diff options
author | Ed Maste <emaste@FreeBSD.org> | 2023-10-24 18:55:56 +0000 |
---|---|---|
committer | Ed Maste <emaste@FreeBSD.org> | 2023-10-26 17:02:36 +0000 |
commit | 930cec16d9ee11584a10130bef9be002113e31de (patch) | |
tree | 80bbfbaa15cc2df17834c351cf0fd0fb702b30ff | |
parent | 3acc60b4121f205b529039976a1f16f4db449190 (diff) | |
download | src-930cec16d9ee.tar.gz src-930cec16d9ee.zip |
OpenSSL: update to 3.0.12
OpenSSL 3.0.12 addresses:
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
([CVE-2023-5363]).
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
(cherry picked from commit ad991e4c142ebabad7aef488ad97b189ecabb270)
(cherry picked from commit 575878a533823aa3e5bab715928d9cdffbc4dcbc)
(cherry picked from commit e833378cf9589171562ccad4c6ff59c3713770bd)
Approved by: so
Approved by: re (gjb)
92 files changed, 471 insertions, 281 deletions
diff --git a/crypto/openssl/CHANGES.md b/crypto/openssl/CHANGES.md index a26bdbdd0ad0..f464b2320e9c 100644 --- a/crypto/openssl/CHANGES.md +++ b/crypto/openssl/CHANGES.md @@ -28,6 +28,14 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.11 and 3.0.12 [24 Oct 2023] + + * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), + EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters + that alter the key or IV length ([CVE-2023-5363]). + + *Paul Dale* + ### Changes between 3.0.10 and 3.0.11 [19 Sep 2023] * Fix POLY1305 MAC implementation corrupting XMM registers on Windows. @@ -19732,6 +19740,7 @@ ndif <!-- Links --> +[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 diff --git a/crypto/openssl/INSTALL.md b/crypto/openssl/INSTALL.md index ad4a51026d7c..fef408e9d1e3 100644 --- a/crypto/openssl/INSTALL.md +++ b/crypto/openssl/INSTALL.md @@ -2,8 +2,8 @@ Build and Install ================= This document describes installation on all supported operating -systems (the Unix/Linux family, including macOS), OpenVMS, -and Windows). +systems: the Unix/Linux family (including macOS), OpenVMS, +and Windows. Table of Contents ================= diff --git a/crypto/openssl/NEWS.md b/crypto/openssl/NEWS.md index f7ca47baff87..8f0d973e057b 100644 --- a/crypto/openssl/NEWS.md +++ b/crypto/openssl/NEWS.md @@ -18,6 +18,11 @@ OpenSSL Releases OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023] + + * Mitigate incorrect resize handling for symmetric cipher keys and IVs. + ([CVE-2023-5363]) + ### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023] * Fix POLY1305 MAC implementation corrupting XMM registers on Windows @@ -1453,6 +1458,7 @@ OpenSSL 0.9.x <!-- Links --> +[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 diff --git a/crypto/openssl/VERSION.dat b/crypto/openssl/VERSION.dat index c4157a86274d..9d9448118e6d 100644 --- a/crypto/openssl/VERSION.dat +++ b/crypto/openssl/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=11 +PATCH=12 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="19 Sep 2023" +RELEASE_DATE="24 Oct 2023" SHLIB_VERSION=3 diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c index e12389197de4..3f02af0d5738 100644 --- a/crypto/openssl/apps/dgst.c +++ b/crypto/openssl/apps/dgst.c @@ -320,6 +320,8 @@ int dgst_main(int argc, char **argv) sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */); /* Verbose output would make external-tests gost-engine fail */ EVP_PKEY_CTX_free(mac_ctx); + if (sigkey == NULL) + goto end; } if (hmac_key != NULL) { diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c index 43906cea5649..2a54dca9d8b5 100644 --- a/crypto/openssl/apps/dhparam.c +++ b/crypto/openssl/apps/dhparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -222,6 +222,8 @@ int dhparam_main(int argc, char **argv) } tmppkey = app_paramgen(ctx, alg); + if (tmppkey == NULL) + goto end; EVP_PKEY_CTX_free(ctx); ctx = NULL; if (dsaparam) { diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c index b5555282be6e..ca91beb5b893 100644 --- a/crypto/openssl/apps/dsaparam.c +++ b/crypto/openssl/apps/dsaparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -218,6 +218,8 @@ int dsaparam_main(int argc, char **argv) goto end; } pkey = app_keygen(ctx, "DSA", numbits, verbose); + if (pkey == NULL) + goto end; assert(private); if (outformat == FORMAT_ASN1) i = i2d_PrivateKey_bio(out, pkey); diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c index b3bf4cc2592d..c275046cf57a 100644 --- a/crypto/openssl/apps/enc.c +++ b/crypto/openssl/apps/enc.c @@ -624,7 +624,10 @@ int enc_main(int argc, char **argv) } } if (!BIO_flush(wbio)) { - BIO_printf(bio_err, "bad decrypt\n"); + if (enc) + BIO_printf(bio_err, "bad encrypt\n"); + else + BIO_printf(bio_err, "bad decrypt\n"); goto end; } diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c index 27feb793fed2..8aefca65566c 100644 --- a/crypto/openssl/apps/gendsa.c +++ b/crypto/openssl/apps/gendsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,6 +146,8 @@ int gendsa_main(int argc, char **argv) goto end; } pkey = app_keygen(ctx, "DSA", nbits, verbose); + if (pkey == NULL) + goto end; assert(private); if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) { diff --git a/crypto/openssl/apps/genpkey.c b/crypto/openssl/apps/genpkey.c index d00754eeaca0..705e5c76b47d 100644 --- a/crypto/openssl/apps/genpkey.c +++ b/crypto/openssl/apps/genpkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -183,6 +183,8 @@ int genpkey_main(int argc, char **argv) pkey = do_param ? app_paramgen(ctx, algname) : app_keygen(ctx, algname, 0, 0 /* not verbose */); + if (pkey == NULL) + goto end; if (do_param) { rv = PEM_write_bio_Parameters(out, pkey); diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c index 4436b7fa1745..6a683517a15f 100644 --- a/crypto/openssl/apps/genrsa.c +++ b/crypto/openssl/apps/genrsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -203,6 +203,8 @@ opthelp: goto end; } pkey = app_keygen(ctx, "RSA", num, verbose); + if (pkey == NULL) + goto end; if (verbose) { BIGNUM *e = NULL; diff --git a/crypto/openssl/apps/lib/apps.c b/crypto/openssl/apps/lib/apps.c index 572f6a3f8f28..a632b0cff2bf 100644 --- a/crypto/openssl/apps/lib/apps.c +++ b/crypto/openssl/apps/lib/apps.c @@ -960,10 +960,14 