph); + OPENSSL_free(ctx->propq); OPENSSL_free(ctx); return NULL; } diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c index 5cd5bd2ee8..e453778104 100644 --- a/crypto/http/http_lib.c +++ b/crypto/http/http_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -299,7 +299,7 @@ const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, if (proxy == NULL) proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy"); if (proxy == NULL) - proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTP_PROXY : OPENSSL_HTTPS_PROXY); + proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTPS_PROXY : OPENSSL_HTTP_PROXY); if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server)) return NULL; diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index a850df4966..2cd9a219c2 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -957,7 +957,9 @@ $current_segment = ".text"; push(@segment_stack, $current_segment); } - $self->{value} = $current_segment if ($flavour eq "mingw64"); + if ($flavour eq "mingw64" || $flavour eq "macosx") { + $self->{value} = $current_segment; + } } $$line = ""; return $self; diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index e6a2a3c55b..60cc49820f 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -246,8 +246,10 @@ PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, /* Make a PKCS#8 structure */ if ((p8 = EVP_PKEY2PKCS8(key)) == NULL) goto err; - if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) + if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) { + PKCS8_PRIV_KEY_INFO_free(p8); goto err; + } if (nid_key != -1) { /* This call does not take ownership of p8 */ bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0, diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 043a8f9ced..d7c5f1afbe 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -28,6 +28,11 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) /* NOTE(emilia): does not support detached digested data. */ case PKCS7_OP_SET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { + if (p7->d.sign == NULL) { + ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); + ret = 0; + break; + } ret = p7->detached = (int)larg; if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { ASN1_OCTET_STRING *os; diff --git a/crypto/poly1305/asm/poly1305-armv4.S b/crypto/poly1305/asm/poly1305-armv4.S index 220d158925..30c1345d96 100644 --- a/crypto/poly1305/asm/poly1305-armv4.S +++ b/crypto/poly1305/asm/poly1305-armv4.S @@ -1164,4 +1164,5 @@ poly1305_emit_neon: .align 2 #if __ARM_MAX_ARCH__>=7 .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl index b98beefa18..673ea62ec3 100755 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ b/crypto/poly1305/asm/poly1305-armv4.pl @@ -1240,6 +1240,7 @@ .align 2 #if __ARM_MAX_ARCH__>=7 .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 5430290192..d36c778296 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -801,6 +801,9 @@ EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx) return NULL; ctx = ossl_lib_ctx_get_concrete(ctx); + + if (ctx == NULL) + return NULL; /* * If the private is also NULL then this is the first time we've * used this thread. @@ -834,6 +837,9 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx) return NULL; ctx = ossl_lib_ctx_get_concrete(ctx); + + if (ctx == NULL) + return NULL; /* * If the public is also NULL then this is the first time we've * used this thread. diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 071c6245f6..eece0a4f35 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -141,7 +141,7 @@ void RSA_free(RSA *r) return; CRYPTO_DOWN_REF(&r->references, &i); - REF_PRINT_COUNT("RSA", r); + REF_PRINT_COUNT("RSA", i, r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -193,7 +193,7 @@ int RSA_up_ref(RSA *r) if (CRYPTO_UP_REF(&r->references, &i) <= 0) return 0; - REF_PRINT_COUNT("RSA", r); + REF_PRINT_COUNT("RSA", i, r); REF_ASSERT_ISNT(i < 2); return i > 1 ? 1 : 0; } diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h index 2bb82347ff..e8830b7eed 100644 --- a/crypto/s390x_arch.h +++ b/crypto/s390x_arch.h @@ -74,17 +74,21 @@ struct OPENSSL_s390xcap_st { unsigned long long kdsa[2]; }; -#if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) -#endif +# if defined(__GNUC__) && defined(__linux) +__attribute__((visibility("hidden"))) +# endif extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; -#ifdef S390X_MOD_EXP -# if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) -# endif +# ifdef S390X_MOD_EXP +# if defined(__GNUC__) && defined(__linux) +__attribute__((visibility("hidden"))) +# endif extern int OPENSSL_s390xcex; -#endif +# if defined(__GNUC__) && defined(__linux) +__attribute__((visibility("hidden"))) +# endif +extern int OPENSSL_s390xcex_nodev; +# endif /* Max number of 64-bit words currently returned by STFLE */ # define S390X_STFLE_MAX 3 diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c index 7721b5c801..82b2654fb5 100644 --- a/crypto/s390xcap.c +++ b/crypto/s390xcap.c @@ -86,8 +86,8 @@ void OPENSSL_s390x_functions(void); struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; #ifdef S390X_MOD_EXP -static int probe_cex(void); int OPENSSL_s390xcex; +int OPENSSL_s390xcex_nodev; #if defined(__GNUC__) __attribute__ ((visibility("hidden"))) @@ -217,45 +217,12 @@ void OPENSSL_cpuid_setup(void) OPENSSL_s390xcex = -1; } else { OPENSSL_s390xcex = open("/dev/z90crypt", O_RDWR | O_CLOEXEC); - if (probe_cex() == 1) - OPENSSL_atexit(OPENSSL_s390x_cleanup); + OPENSSL_atexit(OPENSSL_s390x_cleanup); } + OPENSSL_s390xcex_nodev = 0; #endif } -#ifdef S390X_MOD_EXP -static int probe_cex(void) -{ - struct ica_rsa_modexpo me; - const unsigned char inval[16] = { - 0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,2 - }; - const unsigned char modulus[16] = { - 0,0,0,0,0,0,0,0, - 0,0,0,0,0,0,0,3 - }; - unsigned char res[16]; - int olderrno; - int rc = 1; - - me.inputdata = (unsigned char *)inval; - me.inputdatalength = sizeof(inval); - me.outputdata = (unsigned char *)res; - me.outputdatalength = sizeof(res); - me.b_key = (unsigned char *)inval; - me.n_modulus = (unsigned char *)modulus; - olderrno = errno; - if (ioctl(OPENSSL_s390xcex, ICARSAMODEXPO, &me) == -1) { - (void)close(OPENSSL_s390xcex); - OPENSSL_s390xcex = -1; - rc = 0; - } - errno = olderrno; - return rc; -} -#endif - static int parse_env(struct OPENSSL_s390xcap_st *cap, int *cex) { /*- diff --git a/crypto/sha/asm/sha1-armv4-large.S b/crypto/sha/asm/sha1-armv4-large.S index ad51d4eef7..da62788226 100644 --- a/crypto/sha/asm/sha1-armv4-large.S +++ b/crypto/sha/asm/sha1-armv4-large.S @@ -1494,4 +1494,5 @@ sha1_block_data_order_armv8: #endif #if __ARM_MAX_ARCH__>=7 .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 2832c5b530..b3a8ec6941 100644 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -708,6 +708,7 @@ () $code.=<<___; #if __ARM_MAX_ARCH__>=7 .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/sha/asm/sha256-armv4.S b/crypto/sha/asm/sha256-armv4.S index 98104d3a28..bf1e6315d0 100644 --- a/crypto/sha/asm/sha256-armv4.S +++ b/crypto/sha/asm/sha256-armv4.S @@ -2818,4 +2818,5 @@ sha256_block_data_order_armv8: .align 2 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index 8bac84b1a8..feb1f26109 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -694,6 +694,7 @@ () .align 2 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/sha/asm/sha512-armv4.S b/crypto/sha/asm/sha512-armv4.S index 3065318274..8ef1dcc735 100644 --- a/crypto/sha/asm/sha512-armv4.S +++ b/crypto/sha/asm/sha512-armv4.S @@ -1872,4 +1872,5 @@ sha512_block_data_order_neon: .align 2 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index c8b8110671..9aa310ffd0 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -661,6 +661,7 @@ () .align 2 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) .extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P #endif ___ diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index a02d30d854..28cf95cc48 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -338,12 +338,10 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); ctx = BN_CTX_new_ex(libctx); - pt = EC_POINT_new(group); - if (ctx == NULL || pt == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); + if (ctx == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); goto done; } - BN_CTX_start(ctx); t = BN_CTX_get(ctx); x1 = BN_CTX_get(ctx); @@ -352,6 +350,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, goto done; } + pt = EC_POINT_new(group); + if (pt == NULL) { + ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); + goto done; + } + /* * B1: verify whether r' in [1,n-1], verification failed if not * B2: verify whether s' in [1,n-1], verification failed if not diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c index b44559e373..c98e775a77 100644 --- a/crypto/threads_pthread.c +++ b/crypto/threads_pthread.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -94,7 +94,7 @@ typedef struct rcu_cb_item *prcu_cb_item; # if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS) \ && !defined(USE_ATOMIC_FALLBACKS) -# if defined(__APPLE__) && defined(__clang__) && defined(__aarch64__) +# if defined(__APPLE__) && defined(__clang__) && defined(__aarch64__) && defined(__LP64__) /* * For pointers, Apple M1 virtualized cpu seems to have some problem using the * ldapr instruction (see https://github.com/openssl/openssl/pull/23974) @@ -102,7 +102,8 @@ typedef struct rcu_cb_item *prcu_cb_item; * atomic loads, which is bad. So, if * 1) We are building on a target that defines __APPLE__ AND * 2) We are building on a target using clang (__clang__) AND - * 3) We are building for an M1 processor (__aarch64__) + * 3) We are building for an M1 processor (__aarch64__) AND + * 4) We are building with 64 bit pointers * Then we should not use __atomic_load_n and instead implement our own * function to issue the ldar instruction instead, which produces the proper * sequencing guarantees @@ -128,6 +129,7 @@ static inline void *apple_atomic_load_n_pvoid(void **p, # define ATOMIC_STORE_N(t, p, v, o) __atomic_store_n(p, v, o) # define ATOMIC_STORE(t, p, v, o) __atomic_store(p, v, o) # define ATOMIC_EXCHANGE_N(t, p, v, o) __atomic_exchange_n(p, v, o) +# define ATOMIC_COMPARE_EXCHANGE_N(t, p, e, d, s, f) __atomic_compare_exchange_n(p, e, d, 0, s, f) # define ATOMIC_ADD_FETCH(p, v, o) __atomic_add_fetch(p, v, o) # define ATOMIC_FETCH_ADD(p, v, o) __atomic_fetch_add(p, v, o) # define ATOMIC_SUB_FETCH(p, v, o) __atomic_sub_fetch(p, v, o) @@ -196,6 +198,23 @@ IMPL_fallback_atomic_exchange_n(prcu_cb_item) # define ATOMIC_EXCHANGE_N(t, p, v, o) fallback_atomic_exchange_n_##t(p, v) +# define IMPL_fallback_atomic_compare_exchange_n(t) \ + static ossl_inline int fallback_atomic_compare_exchange_n_##t(t *p, t *e, t d, s, f) \ + { \ + int ret = 1; \ + pthread_mutex_lock(&atomic_sim_lock); \ + if (*p == *e) \ + *p = d; \ + else \ + ret = 0; \ + pthread_mutex_unlock(&atomic_sim_lock); \ + return ret; \ + } + +IMPL_fallback_atomic_exchange_n(uint64_t) + +# define ATOMIC_COMPARE_EXCHANGE_N(t, p, e, d, s, f) fallback_atomic_compare_exchange_n_##t(p, e, d, s, f) + /* * The fallbacks that follow don't need any per type implementation, as * they are designed for uint64_t only. If there comes a time when multiple @@ -504,6 +523,8 @@ void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock) static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock) { uint64_t new_id; + uint64_t update; + uint64_t ret; uint32_t current_idx; pthread_mutex_lock(&lock->alloc_lock); @@ -536,10 +557,13 @@ static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock) * of this update are published to the read side prior to updating the * reader idx below */ - ATOMIC_AND_FETCH(&lock->qp_group[current_idx].users, ID_MASK, - __ATOMIC_RELEASE); - ATOMIC_OR_FETCH(&lock->qp_group[current_idx].users, new_id, - __ATOMIC_RELEASE); +try_again: + ret = ATOMIC_LOAD_N(uint64_t, &lock->qp_group[current_idx].users, __ATOMIC_ACQUIRE); + update = ret & ID_MASK; + update |= new_id; + if (!ATOMIC_COMPARE_EXCHANGE_N(uint64_t, &lock->qp_group[current_idx].users, &ret, update, + __ATOMIC_ACQ_REL, __ATOMIC_RELAXED)) + goto try_again; /* * Update the reader index to be the prior qp. @@ -665,8 +689,11 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx) { struct rcu_lock_st *new; - if (num_writers < 1) - num_writers = 1; + /* + * We need a minimum of 3 qp's + */ + if (num_writers < 3) + num_writers = 3; ctx = ossl_lib_ctx_get_concrete(ctx); if (ctx == NULL) @@ -682,11 +709,15 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx) pthread_mutex_init(&new->alloc_lock, NULL); pthread_cond_init(&new->prior_signal, NULL); pthread_cond_init(&new->alloc_signal, NULL); - new->qp_group = allocate_new_qp_group(new, num_writers + 1); + /* By default our first writer is already alloced */ + new->writers_alloced = 1; + + new->qp_group = allocate_new_qp_group(new, num_writers); if (new->qp_group == NULL) { OPENSSL_free(new); new = NULL; } + return new; } @@ -993,7 +1024,7 @@ int CRYPTO_atomic_store(uint64_t *dst, uint64_t val, CRYPTO_RWLOCK *lock) } # elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) /* This will work for all future Solaris versions. */ - if (ret != NULL) { + if (dst != NULL) { atomic_swap_64(dst, val); return 1; } diff --git a/crypto/threads_win.c b/crypto/threads_win.c index 83e2a7c774..bcc6098191 100644 --- a/crypto/threads_win.c +++ b/crypto/threads_win.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -159,8 +159,11 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx) { struct rcu_lock_st *new; - if (num_writers < 1) - num_writers = 1; + /* + * We need a minimum of 3 qps + */ + if (num_writers < 3) + num_writers = 3; ctx = ossl_lib_ctx_get_concrete(ctx); if (ctx == NULL) @@ -178,7 +181,9 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx) new->prior_signal = ossl_crypto_condvar_new(); new->alloc_lock = ossl_crypto_mutex_new(); new->prior_lock = ossl_crypto_mutex_new(); - new->qp_group = allocate_new_qp_group(new, num_writers + 1); + new->qp_group = allocate_new_qp_group(new, num_writers); + /* By default the first qp is already alloced */ + new->writers_alloced = 1; if (new->qp_group == NULL || new->alloc_signal == NULL || new->prior_signal == NULL @@ -196,6 +201,7 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx) OPENSSL_free(new); new = NULL; } + return new; } diff --git a/crypto/trace.c b/crypto/trace.c index 51387641de..3e10d91fc2 100644 --- a/crypto/trace.c +++ b/crypto/trace.c @@ -475,7 +475,7 @@ BIO *OSSL_trace_begin(int category) char *prefix = NULL; category = ossl_trace_get_category(category); - if (category < 0) + if (category < 0 || !OSSL_trace_enabled(category)) return NULL; channel = trace_channels[category].bio; diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index cd5b75d3a9..89fbfba128 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -228,7 +228,11 @@ int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type, if (type != X509_FILETYPE_PEM) return X509_load_cert_file_ex(ctx, file, type, libctx, propq); +#if defined(OPENSSL_SYS_WINDOWS) + in = BIO_new_file(file, "rb"); +#else in = BIO_new_file(file, "r"); +#endif if (in == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_BIO_LIB); return 0; diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c index 9ba5b31a44..d1e186f4fc 100644 --- a/crypto/x509/by_store.c +++ b/crypto/x509/by_store.