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata, params, NULL, NULL); } - if (ctx == NULL) + if (ctx == NULL) { + BIO_printf(bio_err, "Could not open file or uri for loading"); goto end; - if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) + } + if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) { + BIO_printf(bio_err, "Internal error trying to load"); goto end; + } failed = NULL; while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) { @@ -3359,8 +3363,8 @@ EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose) BIO_printf(bio_err, "Warning: generating random key material may take a long time\n" "if the system has a poor entropy source\n"); if (EVP_PKEY_keygen(ctx, &res) <= 0) - app_bail_out("%s: Error generating %s key\n", opt_getprog(), - alg != NULL ? alg : "asymmetric"); + BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(), + alg != NULL ? alg : "asymmetric"); return res; } @@ -3372,8 +3376,8 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg) BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n" "if the system has a poor entropy source\n"); if (EVP_PKEY_paramgen(ctx, &res) <= 0) - app_bail_out("%s: Generating %s key parameters failed\n", - opt_getprog(), alg != NULL ? alg : "asymmetric"); + BIO_printf(bio_err, "%s: Generating %s key parameters failed\n", + opt_getprog(), alg != NULL ? alg : "asymmetric"); return res; } diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c index 926f0796bc8f..41191803aef4 100644 --- a/crypto/openssl/apps/req.c +++ b/crypto/openssl/apps/req.c @@ -685,6 +685,8 @@ int req_main(int argc, char **argv) EVP_PKEY_CTX_set_app_data(genctx, bio_err); pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose); + if (pkey == NULL) + goto end; EVP_PKEY_CTX_free(genctx); genctx = NULL; diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index f30435704d19..1113d775b8ab 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -3700,7 +3700,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, } else { int pad; - RAND_bytes(out, 16); + if (RAND_bytes(inp, 16) <= 0) + app_bail_out("error setting random bytes\n"); len += 16; aad[11] = (unsigned char)(len >> 8); aad[12] = (unsigned char)(len); diff --git a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl index 544dc7e8effe..d0e0be6187bd 100755 --- a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl @@ -3661,6 +3661,9 @@ if ($flavour =~ /64/) { ######## 64-bit code s/\.[ui]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { ######## 32-bit code diff --git a/crypto/openssl/crypto/arm_arch.h b/crypto/openssl/crypto/arm_arch.h index 45d7e1556475..ec4a087fede2 100644 --- a/crypto/openssl/crypto/arm_arch.h +++ b/crypto/openssl/crypto/arm_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,11 +21,6 @@ # elif defined(__GNUC__) # if defined(__aarch64__) # define __ARM_ARCH__ 8 -# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define __ARMEB__ -# else -# define __ARMEL__ -# endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectures[] table in diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/openssl/crypto/bn/bn_gcd.c index 59d024f674eb..cd0b0151ec7e 100644 --- a/crypto/openssl/crypto/bn/bn_gcd.c +++ b/crypto/openssl/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -611,9 +611,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) for (i = 0; i < m; i++) { /* conditionally flip signs if delta is positive and g is odd */ - cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 + cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))); delta = (-cond & -delta) | ((cond - 1) & delta); r->neg ^= cond; /* swap */ @@ -625,7 +625,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) goto err; BN_consttime_swap(g->d[0] & 1 /* g is odd */ /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))), g, temp, top); if (!BN_rshift1(g, g)) goto err; diff --git a/crypto/openssl/crypto/build.info b/crypto/openssl/crypto/build.info index b90390ae864c..c04db5591120 100644 --- a/crypto/openssl/crypto/build.info +++ b/crypto/openssl/crypto/build.info @@ -97,8 +97,6 @@ $UTIL_COMMON=\ context.c sparse_array.c asn1_dsa.c packet.c param_build.c \ param_build_set.c der_writer.c threads_lib.c params_dup.c -SHARED_SOURCE[../libssl]=sparse_array.c - SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ diff --git a/crypto/openssl/crypto/cms/cms_enc.c b/crypto/openssl/crypto/cms/cms_enc.c index f7007c12319e..ae88df33a7f0 100644 --- a/crypto/openssl/crypto/cms/cms_enc.c +++ b/crypto/openssl/crypto/cms/cms_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ #include <openssl/cms.h> #include <openssl/rand.h> #include "crypto/evp.h" +#include "crypto/asn1.h" #include "cms_local.h" /* CMS EncryptedData Utilities */ @@ -81,7 +82,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, if (enc) { calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); - if (calg->algorithm == NULL) { + if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) { ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM); goto err; } diff --git a/crypto/openssl/crypto/cms/cms_err.c b/crypto/openssl/crypto/cms/cms_err.c index dcbea201c8e5..4bd6a0dc1bf1 100644 --- a/crypto/openssl/crypto/cms/cms_err.c +++ b/crypto/openssl/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -154,6 +154,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { "unsupported recipientinfo type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), "unsupported recipient type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM), + "unsupported signature algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"}, diff --git a/crypto/openssl/crypto/cms/cms_sd.c b/crypto/openssl/crypto/cms/cms_sd.c index 53c8e378f318..2093657a2a4a 100644 --- a/crypto/openssl/crypto/cms/cms_sd.c +++ b/crypto/openssl/crypto/cms/cms_sd.c @@ -354,11 +354,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (md == NULL) { int def_nid; - if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) + + if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) { + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; + } md = EVP_get_digestbynid(def_nid); if (md == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST); + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "default md nid=%d", def_nid); goto err; } } @@ -398,8 +403,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } } - if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) + if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) { + ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM, + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; + } if (!(flags & CMS_NOATTR)) { /* * Initialize signed attributes structure so other attributes diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c index f4173e21371e..7ba2beae7fd6 100644 --- a/crypto/openssl/crypto/dh/dh_check.c +++ b/crypto/openssl/crypto/dh/dh_check.c @@ -259,7 +259,8 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) */ int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret); + return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret) + && *ret == 0; } int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c index 4e9705beef73..d84ea99241b9 100644 --- a/crypto/openssl/crypto/dh/dh_key.c +++ b/crypto/openssl/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { dh->flags |= DH_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dh->params); dh->dirty_cnt++; return 1; } diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/openssl/crypto/dh/dh_lib.c index 29cda5d7bfa8..5577413e1e0c 100644 --- a/crypto/openssl/crypto/dh/dh_lib.c +++ b/crypto/openssl/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,6 +116,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif /* FIPS_MODULE */ + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL); goto err; diff --git a/crypto/openssl/crypto/dsa/dsa_check.c b/crypto/openssl/crypto/dsa/dsa_check.c index 7ee914a477ec..fb0e9129a295 100644 --- a/crypto/openssl/crypto/dsa/dsa_check.c +++ b/crypto/openssl/crypto/dsa/dsa_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,7 +39,8 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) */ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret); + return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) + && *ret == 0; } /* @@ -49,7 +50,8 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) */ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret); + return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) + && *ret == 0; } int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret) diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c index ccc701659217..2ae3f8e36b26 100644 --- a/crypto/openssl/crypto/dsa/dsa_lib.c +++ b/crypto/openssl/crypto/dsa/dsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -176,6 +176,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL); goto err; diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c index 62f7c70149f4..8fd66a950e37 100644 --- a/crypto/openssl/crypto/dsa/dsa_ossl.c +++ b/crypto/openssl/crypto/dsa/dsa_ossl.c @@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, static int dsa_init(DSA *dsa) { dsa->flags |= DSA_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dsa->params); dsa->dirty_cnt++; return 1; } diff --git a/crypto/openssl/crypto/engine/eng_pkey.c b/crypto/openssl/crypto/engine/eng_pkey.c index 6e6d6df35b2b..f84fcde46016 100644 --- a/crypto/openssl/crypto/engine/eng_pkey.c +++ b/crypto/openssl/crypto/engine/eng_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); return NULL; } + /* We enforce check for legacy key */ + switch (EVP_PKEY_get_id(pkey)) { + case EVP_PKEY_RSA: + { + RSA *rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_set1_RSA(pkey, rsa); + RSA_free(rsa); + } + break; +# ifndef OPENSSL_NO_EC + case EVP_PKEY_SM2: + case EVP_PKEY_EC: + { + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); + EVP_PKEY_set1_EC_KEY(pkey, ec); + EC_KEY_free(ec); + } + break; +# endif +# ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + { + DSA *dsa = EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_set1_DSA(pkey, dsa); + DSA_free(dsa); + } + break; +#endif +# ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + { + DH *dh = EVP_PKEY_get1_DH(pkey); + EVP_PKEY_set1_DH(pkey, dh); + DH_free(dh); + } + break; +#endif + default: + /*Do nothing */ + break; + } + return pkey; } diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/openssl/crypto/engine/eng_table.c index 3138a1526002..9dc3144bbfd7 100644 --- a/crypto/openssl/crypto/engine/eng_table.c +++ b/crypto/openssl/crypto/engine/eng_table.c @@ -97,6 +97,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, if (added && !engine_cleanup_add_first(cleanup)) { lh_ENGINE_PILE_free(&(*table)->piles); *table = NULL; + goto end; } while (num_nids--) { tmplate.nid = *nids; diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt index a6f61ca3b02f..e51504b7abd5 100644 --- a/crypto/openssl/crypto/err/openssl.txt +++ b/crypto/openssl/crypto/err/openssl.txt @@ -375,6 +375,7 @@ CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\ CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type +CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM:195:unsupported signature algorithm CMS_R_UNSUPPORTED_TYPE:156:unsupported type CMS_R_UNWRAP_ERROR:157:unwrap error CMS_R_UNWRAP_FAILURE:180:unwrap failure diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c index b178d1086473..4e6f83e3d0a9 100644 --- a/crypto/openssl/crypto/evp/evp_enc.c +++ b/crypto/openssl/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -192,7 +192,12 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, #endif } - if (cipher->prov != NULL) { + if (!ossl_assert(cipher->prov != NULL)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return 0; + } + + if (cipher != ctx->fetched_cipher) { if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; @@ -218,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, return 0; } +#ifndef FIPS_MODULE + /* + * Fix for CVE-2023-5363 + * Passing in a size as part of the init call takes effect late + * so, force such to occur before the initialisation. + * + * The FIPS provider's internal library context is used in a manner + * such that this is not an issue. + */ + if (params != NULL) { + OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END, + OSSL_PARAM_END }; + OSSL_PARAM *q = param_lens; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL) + memcpy(q++, p, sizeof(*q)); + + /* + * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for + * OSSL_CIPHER_PARAM_IVLEN so both are covered here. + */ + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN); + if (p != NULL) + memcpy(q++, p, sizeof(*q)); + + if (q != param_lens) { + if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); + return 0; + } + } + } +#endif + if (enc) { if (ctx->cipher->einit == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); diff --git a/crypto/openssl/crypto/evp/legacy_sha.c b/crypto/openssl/crypto/evp/legacy_sha.c index 3859286eeb20..ca9a3264978a 100644 --- a/crypto/openssl/crypto/evp/legacy_sha.c +++ b/crypto/openssl/crypto/evp/legacy_sha.