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -122,7 +122,11 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, uris = sk_OPENSSL_STRING_new_null(); X509_LOOKUP_set_method_data(ctx, uris); } - return sk_OPENSSL_STRING_push(uris, data) > 0; + if (sk_OPENSSL_STRING_push(uris, data) <= 0) { + OPENSSL_free(data); + return 0; + } + return 1; } /* NOP if no URI is given. */ return 1; diff --git a/crypto/x509/v3_admis.c b/crypto/x509/v3_admis.c index c3182a71db..8f9e95c44a 100644 --- a/crypto/x509/v3_admis.c +++ b/crypto/x509/v3_admis.c @@ -67,11 +67,10 @@ const X509V3_EXT_METHOD ossl_v3_ext_admission = { NULL /* extension-specific data */ }; - static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in, BIO *bp, int ind) { - NAMING_AUTHORITY *namingAuthority = (NAMING_AUTHORITY*) in; + NAMING_AUTHORITY *namingAuthority = (NAMING_AUTHORITY *) in; if (namingAuthority == NULL) return 0; @@ -81,14 +80,14 @@ static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in, && namingAuthority->namingAuthorityUrl == NULL) return 0; - if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0) + if (BIO_printf(bp, "%*snamingAuthority:\n", ind, "") <= 0) goto err; if (namingAuthority->namingAuthorityId != NULL) { char objbuf[128]; const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId)); - if (BIO_printf(bp, "%*s admissionAuthorityId: ", ind, "") <= 0) + if (BIO_printf(bp, "%*s namingAuthorityId: ", ind, "") <= 0) goto err; OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1); @@ -130,9 +129,10 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, } for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) { - ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i); + ADMISSIONS *entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i); - if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err; + if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) + goto err; if (entry->admissionAuthority != NULL) { if (BIO_printf(bp, "%*s admissionAuthority:\n", ind, "") <= 0 @@ -143,12 +143,12 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, } if (entry->namingAuthority != NULL) { - if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0) + if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind + 2) <= 0) goto err; } for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) { - PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j); + PROFESSION_INFO *pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j); if (BIO_printf(bp, "%*s Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0) goto err; @@ -161,7 +161,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, } if (pinfo->namingAuthority != NULL) { - if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0) + if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 4) <= 0) goto err; } @@ -170,7 +170,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, if (BIO_printf(bp, "%*s Info Entries:\n", ind, "") <= 0) goto err; for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) { - ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k); + ASN1_STRING *val = sk_ASN1_STRING_value(pinfo->professionItems, k); if (BIO_printf(bp, "%*s ", ind, "") <= 0 || ASN1_STRING_print(bp, val) <= 0 @@ -183,7 +183,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, if (BIO_printf(bp, "%*s Profession OIDs:\n", ind, "") <= 0) goto err; for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) { - ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k); + ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k); const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj)); char objbuf[128]; @@ -207,31 +207,29 @@ const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n) return n->namingAuthorityId; } -void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id) +void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT *id) { ASN1_OBJECT_free(n->namingAuthorityId); n->namingAuthorityId = id; } -const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( - const NAMING_AUTHORITY *n) +const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(const NAMING_AUTHORITY *n) { return n->namingAuthorityUrl; } -void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u) +void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING *u) { ASN1_IA5STRING_free(n->namingAuthorityUrl); n->namingAuthorityUrl = u; } -const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( - const NAMING_AUTHORITY *n) +const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(const NAMING_AUTHORITY *n) { return n->namingAuthorityText; } -void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t) +void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING *t) { ASN1_IA5STRING_free(n->namingAuthorityText); n->namingAuthorityText = t; diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c index ae772cdd80..032695c01a 100644 --- a/crypto/x509/v3_crld.c +++ b/crypto/x509/v3_crld.c @@ -424,6 +424,7 @@ static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) if (dpn->type == 0) { BIO_printf(out, "%*sFull Name:\n", indent, ""); OSSL_GENERAL_NAMES_print(out, dpn->name.fullname, indent); + BIO_puts(out, "\n"); } else { X509_NAME ntmp; ntmp.entries = dpn->name.relativename; diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c index 6146062b0d..1e97045a73 100644 --- a/crypto/x509/v3_san.c +++ b/crypto/x509/v3_san.c @@ -336,7 +336,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) { - GENERAL_NAMES *ialt; + GENERAL_NAMES *ialt = NULL; GENERAL_NAME *gen; X509_EXTENSION *ext; int i, num; @@ -371,6 +371,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) return 1; err: + sk_GENERAL_NAME_free(ialt); return 0; } diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 7094280d48..244485cddb 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -196,6 +196,8 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags) ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if (cert == NULL) + return 0; if ((flags & X509_ADD_FLAG_NO_DUP) != 0) { /* * not using sk_X509_set_cmp_func() and sk_X509_find() diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index e7fdf3d6ab..09fa2ee1f7 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -232,7 +232,7 @@ void X509_STORE_free(X509_STORE *xs) if (xs == NULL) return; CRYPTO_DOWN_REF(&xs->references, &i); - REF_PRINT_COUNT("X509_STORE", xs); + REF_PRINT_COUNT("X509_STORE", i, xs); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -260,7 +260,7 @@ int X509_STORE_up_ref(X509_STORE *xs) if (CRYPTO_UP_REF(&xs->references, &i) <= 0) return 0; - REF_PRINT_COUNT("X509_STORE", xs); + REF_PRINT_COUNT("X509_STORE", i, xs); REF_ASSERT_ISNT(i < 2); return i > 1 ? 1 : 0; } diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 2aba0e8c14..0c9df51b3c 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -119,7 +119,7 @@ int X509_up_ref(X509 *x) if (CRYPTO_UP_REF(&x->references, &i) <= 0) return 0; - REF_PRINT_COUNT("X509", x); + REF_PRINT_COUNT("X509", i, x); REF_ASSERT_ISNT(i < 2); return i > 1; } diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 50ab8f66ae..9c4ee2bf5f 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -142,9 +142,9 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, return NULL; } -STACK_OF(X509_EXTENSION) - *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, - const STACK_OF(X509_EXTENSION) *exts) +/* This returns NULL also in non-error case *target == NULL && sk_X509_EXTENSION_num(exts) <= 0 */ +STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, + const STACK_OF(X509_EXTENSION) *exts) { int i; diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 205fe3d6e5..e5dd4d5c3a 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -78,7 +78,7 @@ int X509_CRL_up_ref(X509_CRL *crl) if (CRYPTO_UP_REF(&crl->references, &i) <= 0) return 0; - REF_PRINT_COUNT("X509_CRL", crl); + REF_PRINT_COUNT("X509_CRL", i, crl); REF_ASSERT_ISNT(i < 2); return i > 1; } diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index d3f79591d7..845b53837e 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -204,7 +204,7 @@ int X509_ACERT_sign_ctx(X509_ACERT *x, EVP_MD_CTX *ctx) { return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_ACERT_INFO), &x->sig_alg, &x->acinfo->signature, &x->signature, - &x->acinfo, ctx); + x->acinfo, ctx); } int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) diff --git a/include/crypto/bn.h b/include/crypto/bn.h index 47d9b44f87..7377963900 100644 --- a/include/crypto/bn.h +++ b/include/crypto/bn.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -73,6 +73,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); */ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont); int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, diff --git a/include/crypto/cmserr.h b/include/crypto/cmserr.h index a7fcf11fa9..f53530ae23 100644 --- a/include/crypto/cmserr.h +++ b/include/crypto/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/crypto/riscv_arch.h b/include/crypto/riscv_arch.h index 4b3573f5a3..885842763d 100644 --- a/include/crypto/riscv_arch.h +++ b/include/crypto/riscv_arch.h @@ -15,7 +15,14 @@ # if defined(OPENSSL_SYS_LINUX) && !defined(FIPS_MODULE) # if __has_include() -# define OSSL_RISCV_HWPROBE +# include +# /* + * Some environments using musl are reported to have the hwprobe.h include + * file but not have the __NR_riscv_hwprobe define. + */ +# ifdef __NR_riscv_hwprobe +# define OSSL_RISCV_HWPROBE +# endif # endif # endif diff --git a/include/internal/refcount.h b/include/internal/refcount.h index 5ff45ac980..8de230f343 100644 --- a/include/internal/refcount.h +++ b/include/internal/refcount.h @@ -26,6 +26,12 @@ # define HAVE_ATOMICS 1 +# if defined(__has_feature) +# if __has_feature(thread_sanitizer) +# define OSSL_TSAN_BUILD +# endif +# endif + typedef struct { _Atomic int val; } CRYPTO_REF_COUNT; @@ -48,15 +54,23 @@ static inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) */ static inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = atomic_fetch_sub_explicit(&refcnt->val, 1, memory_order_relaxed) - 1; +# ifdef OSSL_TSAN_BUILD + /* + * TSAN requires acq_rel as it indicates a false positive error when + * the object that contains the refcount is freed otherwise. + */ + *ret = atomic_fetch_sub_explicit(&refcnt->val, 1, memory_order_acq_rel) - 1; +# else + *ret = atomic_fetch_sub_explicit(&refcnt->val, 1, memory_order_release) - 1; if (*ret == 0) atomic_thread_fence(memory_order_acquire); +# endif return 1; } static inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = atomic_load_explicit(&refcnt->val, memory_order_relaxed); + *ret = atomic_load_explicit(&refcnt->val, memory_order_acquire); return 1; } @@ -76,7 +90,7 @@ static __inline__ int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) static __inline__ int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = __atomic_fetch_sub(&refcnt->val, 1, __ATOMIC_RELAXED) - 1; + *ret = __atomic_fetch_sub(&refcnt->val, 1, __ATOMIC_RELEASE) - 1; if (*ret == 0) __atomic_thread_fence(__ATOMIC_ACQUIRE); return 1; @@ -109,7 +123,7 @@ static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedOr((void *)&refcnt->val, 0); + *ret = _InterlockedExchangeAdd((void *)&refcnt->val, 0); return 1; } @@ -135,15 +149,13 @@ static __inline int CRYPTO_UP_REF(CRYPTO_REF_COUNT *refcnt, int *ret) static __inline int CRYPTO_DOWN_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedExchangeAdd_nf(&refcnt->val, -1) - 1; - if (*ret == 0) - __dmb(_ARM_BARRIER_ISH); + *ret = _InterlockedExchangeAdd(&refcnt->val, -1) - 1; return 1; } static __inline int CRYPTO_GET_REF(CRYPTO_REF_COUNT *refcnt, int *ret) { - *ret = _InterlockedOr_nf((void *)&refcnt->val, 0); + *ret = _InterlockedExchangeAdd_acq((void *)&refcnt->val, 0); return 1; } @@ -285,7 +297,7 @@ static ossl_unused ossl_inline void CRYPTO_FREE_REF(CRYPTO_REF_COUNT *refcnt) # define REF_PRINT_EX(text, count, object) \ OSSL_TRACE3(REF_COUNT, "%p:%4d:%s\n", (object), (count), (text)); -# define REF_PRINT_COUNT(text, object) \ - REF_PRINT_EX(text, object->references.val, (void *)object) +# define REF_PRINT_COUNT(text, val, object) \ + REF_PRINT_EX(text, val, (void *)object) #endif diff --git a/include/internal/safe_math.h b/include/internal/safe_math.h index be37e6ab88..ecfb281f40 100644 --- a/include/internal/safe_math.h +++ b/include/internal/safe_math.h @@ -16,8 +16,10 @@ # ifndef OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING # ifdef __has_builtin # define has(func) __has_builtin(func) -# elif __GNUC__ > 5 -# define has(func) 1 +# elif defined(__GNUC__) +# if __GNUC__ > 5 +# define has(func) 1 +# endif # endif # endif /* OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING */ diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index 887035b1bf..5cfe07dbb3 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,6 +49,7 @@ # define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 # define CMS_R_ERROR_SETTING_KEY 115 # define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +# define CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT 196 # define CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR 183 # define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 # define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 0b48437901..c64b1413f2 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 4 -# define OPENSSL_VERSION_PATCH 0 +# define OPENSSL_VERSION_PATCH 1 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.4.0" -# define OPENSSL_FULL_VERSION_STR "3.4.0" +# define OPENSSL_VERSION_STR "3.4.1" +# define OPENSSL_FULL_VERSION_STR "3.4.1" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "22 Oct 2024" +# define OPENSSL_RELEASE_DATE "11 Feb 2025" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.4.0 22 Oct 2024" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.4.1 11 Feb 2025" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 21eadba220..d013458c22 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1098,9 +1098,8 @@ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc); -STACK_OF(X509_EXTENSION) - *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, - const STACK_OF(X509_EXTENSION) *exts); +STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, + const STACK_OF(X509_EXTENSION) *exts); int X509_get_ext_count(const X509 *x); int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 2100790a2f..809b9c645d 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -904,9 +904,8 @@ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc); -STACK_OF(X509_EXTENSION) - *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, - const STACK_OF(X509_EXTENSION) *exts); +STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, + const STACK_OF(X509_EXTENSION) *exts); int X509_get_ext_count(const X509 *x); int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); diff --git a/openssl.version b/openssl.version index 53cd491306..19e175f906 100644 --- a/openssl.version +++ b/openssl.version @@ -1 +1 @@ -OPENSSL_VERSION=3.4.0 +OPENSSL_VERSION=3.4.1 diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 9ce7e4a9bd..aa641110c1 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -4,81 +4,81 @@ c049a936d74100fcced225f575d46662792a6a0039777d2d4df0cf61eff90a68 crypto/aes/aes