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -71,7 +71,11 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) { - KECCAK1600_CTX *ctx = evp_ctx->md_data; + KECCAK1600_CTX *ctx; + + if (evp_ctx == NULL) + return 0; + ctx = evp_ctx->md_data; switch (cmd) { case EVP_MD_CTRL_XOF_LEN: diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c index 59a7a867ecbb..04b148a91218 100644 --- a/crypto/openssl/crypto/evp/p_lib.c +++ b/crypto/openssl/crypto/evp/p_lib.c @@ -1201,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) { - return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL, + return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL, (pkey->ameth != NULL ? pkey->ameth->priv_print : NULL), pctx); } diff --git a/crypto/openssl/crypto/evp/pmeth_lib.c b/crypto/openssl/crypto/evp/pmeth_lib.c index ce6e1a1ccbd5..ba1971ce461d 100644 --- a/crypto/openssl/crypto/evp/pmeth_lib.c +++ b/crypto/openssl/crypto/evp/pmeth_lib.c @@ -251,10 +251,11 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, */ if (e != NULL) pmeth = ENGINE_get_pkey_meth(e, id); - else if (pkey != NULL && pkey->foreign) + else +# endif /* OPENSSL_NO_ENGINE */ + if (pkey != NULL && pkey->foreign) pmeth = EVP_PKEY_meth_find(id); else -# endif app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id); /* END legacy */ diff --git a/crypto/openssl/crypto/ex_data.c b/crypto/openssl/crypto/ex_data.c index 40223f06e4ec..13b928899456 100644 --- a/crypto/openssl/crypto/ex_data.c +++ b/crypto/openssl/crypto/ex_data.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -163,6 +163,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, * "app_data" routines use ex_data index zero. See RT 3710. */ if (ip->meth == NULL || !sk_EX_CALLBACK_push(ip->meth, NULL)) { + sk_EX_CALLBACK_free(ip->meth); + ip->meth = NULL; ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/openssl/crypto/ffc/ffc_key_validate.c b/crypto/openssl/crypto/ffc/ffc_key_validate.c index 342789621d6d..a4a2a58e9a7f 100644 --- a/crypto/openssl/crypto/ffc/ffc_key_validate.c +++ b/crypto/openssl/crypto/ffc/ffc_key_validate.c @@ -26,7 +26,7 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, *ret = 0; if (params == NULL || pub_key == NULL || params->p == NULL) { *ret = FFC_ERROR_PASSED_NULL_PARAM; - return 0; + return 1; } ctx = BN_CTX_new_ex(NULL); @@ -39,18 +39,14 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, if (tmp == NULL || !BN_set_word(tmp, 1)) goto err; - if (BN_cmp(pub_key, tmp) <= 0) { + if (BN_cmp(pub_key, tmp) <= 0) *ret |= FFC_ERROR_PUBKEY_TOO_SMALL; - goto err; - } /* Step(1): Verify pub_key <= p-2 */ if (BN_copy(tmp, params->p) == NULL || !BN_sub_word(tmp, 1)) goto err; - if (BN_cmp(pub_key, tmp) >= 0) { + if (BN_cmp(pub_key, tmp) >= 0) *ret |= FFC_ERROR_PUBKEY_TOO_LARGE; - goto err; - } ok = 1; err: if (ctx != NULL) { @@ -73,7 +69,7 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params, if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret)) return 0; - if (params->q != NULL) { + if (*ret == 0 && params->q != NULL) { ctx = BN_CTX_new_ex(NULL); if (ctx == NULL) goto err; @@ -84,10 +80,8 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params, if (tmp == NULL || !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx)) goto err; - if (!BN_is_one(tmp)) { + if (!BN_is_one(tmp)) *ret |= FFC_ERROR_PUBKEY_INVALID; - goto err; - } } ok = 1; diff --git a/crypto/openssl/crypto/lhash/lhash.c b/crypto/openssl/crypto/lhash/lhash.c index 1cd988f01fc7..a01cfa725e38 100644 --- a/crypto/openssl/crypto/lhash/lhash.c +++ b/crypto/openssl/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -266,12 +266,12 @@ static void contract(OPENSSL_LHASH *lh) if (n == NULL) { /* fputs("realloc error in lhash",stderr); */ lh->error++; - return; + } else { + lh->b = n; } lh->num_alloc_nodes /= 2; lh->pmax /= 2; lh->p = lh->pmax - 1; - lh->b = n; } else lh->p--; diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c index bc9dc111676f..34128616e270 100644 --- a/crypto/openssl/crypto/mem.c +++ b/crypto/openssl/crypto/mem.c @@ -100,6 +100,9 @@ void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount) * or 100;100@25;0 * This means 100 mallocs succeed, then next 100 fail 25% of the time, and * all remaining (count is zero) succeed. + * The failure percentge can have 2 digits after the comma. For example: + * 0@0.01 + * This means 0.01% of all allocations will fail. */ static void parseit(void) { @@ -112,26 +115,27 @@ static void parseit(void) /* Get the count (atol will stop at the @ if there), and percentage */ md_count = atol(md_failstring); atsign = strchr(md_failstring, '@'); - md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1); + md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5); if (semi != NULL) md_failstring = semi; } /* - * Windows doesn't have random(), but it has rand() + * Windows doesn't have random() and srandom(), but it has rand() and srand(). * Some rand() implementations aren't good, but we're not * dealing with secure randomness here. */ # ifdef _WIN32 # define random() rand() +# define srandom(seed) srand(seed) # endif /* * See if the current malloc should fail. */ static int shouldfail(void) { - int roll = (int)(random() % 100); + int roll = (int)(random() % 10000); int shoulditfail = roll < md_fail_percent; # ifndef _WIN32 /* suppressed on Windows as POSIX-like file descriptors are non-inheritable */ @@ -165,6 +169,8 @@ void ossl_malloc_setup_failures(void) parseit(); if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL) md_tracefd = atoi(cp); + if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL) + srandom(atoi(cp)); } #endif diff --git a/crypto/openssl/crypto/modes/asm/ghashv8-armx.pl b/crypto/openssl/crypto/modes/asm/ghashv8-armx.pl index b1d35d25b5b1..b3d94041729e 100644 --- a/crypto/openssl/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/openssl/crypto/modes/asm/ghashv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -744,6 +744,9 @@ if ($flavour =~ /64/) { ######## 64-bit code s/\.