c1e674d08683a25bc053f6233f73a0d0b3a90aafe591ff57b702c7da1582e4a5 crypto/aes/aes_local.h a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd crypto/aes/aes_misc.c 6979c133f76f4623e62e6e970deae70fa025e713a72b71aead5a048d49e47f6f crypto/aes/asm/aes-586.pl -2eef5f20f1410b48bdaaafa24ded24f56f34c4ca79db1d38fa6bf1b3b19535bf crypto/aes/asm/aes-armv4.pl -38c2cf8ed3910efd89d8721e1b0763a8fde073b91f6529d251165a0496ef9555 crypto/aes/asm/aes-c64xplus.pl +92be9ff608331a432e95247a8f4fb9e46897d0cb76f2b6db809b61d44287964a crypto/aes/asm/aes-armv4.pl +953897f86e2de9fa27ef411155ab3aed133af94885f1507e76449c142da78656 crypto/aes/asm/aes-c64xplus.pl 00196f01f5218ad731e6a058d406078f7228a9756d9d73f51c0d0c2a68f885af crypto/aes/asm/aes-ia64.S -b4ef595194fe1692e1ab2b561f385da01b277cf004902e8fc99e8ac5389bbd35 crypto/aes/asm/aes-mips.pl -123c4498c94040b70708fdd911cb08c6411b020b4cf3eb761d6fa22c583c3e6f crypto/aes/asm/aes-parisc.pl -7a7f2f90791415ef4ffc1ba2a6f6b6fe994bfe0e03d3bf9dab6e428e6874695c crypto/aes/asm/aes-ppc.pl -a2e05801f00e5ac8e91127b86f55e9f348731019e5e0d918dd0df1a04be1cc34 crypto/aes/asm/aes-riscv32-zkn.pl -76e12814d1a35483a63401c878f681a4876c214d1fa2cb383f9ae7b192cc2384 crypto/aes/asm/aes-riscv64-zkn.pl -8179f94715211cf8d69f17b5a785e4243f96d0728f31038e0016ad4fd860630c crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl -6a252373a3c20ab39b9e343b924af2182a1804a2c426b952d655c373927befe9 crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl -bcdf6c2c0fc13ae5bd2586b0fb8e72be44f26cb919f4fbd7b2eb5cde90a1ff33 crypto/aes/asm/aes-riscv64-zvkned.pl -18283dea4477ab722ec7e4bff000a4a2df89b2a430c42c6fa8ee8099b13c86ee crypto/aes/asm/aes-riscv64.pl -d139e5ad69560fd0ffd8aa2e72304e463650cea4c657be7a90e0d1eb782d580a crypto/aes/asm/aes-s390x.pl -133ba35d77002abcd430414749c4e98c4a319630da898e45ff8dbc5800176df1 crypto/aes/asm/aes-sparcv9.pl -da4a62c12d12540302f91ba2933b8a485cc1bacda83cc5b50caeeb7f57556b3b crypto/aes/asm/aes-x86_64.pl -7ec99947b47e56595f0b085b8bda0b3113112f694e78b1f71b63ecd1f0fa2c67 crypto/aes/asm/aesfx-sparcv9.pl -ab94a27e533e164bcf09898a6f6019f43609d51a3b374cf75482dcf2914d464e crypto/aes/asm/aesni-mb-x86_64.pl -c197aeb5178096bbdc43234f01ce4e44174ba13787b5b77790207a8f144d2550 crypto/aes/asm/aesni-sha1-x86_64.pl -142b4197204839958805b35fa06377f0deb274b02ff365a9d68cc4621e557e71 crypto/aes/asm/aesni-sha256-x86_64.pl +88b6f8396cd9d86004743d5c3b0f72b7b8c3d5a2b00b0bbb761ba91ae5a7cdc8 crypto/aes/asm/aes-mips.pl +7ff9c96ef3d591d45d776fa4b244601ea0d9328e289aeab1e1b92436ce7d02ad crypto/aes/asm/aes-parisc.pl +f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b crypto/aes/asm/aes-ppc.pl +538ce0e80698d773c9419a9ca8892d61bc5b3cd1b071c5fc5f315d7f5573e96d crypto/aes/asm/aes-riscv32-zkn.pl +b5cdd6858b1eff7d17b29b78ac8c4a7642c0a74710f8b50821a6265328845aaf crypto/aes/asm/aes-riscv64-zkn.pl +e1f3805332eb811d9d0c9377b67fe0681063364f1af84d8598f7daa30da65b4d crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl +ecd9bdfaf25cdd3d8ec0c50cb4306d98374da1c6056e27e0cf31a057dc5ee150 crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl +d372152dac004b96a89f8531256bd05597ca0b614b444bb02aee93238dcf83ab crypto/aes/asm/aes-riscv64-zvkned.pl +f0388e17ba4268ed0b562da60e0780072180a824a379b79fafb60e25b8da3b52 crypto/aes/asm/aes-riscv64.pl +ecbfe826f4c514810c3ee20e265f4f621149694c298554b2682e5de4f029f14f crypto/aes/asm/aes-s390x.pl +ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1 crypto/aes/asm/aes-sparcv9.pl +391497550eaca253f64b2aba7ba2e53c6bae7dff01583bc6bfc12e930bb7e217 crypto/aes/asm/aes-x86_64.pl +c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm/aesfx-sparcv9.pl +14359dc32b7f4e5c08227fb9ac8f9232c1287399463b233fec4a2ab0c19f68d1 crypto/aes/asm/aesni-mb-x86_64.pl +f525e1bca51d39adcd411cbf8f874fe1441b23a6f614644da78dfd8544d13b23 crypto/aes/asm/aesni-sha1-x86_64.pl +895f94d7befb90e82f9d300ed8f870e790101f30ba72b249a2c503f07aec7dd2 crypto/aes/asm/aesni-sha256-x86_64.pl 4ff74d4e629a88ef5a9e3d3f5b340fc0a4793d16d7cc7f1b70da62512a856248 crypto/aes/asm/aesni-x86.pl -53e61960590f73e364a41d1a26bf09875a24e38697055ec55bb72e5021a9eb4a crypto/aes/asm/aesni-x86_64.pl -f3490c936a80e012c49e577ec6e1d4d36df324dfef6264e788e6225e20b5fd52 crypto/aes/asm/aesp8-ppc.pl -a5807ed92ec8a16d123061487c385bf1f65e50878cee95c8e8096844454129f8 crypto/aes/asm/aest4-sparcv9.pl -89688a470d0a714b2d83e11b09b110e707e9b5e69c8cb37295d1f0bfc087106a crypto/aes/asm/aesv8-armx.pl -a0b578b7d2787c91013547df07dfa73d8d7a420446dd624c66f7c55159817eb2 crypto/aes/asm/bsaes-armv7.pl +25881237d026cebd96877a2ea2729db1ce512875cb2a10ca0cd1d6ddf4b51a3b crypto/aes/asm/aesni-x86_64.pl +0489a10fbb1a8ca3652848d5c1e14e519501e189bad3e5827a573c26df359691 crypto/aes/asm/aesp8-ppc.pl +e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl +629483b289f6812f2f73bc320f8146c7a910edc5a83e8cec6da8f73805a14f2a crypto/aes/asm/aesv8-armx.pl +5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl 270a0cd4c80a0cde53538009037916a330348addfdd87870d41ab40f9ddbc451 crypto/aes/asm/bsaes-armv8.pl -c22a4a276257db7c7a44ae8ddae3575f46dfdf65f14893985c73173294946c2a crypto/aes/asm/bsaes-x86_64.pl -068cb6cdf4c737b7f7f9ebf27284599d17f6f5c4a01f0c61c7777323b2f203f5 crypto/aes/asm/vpaes-armv8.pl -b4656c09bec06eea0b3fe504d47af847ceb0c90f1fb1cc76f43c1caa0dc17613 crypto/aes/asm/vpaes-loongarch64.pl -516421b1a321b842f879ad69e7b82ae3e1f3efc8288c83bb34d6577996e85787 crypto/aes/asm/vpaes-ppc.pl +c72f6cbf3b9900d956e05003ec8df758b29b43519c7801d677c3f992bc589d4e crypto/aes/asm/bsaes-x86_64.pl +762cadf988080f45d1a2f1232058688ac3f5afe76767649d15513a7a5eedcf38 crypto/aes/asm/vpaes-armv8.pl +14146589f53dc898fa86aeffd0e0ba36737b04da26ab0b14c1da09a28836c8f8 crypto/aes/asm/vpaes-loongarch64.pl +c3541865cd02d81101cdbab4877ed82772e6980d2c677b9008b38fa1b26d36d4 crypto/aes/asm/vpaes-ppc.pl 3ec24185750a995377516bc2fb2eae8b1c52094c6fff093bff591837fc12d6c3 crypto/aes/asm/vpaes-x86.pl -0bdd2083d4454e46ec8d8ddd667a304684411f4d2ea9549237ae02260e13f009 crypto/aes/asm/vpaes-x86_64.pl -1c9a2a0e8cee4a1283c74b2e306f46f79890f6d236394de2a80d1994fd411d1d crypto/alphacpuid.pl -f2e5fee49c133a63fda341580a898f3266743b4ef15d539ba6abf90a5d660628 crypto/arm64cpuid.pl +c6935d2ab7925022cb3d76446536ff01b1a1b8eb7eac619d034a29aad17ed45f crypto/aes/asm/vpaes-x86_64.pl +2bc67270155e2d6c7da87d9070e005ee79cea18311004907edfd6a078003532a crypto/alphacpuid.pl +269e52f8867c13ca75d2f88ec1f89b692cb8c6c3ee89abe2fd3c1821925191d8 crypto/arm64cpuid.pl 92a10a1fbac5d0379a33a041d02ebb08e2535894f041b28d9908e4fcecf566da crypto/armcap.c -ff7aa344dbcd04767837e1319de718ce85c4b55c065c52435bf5a2a60e65d304 crypto/armv4cpuid.pl +d9f923daabe7537d1063b182f9f220655abd182ef4c55a0194a7ee8d6030b5bd crypto/armv4cpuid.pl 16739d54200fb81ca7835b5814f965022a2ab41589c7787e2697e3ea72d4fafa crypto/asn1_dsa.c -155eff9d747eed808398cfa2af4b276dfc1f9aac8a0f9d801b314ab3f2bf5b56 crypto/bn/asm/alpha-mont.pl -9831ce3e8a057bc7c7b2cd3d5a25397b259bfbf33ca2f81424ec1203cfa5be51 crypto/bn/asm/armv4-gf2m.pl -77ba642efd4608f9d6e60b796ba0f876c13f9d78a8302234756ad5dae35f3316 crypto/bn/asm/armv4-mont.pl -3465446d414c2be999d4f103f027658644802d9a31e4afa31b365aea3290c8a0 crypto/bn/asm/armv8-mont.pl +819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a crypto/bn/asm/alpha-mont.pl +565edec9b6fa0702c07ab2f7507b0a45fb2ab649ed509fd79013ea7378bb5891 crypto/bn/asm/armv4-gf2m.pl +5469ab174b62361c6ced8f5c1007c462700761c1aae72f0d2928ca39e57d47a1 crypto/bn/asm/armv4-mont.pl +f763e3a2937542f6b5d0c07be1ec4faafb668a8a1b4ed2f86a1c25be97984fde crypto/bn/asm/armv8-mont.pl cb4ad7b7461fcb8e2a0d52881158d0211b79544842d4eae36fc566869a2d62c8 crypto/bn/asm/bn-586.pl -10fb73a6cc1bc064ebdcf6d7fe3c7407ea1c28b0d65ad0123046f8b1518fa75a crypto/bn/asm/c64xplus-gf2m.pl +636da7e2a66272a81f9c99e90b36c6f132ad6236c739e8b9f2e7315f30b72edd crypto/bn/asm/c64xplus-gf2m.pl c86664fb974362ee52a454c83c2c4b23fd5b7d64b3c9e23ef1e0dfd130a46ee5 crypto/bn/asm/co-586.pl -b88190d748056e6a64988bf1a3d19efc4c292e3d338a65f4505cf769a2041077 crypto/bn/asm/ia64-mont.pl +199b9b100f194a2a128c14f2a71be5a04d50d069666d90ca5b69baee1318ccb7 crypto/bn/asm/ia64-mont.pl a511aafbf76647a0c83705d4491c898a5584d300aa449fa6166c8803372946eb crypto/bn/asm/ia64.S -fee42cabeeb87cdf0fa0a6ff3698b2fe98a8a47d10a756052df572097161a8b9 crypto/bn/asm/mips-mont.pl -b0698029e7011246a72b121f76890f3a48fe45f08ef435585c33faf6e9903e4e crypto/bn/asm/mips.pl -13df09cee06a21669137294f92e5c31b4bf05a8035be6800c1cb4403d7cd8290 crypto/bn/asm/parisc-mont.pl -25c96e545b4981d45557eb14ea5c83aa2d6375ae0df806cb6e6ded2f59ddfed3 crypto/bn/asm/ppc-mont.pl -1c057083546fa1a3bb1b9819dc5110f5a3b11b7bf5a2fb275012323bd7412403 crypto/bn/asm/ppc.pl -04c9b5d2494c06e6f8a47c35274ddf53ae46b65e6abc297bd41e5beb735a3e8e crypto/bn/asm/ppc64-mont-fixed.pl -fe9278a2504fb40257637a4718081775c29c4eb81f87a8528e5c85f8d0c6281a crypto/bn/asm/ppc64-mont.pl -4bb6bc7c26ba71f79eec2a0008872316e7f8b799f4e089f7815b297fc9457c95 crypto/bn/asm/rsaz-2k-avx512.pl -d8d85a0cc27b84650a1a62cdbabcce7b00543368665f335fa03d9ddf3243fb75 crypto/bn/asm/rsaz-3k-avx512.pl -53e81fa491330f0208dcd940f806f7e573df9bbe54bb3549cc23addaf5e4f452 crypto/bn/asm/rsaz-4k-avx512.pl -d9c8e45377eff220f0eca3e830f042423ed99e92b3c900e7b6e58685f27d69c0 crypto/bn/asm/rsaz-avx2.pl -c1ec44791c60ad2a952bfbdda9246faca29548f62961f3d97a4b27809e905bac crypto/bn/asm/rsaz-x86_64.pl -ae26becda9f6d30e9edde8bb89c251a0c40a9a6c879c4cdaec273d8c09af9cd6 crypto/bn/asm/s390x-gf2m.pl -2700337ef133d6688047a1a8e1c671db06016aae777679923ce2b301896762cf crypto/bn/asm/s390x-mont.pl +687c5d6606fdfd0e242005972d15db74a9cbac2b8a9a54a56fcb1e99d3880ff3 crypto/bn/asm/mips-mont.pl +5cb8b5381d03aa76d456a594ff7d2dcb2ede310debb43031868af55ddb832523 crypto/bn/asm/mips.pl +b27ec5181e387e812925bb26823b830f49d7a6e4971b6d11ea583f5632a1504b crypto/bn/asm/parisc-mont.pl +9973523b361db963eea4938a7a8a3adc692e1a4e1aec4fa1f1e57dc93da37921 crypto/bn/asm/ppc-mont.pl +59cd27e1e10c4984b7fb684b27f491e7634473b1bcff197a07e0ca653124aa9a crypto/bn/asm/ppc.pl +0b3350f56d423a4df918a08e90c7c66227c4449a9f9c44096eacc254ebc65f9f crypto/bn/asm/ppc64-mont-fixed.pl +a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f crypto/bn/asm/ppc64-mont.pl +a6982e91f35fbcefe897106b3f5c8957359fb58b74beac12bdcb8d3b7daa15f5 crypto/bn/asm/rsaz-2k-avx512.pl +df7268cd5461269db0d8d1ef62c2d9ff6608eb0c071e798b06ad9ddfcbef1a31 crypto/bn/asm/rsaz-3k-avx512.pl +9ae9cf7a926eea6543237eb4c537860a36e6373e9091e2c581868871ba84fd74 crypto/bn/asm/rsaz-4k-avx512.pl +6e47bf041e51d8086c4933c2a5da3ce6d1b136592984754461d59aa81e4995a6 crypto/bn/asm/rsaz-avx2.pl +149842bf63d1ef1895a251a83d9941fc3ed744dab359b42d635d04cc8d2f2864 crypto/bn/asm/rsaz-x86_64.pl +30fedf48dfc5fec1c2044b6c226dd9fc42a92522cc589797a23a79d452bdd2cf crypto/bn/asm/s390x-gf2m.pl +590388d69d7ac3a0e9af4014792f4f0fdb9552719e8fb48ebc7e5dfca2a491d4 crypto/bn/asm/s390x-mont.pl aa02597f3dc09cfbc190aedb75711859ba0f3efff87067ebfba1ec78ebee40d7 crypto/bn/asm/s390x.S -87d49e83a7df467097fdfc577aa206be9ee622c40fcbbbe5133b35d9783b7816 crypto/bn/asm/sparct4-mont.pl +2f7cbc2c3d93b1bbc4953dda38b9ae0ab3a0a8331a0418d94d9b286183736c9e crypto/bn/asm/sparct4-mont.pl ca21a9ccbc54e19fb7c2e6cdf286ce7cb08b0fba960c777c6edce5c57ccc2101 crypto/bn/asm/sparcv8.S fbc93c8dbbecefe66086f58fe9719ed87b13b2cdc61454a10e841228296fecef crypto/bn/asm/sparcv8plus.S -2ec1497fa06826f7bc574239e425dd8dda0d4a2743e1fe87669ede900291fcb6 crypto/bn/asm/sparcv9-gf2m.pl -1f490fe184c7a51b2d0646a59e69aa659bfe51270ad21594951b8d7b785bac38 crypto/bn/asm/sparcv9-mont.pl -277dcb7faa1913b25fd43946c50039bcdd45cb643fd9ddeedd6c207cefa4dd50 crypto/bn/asm/sparcv9a-mont.pl +127832c1e3d298aad805236776488f5f8836b6a0fdbce3f6b42678163df3909f crypto/bn/asm/sparcv9-gf2m.pl +1622f04a8918724ac0e8804baf285fdafa0eeaaecc36c7facd459d0ff13a8cac crypto/bn/asm/sparcv9-mont.pl +b69083f78b4b4f7097de4462d16649532fb82c453a82cdd9cc1393122661d6e2 crypto/bn/asm/sparcv9a-mont.pl d404375a21d33396824a3da212d6646d4f3150dd141ee4b4a250aefae3482efb crypto/bn/asm/via-mont.pl -d632edf9b9bab7d2cd2d616512a98d15cf4b3ebba7a8e7b83650d654ceb52ecb crypto/bn/asm/vis3-mont.pl +d24f3e97239c8eed5efc721521b025b7256c15e67a54ea6b5c4cf8f7cd0f89ea crypto/bn/asm/vis3-mont.pl 89278854f44d95be916516609ce6f79dcd346bab52574b9b6336a9952aa94bee crypto/bn/asm/x86-gf2m.pl 90d4ae234c08267adce9ed38d56e0edc223f7480cb9605f5d7399d0b3914c6be crypto/bn/asm/x86-mont.pl d444ca73875e97e0ea88b20e4c02f2fcf3850e8b9311e3b67a2d04fe2796d543 crypto/bn/asm/x86_64-gcc.c -a5481ca55d94dc7ebdc93173610d38ae2569cea1fe9b5180debe0ab94e455ce1 crypto/bn/asm/x86_64-gf2m.pl -d8cc080824a72774cb3343a3d50ddf8f41a5b8321203d4c9a764762b62498b96 crypto/bn/asm/x86_64-mont.pl -8b687e927ee9261ac86ef45edc0b46bf1e97cb77694e30f83485b87c20f77cf5 crypto/bn/asm/x86_64-mont5.pl +709ddee92e9222ee0ed27bfb90db556e85e2d302e4a9131afa25fdc14c4d858f crypto/bn/asm/x86_64-gf2m.pl +da7f7780d27eed164797e5334cd45b35d9c113e86afaca051463aef9a8fd787c crypto/bn/asm/x86_64-mont.pl +c3217af276175509230fcf4f8c169aab36729b474c3887f730ec018395abea1c crypto/bn/asm/x86_64-mont5.pl 0ea8185a037a2951bb3d1e590bbbdeac305176d5e618f3e43a04c09733a9de34 crypto/bn/bn_add.c 964c7eecef99ef56997cbb90b6560d41e0e90bb1f87dcc5e2a1bf177851c005f crypto/bn/bn_asm.c 22269bec400abc2d4b38f250134070680075aa320a1a8a2e0c4dcd33fd66cd8c crypto/bn/bn_blind.c @@ -87,7 +87,7 @@ eee3d2710144b0e860c57e84f5adc6b2bf64fc27cbd202a8ca2630aefed3b84c crypto/bn/bn_c f53d3804456b787be45ace2b33b7a323e5e4fb6cfbe3aa3b6696e3ce0a640baa crypto/bn/bn_ctx.c d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c 74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c -0b5da41b6e2d705898b949568d06920509bf16a9a74dd4de39c406b378cd61b2 crypto/bn/bn_exp.c +903d6b82179db9a92776b1417b011cac7daca208e1c81c8136004fcbb046faf7 crypto/bn/bn_exp.c ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c 98b2c9a4ffa3063731a10d74318a9f0b808bfa0bb9a5e1c2faca4121a2390d76 crypto/bn/bn_gcd.c 6c5c69c03d5390467aecb5344c7928f62122e47a4e0e2742af9ee1610dd233a1 crypto/bn/bn_gf2m.c @@ -114,12 +114,12 @@ c4d64da1cdc732ea918fccd6a7bb2746b03365dd26f7ba1e74e08c307ca4c58e crypto/bn/rsaz b176c420308bd4a185a28e549016ffba5f72edf9dba4dacec34c9883f3ddae22 crypto/bn/rsaz_exp_x2.c 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c 82117f6a7cfc31fc86ecd9629bd3bf614126b8e8b2c23717a03ff5c1db7c3c5c crypto/buffer/buffer.c -d2bfdfd96b182741d2d51f91478ffcc48491b0da44662bc1c32bc506b3eef1ba crypto/c64xpluscpuid.pl +5f43844b5d8665de9ab895f93599150a327d73ec2674bbf7d7c512d30163022d crypto/c64xpluscpuid.pl 205f0be0317343b17003f261b427008aad1b31aacc6979c4557fc837e9548b92 crypto/cmac/cmac.c -b2b8884159b74a01af1f4fbb7299cd228072da3a009aa17247f8ce7b705e32f8 crypto/context.c +aca96b899e3b26c45bddb7802dad51f03c09dced554030f1dcbaa4c19a4a0072 crypto/context.c 67c2367871b9350a7f7af5be903d6bcca9ebdbff0e9a9bd9f61b56bef5b76696 crypto/core_algorithm.c -f0fd9eb38bf7f196bbb4d26ce8fdf86d0a4f9db219157e66b2c0ffefb4f42005 crypto/core_fetch.c -9a281faea39e976046a27fe9fc718171580cafccc53a2aa2c3b793913c6cdb6d crypto/core_namemap.c +f0c88643860c3369e45fa4da5d6fb351f437665612056c9b138fb02d8825cec6 crypto/core_fetch.c +3744d575a3bf72b7116f8fa6df28160308fbb9476ab91a003d886d40ba72af81 crypto/core_namemap.c a7f86c1495a140e5dc2acb737c5ff835691ead833842e0a37bbfc2116530b246 crypto/cpuid.c a6732e22ccb49cf51fc9dbf23f6059774b70ecc3d7e848c5df112a2d3c179027 crypto/cryptlib.c 66dbfc58916709d5a6913777346083247942a8d9458ee9b2bf443f0ea4988d64 crypto/ctype.c @@ -137,27 +137,27 @@ c117ac4fd24369c7813ac9dc9685640700a82bb32b0f7e038e85afd6c8db75c7 crypto/dh/dh_g 6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a539a8930035fee3b723d74a1d13e931ff69a2b523c83d4a2d0d9db6c78ba902 crypto/dh/dh_kdf.c af27b02f3fc5c176bc9f61bc9a67475c5a2a81bce4999f2676311a96059b8dbd crypto/dh/dh_key.c -f7b5a90c76d2bcbea7ed9d8dc340cf3949035eee98f708277edf048d216f58eb crypto/dh/dh_lib.c +7eae94965827bc5b0178269e85c77d6671c85255dc1f05e90b0f14500c765cce crypto/dh/dh_lib.c 8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c 786d6c65ced7ee4e25f5dd7c3150259ec95b6aa321a7590d905757b8139f8230 crypto/dsa/dsa_check.c ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c 9978d27e9fc8ff152830ebb781f71338e56a5e116f29c1c2d59a5a112d86362a crypto/dsa/dsa_key.c -9895a43136d2f68ca0d76d2e47e28f44a1c5061daeb721bd2ca31b6b4dace61f crypto/dsa/dsa_lib.c +7d44106570c0ff9a44de874ea2daeaa87ea4c814fef6af0a26f655120a54f529 crypto/dsa/dsa_lib.c f261f9d4f83ecc51ab58de89083e9af4ba4a4c922ccd06b0d628f4b60fc104ec crypto/dsa/dsa_local.h d270b56fd894090319c9491ef745c34bc43add82daecf742916c64a4e956c765 crypto/dsa/dsa_ossl.c 3a38575de4b1409653f330f241848e6c7b554dec44c2415a5ae1baf90fb47ac0 crypto/dsa/dsa_sign.c 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c -a38e6fe15efa53dd1f4008500593072d97376fbf30035b0825d1bd19f959d713 crypto/ec/asm/ecp_nistp384-ppc64.pl -786779d7014bc04846832f80638743784a3850c7ee36e4a8062fe8eb7ac31c9b crypto/ec/asm/ecp_nistp521-ppc64.pl -2e3056ea14fab8b306b0281d6a6f4317a6e86dbf652a79ade726e716cd79bb1e crypto/ec/asm/ecp_nistz256-armv4.pl -fa172e62f175a58ffa69c41476fe41d297411f1822af88ce8c9faa125fbad2d1 crypto/ec/asm/ecp_nistz256-armv8.pl -729729f8233c95138158f4647b33a36cf175e707ce29563db0eedc811f324ec0 crypto/ec/asm/ecp_nistz256-ppc64.pl -78a5b172f7c13ae8ac622439ffb9d99b240dbb4bbda3f5c88d1533ae74a445ad crypto/ec/asm/ecp_nistz256-sparcv9.pl +62fbc4465a5b37dc794bee277dd216d77917e715c2bb5d37a7e1735e80ad0f8d crypto/ec/asm/ecp_nistp384-ppc64.pl +d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ecp_nistp521-ppc64.pl +78ad06b88fcc8689a3a846b82f9ee01546e5734acd1bccf2494e523b71dc74d1 crypto/ec/asm/ecp_nistz256-armv4.pl +598da295053253578d5461892098b74ec9dcd02c1eb99d537e14e0c5e958c7b9 crypto/ec/asm/ecp_nistz256-armv8.pl +3715ddd921425f3018741037f01455ed26a840ace08691a800708170a66cf4d2 crypto/ec/asm/ecp_nistz256-ppc64.pl +cfe7e75a2fddc87a7251684469a8808b9da82b2f5725eafad5806920f89932bd crypto/ec/asm/ecp_nistz256-sparcv9.pl 922725c4761cfa567af6ed9ecab04f2c7729ae2595f2fc0fa46dc67879dc87b0 crypto/ec/asm/ecp_nistz256-x86.pl -c429416028457285cef0c24c5d07d4804eccef29b3be4efda37e8194c3fa9eb9 crypto/ec/asm/ecp_nistz256-x86_64.pl -e806141073aa3792e2748f6feeee6d3017124b3bc6059a9eca0d53a2f5785346 crypto/ec/asm/x25519-ppc64.pl -a397592dc9fdb13016311db6184b4a3a4f2e198aacb03528f770f30ea4966cc4 crypto/ec/asm/x25519-x86_64.pl +afa4497cfbf9ef7805e42ae6a61c7d983e8a789b270d498a07785570ab85a9fa crypto/ec/asm/ecp_nistz256-x86_64.pl +cc727533130f5f1a29229929b3d4e8454585d647be25d6344f3c6a0240998368 crypto/ec/asm/x25519-ppc64.pl +ee897e230964511baa0d1bf95fb938312407a40a88ebe01476879c2763e5f732 crypto/ec/asm/x25519-x86_64.pl d0e81e6185fd589094e06854460cce0d070cc10901ff993c36312fd58420908a crypto/ec/curve25519.c 5daf9f524cd63dd95a2136535b27f2b3d90966562ea5766f4b2d1cd4fccf2502 crypto/ec/curve448/arch_32/f_impl32.c 063dac1e4a9573c47532123e9e03e3532a7473cc3e146521ba9ec6f486ddf3b1 crypto/ec/curve448/arch_64/arch_intrinsics.h @@ -181,11 +181,11 @@ a1f22814f501780591da20de5e724895438094824fce440fd026850c46ad8149 crypto/ec/ec_a 7f19cebad4a94db291464b0d93006a87d15ccec93b94f725052a1037107a96be crypto/ec/ec_check.c b5d1182daa207e0f27b817801da96af15c8f13a9ceeb04fcc66b45d36f67f6aa crypto/ec/ec_curve.c 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c -993c69bdd164a54e3536f9ff1190e80f70772a626cf4b5623e73634ef39469e8 crypto/ec/ec_key.c +b6eb9dce7888344901469a61331bb421e3d337ca77df378236962952f15956cd crypto/ec/ec_key.c 93f35d2e21d49bb6780d200fda8486edd4a7123956337ba535720bb547a47c4a crypto/ec/ec_kmeth.c -c4ba4261db0565be046b630782b430c3af5e0c9f0cc2c262dd08fc5a6ca8b123 crypto/ec/ec_lib.c +d7aa808954290e22795cc6256cec956eb9ece30c39ededd295df65ebe0d5c21a crypto/ec/ec_lib.c 9f86576ca885dd5523879dfdf928c5781bd13d2dbe626a90a785d04184c7a8bc crypto/ec/ec_local.h -7417037d376a99498b3044982d72fbe07bcd2cc5b78f73c3665e87c9202af418 crypto/ec/ec_mult.c +fd70a4598ab61576535d06417b3b3e367f928e6cc0b20b690326e64076c95068 crypto/ec/ec_mult.c 7a777b96560b44bbb9965f099ebc31ee6c8057b9778e854b0f9f3b4125f8dcda crypto/ec/ec_oct.c c7fba2f2c33f67dafa23caef8c3abd12f5336274a9a07d412b83be0366969ee6 crypto/ec/ecdh_kdf.c b86a943ae62145438a7214539ceb3e0de5a30e17a6e59742c6e30991db730ab6 crypto/ec/ecdh_ossl.c @@ -194,12 +194,12 @@ b6baa42b16e8df69a12e0ab101033100cddc808ec2682ba1574373e6ec86ae93 crypto/ec/ecds f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35 crypto/ec/ecdsa_vrf.c 141cfc1459214555b623517a054a9e8d5e4065a11301237b7247be2c6f397a0a crypto/ec/ecp_mont.c 13b30f34aeeb0c98747239bfe91b5f0f14e91b2c1f11db62ebb5950c7219daa0 crypto/ec/ecp_nist.c -e203f6f7b4de28394627a0fcba1e89f4291fa4f2af2a36692c0030813ec276e8 crypto/ec/ecp_nistz256.c +ac6fd7dc1c025f97bfc1bc6da7bae92d2acab96679a3b783ec1b3d062ff7e6bd crypto/ec/ecp_nistz256.c 51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a crypto/ec/ecp_oct.c 9cf3bacc8a990f6dffe369c28f2f47b192c8d17178185acec601e3fee5b05fac crypto/ec/ecp_smpl.c 43f81968983e9a466b7dc9cffe64302418703f7a66adcbac4b7c4d8cb19c9af5 crypto/ec/ecx_backend.c 5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3 crypto/ec/ecx_backend.h -72caa2b7d2a54165fb35fea5ec7f5f230a3e9746fa71d56cb345e809bfdaf0a0 crypto/ec/ecx_key.c +11a03679f3c51c9db09c6a713ac39eb5126eb68a2908550b7df45332a756109d crypto/ec/ecx_key.c 64d0ed4018f874f6f88f60eea7b8cc093ebd2495172132603f759445d0bf0edc crypto/evp/asymcipher.c 80da494704c8fc54fea36e5de7100a6c2fdcc5f8c50f43ac477df5f56fa57e58 crypto/evp/dh_support.c cc4ce4f3047faab79b646c96d68c72c61d387a89fc519e32764010cd1b077241 crypto/evp/digest.c @@ -216,10 +216,10 @@ a9e940b29f3064e771eeafe9d4d0e6d1f7258cd61a57258faabdbe8121764986 crypto/evp/exc c67d90f42c4d2294ecd103bdb02296a13248ead4aebadc3aead0cb964e171d81 crypto/evp/kem.c 55d141a74405415ad21789abcace9557f1d1ef54cf207e99993bf0a801f4b81e crypto/evp/keymgmt_lib.c 955480afeeb054d81ea1a540f124bc7bc20af467cc1ae4db2385a3ddcd3ae2e0 crypto/evp/keymgmt_meth.c -598d4c578a8720026a2dc09d456412c74307ec5cc7b55e4e9d2625f6ffb96c1c crypto/evp/m_sigver.c +2b63a9a8985a99cc2fdd12fef3d7b7439b7797f48cd4f83b9b055d495f6dc628 crypto/evp/m_sigver.c 2a1207fc3108d1aef4fc10f5d450dc344214f3cfff7a6e9688468c12846d4b64 crypto/evp/mac_lib.c 036307223518ec03a93c9e519cbad9903341bf105642b6b694a791d31a1f232c crypto/evp/mac_meth.c -a93bf4ee0562235dab615562e1780c704bdf58aa62457511ae206ab1d0e2c760 crypto/evp/p_lib.c +10bc9cad7a73fc0c3088863133fd0979587007661f2151cad22160e21b29c68b crypto/evp/p_lib.c 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c 759573aea2a4cc7b6f763b440e6868bfcfcb7ca94d812fa61ab24a194be2cb36 crypto/evp/pmeth_gn.c ab99a6f659635d2887fb46a641d40e9a70a4e68bf8420aeaf848d215a1c7726f crypto/evp/pmeth_lib.c @@ -239,29 +239,29 @@ df7ed80c3c2c0df4bf6a3d5379655d0ba9147d4f4e9f7509672bc9273f163bb8 crypto/hmac/hm c685813be6ad35b0861ba888670ef54aa2b399d003472698e39426de6e52db59 crypto/initthread.c 8727fbbb867fca990238ba37c17ae67e4b78a02769913425925ee841af5c0b07 crypto/lhash/lhash.c 22261096a117533e78012f5f18586b6a81edb3e09ae8b206b5eb9a0a5c054adc crypto/lhash/lhash_local.h -ef9007de207b87aa260ac6fd5f7fe966e6a966bfeb1461b78841cafae0a57259 crypto/loongarch64cpuid.pl +6bd06fa046a739d7b6e95ad915a9ff6b8b4952e3215dd0fb454f0463709cc053 crypto/loongarch64cpuid.pl 460a7af09cde89a820b091522ada1310cfcec99c60aee505f94c48c35e9a29e8 crypto/loongarchcap.c f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c -6906e197c84ae0d828748d47c47d565fd912076c35a65ea304e306fee4a17157 crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl -2c97a18aad5f681876dbd77f0a0ed20d86fc22060592cbda1fc0449fdf329724 crypto/modes/asm/aes-gcm-armv8_64.pl -6b98d90b233d87f4d99f54a553b242199cd621f9c09b5cf64923831cd98ba054 crypto/modes/asm/aes-gcm-avx512.pl -b878b589b9c74bddac990f9f98fe323d3cbe0dfb5634d92224812d18ecca3f23 crypto/modes/asm/aes-gcm-ppc.pl -b7104ee749d555127a08609c7df5056b56d9aee19c90f3c42b42d69cf7caba03 crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl -cf349eb3f35090d8114770ce32577bfa34af0f8b25ba47e28584b47a4c8c4552 crypto/modes/asm/aesni-gcm-x86_64.pl -8fdcb4313fa3a6e541a697525856b9527a06ddf4c794f9393e843f86d67f543c crypto/modes/asm/ghash-alpha.pl -ace8c376b394439301cecaf468d2a9a8adae21eff1d43191cefbf6765023452d crypto/modes/asm/ghash-armv4.pl -c22f4945e7de3bd7bfef73447f09983e40a3e4dd0938244d902a1c44c98a8467 crypto/modes/asm/ghash-c64xplus.pl -315a76491cdba48c88df6549c9efd96b50515400810b185a568b7a871681e03d crypto/modes/asm/ghash-ia64.pl -25e9f494fcb6eb636c04af2f322736fae8aa339037e199332c96b8c9c3a50afa crypto/modes/asm/ghash-parisc.pl -9140d35aa157dae5c98b2c950248d15dffddd16c11a0f092c4a79b0a460b2d54 crypto/modes/asm/ghash-riscv64-zvkb-zvbc.pl -c786210922836f2ee9f7806b6cb7a5749511285004cf7eed95b3979bf5685bb7 crypto/modes/asm/ghash-riscv64-zvkg.pl -b353c76f30ed3bcde79e1280a53acbd7172d1924124c33bf2fd5830396e7ac0f crypto/modes/asm/ghash-riscv64.pl -4bb81f297f0c76762116895295fe027fb1b22ddb5b992c216128116afd09db77 crypto/modes/asm/ghash-s390x.pl -de97107e0c19ff9dd4069f0761eccb00e0b3ced345e1f119ab3b918dd2f9c5f6 crypto/modes/asm/ghash-sparcv9.pl +36e24eae5d38cc9666ae40e4e8a2dc12328e1159fea68447cb19dab174d25adf crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl +580b90b1a2b4324afbe680c3ff59d58d0eff0b59511e5cf56fb119d2634c9a3b crypto/modes/asm/aes-gcm-armv8_64.pl +bcc09bdb474f045d04c983fa09c31a010c5a25513f53a5d3653ade91304f0f96 crypto/modes/asm/aes-gcm-avx512.pl +400a202abf66c6a3430965c38f7164ac297c856e8585862f59e3ff188bb35a6b crypto/modes/asm/aes-gcm-ppc.pl +dd0de5ca8913a941cfff781a42fba43227e133976a24d0fddebf63909f7e010a crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl +4589a5c1d612631be70c998415dceabd344b6553e55528be4d62f2d923b99230 crypto/modes/asm/aesni-gcm-x86_64.pl +c2e874a8deb418b5d8c935b2e256370566a5150e040c9fa008cdb5b463c26904 crypto/modes/asm/ghash-alpha.pl +6bc7d63569c73d7020ede481f2de05221ac92403c7cc11e7263ada7644f6aa9b crypto/modes/asm/ghash-armv4.pl +097975df63370de7ebea012d17de14fc1f361fb83acf03b432a99ae7d5bceb24 crypto/modes/asm/ghash-c64xplus.pl +fdde3bc48b37790c6e0006014da71e7a831bbb4fdbfcda2d01dbe0ceb0ba88fa crypto/modes/asm/ghash-ia64.pl +e472d73d06933667a51a0af973479993eed333c71b43af03095450acb36dbeb4 crypto/modes/asm/ghash-parisc.pl +e6d6ce559210aee1e97f098683e290c221cc90f6f4f8047b331e8071a8387559 crypto/modes/asm/ghash-riscv64-zvkb-zvbc.pl +4c960949a5b7688f9019e177c24382dd1e78f6d343f3c4326bebbc065eb3a9f2 crypto/modes/asm/ghash-riscv64-zvkg.pl +494b4b36fd7c7d0e464be76f723c46ae7ad173593ff0556525edfdc974e66c32 crypto/modes/asm/ghash-riscv64.pl +92071f9c046f312c4eb7df483f385bc71ade863392e1acf3e821912bcc5cfaa7 crypto/modes/asm/ghash-s390x.pl +6af1a05981e1d41e4dea51e58938360e3abc4a4f58e179908242466d032b1a8a crypto/modes/asm/ghash-sparcv9.pl 26f55a57e77f774d17dfba93d757f78edfa3a03f68a71ffa37ccf3bfc468b1e2 crypto/modes/asm/ghash-x86.pl -efa4769b6e84ef2b24830226f755b64d3d5f89ff3a9faf78a2007932cc61fc45 crypto/modes/asm/ghash-x86_64.pl -b407d9fc6ea65fe1a05edc2d139298d78391f3c165314fa6d56dd375b8e453cd crypto/modes/asm/ghashp8-ppc.pl -3643d2ec821a959ad79bd41b82fe6d56d32264c972b34544ded519029c948f5d crypto/modes/asm/ghashv8-armx.pl +487e23973c9c782d375a956da6231e91f450182d8822d3f86fd4924e143fed70 crypto/modes/asm/ghash-x86_64.pl +a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/asm/ghashp8-ppc.pl +2b9d67942f97024f5b42430b73281526df7e0119339caea53136816727f80bda crypto/modes/asm/ghashv8-armx.pl 65112dfe63cd59487e7bdb1706b44acfcf48ecede12cc3ae51daa5b661f41f06 crypto/modes/cbc128.c 1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c @@ -280,7 +280,7 @@ bb7b79b5a070050f5e7dfc66b5635f0891bc278e3e24eec3583b769b33bef657 crypto/params_ da23f7014a60e3e37640b9128d57d8350b17fa8cde77b6f14d0d4ca0dee2b437 crypto/params_from_text.c a9e5ed6e15785156cb99d23c388b4f385e08c488158188528c1c9743f594279b crypto/params_idx.c 9620a96eb5e411f5c96c210fb7975afe6b24635e4c5565be34fb8d10589890e7 crypto/ppccap.c -b650e7e96b8faad750842b86905032db51e17880958bb8d9826d02ca8eb60642 crypto/ppccpuid.pl +46fa4994a6234a98a2845d9337475913f6bc229f1928abc82224de7edf2784b8 crypto/ppccpuid.pl 467c416422ecf61e3b713c5eb259fdbcb4aa73ae8dee61804d0b85cfd3fff4f7 crypto/property/defn_cache.c d48ce9b38720b4d0b118b83322c3344afd11a5ce6b31adf59c6584b5e02e3f6a crypto/property/property.c 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h @@ -290,18 +290,18 @@ a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/propert 5844196864db30e773fe555a679435614f5d6a6d22442c54fa10dea4c87628bd crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c -1d0941739c0ff41563da1891c8bb11e60acf2c7843fc182092b1cd8b5bd7b219 crypto/rand/rand_lib.c +91cc03cfce4e9197cdf4e3f6f76e274e4c572339f433f4837d6af8e0cbeb7736 crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h 426ba915ca65a770f8264129f8ac47db7aaf06c6ae51517c5d775eacdf91b9f6 crypto/rcu_internal.h -d3fe26daee8945c5b5996fd45e96d1d2ddf9d157a87759f1c17699dc85abd2e4 crypto/riscv32cpuid.pl -54405cc169591c013db41171e922fd03c4616d63454e79761dd2912c65845aee crypto/riscv64cpuid.pl +48f6a98e3d7e9ae79f2d2b8ea9965d0c4ec3b1a4473adbceb47fe1e7930dc3c1 crypto/riscv32cpuid.pl +f6c5a1440de995a115dbba5f732b294e2e6d94aa520687afd1e776af1ba48cf8 crypto/riscv64cpuid.pl 4b5ab38fa0a41cfaf331dafd13a1f6df5b82fcfe1d27c18b419ea20a1f292685 crypto/riscvcap.c f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c 1b828f428f0e78b591378f7b780164c4574620c68f9097de041cbd576f811bf6 crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e762c599b17d5c89f4b1c9eb7d0ca1f04a95d815c86a3e72c30b231ce57fb199 crypto/rsa/rsa_crpt.c a3d20f27ae3cb41af5b62febd0bb19025e59d401b136306d570cdba103b15542 crypto/rsa/rsa_gen.c -b05eb77c0715e7b77ea4b72955384bcb4f25f0aa1720537541ca993785d3aca7 crypto/rsa/rsa_lib.c +c957f21df450e219c0d82493dd7251091bb3fa891007a43521793c59c0134771 crypto/rsa/rsa_lib.c 5ae8edaf654645996385fbd420ef73030762fc146bf41deb5294d6d83e257a16 crypto/rsa/rsa_local.h cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c @@ -314,53 +314,53 @@ bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170 crypto/rsa/rsa 83529424639f77832d2c189c0134ce514b35a296567ac1a2936a9c4ed6407239 crypto/rsa/rsa_sp800_56b_check.c dc0af42319118811e1fa250f1647634f510f9ffcd720ea5141db4fd090938c46 crypto/rsa/rsa_sp800_56b_gen.c 1c1c2aeeb18bf1d69e8f134315b7e50d8f43d30eb1aa5bf42983eec9136a2fdc crypto/rsa/rsa_x931.c -4bf7f5cbbf7bf0e6c904b8c4988d077842cdd6aed0ad184cbfa4d4b3bfee79af crypto/s390xcap.c -afe52ea4952a5114e3a475b6c25e692562b68fa7b0af0f089f707679b95b7c4e crypto/s390xcpuid.pl +0cfca169d8071429d969d5beccd2b93f824202b4371f29344feb3e06800e3c77 crypto/s390xcap.c +f5ef5e2b93dd4e4c2d43b684fcbadf500e8fb0e5738d5f480dcb053a2dc3bd53 crypto/s390xcpuid.pl c865dba12debe9ad4a0f0b8c078b5c3e614c83a851cf9666cd3c4c7a9992f319 crypto/self_test_core.c -79bdaf53182dad94aadc33b0474a25f95e432f3d03565d861410227c2f016ea9 crypto/sha/asm/keccak1600-armv4.pl -bdb63514b1a53015f323138060328622f3ee22b4425f24d3f464f7dd54fae701 