[uisp]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { ######## 32-bit code diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c index 1a52000e6e9d..85d30eb58ae0 100644 --- a/crypto/openssl/crypto/objects/obj_dat.c +++ b/crypto/openssl/crypto/objects/obj_dat.c @@ -642,13 +642,14 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, if (p == NULL) { const char *base_ = base; int l, h, i = 0, c = 0; + char *p1; for (i = 0; i < num; ++i) { - p = &(base_[i * size]); - c = (*cmp) (key, p); + p1 = &(base_[i * size]); + c = (*cmp) (key, p1); if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))) - return p; + return p1; } } #endif diff --git a/crypto/openssl/crypto/param_build_set.c b/crypto/openssl/crypto/param_build_set.c index 8b570ded96eb..5de06cc7ed68 100644 --- a/crypto/openssl/crypto/param_build_set.c +++ b/crypto/openssl/crypto/param_build_set.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -99,21 +99,22 @@ int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, { int i, sz = sk_BIGNUM_const_num(stk); OSSL_PARAM *p; - + const BIGNUM *bn; if (bld != NULL) { for (i = 0; i < sz && names[i] != NULL; ++i) { - if (!OSSL_PARAM_BLD_push_BN(bld, names[i], - sk_BIGNUM_const_value(stk, i))) + bn = sk_BIGNUM_const_value(stk, i); + if (bn != NULL && !OSSL_PARAM_BLD_push_BN(bld, names[i], bn)) return 0; } return 1; } for (i = 0; i < sz && names[i] != NULL; ++i) { + bn = sk_BIGNUM_const_value(stk, i); p = OSSL_PARAM_locate(params, names[i]); - if (p != NULL) { - if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(stk, i))) + if (p != NULL && bn != NULL) { + if (!OSSL_PARAM_set_BN(p, bn)) return 0; } } diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl index 113a2151b6fa..dc39f4053fe6 100755 --- a/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -85,7 +85,7 @@ poly1305_init: ldp $r0,$r1,[$inp] // load key mov $s1,#0xfffffffc0fffffff movk $s1,#0x0fff,lsl#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $r0,$r0 // flip bytes rev $r1,$r1 #endif @@ -132,7 +132,7 @@ poly1305_blocks: .Loop: ldp $t0,$t1,[$inp],#16 // load input sub $len,$len,#16 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $t0,$t0 rev $t1,$t1 #endif @@ -197,13 +197,13 @@ poly1305_emit: csel $h0,$h0,$d0,eq csel $h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds $h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif @@ -335,7 +335,7 @@ poly1305_blocks_neon: adcs $h1,$h1,xzr adc $h2,$h2,xzr -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -381,7 +381,7 @@ poly1305_blocks_neon: ldp $d0,$d1,[$inp],#16 // load input sub $len,$len,#16 add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $d0,$d0 rev $d1,$d1 #endif @@ -466,7 +466,7 @@ poly1305_blocks_neon: lsl $padbit,$padbit,#24 add x15,$ctx,#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -502,7 +502,7 @@ poly1305_blocks_neon: ld1 {$S2,$R3,$S3,$R4},[x15],#64 ld1 {$S4},[x15] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -563,7 +563,7 @@ poly1305_blocks_neon: umull $ACC1,$IN23_0,${R1}[2] ldp x9,x13,[$in2],#48 umull $ACC0,$IN23_0,${R0}[2] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -628,7 +628,7 @@ poly1305_blocks_neon: umlal $ACC4,$IN01_2,${R2}[0] umlal $ACC1,$IN01_2,${S4}[0] umlal $ACC2,$IN01_2,${R0}[0] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -909,13 +909,13 @@ poly1305_emit_neon: csel $h0,$h0,$d0,eq csel $h1,$h1,$d1,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror $t0,$t0,#32 // flip nonce words ror $t1,$t1,#32 #endif adds $h0,$h0,$t0 // accumulate nonce adc $h1,$h1,$t1 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev $h0,$h0 // flip output bytes rev $h1,$h1 #endif diff --git a/crypto/openssl/crypto/property/property_parse.c b/crypto/openssl/crypto/property/property_parse.c index ca2bd33381bf..e3a4998df11f 100644 --- a/crypto/openssl/crypto/property/property_parse.c +++ b/crypto/openssl/crypto/property/property_parse.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -588,15 +588,38 @@ static void put_char(char ch, char **buf, size_t *remain, size_t *needed) static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) { - size_t olen, len; + size_t olen, len, i; + char quote = '\0'; + int quotes; len = olen = strlen(str); *needed += len; - if (*remain == 0) + /* + * Check to see if we need quotes or not. + * Characters that are legal in a PropertyName don't need quoting. + * We simply assume all others require quotes. + */ + for (i = 0; i < len; i++) + if (!ossl_isalnum(str[i]) && str[i] != '.' && str[i] != '_') { + /* Default to single quotes ... */ + if (quote == '\0') + quote = '\''; + /* ... but use double quotes if a single is present */ + if (str[i] == '\'') + quote = '"'; + } + + quotes = quote != '\0'; + if (*remain == 0) { + *needed += 2 * quotes; return; + } - if (*remain < len + 1) + if (quotes) + put_char(quote, buf, remain, needed); + + if (*remain < len + 1 + quotes) len = *remain - 1; if (len > 0) { @@ -605,6 +628,9 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) *remain -= len; } + if (quotes) + put_char(quote, buf, remain, needed); + if (len < olen && *remain == 1) { **buf = '\0'; ++*buf; diff --git a/crypto/openssl/crypto/rsa/rsa_backend.c b/crypto/openssl/crypto/rsa/rsa_backend.c index 58187fa2ef59..f9d1cb361d77 100644 --- a/crypto/openssl/crypto/rsa/rsa_backend.c +++ b/crypto/openssl/crypto/rsa/rsa_backend.