crypto/sha/asm/keccak1600-armv8.pl -81bfb4484d68a3a3e1d704855f76356090867fe10a75db7707b6f7364e8ee8da crypto/sha/asm/keccak1600-avx2.pl -b7bb35d51d439abbf3810454ccb9bfb5a51e2111eaf389fb95796ad6220a61a0 crypto/sha/asm/keccak1600-avx512.pl -37365dcc576f99006132271968bab990e2bebdab7f4168c726bd449a2fa51c6a crypto/sha/asm/keccak1600-avx512vl.pl -2767ae2f379a7a3d0c6dd1471d4d90dd896545b456cb6efd6c230df29e511d70 crypto/sha/asm/keccak1600-c64x.pl +8f31ece930473524b73fe7729a71cf925e8083ae8883c179d710c45ce748952a crypto/sha/asm/keccak1600-armv4.pl +5ba5c563815d9b3e90d2853bef0dab30d2ac12d24f4bb0c4a6c09f8d96fb0820 crypto/sha/asm/keccak1600-armv8.pl +12b7acce2fba0bc0e1ca07842ec84be6a022f141c86e077abb42c864af1d8d9c crypto/sha/asm/keccak1600-avx2.pl +faf0cccb685d5abc807e08db194f847c67b940da2fc3c235c210dc31d73a5334 crypto/sha/asm/keccak1600-avx512.pl +be1e7dd9998e3f31cfa6e1b17bc198aeec584a8b76820e38f71d51b05f8a9f2a crypto/sha/asm/keccak1600-avx512vl.pl +33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034 crypto/sha/asm/keccak1600-c64x.pl 09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a crypto/sha/asm/keccak1600-mmx.pl -8437a690f972bbbf873da6485c119fad84f3f47677f53c9411204ff7443cc6c4 crypto/sha/asm/keccak1600-ppc64.pl -07b55370141200b9b765a3e6f118d85bb278838087198cc07c57f0121aba46c4 crypto/sha/asm/keccak1600-s390x.pl -04faf495408a1ec2979fb7a584748e58deaa921df7675603dcece72f777ad0ee crypto/sha/asm/keccak1600-x86_64.pl -e0a4a1df82716053a3f01ec0b096c735a0e3c4f6c9d9ec6b2006b37aaac64448 crypto/sha/asm/keccak1600p8-ppc.pl +6689c3adaa270bd88026ca686ce76b8aaa83a7cadf3954d84d3cf89c044cc958 crypto/sha/asm/keccak1600-ppc64.pl +fea3ce181c7a33bc673e3a4607e0f737a3a3e5958a3826596fb911b1297e2ca4 crypto/sha/asm/keccak1600-s390x.pl +3fb93b9440f5c3008b5c876a8106acc5f8d38f1afedd79381f0befec7dd7d72b crypto/sha/asm/keccak1600-x86_64.pl +831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d crypto/sha/asm/keccak1600p8-ppc.pl 75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007 crypto/sha/asm/sha1-586.pl -8d937771993f04407f5fdcca8ca8565f9f8a4d9c9a8f7bfd4e9f9121dd0450bb crypto/sha/asm/sha1-alpha.pl -99a58a0069f3336764b46f74f1023d399bd48c32bc4cf06d66e008fb926fceaf crypto/sha/asm/sha1-armv4-large.pl -083ab18f3753fe886b188328eae183f24a2ef5cfc929dc3a53c24410d91ca052 crypto/sha/asm/sha1-armv8.pl -c36f51761e7f59bdd0f61230297fb802542ac5d2d1c6d2b1096ed937131bd583 crypto/sha/asm/sha1-c64xplus.pl -4ab7c9153b085274a579b388ddff97a4ac7e11585e01811ca95b93a3ec786605 crypto/sha/asm/sha1-ia64.pl -48224a83c51bb7728af7ed5c83aa2aae502c1750cf84522d3d18b314f9b06be8 crypto/sha/asm/sha1-mb-x86_64.pl -c0fea5a0d32001263c8bcf7fc0757aa68c6a7377f20fef8d28708e1b81de5dec crypto/sha/asm/sha1-mips.pl -f11b75a54c5f42aa3a052de8091bfba47d7cac01920b2fe0ddcb637d4c9d0eb9 crypto/sha/asm/sha1-parisc.pl -d46ef3fc166271a83144d90985034e2c514bd1020b84ec0fe5427ad593bfeb74 crypto/sha/asm/sha1-ppc.pl -a48c7d9403fe99fbd4daec60e96eb22058da766ab9e606d084a63613962851a2 crypto/sha/asm/sha1-s390x.pl -0e2951e0574c64ee055ffddf16ceefdec00823107d60362976605f139ad8ae68 crypto/sha/asm/sha1-sparcv9.pl -5da48400d4fae85e205e95a2fa368e7bf525e51e274b1dd680dfb48645426c85 crypto/sha/asm/sha1-sparcv9a.pl -04b73c902d36c28b5a7eab47cb85f743eb9c648ed5936f64f655524a1010a1b5 crypto/sha/asm/sha1-thumb.pl -ddd4825dcacd84f6d731a2bd416a4110df08a03a9e86f2e82215ffea0df1d92c crypto/sha/asm/sha1-x86_64.pl +c96e87d4f5311cd73bbdf499acc03418588be12426d878e157dd67e0099e0219 crypto/sha/asm/sha1-alpha.pl +695ef6f8041f37f4b39cb7099e9c7c3a29d6f823823df7333530d375f5f5e01b crypto/sha/asm/sha1-armv4-large.pl +3ca053a2a27550b6076d2f12579899b027b2eadc0f30bef867c3eeae03e5e8bf crypto/sha/asm/sha1-armv8.pl +11d332b4e058e9fa418d6633316d2e9f9bf520a08b2d933e877bdf38b2edefcf crypto/sha/asm/sha1-c64xplus.pl +32ff0e701a7b8f25bcfe8477b20795de54f536527bd87d3ce694fd9aaae356d4 crypto/sha/asm/sha1-ia64.pl +de6c7e8c1e27779a8cf1ce2a04f487a3d4dc510d5ba240cd06128ecc8574e424 crypto/sha/asm/sha1-mb-x86_64.pl +0f5c63cf09e950d1b488935ab3b5562e3e9d5cd1a563fb88a41e3dae90a35e6d crypto/sha/asm/sha1-mips.pl +b5ffd7b6dbb04c05de7efa2945adb67ea845e7e61a3bf163a532f7b6acdf4267 crypto/sha/asm/sha1-parisc.pl +482cd23ca6ec38d6f62b90c68f9f20643579c50f2c0fbb0dab1c10a0e35efe77 crypto/sha/asm/sha1-ppc.pl +28cf69efd53d7a5a8c32e0f8db32c193f41b91faf44f5f59944334bc3f5aa337 crypto/sha/asm/sha1-s390x.pl +7fd355b412ddfa1c510e0ba3284f75b1c0d621b6db2ecb1d2a935d5cdb706628 crypto/sha/asm/sha1-sparcv9.pl +24554e68b0e7b7db7b635ff149549015f623ca0bcd9ae90439586a2076f6ae80 crypto/sha/asm/sha1-sparcv9a.pl +74d197cdd72400cabbff7e173f72c8976723081508b095dc995e8cd1abf3daa6 crypto/sha/asm/sha1-thumb.pl +dc363497de4fa3bc88b16e834ddf4967aecabdba5ea3ddd6113cf00da7e278bd crypto/sha/asm/sha1-x86_64.pl c099059ef107f548ea2c2bab64a4eb8c277070ce6d74c4d32bb9808dc19c5fa3 crypto/sha/asm/sha256-586.pl -8bfdb28ef338f981fffa5957a7867ce2408680d71a4c6e975eeb85970579d6a8 crypto/sha/asm/sha256-armv4.pl -c394bb5b0ff05595a9e6848b6602a0f29f73a79fc006593740f3ca645ad9d316 crypto/sha/asm/sha256-c64xplus.pl -2c56cb60a8543fc5e5dbc738c4228169e549eb7bfe226a568cca08343d1f1533 crypto/sha/asm/sha256-mb-x86_64.pl -84531dcee8cd2e48c126141cc43345edec1a8f14e182b73425ced281a51cd141 crypto/sha/asm/sha256-riscv64-zvkb-zvknha_or_zvknhb.pl +0f01f7b5b0699f1e8ca260439d009febfa5b85b9e7b0933d236467e383aaaa2e crypto/sha/asm/sha256-armv4.pl +93ddc97651ee3e779144a3c6b3e46a1bc4aa81e75cd7b9df068a2aef8743d25f crypto/sha/asm/sha256-c64xplus.pl +9a68b6642b20e3cdccd636c4a934a6e0114160506784583f684ad65aefac2872 crypto/sha/asm/sha256-mb-x86_64.pl +b14670492f24cd0d2fedf8780e981b7da123203395c085334d4571b619b0a610 crypto/sha/asm/sha256-riscv64-zvkb-zvknha_or_zvknhb.pl dd82e1311703abb019975fc7b61fb87d67e1ed916dddd065aced051e851114b9 crypto/sha/asm/sha512-586.pl -101659eaade9a3162ecc0257c271b9c05411318fc45b02445ec3ace5f6bf28d0 crypto/sha/asm/sha512-armv4.pl -9e6b3e56bf34a0ca032e72990dfa56b87abe60075e6dffc9fcb66a4c1477cc52 crypto/sha/asm/sha512-armv8.pl -5b6796a9978b69fd78ee2ff1adc5cf35d44cad8194a38d1c2aba2023012cf252 crypto/sha/asm/sha512-c64xplus.pl -e8df660671ba61aa2e8f51358baf5d8ca913093e2ee1a40c9cb46d9c2c0851f6 crypto/sha/asm/sha512-ia64.pl -525f253ef8051bfb0e344ac2e40688ce359a42707fe360d23a03f522cc88c81a crypto/sha/asm/sha512-mips.pl -3c3e03529d8514467f8d77c01978348636bb339315feb8041fbde7640565001e crypto/sha/asm/sha512-parisc.pl -952ef1b10e8bbe3f638cc798b91ab9c5b47b66ed8fe94647b1beec9874f2e71e crypto/sha/asm/sha512-ppc.pl -9806a5caa570eaefc8ce62af470126ef99c01c078af3c22871a9ca1da2006686 crypto/sha/asm/sha512-riscv64-zvkb-zvknhb.pl -193a0ea240264b29dd68a425f604a6da4b18e28838dcf909dd7e711af880f782 crypto/sha/asm/sha512-s390x.pl -dcb466a1e5938fb64ecb38b0533602192d61334da864ee8dfdcfa12d3cdfa273 crypto/sha/asm/sha512-sparcv9.pl -71198504332a27988f6e5c9627964a838d0220f69717b0ec60d0b6eeaa14669d crypto/sha/asm/sha512-x86_64.pl -68d2f3b2dccb978ee42640f4fb4d2eae6b74d071017a3eedd9e7cb77762817dc crypto/sha/asm/sha512p8-ppc.pl +16e68ac669860c5bf8e4db81cd3d64fc2c22168e129c2597e94b0f56fafcdfa8 crypto/sha/asm/sha512-armv4.pl +e840aeed694a04153364585989f09a791422c95260cfe5b89c3f8c57e0916a1c crypto/sha/asm/sha512-armv8.pl +6f548a088feae3b6faa179653ba449df9d3f5cda1e0561e5b5f120b32274d1eb crypto/sha/asm/sha512-c64xplus.pl +9fa54fbc34fd881f4b344374b9b4f8fb15b641424be7af9a31c71af89ae5d577 crypto/sha/asm/sha512-ia64.pl +fb06844e7c3b014a58dccc8ec6020c71843cfdc5be08288bc7d204f0a840c474 crypto/sha/asm/sha512-mips.pl +11548f06d213947104a80898e000218ec0d6ff3f6913f6582de498476482ce9f crypto/sha/asm/sha512-parisc.pl +7c0c490ce6bb11a228853aecad5e164ce84e5bdabb8a6658ae7184782076c7d3 crypto/sha/asm/sha512-ppc.pl +07804b96dda856cffaef291641c4ae7f59288ed1e65e38823cfdcb74f8ac5295 crypto/sha/asm/sha512-riscv64-zvkb-zvknhb.pl +38e0455fd6a2b93a7a5385379ca92bc6526585ca1eb4af365fac4c78f7285c72 crypto/sha/asm/sha512-s390x.pl +0611845c52091b0208dd41f22ddef9dd1e68d3d92fa4c4360738b840a6314de6 crypto/sha/asm/sha512-sparcv9.pl +473874a27b031e3d6c3dd0388c7231aa299e07c5832fa7499a081488e6f5680a crypto/sha/asm/sha512-x86_64.pl +8725cabb8d695c576619f19283b034074a3fa0f1c0be952a9dbe9793be15b907 crypto/sha/asm/sha512p8-ppc.pl e10cd2ff1fb57f3a3b5a9264878910627de989284ed4f78483e5863285f7f26e crypto/sha/keccak1600.c 306cacd3f86e5cacaca74c58ef862516515e5c0cafaff48636d537fd84f1c2fb crypto/sha/sha1dgst.c 65ca7d67f3e3fc0314ccb179b734530bf1cdbde3d3cf428adc4c402f52e4b394 crypto/sha/sha256.c @@ -379,15 +379,15 @@ a00e16963e1e2a0126c6a8e62da8a14f98de9736027654c925925dadd0ca3cc1 crypto/thread/ 27ec0090f4243c96e4fbe1babfd4320c2a16615ffa368275433217d50a1ef76c crypto/thread/internal.c 67ba8d87fbbb7c9a9e438018e7ecfd1cedd4d00224be05755580d044f5f1317a crypto/threads_lib.c 8344c928af055f38a0627796aa8dd71db87c5a0fb03f18c7b1ca20e3df22e4ae crypto/threads_none.c -cc4186b419118dc42d0ba044c126c83f328dd60fa084e6e211c8da84c16b1bd6 crypto/threads_pthread.c -e1c801bcf235eca9dd5d960ee098822754b4850910f95b85f223d4e03c965ec6 crypto/threads_win.c +66d6f6432c864699436221169edee89c13a29d2f94301e7bfd7aa518849fbdc3 crypto/threads_pthread.c +9948149272813d39244594eab73876752517ea117255219ea0c3190cd79a9ddf crypto/threads_win.c 8b45f948303045d8f753858b1b892e3da13bebe1bdac500db91fbb54a0ac07da crypto/time.c -af0af59fe2cb8668a96751f343232d7faa3e7a937beb2bda09ed74fe60b9cb5f crypto/x86_64cpuid.pl +fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16 crypto/x86cpuid.pl 56912aa7bfb1aba71fdb5b590a60593d604ddec007fd7820cdf176ec07d2694d include/crypto/aes_platform.h 44222ee3dbcc71acf0fc40fcb5f700d307eb843b3d456e11d04539d9613e920b include/crypto/asn1.h 8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h -27915b72146dba69906c5727eab174e01c2edc3c74526a57b45d4ddf49b5adb7 include/crypto/bn.h +7a879191cabf49ed390354e776b40b07f3d238a5b4d1e9207357a69de0416b2a include/crypto/bn.h 1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in 7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6 include/crypto/bn_dh.h 76cec717df68b4cbe33cf6fb557c9724ab027a1ab5e06b27eb0294fef2edd75b include/crypto/cmac.h @@ -436,8 +436,8 @@ d4ac19b28ea61f03383364cfad1e941cac44fc36787d80882c5b76ecc9d34e29 include/intern 727326afb3d33fdffdf26471e313f27892708318c0934089369e4b28267e2635 include/internal/propertyerr.h 811eff73f789e535530cf23ea6037d4da6cde53398e0e7063e60c68b8923a9b5 include/internal/provider.h 95d21e761402fcbf1d3bdb261e425316b07d2790dd190e4eeaa1e21e40ff9a59 include/internal/rcu.h -6771d6b154f3979903c4e53c0249bc0e709ce698966761bc60081428270eafa5 include/internal/refcount.h -5f48b2caa1986f85fc31d1f96621684736c27964291b3718dd35f3a15534fa99 include/internal/safe_math.h +baf5df9b8b91cb5b821ee27348a47364c9dfc86144c9573403e9d54fa970f81f include/internal/refcount.h +a01805714966e6de536ee182d5476cb1708d019631f016f331a034cf3b2b3158 include/internal/safe_math.h d11b69bed0965e47c3be0e0f44a812a7eb69ae91d7ca8f148a91d6ef6d255a47 include/internal/sha3.h 494ab5c802716bf38032986674fb094dde927a21752fe395d82e6044d81801d1 include/internal/sizes.h abf03dc8635f2925bdc2299feabe115f8d5d6eaa450b421172ded222872386ba include/internal/ssl3_cbc.h @@ -519,7 +519,7 @@ c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openss 8acd8147402a816c835b4240e18972072bab41d3fb6ee364fc17e543d6a854f6 include/openssl/thread.h a99dcb756a27eb019c9e3f5c49bd55ca39def82684aea891bac011e9e99f9b8d include/openssl/trace.h c7ec2154c2e55f1540abee52b8c2af53c9d993045408517d49a3d6a833cf281c include/openssl/types.h -e0308d6ae6a7309a163898079f6e2abd435589066856c92ddcafa2bf04718c1c include/openssl/x509.h.in +19ef0ff7da7c46425f8425745de75a24eed318abc0d715f1ac4095257101d5f3 include/openssl/x509.h.in 7844d00cef77c9be785b3dea17ba8b61cd3ee3db22518bd0928c6ea70771a7bc include/openssl/x509_vfy.h.in ef9e7c7a2176cf1b3f2d0c52b7cc1f47ad0666fbbd8a9479cbb39b7bf0dfe06b include/openssl/x509err.h c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13 providers/common/bio_prov.c @@ -638,12 +638,12 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/impl d8b5f2a17146cdfdbe6db518f8d4183d399a1dc163d3d7f0eb169665e84f3d56 providers/implementations/kdfs/x942kdf.c b4b389ab297283b7e3e5e667793f24e62a99baa47b69ec44b70d0ba8f0ce1862 providers/implementations/kem/rsa_kem.c 0a3b96d2818ce09a2a07663f311de68d0e2db92265c32aeccf844a1bc114dc83 providers/implementations/keymgmt/dh_kmgmt.c -48470164b3c023503e75aaacee17fe7da6beb06f10c84ac2acc2bf19e823f810 providers/implementations/keymgmt/dsa_kmgmt.c +f96793f772f56b6ab22b2a8d59d5b071ed99f10e8c18a80a8bb738035b81b0cf providers/implementations/keymgmt/dsa_kmgmt.c 686e86f1f91eb8459ca3789e5d903dae7bd0f6e61c16bbf9b98b558de272fd99 providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc -08264b248dcaf68140900871cb448210b4ef020eaac7a19275d0f54b3fb39614 providers/implementations/keymgmt/ecx_kmgmt.c +00ef4a3266fd7ab889858b3122c6531be895cfa0e40665dd2245c1d103da83d9 providers/implementations/keymgmt/ecx_kmgmt.c daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d providers/implementations/keymgmt/kdf_legacy_kmgmt.c -91832fb65cc8ee591989fcf0f039ad04ba463008b5be9549a2b0ae6882b257ab providers/implementations/keymgmt/mac_legacy_kmgmt.c +17d6bc9f386f147765d9653639056dcb40e258239a5a9fdc4876a4f0a1d47c21 providers/implementations/keymgmt/mac_legacy_kmgmt.c 9034a66a4bae1a15e127a5eca94bcec2ecaa971b205e945fcf7fba6b6bb8e47d providers/implementations/keymgmt/rsa_kmgmt.c c421f7cc04588d2184420d18ef528e410a8f52dafe2ad5d951b1d1ebc2d8bded providers/implementations/macs/cmac_prov.c f29f282463f5bc432129850619edc427fe1d6cc8aa107b5703b11858b48790da providers/implementations/macs/gmac_prov.c @@ -658,7 +658,7 @@ ddae75f1e08416c92802faafba9d524e3bf58c13e9fcb51735733e161006f89e providers/impl 56661d9ad771f4b3c4c808456c29142d16b0fdc95422a93c0286cc8e6326e29e providers/implementations/rands/test_rng.c b60c2da4f4a8c5be5e684f86fe985f85c44c765547912c1a56dd6d51b43101ad providers/implementations/signature/dsa_sig.c 5a5beb3552ec56d106601129dacafce8beca7952e63e349ffa019d3ce61dfad4 providers/implementations/signature/ecdsa_sig.c -720eadc94bd342f62fe6e0b58196899bb1c9c09f2b44ae5c1f8cbba827188110 providers/implementations/signature/eddsa_sig.c +d85301ef808e711fe73c60a76c524946d24bb7970fc2b37fec0d34edf512b820 providers/implementations/signature/eddsa_sig.c e0e67e402ff19b0d2eb5228d7ebd70b9477c12595ac34d6f201373d7c8a516f4 providers/implementations/signature/mac_legacy_sig.c 06fe4428b0ee105aa2c387647df369d756994162015c95130cd95ac008d3ccaa providers/implementations/signature/rsa_sig.c 0b73a04f8a03106e2a0fea10978f9888158046c29c3993ca6557f5a6403d5580 ssl/record/methods/ssl3_cbc.c diff --git a/providers/fips.checksum b/providers/fips.checksum index e9ec7f53b1..11637ef324 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -140904f4e82558130fb4ac0e418744e608112bd674b4c60cdb8f45267ca760df providers/fips-sources.checksums +ee2ea7a1ab011e2445aa04902bfd88808eeb6ef43bc4692f91e1969bbec09b34 providers/fips-sources.checksums diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c index ee2d4a7d32..d6f90753e3 100644 --- a/providers/implementations/kdfs/scrypt.c +++ b/providers/implementations/kdfs/scrypt.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -92,7 +92,9 @@ static void kdf_scrypt_reset(void *vctx) KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx; OPENSSL_free(ctx->salt); + ctx->salt = NULL; OPENSSL_clear_free(ctx->pass, ctx->pass_len); + ctx->pass = NULL; kdf_scrypt_init(ctx); } @@ -162,7 +164,6 @@ static int set_digest(KDF_SCRYPT *ctx) EVP_MD_free(ctx->sha256); ctx->sha256 = EVP_MD_fetch(ctx->libctx, "sha256", ctx->propq); if (ctx->sha256 == NULL) { - OPENSSL_free(ctx); ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_LOAD_SHA256); return 0; } diff --git a/providers/implementations/kem/ec_kem.c b/providers/implementations/kem/ec_kem.c index b82f903662..7f84fcbb2f 100644 --- a/providers/implementations/kem/ec_kem.c +++ b/providers/implementations/kem/ec_kem.c @@ -405,10 +405,10 @@ int ossl_ec_dhkem_derive_private(EC_KEY *ec, BIGNUM *priv, return 0; /* ikmlen should have a length of at least Nsk */ - if (ikmlen < info->Nsecret) { + if (ikmlen < info->Nsk) { ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH, "ikm length is :%zu, should be at least %zu", - ikmlen, info->Nsecret); + ikmlen, info->Nsk); goto err; } diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 2187568b2b..c51ef9d11d 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -430,7 +430,7 @@ static void *dsa_gen_init(void *provctx, int selection, OSSL_FIPS_IND_INIT(gctx) } if (!dsa_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); + dsa_gen_cleanup(gctx); gctx = NULL; } return gctx; @@ -631,7 +631,7 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) && (gctx->gen_type <= DSA_PARAMGEN_TYPE_FIPS_DEFAULT))) { ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, "gen_type set to unsupported value %d", gctx->gen_type); - return NULL; + goto end; } gctx->cb = osslcb; diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index 958fc37a47..b462f6dc70 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -510,7 +510,7 @@ static void *ecx_gen_init(void *provctx, int selection, #endif } if (!ecx_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); + ecx_gen_cleanup(gctx); gctx = NULL; } return gctx; diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index f952ebb227..161a433caf 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -393,7 +393,7 @@ static void *mac_gen_init(void *provctx, int selection, struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); if (gctx != NULL && !mac_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); + mac_gen_cleanup(gctx); gctx = NULL; } return gctx; @@ -405,7 +405,7 @@ static void *cmac_gen_init(void *provctx, int selection, struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); if (gctx != NULL && !cmac_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); + mac_gen_cleanup(gctx); gctx = NULL; } return gctx; diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c index e6689911c8..01a13a6109 100644 --- a/providers/implementations/signature/eddsa_sig.c +++ b/providers/implementations/signature/eddsa_sig.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -277,6 +277,7 @@ static int eddsa_signverify_init(void *vpeddsactx, void *vedkey) ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); ossl_ecx_key_free(edkey); peddsactx->key = NULL; + WPACKET_cleanup(&pkt); return 0; } if (ret && WPACKET_finish(&pkt)) { diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d055f06b39..3a2947a454 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -395,7 +395,7 @@ int dtls1_handle_timeout(SSL_CONNECTION *s) } if (s->d1->timer_cb != NULL) - s->d1->timeout_duration_us = s->d1->timer_cb(SSL_CONNECTION_GET_SSL(s), + s->d1->timeout_duration_us = s->d1->timer_cb(SSL_CONNECTION_GET_USER_SSL(s), s->d1->timeout_duration_us); else dtls1_double_timeout(s); diff --git a/ssl/quic/quic_demux.c b/ssl/quic/quic_demux.c index e3b5ca1918..a84a44c6e9 100644 --- a/ssl/quic/quic_demux.c +++ b/ssl/quic/quic_demux.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -442,6 +442,7 @@ int ossl_quic_demux_inject(QUIC_DEMUX *demux, /* Move from free list to pending list. */ ossl_list_urxe_remove(&demux->urx_free, urxe); + urxe->datagram_id = demux->next_datagram_id++; ossl_list_urxe_insert_tail(&demux->urx_pending, urxe); urxe->demux_state = URXE_DEMUX_STATE_PENDING; diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 539d6d9b78..240eaab72b 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -403,7 +403,7 @@ SSL *ossl_quic_new(SSL_CTX *ctx) goto err; } - qc->tls = ossl_ssl_connection_new_int(ctx, TLS_method()); + qc->tls = ossl_ssl_connection_new_int(ctx, ssl_base, TLS_method()); if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) { QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); goto err; @@ -2317,9 +2317,13 @@ static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len, quic_post_write(xso, actual_written > 0, actual_written == len, flags, 1); + /* + * Record however much data we wrote + */ + *written = actual_written; + if (actual_written == len) { /* Managed to append everything on the first try. */ - *written = actual_written; return 1; } @@ -2343,7 +2347,14 @@ static int quic_write_blocking(QCTX *ctx, const void *buf, size_t len, return QUIC_RAISE_NON_NORMAL_ERROR(ctx, args.err, NULL); } - *written = args.total_written; + /* + * When waiting on extra buffer space to be available, args.total_written + * holds the amount of remaining data we requested to write, which will be + * something less than the len parameter passed in, however much we wrote + * here, add it to the value that we wrote when we initially called + * xso_sstream_append + */ + *written += args.total_written; return 1; } @@ -2509,14 +2520,16 @@ static int quic_validate_for_write(QUIC_XSO *xso, int *err) /* FALLTHROUGH */ case QUIC_SSTREAM_STATE_SEND: case QUIC_SSTREAM_STATE_DATA_SENT: - case QUIC_SSTREAM_STATE_DATA_RECVD: if (ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)) { *err = SSL_R_STREAM_FINISHED; return 0; } - return 1; + case QUIC_SSTREAM_STATE_DATA_RECVD: + *err = SSL_R_STREAM_FINISHED; + return 0; + case QUIC_SSTREAM_STATE_RESET_SENT: case QUIC_SSTREAM_STATE_RESET_RECVD: *err = SSL_R_STREAM_RESET; diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c index 87c0ac0ca6..fbc7986017 100644 --- a/ssl/quic/quic_port.c +++ b/ssl/quic/quic_port.c @@ -290,7 +290,7 @@ static SSL *port_new_handshake_layer(QUIC_PORT *port) SSL *tls = NULL; SSL_CONNECTION *tls_conn = NULL; - tls = ossl_ssl_connection_new_int(port->channel_ctx, TLS_method()); + tls = ossl_ssl_connection_new_int(port->channel_ctx, NULL, TLS_method()); if (tls == NULL || (tls_conn = SSL_CONNECTION_FROM_SSL(tls)) == NULL) return NULL; diff --git a/ssl/quic/quic_txp.c b/ssl/quic/quic_txp.c index 2532d1edcb..bbbb6a7045 100644 --- a/ssl/quic/quic_txp.c +++ b/ssl/quic/quic_txp.c @@ -2226,6 +2226,7 @@ static int txp_generate_stream_frames(OSSL_QUIC_TX_PACKETISER *txp, rc = 1; goto err; } + chunks[i].shdr.stream_id = id; } for (i = 0;; ++i) { @@ -2339,7 +2340,6 @@ static int txp_generate_stream_frames(OSSL_QUIC_TX_PACKETISER *txp, if (wpkt == NULL) goto err; /* alloc error */ - shdr->stream_id = id; if (!ossl_assert(ossl_quic_wire_encode_frame_stream_hdr(wpkt, shdr))) { /* (Should not be possible.) */ tx_helper_rollback(h); diff --git a/ssl/quic/quic_wire_pkt.c b/ssl/quic/quic_wire_pkt.c index acb926ad38..00f4afb7c0 100644 --- a/ssl/quic/quic_wire_pkt.c +++ b/ssl/quic/quic_wire_pkt.c @@ -887,7 +887,7 @@ int ossl_quic_calculate_retry_integrity_tag(OSSL_LIB_CTX *libctx, if (!WPACKET_get_total_written(&wpkt, &hdr_enc_len)) { ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB); - return 0; + goto err; } /* Create and initialise cipher context. */ @@ -911,27 +911,27 @@ int ossl_quic_calculate_retry_integrity_tag(OSSL_LIB_CTX *libctx, /* Feed packet header as AAD data. */ if (EVP_CipherUpdate(cctx, NULL, &l, buf, hdr_enc_len) != 1) { ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; + goto err; } /* Feed packet body as AAD data. */ if (EVP_CipherUpdate(cctx, NULL, &l, hdr->data, hdr->len - QUIC_RETRY_INTEGRITY_TAG_LEN) != 1) { ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; + goto err; } /* Finalise and get tag. */ if (EVP_CipherFinal_ex(cctx, NULL, &l2) != 1) { ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; + goto err; } if (EVP_CIPHER_CTX_ctrl(cctx, EVP_CTRL_AEAD_GET_TAG, QUIC_RETRY_INTEGRITY_TAG_LEN, tag) != 1) { ERR_raise(ERR_LIB_SSL, ERR_R_EVP_LIB); - return 0; + goto err; } ok = 1; diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 175086ee17..80d4477bd0 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -143,7 +143,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, size_t firstlen, size_t nextlen) { unsigned char *p; - size_t align = 0, headerlen; + size_t maxalign = 0, headerlen; TLS_BUFFER *wb; size_t currpipe; size_t defltlen = 0; @@ -160,10 +160,10 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, contenttypelen = 1; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 - align = SSL3_ALIGN_PAYLOAD - 1; + maxalign = SSL3_ALIGN_PAYLOAD - 1; #endif - defltlen = align + headerlen + rl->eivlen + rl->max_frag_len + defltlen = maxalign + headerlen + rl->eivlen + rl->max_frag_len + contenttypelen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; #ifndef OPENSSL_NO_COMP if (tls_allow_compression(rl)) @@ -175,7 +175,7 @@ int tls_setup_write_buffer(OSSL_RECORD_LAYER *rl, size_t numwpipes, * always be 0 in these protocol versions */ if ((rl->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) == 0) - defltlen += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; + defltlen += headerlen + maxalign + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; } wb = rl->wbuf; @@ -229,7 +229,7 @@ static void tls_release_write_buffer(OSSL_RECORD_LAYER *rl) int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl) { unsigned char *p; - size_t len, align = 0, headerlen; + size_t len, maxalign = 0, headerlen; TLS_BUFFER *b; b = &rl->rbuf; @@ -240,12 +240,12 @@ int tls_setup_read_buffer(OSSL_RECORD_LAYER *rl) headerlen = SSL3_RT_HEADER_LENGTH; #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0 - align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1); + maxalign = SSL3_ALIGN_PAYLOAD - 1; #endif if (b->buf == NULL) { len = rl->max_frag_len - + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align; + + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + maxalign; #ifndef OPENSSL_NO_COMP if (tls_allow_compression(rl)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 14db7dab2c..cce236bb7b 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1129,7 +1129,7 @@ static void rlayer_msg_callback_wrapper(int write_p, int version, size_t len, void *cbarg) { SSL_CONNECTION *s = cbarg; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); if (s->msg_callback != NULL) s->msg_callback(write_p, version, content_type, buf, len, ssl, @@ -1149,7 +1149,7 @@ static OSSL_FUNC_rlayer_padding_fn rlayer_padding_wrapper; static size_t rlayer_padding_wrapper(void *cbarg, int type, size_t len) { SSL_CONNECTION *s = cbarg; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); return s->rlayer.record_padding_cb(ssl, type, len, s->rlayer.record_padding_arg); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 04d08430e7..24ff2f1810 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -267,7 +267,7 @@ void ssl_cert_free(CERT *c) if (c == NULL) return; CRYPTO_DOWN_REF(&c->references, &i); - REF_PRINT_COUNT("CERT", c); + REF_PRINT_COUNT("CERT", i, c); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -1267,7 +1267,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int ssl_security(const SSL_CONNECTION *s, int op, int bits, int nid, void *other) { - return s->cert->sec_cb(SSL_CONNECTION_GET_SSL(s), NULL, op, bits, nid, + return s->cert->sec_cb(SSL_CONNECTION_GET_USER_SSL(s), NULL, op, bits, nid, other, s->cert->sec_ex); } diff --git a/ssl/ssl_cert_comp.c b/ssl/ssl_cert_comp.c index ba9bfb480c..7bf49d435f 100644 --- a/ssl/ssl_cert_comp.c +++ b/ssl/ssl_cert_comp.c @@ -136,7 +136,7 @@ void OSSL_COMP_CERT_free(OSSL_COMP_CERT *cc) return; CRYPTO_DOWN_REF(&cc->references, &i); - REF_PRINT_COUNT("OSSL_COMP_CERT", cc); + REF_PRINT_COUNT("OSSL_COMP_CERT", i, cc); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -152,7 +152,7 @@ int OSSL_COMP_CERT_up_ref(OSSL_COMP_CERT *cc) if (CRYPTO_UP_REF(&cc->references, &i) <= 0) return 0; - REF_PRINT_COUNT("OSSL_COMP_CERT", cc); + REF_PRINT_COUNT("OSSL_COMP_CERT", i, cc); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 5e2d7c1c98..e5465dbc51 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -664,22 +664,19 @@ static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value) copy = OPENSSL_strdup(value); if (copy == NULL) - return 0; + goto out; commap = strstr(copy, ","); if (commap != NULL) { *commap = '\0'; - if (*(commap + 1) == '\0') { - OPENSSL_free(copy); - return 0; - } + if (*(commap + 1) == '\0') + goto out; if (!OPENSSL_strtoul(commap + 1, &endptr, 0, &hs_padding)) - return 0; + goto out; } if (!OPENSSL_strtoul(copy, &endptr, 0, &block_padding)) - return 0; + goto out; if (commap == NULL) hs_padding = block_padding; - OPENSSL_free(copy); /* * All we care about are non-negative values, @@ -691,6 +688,8 @@ static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value) if (cctx->ssl) rv = SSL_set_block_padding_ex(cctx->ssl, (size_t)block_padding, (size_t)hs_padding); +out: + OPENSSL_free(copy); return rv; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index ba9fcec55c..295b719ff2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -725,7 +725,8 @@ int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type) return 1; } -SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method) +SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, SSL *user_ssl, + const SSL_METHOD *method) { SSL_CONNECTION *s; SSL *ssl; @@ -735,6 +736,8 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method) return NULL; ssl = &s->ssl; + s->user_ssl = (user_ssl == NULL) ? ssl : user_ssl; + if (!ossl_ssl_init(ssl, ctx, method, SSL_TYPE_SSL_CONNECTION)) { OPENSSL_free(s); s = NULL; @@ -930,7 +933,7 @@ SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method) SSL *ossl_ssl_connection_new(SSL_CTX *ctx) { - return ossl_ssl_connection_new_int(ctx, ctx->method); + return ossl_ssl_connection_new_int(ctx, NULL, ctx->method); } int SSL_is_dtls(const SSL *s) @@ -979,7 +982,7 @@ int SSL_up_ref(SSL *s) if (CRYPTO_UP_REF(&s->references, &i) <= 0) return 0; - REF_PRINT_COUNT("SSL", s); + REF_PRINT_COUNT("SSL", i, s); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -1380,7 +1383,7 @@ void SSL_free(SSL *s) if (s == NULL) return; CRYPTO_DOWN_REF(&s->references, &i); - REF_PRINT_COUNT("SSL", s); + REF_PRINT_COUNT("SSL", i, s); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -3342,7 +3345,7 @@ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) */ if (sk == NULL) return 0; - else if (cipher_list_tls12_num(sk) == 0) { + if (ctx->method->num_ciphers() > 0 && cipher_list_tls12_num(sk) == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); return 0; } @@ -3354,17 +3357,19 @@ int SSL_set_cipher_list(SSL *s, const char *str) { STACK_OF(SSL_CIPHER) *sk; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + SSL_CTX *ctx; if (sc == NULL) return 0; - sk = ssl_create_cipher_list(s->ctx, sc->tls13_ciphersuites, + ctx = s->ctx; + sk = ssl_create_cipher_list(ctx, sc->tls13_ciphersuites, &sc->cipher_list, &sc->cipher_list_by_id, str, sc->cert); /* see comment in SSL_CTX_set_cipher_list */ if (sk == NULL) return 0; - else if (cipher_list_tls12_num(sk) == 0) { + if (ctx->method->num_ciphers() > 0 && cipher_list_tls12_num(sk) == 0) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH); return 0; } @@ -4136,7 +4141,7 @@ int SSL_CTX_up_ref(SSL_CTX *ctx) if (CRYPTO_UP_REF(&ctx->references, &i) <= 0) return 0; - REF_PRINT_COUNT("SSL_CTX", ctx); + REF_PRINT_COUNT("SSL_CTX", i, ctx); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } @@ -4150,7 +4155,7 @@ void SSL_CTX_free(SSL_CTX *a) return; CRYPTO_DOWN_REF(&a->references, &i); - REF_PRINT_COUNT("SSL_CTX", a); + REF_PRINT_COUNT("SSL_CTX", i, a); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -4546,7 +4551,7 @@ void ssl_update_cache(SSL_CONNECTION *s, int mode) */ if (s->session_ctx->new_session_cb != NULL) { SSL_SESSION_up_ref(s->session); - if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_SSL(s), + if (!s->session_ctx->new_session_cb(SSL_CONNECTION_GET_USER_SSL(s), s->session)) SSL_SESSION_free(s->session); } @@ -6781,7 +6786,7 @@ static int nss_keylog_int(const char *prefix, cursor += ossl_to_lowerhex(cursor, parameter_2[i]); *cursor = '\0'; - sctx->keylog_callback(SSL_CONNECTION_GET_SSL(sc), (const char *)out); + sctx->keylog_callback(SSL_CONNECTION_GET_USER_SSL(sc), (const char *)out); OPENSSL_clear_free(out, out_len); return 1; } diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index d1c1afe94e..277be3084d 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -1210,6 +1210,13 @@ struct ssl_st { struct ssl_connection_st { /* type identifier and common data */ struct ssl_st ssl; + + /* + * The actual end user's SSL object. Could be different to this one for + * QUIC + */ + SSL *user_ssl; + /* * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, * DTLS1_VERSION) @@ -1817,6 +1824,7 @@ struct ssl_connection_st { SSL_CONNECTION_FROM_SSL_ONLY_int(ssl, const) # define SSL_CONNECTION_GET_CTX(sc) ((sc)->ssl.ctx) # define SSL_CONNECTION_GET_SSL(sc) (&(sc)->ssl) +# define SSL_CONNECTION_GET_USER_SSL(sc) ((sc)->user_ssl) # ifndef OPENSSL_NO_QUIC # include "quic/quic_local.h" # define SSL_CONNECTION_FROM_SSL_int(ssl, c) \ @@ -2488,7 +2496,8 @@ static ossl_inline void tls1_get_peer_groups(SSL_CONNECTION *s, __owur int ossl_ssl_init(SSL *ssl, SSL_CTX *ctx, const SSL_METHOD *method, int type); -__owur SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, const SSL_METHOD *method); +__owur SSL *ossl_ssl_connection_new_int(SSL_CTX *ctx, SSL *user_ssl, + const SSL_METHOD *method); __owur SSL *ossl_ssl_connection_new(SSL_CTX *ctx); void ossl_ssl_connection_free(SSL *ssl); __owur int ossl_ssl_connection_reset(SSL *ssl); diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 6b5d9bbb24..69149de050 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -522,7 +522,7 @@ SSL_SESSION *lookup_sess_in_cache(SSL_CONNECTION *s, if (ret == NULL && s->session_ctx->get_session_cb != NULL) { int copy = 1; - ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_SSL(s), + ret = s->session_ctx->get_session_cb(SSL_CONNECTION_GET_USER_SSL(s), sess_id, sess_id_len, ©); if (ret != NULL) { @@ -844,7 +844,7 @@ void SSL_SESSION_free(SSL_SESSION *ss) if (ss == NULL) return; CRYPTO_DOWN_REF(&ss->references, &i); - REF_PRINT_COUNT("SSL_SESSION", ss); + REF_PRINT_COUNT("SSL_SESSION", i, ss); if (i > 0) return; REF_ASSERT_ISNT(i < 0); @@ -878,7 +878,7 @@ int SSL_SESSION_up_ref(SSL_SESSION *ss) if (CRYPTO_UP_REF(&ss->references, &i) <= 0) return 0; - REF_PRINT_COUNT("SSL_SESSION", ss); + REF_PRINT_COUNT("SSL_SESSION", i, ss); REF_ASSERT_ISNT(i < 2); return ((i > 1) ? 1 : 0); } diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index a467948599..762c7ac0d4 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -693,7 +693,7 @@ int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, thisex->type = type; thisex->received_order = i++; if (s->ext.debug_cb) - s->ext.debug_cb(SSL_CONNECTION_GET_SSL(s), !s->server, + s->ext.debug_cb(SSL_CONNECTION_GET_USER_SSL(s), !s->server, thisex->type, PACKET_data(&thisex->data), PACKET_remaining(&thisex->data), s->ext.debug_arg); @@ -991,6 +991,7 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) int ret = SSL_TLSEXT_ERR_NOACK; int altmp = SSL_AD_UNRECOGNIZED_NAME; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); int was_ticket = (SSL_get_options(ssl) & SSL_OP_NO_TICKET) == 0; @@ -1000,11 +1001,11 @@ static int final_server_name(SSL_CONNECTION *s, unsigned int context, int sent) } if (sctx->ext.servername_cb != NULL) - ret = sctx->ext.servername_cb(ssl, &altmp, + ret = sctx->ext.servername_cb(ussl, &altmp, sctx->ext.servername_arg); else if (s->session_ctx->ext.servername_cb != NULL) - ret = s->session_ctx->ext.servername_cb(ssl, &altmp, - s->session_ctx->ext.servername_arg); + ret = s->session_ctx->ext.servername_cb(ussl, &altmp, + s->session_ctx->ext.servername_arg); /* * For servers, propagate the SNI hostname from the temporary @@ -1739,8 +1740,8 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent) || !s->ext.early_data_ok || s->hello_retry_request != SSL_HRR_NONE || (s->allow_early_data_cb != NULL - && !s->allow_early_data_cb(SSL_CONNECTION_GET_SSL(s), - s->allow_early_data_cb_data))) { + && !s->allow_early_data_cb(SSL_CONNECTION_GET_USER_SSL(s), + s->allow_early_data_cb_data))) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 9fd84ecfd7..fb9f8796ba 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -784,13 +784,13 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, SSL_SESSION *psksess = NULL; SSL_SESSION *edsess = NULL; const EVP_MD *handmd = NULL; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (s->hello_retry_request == SSL_HRR_PENDING) handmd = ssl_handshake_md(s); if (s->psk_use_session_cb != NULL - && (!s->psk_use_session_cb(ssl, handmd, &id, &idlen, &psksess) + && (!s->psk_use_session_cb(ussl, handmd, &id, &idlen, &psksess) || (psksess != NULL && psksess->ssl_version != TLS1_3_VERSION))) { SSL_SESSION_free(psksess); @@ -804,7 +804,7 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, size_t psklen = 0; memset(identity, 0, sizeof(identity)); - psklen = s->psk_client_callback(ssl, NULL, + psklen = s->psk_client_callback(ussl, NULL, identity, sizeof(identity) - 1, psk, sizeof(psk)); @@ -826,7 +826,8 @@ EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, * We found a PSK using an old style callback. We don't know * the digest so we default to SHA256 as per the TLSv1.3 spec */ - cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); + cipher = SSL_CIPHER_find(SSL_CONNECTION_GET_SSL(s), + tls13_aes128gcmsha256_id); if (cipher == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -1421,7 +1422,7 @@ int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx) { - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); if (s->ext.session_ticket_cb != NULL && !s->ext.session_ticket_cb(ssl, PACKET_data(pkt), @@ -1595,7 +1596,7 @@ int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, /* SSLfatal() already called */ return 0; } - if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_SSL(s), + if (sctx->ext.npn_select_cb(SSL_CONNECTION_GET_USER_SSL(s), &selected, &selected_len, PACKET_data(pkt), PACKET_remaining(pkt), sctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK diff --git a/ssl/statem/extensions_cust.c b/ssl/statem/extensions_cust.c index fd840e8918..4757ee65bf 100644 --- a/ssl/statem/extensions_cust.c +++ b/ssl/statem/extensions_cust.c @@ -158,7 +158,7 @@ int custom_ext_parse(SSL_CONNECTION *s, unsigned int context, if (meth->parse_cb == NULL) return 1; - if (meth->parse_cb(SSL_CONNECTION_GET_SSL(s), ext_type, context, ext_data, + if (meth->parse_cb(SSL_CONNECTION_GET_USER_SSL(s), ext_type, context, ext_data, ext_size, x, chainidx, &al, meth->parse_arg) <= 0) { SSLfatal(s, al, SSL_R_BAD_EXTENSION); return 0; @@ -207,7 +207,7 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, continue; if (meth->add_cb != NULL) { - int cb_retval = meth->add_cb(SSL_CONNECTION_GET_SSL(s), + int cb_retval = meth->add_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, context, &out, &outlen, x, chainidx, &al, meth->add_arg); @@ -226,8 +226,8 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) || !WPACKET_close(pkt)) { if (meth->free_cb != NULL) - meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context, - out, meth->add_arg); + meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, + context, out, meth->add_arg); if (!for_comp) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -238,7 +238,7 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, */ if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) { if (meth->free_cb != NULL) - meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, + meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, context, out, meth->add_arg); if (!for_comp) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -252,8 +252,8 @@ int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x, meth->ext_flags |= SSL_EXT_FLAG_SENT; } if (meth->free_cb != NULL) - meth->free_cb(SSL_CONNECTION_GET_SSL(s), meth->ext_type, context, - out, meth->add_arg); + meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type, + context, out, meth->add_arg); } return 1; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 5d91d3893f..73b93048cb 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -265,7 +265,7 @@ int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, X509 *x, size_t chainidx) { if (s->ext.session_ticket_cb && - !s->ext.session_ticket_cb(SSL_CONNECTION_GET_SSL(s), + !s->ext.session_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s), PACKET_data(pkt), PACKET_remaining(pkt), s->ext.session_ticket_cb_arg)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -852,7 +852,7 @@ int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, } /* Verify the app cookie */ - if (sctx->verify_stateless_cookie_cb(ssl, + if (sctx->verify_stateless_cookie_cb(SSL_CONNECTION_GET_USER_SSL(s), PACKET_data(&appcookie), PACKET_remaining(&appcookie)) == 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_COOKIE_MISMATCH); @@ -1031,7 +1031,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, unsigned int id, i, ext = 0; const EVP_MD *md = NULL; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); /* * If we have no PSK kex mode that we recognise then we can't resume so @@ -1060,7 +1060,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, idlen = PACKET_remaining(&identity); if (s->psk_find_session_cb != NULL - && !s->psk_find_session_cb(ssl, PACKET_data(&identity), idlen, + && !s->psk_find_session_cb(ussl, PACKET_data(&identity), idlen, &sess)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_EXTENSION); return 0; @@ -1078,7 +1078,7 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } - pskdatalen = s->psk_server_callback(ssl, pskid, pskdata, + pskdatalen = s->psk_server_callback(ussl, pskid, pskdata, sizeof(pskdata)); OPENSSL_free(pskid); if (pskdatalen > PSK_MAX_PSK_LEN) { @@ -1092,7 +1092,8 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, * We found a PSK using an old style callback. We don't know * the digest so we default to SHA256 as per the TLSv1.3 spec */ - cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); + cipher = SSL_CIPHER_find(SSL_CONNECTION_GET_SSL(s), + tls13_aes128gcmsha256_id); if (cipher == NULL) { OPENSSL_cleanse(pskdata, pskdatalen); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -1510,8 +1511,8 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, if (!npn_seen || sctx->ext.npn_advertised_cb == NULL) return EXT_RETURN_NOT_SENT; - ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_SSL(s), &npa, &npalen, - sctx->ext.npn_advertised_cb_arg); + ret = sctx->ext.npn_advertised_cb(SSL_CONNECTION_GET_USER_SSL(s), &npa, + &npalen, sctx->ext.npn_advertised_cb_arg); if (ret == SSL_TLSEXT_ERR_OK) { if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg) || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) { @@ -1784,6 +1785,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, int ret = EXT_RETURN_FAIL; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0) return EXT_RETURN_NOT_SENT; @@ -1833,7 +1835,7 @@ EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, } /* Generate the application cookie */ - if (sctx->gen_stateless_cookie_cb(ssl, appcookie1, + if (sctx->gen_stateless_cookie_cb(ussl, appcookie1, &appcookielen) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); return EXT_RETURN_FAIL; diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 921d7cfb1e..517f1a60fa 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -357,6 +357,7 @@ static int state_machine(SSL_CONNECTION *s, int server) int ret = -1; int ssret; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (st->state == MSG_FLOW_ERROR) { /* Shouldn't have been called if we're already in the error state */ @@ -399,7 +400,7 @@ static int state_machine(SSL_CONNECTION *s, int server) s->server = server; if (cb != NULL) { if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_CONNECTION_IS_TLS13(s)) - cb(ssl, SSL_CB_HANDSHAKE_START, 1); + cb(ussl, SSL_CB_HANDSHAKE_START, 1); } /* @@ -521,9 +522,9 @@ static int state_machine(SSL_CONNECTION *s, int server) BUF_MEM_free(buf); if (cb != NULL) { if (server) - cb(ssl, SSL_CB_ACCEPT_EXIT, ret); + cb(ussl, SSL_CB_ACCEPT_EXIT, ret); else - cb(ssl, SSL_CB_CONNECT_EXIT, ret); + cb(ussl, SSL_CB_CONNECT_EXIT, ret); } return ret; } @@ -590,7 +591,7 @@ static SUB_STATE_RETURN read_state_machine(SSL_CONNECTION *s) WORK_STATE(*post_process_message) (SSL_CONNECTION *s, WORK_STATE wst); size_t (*max_message_size) (SSL_CONNECTION *s); void (*cb) (const SSL *ssl, int type, int val) = NULL; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); cb = get_callback(s); @@ -813,7 +814,7 @@ static SUB_STATE_RETURN write_state_machine(SSL_CONNECTION *s) CON_FUNC_RETURN (*confunc) (SSL_CONNECTION *s, WPACKET *pkt); int mt; WPACKET pkt; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); cb = get_callback(s); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 80a997a73c..19d8b0ebf3 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1464,6 +1464,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) unsigned int context; RAW_EXTENSION *extensions = NULL; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); #ifndef OPENSSL_NO_COMP SSL_COMP *comp; #endif @@ -1624,7 +1625,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt) int master_key_length; master_key_length = sizeof(s->session->master_key); - if (s->ext.session_secret_cb(ssl, s->session->master_key, + if (s->ext.session_secret_cb(ussl, s->session->master_key, &master_key_length, NULL, &pref_cipher, s->ext.session_secret_cb_arg) @@ -1909,6 +1910,7 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, { size_t certidx; const SSL_CERT_LOOKUP *clu; + int v_ok; if (sc->session->peer_rpk == NULL) { SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, @@ -1918,9 +1920,19 @@ static WORK_STATE tls_post_process_server_rpk(SSL_CONNECTION *sc, if (sc->rwstate == SSL_RETRY_VERIFY) sc->rwstate = SSL_NOTHING; - if (ssl_verify_rpk(sc, sc->session->peer_rpk) > 0 - && sc->rwstate == SSL_RETRY_VERIFY) + + ERR_set_mark(); + v_ok = ssl_verify_rpk(sc, sc->session->peer_rpk); + if (v_ok <= 0 && sc->verify_mode != SSL_VERIFY_NONE) { + ERR_clear_last_mark(); + SSLfatal(sc, ssl_x509err2alert(sc->verify_result), + SSL_R_CERTIFICATE_VERIFY_FAILED); + return WORK_ERROR; + } + ERR_pop_to_mark(); /* but we keep s->verify_result */ + if (v_ok > 0 && sc->rwstate == SSL_RETRY_VERIFY) { return WORK_MORE_A; + } if ((clu = ssl_cert_lookup_by_pkey(sc->session->peer_rpk, &certidx, SSL_CONNECTION_GET_CTX(sc))) == NULL) { @@ -2070,10 +2082,7 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, if (s->rwstate == SSL_RETRY_VERIFY) s->rwstate = SSL_NOTHING; - i = ssl_verify_cert_chain(s, s->session->peer_chain); - if (i > 0 && s->rwstate == SSL_RETRY_VERIFY) { - return WORK_MORE_A; - } + /* * The documented interface is that SSL_VERIFY_PEER should be set in order * for client side verification of the server certificate to take place. @@ -2088,12 +2097,17 @@ WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, * (less clean) historic behaviour of performing validation if any flag is * set. The *documented* interface remains the same. */ - if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { + ERR_set_mark(); + i = ssl_verify_cert_chain(s, s->session->peer_chain); + if (i <= 0 && s->verify_mode != SSL_VERIFY_NONE) { + ERR_clear_last_mark(); SSLfatal(s, ssl_x509err2alert(s->verify_result), SSL_R_CERTIFICATE_VERIFY_FAILED); return WORK_ERROR; } - ERR_clear_error(); /* but we keep s->verify_result */ + ERR_pop_to_mark(); /* but we keep s->verify_result */ + if (i > 0 && s->rwstate == SSL_RETRY_VERIFY) + return WORK_MORE_A; /* * Inconsistency alert: cert_chain does include the peer's certificate, @@ -2930,7 +2944,7 @@ int tls_process_initial_server_flight(SSL_CONNECTION *s) */ if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && sctx->ext.status_cb != NULL) { - int ret = sctx->ext.status_cb(SSL_CONNECTION_GET_SSL(s), + int ret = sctx->ext.status_cb(SSL_CONNECTION_GET_USER_SSL(s), sctx->ext.status_arg); if (ret == 0) { @@ -3004,7 +3018,7 @@ static int tls_construct_cke_psk_preamble(SSL_CONNECTION *s, WPACKET *pkt) memset(identity, 0, sizeof(identity)); - psklen = s->psk_client_callback(SSL_CONNECTION_GET_SSL(s), + psklen = s->psk_client_callback(SSL_CONNECTION_GET_USER_SSL(s), s->session->psk_identity_hint, identity, sizeof(identity) - 1, psk, sizeof(psk)); @@ -4055,7 +4069,7 @@ int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509, EVP_PKEY **ppkey) } #endif if (sctx->client_cert_cb) - i = sctx->client_cert_cb(SSL_CONNECTION_GET_SSL(s), px509, ppkey); + i = sctx->client_cert_cb(SSL_CONNECTION_GET_USER_SSL(s), px509, ppkey); return i; } diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index d1800c193a..b583e312d9 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -114,6 +114,7 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) int retry = 1; size_t len, frag_off, overhead, used_len; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (!dtls1_query_mtu(s)) return -1; @@ -295,7 +296,7 @@ int dtls1_do_write(SSL_CONNECTION *s, uint8_t type) if (written == s->init_num) { if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), ssl, + (size_t)(s->init_off + s->init_num), ussl, s->msg_callback_arg); s->init_off = 0; /* done writing this message */ @@ -348,7 +349,7 @@ int dtls_get_message(SSL_CONNECTION *s, int *mt) if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { if (s->msg_callback) { s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, - p, 1, SSL_CONNECTION_GET_SSL(s), + p, 1, SSL_CONNECTION_GET_USER_SSL(s), s->msg_callback_arg); } /* @@ -409,7 +410,7 @@ int dtls_get_message_body(SSL_CONNECTION *s, size_t *len) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, s->init_num + DTLS1_HM_HEADER_LENGTH, - SSL_CONNECTION_GET_SSL(s), s->msg_callback_arg); + SSL_CONNECTION_GET_USER_SSL(s), s->msg_callback_arg); end: *len = s->init_num; @@ -808,6 +809,7 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, struct hm_header_st msg_hdr; size_t readbytes; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); int chretran = 0; unsigned char *p; @@ -913,7 +915,7 @@ static int dtls_get_reassembled_message(SSL_CONNECTION *s, int *errtype, if (p[1] == 0 && p[2] == 0 && p[3] == 0) { if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, DTLS1_HM_HEADER_LENGTH, ssl, + p, DTLS1_HM_HEADER_LENGTH, ussl, s->msg_callback_arg); s->init_num = 0; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index d52e2a7384..a52b8af636 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -63,6 +63,7 @@ int ssl3_do_write(SSL_CONNECTION *s, uint8_t type) int ret; size_t written = 0; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); /* * If we're running the test suite then we may need to mutate the message @@ -112,7 +113,7 @@ int ssl3_do_write(SSL_CONNECTION *s, uint8_t type) s->statem.write_in_progress = 0; if (s->msg_callback) s->msg_callback(1, s->version, type, s->init_buf->data, - (size_t)(s->init_off + s->init_num), ssl, + (size_t)(s->init_off + s->init_num), ussl, s->msg_callback_arg); return 1; } @@ -1411,7 +1412,7 @@ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, { void (*cb) (const SSL *ssl, int type, int val) = NULL; int cleanuphand = s->statem.cleanuphand; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (clearbufs) { @@ -1423,7 +1424,7 @@ WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, ossl_unused WORK_STATE wst, * MUST NOT be used. * Hence the init_buf can be cleared when DTLS over SCTP as transport is used. */ - || BIO_dgram_is_sctp(SSL_get_wbio(ssl)) + || BIO_dgram_is_sctp(SSL_get_wbio(SSL_CONNECTION_GET_SSL(s))) #endif ) { /* @@ -1535,6 +1536,7 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) unsigned char *p; size_t l, readbytes; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); p = (unsigned char *)s->init_buf->data; @@ -1598,7 +1600,7 @@ int tls_get_message_header(SSL_CONNECTION *s, int *mt) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, SSL3_HM_HEADER_LENGTH, ssl, + p, SSL3_HM_HEADER_LENGTH, ussl, s->msg_callback_arg); } } while (skip_message); @@ -1643,6 +1645,7 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) unsigned char *p; int i; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { /* We've already read everything in */ @@ -1684,7 +1687,7 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) } if (s->msg_callback) s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, - (size_t)s->init_num, ssl, s->msg_callback_arg); + (size_t)s->init_num, ussl, s->msg_callback_arg); } else { /* * We defer feeding in the HRR until later. We'll do it as part of @@ -1712,7 +1715,7 @@ int tls_get_message_body(SSL_CONNECTION *s, size_t *len) } if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ssl, + (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, ussl, s->msg_callback_arg); } @@ -2859,7 +2862,7 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, } } if (!found) { - SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, SSL_R_BAD_COMPRESSION_ALGORITHM); + SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_COMPRESSION_ALGORITHM); goto err; } } @@ -2884,9 +2887,17 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, if ((comp = COMP_CTX_new(method)) == NULL || !PACKET_get_net_3_len(pkt, &expected_length) - || !PACKET_get_net_3_len(pkt, &comp_length) - || PACKET_remaining(pkt) != comp_length - || !BUF_MEM_grow(buf, expected_length) + || !PACKET_get_net_3_len(pkt, &comp_length)) { + SSLfatal(sc, SSL_AD_BAD_CERTIFICATE, SSL_R_BAD_DECOMPRESSION); + goto err; + } + + if (PACKET_remaining(pkt) != comp_length || comp_length == 0) { + SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION); + goto err; + } + + if (!BUF_MEM_grow(buf, expected_length) || !PACKET_buf_init(tmppkt, (unsigned char *)buf->data, expected_length) || COMP_expand_block(comp, (unsigned char *)buf->data, expected_length, (unsigned char*)PACKET_data(pkt), comp_length) != (int)expected_length) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index db009f3b77..9f586b553f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1381,7 +1381,7 @@ CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s, SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (sctx->app_gen_cookie_cb == NULL - || sctx->app_gen_cookie_cb(SSL_CONNECTION_GET_SSL(s), s->d1->cookie, + || sctx->app_gen_cookie_cb(SSL_CONNECTION_GET_USER_SSL(s), s->d1->cookie, &cookie_leni) == 0 || cookie_leni > DTLS1_COOKIE_LENGTH) { SSLfatal(s, SSL_AD_NO_ALERT, SSL_R_COOKIE_GEN_CALLBACK_FAILURE); @@ -1694,12 +1694,13 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) DOWNGRADE dgrd = DOWNGRADE_NONE; SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); /* Finished parsing the ClientHello, now we can start processing it */ /* Give the ClientHello callback a crack at things */ if (sctx->client_hello_cb != NULL) { /* A failure in the ClientHello callback terminates the connection. */ - switch (sctx->client_hello_cb(ssl, &al, sctx->client_hello_cb_arg)) { + switch (sctx->client_hello_cb(ussl, &al, sctx->client_hello_cb_arg)) { case SSL_CLIENT_HELLO_SUCCESS: break; case SSL_CLIENT_HELLO_RETRY: @@ -1755,8 +1756,8 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) /* Empty cookie was already handled above by returning early. */ if (SSL_get_options(ssl) & SSL_OP_COOKIE_EXCHANGE) { if (sctx->app_verify_cookie_cb != NULL) { - if (sctx->app_verify_cookie_cb(ssl, clienthello->dtls_cookie, - clienthello->dtls_cookie_len) == 0) { + if (sctx->app_verify_cookie_cb(ussl, clienthello->dtls_cookie, + clienthello->dtls_cookie_len) == 0) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_COOKIE_MISMATCH); goto err; @@ -1979,7 +1980,7 @@ static int tls_early_post_process_client_hello(SSL_CONNECTION *s) int master_key_length; master_key_length = sizeof(s->session->master_key); - if (s->ext.session_secret_cb(ssl, s->session->master_key, + if (s->ext.session_secret_cb(ussl, s->session->master_key, &master_key_length, ciphers, &pref_cipher, s->ext.session_secret_cb_arg) @@ -2162,7 +2163,7 @@ static int tls_handle_status_request(SSL_CONNECTION *s) * et al can pick it up. */ s->cert->key = s->s3.tmp.cert; - ret = sctx->ext.status_cb(SSL_CONNECTION_GET_SSL(s), + ret = sctx->ext.status_cb(SSL_CONNECTION_GET_USER_SSL(s), sctx->ext.status_arg); switch (ret) { /* We don't want to send a status request response */ @@ -2197,7 +2198,7 @@ int tls_handle_alpn(SSL_CONNECTION *s) SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); if (sctx->ext.alpn_select_cb != NULL && s->s3.alpn_proposed != NULL) { - int r = sctx->ext.alpn_select_cb(SSL_CONNECTION_GET_SSL(s), + int r = sctx->ext.alpn_select_cb(SSL_CONNECTION_GET_USER_SSL(s), &selected, &selected_len, s->s3.alpn_proposed, (unsigned int)s->s3.alpn_proposed_len, @@ -2272,6 +2273,7 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) { const SSL_CIPHER *cipher; SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s); if (wst == WORK_MORE_A) { int rv = tls_early_post_process_client_hello(s); @@ -2287,7 +2289,8 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) if (!s->hit || SSL_CONNECTION_IS_TLS13(s)) { /* Let cert callback update server certificates if required */ if (!s->hit && s->cert->cert_cb != NULL) { - int rv = s->cert->cert_cb(ssl, s->cert->cert_cb_arg); + int rv = s->cert->cert_cb(ussl, s->cert->cert_cb_arg); + if (rv == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CERT_CB_ERROR); goto err; @@ -2320,7 +2323,7 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst) /* check whether we should disable session resumption */ if (s->not_resumable_session_cb != NULL) s->session->not_resumable = - s->not_resumable_session_cb(ssl, + s->not_resumable_session_cb(ussl, ((s->s3.tmp.new_cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0)); if (s->session->not_resumable) @@ -2560,7 +2563,7 @@ CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, } #if !defined(OPENSSL_NO_DEPRECATED_3_0) if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) { - pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(SSL_CONNECTION_GET_SSL(s), + pkdh = ssl_dh_to_pkey(s->cert->dh_tmp_cb(SSL_CONNECTION_GET_USER_SSL(s), 0, 1024)); if (pkdh == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); @@ -2916,7 +2919,7 @@ static int tls_process_cke_psk_preamble(SSL_CONNECTION *s, PACKET *pkt) return 0; } - psklen = s->psk_server_callback(SSL_CONNECTION_GET_SSL(s), + psklen = s->psk_server_callback(SSL_CONNECTION_GET_USER_SSL(s), s->session->psk_identity, psk, sizeof(psk)); @@ -3082,7 +3085,7 @@ static int tls_process_cke_dhe(SSL_CONNECTION *s, PACKET *pkt) } if (!EVP_PKEY_set1_encoded_public_key(ckey, data, i)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); goto err; } @@ -3136,7 +3139,7 @@ static int tls_process_cke_ecdhe(SSL_CONNECTION *s, PACKET *pkt) } if (EVP_PKEY_set1_encoded_public_key(ckey, data, i) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EC_LIB); + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); goto err; } } @@ -3934,7 +3937,7 @@ static CON_FUNC_RETURN construct_stateless_ticket(SSL_CONNECTION *s, int iv_len; CON_FUNC_RETURN ok = CON_FUNC_ERROR; size_t macoffset, macendoffset; - SSL *ssl = SSL_CONNECTION_GET_SSL(s); + SSL *ssl = SSL_CONNECTION_GET_USER_SSL(s); SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); /* get session encoding length */ @@ -4245,7 +4248,7 @@ CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt } if (tctx->generate_ticket_cb != NULL && - tctx->generate_ticket_cb(SSL_CONNECTION_GET_SSL(s), + tctx->generate_ticket_cb(SSL_CONNECTION_GET_USER_SSL(s), tctx->ticket_cb_data) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4e4671d013..0919c85d07 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2367,7 +2367,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s, int rv = 0; if (tctx->ext.ticket_key_evp_cb != NULL) - rv = tctx->ext.ticket_key_evp_cb(SSL_CONNECTION_GET_SSL(s), nctick, + rv = tctx->ext.ticket_key_evp_cb(SSL_CONNECTION_GET_USER_SSL(s), + nctick, nctick + TLSEXT_KEYNAME_LENGTH, ctx, ssl_hmac_get0_EVP_MAC_CTX(hctx), @@ -2375,7 +2376,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL_CONNECTION *s, #ifndef OPENSSL_NO_DEPRECATED_3_0 else if (tctx->ext.ticket_key_cb != NULL) /* if 0 is returned, write an empty ticket */ - rv = tctx->ext.ticket_key_cb(SSL_CONNECTION_GET_SSL(s), nctick, + rv = tctx->ext.ticket_key_cb(SSL_CONNECTION_GET_USER_SSL(s), nctick, nctick + TLSEXT_KEYNAME_LENGTH, ctx, ssl_hmac_get0_HMAC_CTX(hctx), 0); #endif diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 80c70bbaa2..0451e96bb5 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -199,7 +199,7 @@ int ssl_srp_server_param_with_username_intern(SSL_CONNECTION *s, int *ad) *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) && ((al = - s->srp_ctx.TLS_ext_srp_username_callback(SSL_CONNECTION_GET_SSL(s), + s->srp_ctx.TLS_ext_srp_username_callback(SSL_CONNECTION_GET_USER_SSL(s), ad, s->srp_ctx.SRP_cb_arg)) != SSL_ERROR_NONE)) @@ -373,7 +373,7 @@ int srp_generate_client_master_secret(SSL_CONNECTION *s) SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(SSL_CONNECTION_GET_SSL(s), + if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(SSL_CONNECTION_GET_USER_SSL(s), s->srp_ctx.SRP_cb_arg)) == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_CALLBACK_FAILED); @@ -426,7 +426,7 @@ int srp_verify_server_param(SSL_CONNECTION *s) } if (srp->SRP_verify_param_callback) { - if (srp->SRP_verify_param_callback(SSL_CONNECTION_GET_SSL(s), + if (srp->SRP_verify_param_callback(SSL_CONNECTION_GET_USER_SSL(s), srp->SRP_cb_arg) <= 0) { SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_R_CALLBACK_FAILED); return 0;