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -141,18 +141,6 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], /* Check private key data integrity */ if (include_private && rsa_d != NULL) { - int numprimes = sk_BIGNUM_const_num(factors); - int numexps = sk_BIGNUM_const_num(exps); - int numcoeffs = sk_BIGNUM_const_num(coeffs); - - /* - * It's permissible to have zero primes, i.e. no CRT params. - * Otherwise, there must be at least two, as many exponents, - * and one coefficient less. - */ - if (numprimes != 0 - && (numprimes < 2 || numexps < 2 || numcoeffs < 1)) - goto err; if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, rsa_d) diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c index 449097b8b27a..71a17a92349d 100644 --- a/crypto/openssl/crypto/rsa/rsa_lib.c +++ b/crypto/openssl/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -753,18 +753,22 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, return 0; pnum = sk_BIGNUM_num(primes); - if (pnum < 2 - || pnum != sk_BIGNUM_num(exps) - || pnum != sk_BIGNUM_num(coeffs) + 1) + if (pnum < 2) return 0; if (!RSA_set0_factors(r, sk_BIGNUM_value(primes, 0), - sk_BIGNUM_value(primes, 1)) - || !RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0), - sk_BIGNUM_value(exps, 1), - sk_BIGNUM_value(coeffs, 0))) + sk_BIGNUM_value(primes, 1))) return 0; + if (pnum == sk_BIGNUM_num(exps) + && pnum == sk_BIGNUM_num(coeffs) + 1) { + + if (!RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0), + sk_BIGNUM_value(exps, 1), + sk_BIGNUM_value(coeffs, 0))) + return 0; + } + #ifndef FIPS_MODULE old_infos = r->prime_infos; #endif @@ -1084,6 +1088,12 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen) { OSSL_PARAM rsa_params[2], *p = rsa_params; + const char *empty = ""; + /* + * Needed as we swap label with empty if it is NULL, and label is + * freed at the end of this function. + */ + void *plabel = label; int ret; if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { @@ -1096,9 +1106,13 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen) if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) return -1; + /* Accept NULL for backward compatibility */ + if (label == NULL && llen == 0) + plabel = (void *)empty; + /* Cast away the const. This is read only so should be safe */ *p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, - (void *)label, (size_t)llen); + (void *)plabel, (size_t)llen); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, rsa_params); diff --git a/crypto/openssl/doc/man3/CMS_add1_signer.pod b/crypto/openssl/doc/man3/CMS_add1_signer.pod index 800085b7b86a..d606a02cc1fd 100644 --- a/crypto/openssl/doc/man3/CMS_add1_signer.pod +++ b/crypto/openssl/doc/man3/CMS_add1_signer.pod @@ -31,8 +31,8 @@ Unless the B<CMS_REUSE_DIGEST> flag is set the returned CMS_ContentInfo structure is not complete and must be finalized either by streaming (if applicable) or a call to CMS_final(). -The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo -structure, its main use is when B<CMS_REUSE_DIGEST> and B<CMS_PARTIAL> flags +The CMS_SignerInfo_sign() function explicitly signs a CMS_SignerInfo +structure, its main use is when the B<CMS_REUSE_DIGEST> and B<CMS_PARTIAL> flags are both set. =head1 NOTES @@ -90,6 +90,8 @@ before it is finalized. CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added or NULL if an error occurs. +CMS_SignerInfo_sign() returns 1 on success, 0 on failure. + =head1 SEE ALSO L<ERR_get_error(3)>, L<CMS_sign(3)>, @@ -97,7 +99,7 @@ L<CMS_final(3)>, =head1 COPYRIGHT -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/DH_generate_parameters.pod b/crypto/openssl/doc/man3/DH_generate_parameters.pod index 1098a161ea63..9c1dff7aedd9 100644 --- a/crypto/openssl/doc/man3/DH_generate_parameters.pod +++ b/crypto/openssl/doc/man3/DH_generate_parameters.pod @@ -128,6 +128,10 @@ The parameter B<j> is invalid. =back +If 0 is returned or B<*codes> is set to a nonzero value the supplied +parameters should not be used for Diffie-Hellman operations otherwise +the security properties of the key exchange are not guaranteed. + DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to DH_check() and DH_check_params() respectively, but the error reasons are added to the thread's error queue instead of provided as return values from the @@ -160,7 +164,7 @@ DH_generate_parameters_ex() instead. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/DSA_generate_parameters.pod b/crypto/openssl/doc/man3/DSA_generate_parameters.pod index 415c4c8b82ce..a10dc9ba2759 100644 --- a/crypto/openssl/doc/man3/DSA_generate_parameters.pod +++ b/crypto/openssl/doc/man3/DSA_generate_parameters.pod @@ -51,7 +51,7 @@ called as shown below. For information on the BN_GENCB structure and the BN_GENCB_call function discussed below, refer to L<BN_generate_prime(3)>. -DSA_generate_prime() is similar to DSA_generate_prime_ex() but +DSA_generate_parameters() is similar to DSA_generate_parameters_ex() but expects an old-style callback function; see L<BN_generate_prime(3)> for information on the old-style callback. @@ -126,7 +126,7 @@ DSA_generate_parameters_ex() instead. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod b/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod index 09cae9912950..485705ea7889 100644 --- a/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod +++ b/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod @@ -134,13 +134,7 @@ section for details. EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), -EVP_aes_128_wrap(), -EVP_aes_192_wrap(), -EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), -EVP_aes_128_wrap(), -EVP_aes_192_wrap(), -EVP_aes_256_wrap(), EVP_aes_256_wrap_pad() AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section @@ -173,7 +167,7 @@ the XTS "tweak" value. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-AES(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod b/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod index 92913652630d..91aa75ec3871 100644 --- a/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod +++ b/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod @@ -96,7 +96,7 @@ correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> section for details. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-ARIA(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_bf_cbc.pod b/crypto/openssl/doc/man3/EVP_bf_cbc.pod index 4df98f4bdf47..11a909207ac9 100644 --- a/crypto/openssl/doc/man3/EVP_bf_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_bf_cbc.pod @@ -41,7 +41,7 @@ Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-BLOWFISH(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_blake2b512.pod b/crypto/openssl/doc/man3/EVP_blake2b512.pod index 98e1899f6a93..55bd9f3bce77 100644 --- a/crypto/openssl/doc/man3/EVP_blake2b512.pod +++ b/crypto/openssl/doc/man3/EVP_blake2b512.pod @@ -35,7 +35,7 @@ The BLAKE2b algorithm that produces a 512-bit output from a given input. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-BLAKE2(7)> instead. See L<crypto(7)/Performance> for further information. While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, diff --git a/crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod b/crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod index a6b597156a77..cb6e12e2122b 100644 --- a/crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod +++ b/crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod @@ -79,7 +79,7 @@ Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-CAMELLIA(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_cast5_cbc.pod b/crypto/openssl/doc/man3/EVP_cast5_cbc.pod index 85ff2ad01488..7fef0598151d 100644 --- a/crypto/openssl/doc/man3/EVP_cast5_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_cast5_cbc.pod @@ -41,7 +41,7 @@ CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-CAST(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_chacha20.pod b/crypto/openssl/doc/man3/EVP_chacha20.pod index 683faa326e14..7e80c8de40c9 100644 --- a/crypto/openssl/doc/man3/EVP_chacha20.pod +++ b/crypto/openssl/doc/man3/EVP_chacha20.pod @@ -44,7 +44,7 @@ L<EVP_EncryptInit(3)/AEAD Interface> section for more information. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-CHACHA(7)> instead. See L<crypto(7)/Performance> for further information. L<RFC 7539|https://www.rfc-editor.org/rfc/rfc7539.html#section-2.4> diff --git a/crypto/openssl/doc/man3/EVP_des_cbc.pod b/crypto/openssl/doc/man3/EVP_des_cbc.pod index 501216cd6d77..442be8993a29 100644 --- a/crypto/openssl/doc/man3/EVP_des_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_des_cbc.pod @@ -89,7 +89,7 @@ Triple-DES key wrap according to RFC 3217 Section 3. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-DES(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_desx_cbc.pod b/crypto/openssl/doc/man3/EVP_desx_cbc.pod index fae827192ee9..c22c0de47900 100644 --- a/crypto/openssl/doc/man3/EVP_desx_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_desx_cbc.pod @@ -31,7 +31,7 @@ implementation. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-DES(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_idea_cbc.pod b/crypto/openssl/doc/man3/EVP_idea_cbc.pod index 5a9adaedc446..a36aae0bc999 100644 --- a/crypto/openssl/doc/man3/EVP_idea_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_idea_cbc.pod @@ -39,7 +39,7 @@ The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-IDEA(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_md2.pod b/crypto/openssl/doc/man3/EVP_md2.pod index 0b473887e01b..a6f3a010deb5 100644 --- a/crypto/openssl/doc/man3/EVP_md2.pod +++ b/crypto/openssl/doc/man3/EVP_md2.pod @@ -28,7 +28,7 @@ The MD2 algorithm which produces a 128-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-MD2(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_md4.pod b/crypto/openssl/doc/man3/EVP_md4.pod index baaff9e4eaa2..a4e1a7d0a6e9 100644 --- a/crypto/openssl/doc/man3/EVP_md4.pod +++ b/crypto/openssl/doc/man3/EVP_md4.pod @@ -29,7 +29,7 @@ The MD4 algorithm which produces a 128-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-MD4(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_md5.pod b/crypto/openssl/doc/man3/EVP_md5.pod index 752fdd1f6c37..42370fb3d0a3 100644 --- a/crypto/openssl/doc/man3/EVP_md5.pod +++ b/crypto/openssl/doc/man3/EVP_md5.pod @@ -40,7 +40,7 @@ WARNING: this algorithm is not intended for non-SSL usage. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-MD5(7)> or L<EVP_MD-MD5-SHA1(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_mdc2.pod b/crypto/openssl/doc/man3/EVP_mdc2.pod index e9de6f3c560a..3681bd06a63c 100644 --- a/crypto/openssl/doc/man3/EVP_mdc2.pod +++ b/crypto/openssl/doc/man3/EVP_mdc2.pod @@ -30,7 +30,7 @@ The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-MDC2(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_rc2_cbc.pod b/crypto/openssl/doc/man3/EVP_rc2_cbc.pod index bf4a13ba45c1..17f6f4b3e254 100644 --- a/crypto/openssl/doc/man3/EVP_rc2_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_rc2_cbc.pod @@ -55,7 +55,7 @@ functions to set the key length and effective key length. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-RC2(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_rc4.pod b/crypto/openssl/doc/man3/EVP_rc4.pod index f22e88a65214..0311ef278ca1 100644 --- a/crypto/openssl/doc/man3/EVP_rc4.pod +++ b/crypto/openssl/doc/man3/EVP_rc4.pod @@ -47,7 +47,7 @@ interface. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-RC4(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod b/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod index c177b1845196..69fc2f2cc656 100644 --- a/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod @@ -60,7 +60,7 @@ is an int. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-RC5(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_ripemd160.pod b/crypto/openssl/doc/man3/EVP_ripemd160.pod index 6ad2d3e01869..5b96fd09f850 100644 --- a/crypto/openssl/doc/man3/EVP_ripemd160.pod +++ b/crypto/openssl/doc/man3/EVP_ripemd160.pod @@ -29,7 +29,7 @@ The RIPEMD-160 algorithm which produces a 160-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-RIPEMD160(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_seed_cbc.pod b/crypto/openssl/doc/man3/EVP_seed_cbc.pod index 010607e57405..2c821d07c399 100644 --- a/crypto/openssl/doc/man3/EVP_seed_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_seed_cbc.pod @@ -41,7 +41,7 @@ The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-SEED(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_sha1.pod b/crypto/openssl/doc/man3/EVP_sha1.pod index 264ddd1addb7..6fc8f07b066a 100644 --- a/crypto/openssl/doc/man3/EVP_sha1.pod +++ b/crypto/openssl/doc/man3/EVP_sha1.pod @@ -29,7 +29,7 @@ The SHA-1 algorithm which produces a 160-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-SHA1(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_sha224.pod b/crypto/openssl/doc/man3/EVP_sha224.pod index 7a50cf9b6c3f..be09e49ee393 100644 --- a/crypto/openssl/doc/man3/EVP_sha224.pod +++ b/crypto/openssl/doc/man3/EVP_sha224.pod @@ -49,7 +49,7 @@ their outputs are of the same size. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-SHA2(7)>instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_sha3_224.pod b/crypto/openssl/doc/man3/EVP_sha3_224.pod index 5bb9ae1b89e5..93c0d0b9fb1e 100644 --- a/crypto/openssl/doc/man3/EVP_sha3_224.pod +++ b/crypto/openssl/doc/man3/EVP_sha3_224.pod @@ -54,7 +54,7 @@ B<EVP_shake256> provides that of 256 bits. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-SHA3(7)> or L<EVP_MD-SHAKE(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_sm3.pod b/crypto/openssl/doc/man3/EVP_sm3.pod index 4e8112dc0afe..65be55e88dba 100644 --- a/crypto/openssl/doc/man3/EVP_sm3.pod +++ b/crypto/openssl/doc/man3/EVP_sm3.pod @@ -28,7 +28,7 @@ The SM3 hash function. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-SM3(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_sm4_cbc.pod b/crypto/openssl/doc/man3/EVP_sm4_cbc.pod index b67ade549968..48be7a31ad75 100644 --- a/crypto/openssl/doc/man3/EVP_sm4_cbc.pod +++ b/crypto/openssl/doc/man3/EVP_sm4_cbc.pod @@ -45,7 +45,7 @@ respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L<EVP_CIPHER_fetch(3)> instead. +L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-SM4(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_whirlpool.pod b/crypto/openssl/doc/man3/EVP_whirlpool.pod index a9826e290a42..c5d465b16f0c 100644 --- a/crypto/openssl/doc/man3/EVP_whirlpool.pod +++ b/crypto/openssl/doc/man3/EVP_whirlpool.pod @@ -30,7 +30,7 @@ input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L<EVP_MD_fetch(3)> instead. +L<EVP_MD_fetch(3)> with L<EVP_MD-WHIRLPOOL(7)> instead. See L<crypto(7)/Performance> for further information. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod b/crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod index 0984e993daef..8b5feff9192c 100644 --- a/crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod +++ b/crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod @@ -33,7 +33,8 @@ be NULL terminated. B<iter> is the iteration count and its value should be greater than or equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any -B<iter> less than 1 is treated as a single iteration. +B<iter> value less than 1 is invalid; such values will result in failure +and raise the PROV_R_INVALID_ITERATION_COUNT error. B<digest> is the message digest function used in the derivation. PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1(). @@ -66,7 +67,7 @@ L<passphrase-encoding(7)> =head1 COPYRIGHT -Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod b/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod index 06cc1e4ec539..3913ea939007 100644 --- a/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod @@ -2,6 +2,7 @@ =head1 NAME +SSL_CONF_CTX_finish, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure =head1 SYNOPSIS @@ -10,6 +11,7 @@ SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); + int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); =head1 DESCRIPTION @@ -23,6 +25,10 @@ B<SSL> structure B<ssl>. Any previous B<SSL> or B<SSL_CTX> associated with B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to B<ssl>. +The function SSL_CONF_CTX_finish() must be called after all configuration +operations have been completed. It is used to finalise any operations +or to process defaults. + =head1 NOTES The context need not be set or it can be set to B<NULL> in which case only @@ -32,6 +38,8 @@ syntax checking of commands is performed, where possible. SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value. +SSL_CONF_CTX_finish() returns 1 for success and 0 for failure. + =head1 SEE ALSO L<ssl(7)>, @@ -47,7 +55,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod index 9cee64207384..c1c6a67f85a7 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod @@ -12,11 +12,15 @@ SSL_get_info_callback #include <openssl/ssl.h> - void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); - void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); + void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*callback) (const SSL *ssl, int type, int val)); - void SSL_set_info_callback(SSL *ssl, void (*callback)()); - void (*SSL_get_info_callback(const SSL *ssl))(); + void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, int val); + + void SSL_set_info_callback(SSL *ssl, + void (*callback) (const SSL *ssl, int type, int val)); + + void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val); =head1 DESCRIPTION @@ -119,7 +123,7 @@ SSL_get_info_callback() returns the current setting. The following example callback function prints state strings, information about alerts being handled and error messages to the B<bio_err> BIO. - void apps_ssl_info_callback(SSL *s, int where, int ret) + void apps_ssl_info_callback(const SSL *s, int where, int ret) { const char *str; int w = where & ~SSL_ST_MASK; @@ -156,7 +160,7 @@ L<SSL_alert_type_string(3)> =head1 COPYRIGHT -Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/crypto/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod index 5b5371b70f19..51d8aa8cfb47 100644 --- a/crypto/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod +++ b/crypto/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod @@ -8,7 +8,7 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private =head1 SYNOPSIS - #include <openssl/evp.h> + #include <openssl/pem.h> EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); @@ -64,7 +64,7 @@ L<passphrase-encoding(7)> =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/d2i_X509.pod b/crypto/openssl/doc/man3/d2i_X509.pod index 9226ef77c394..00efb6035816 100644 --- a/crypto/openssl/doc/man3/d2i_X509.pod +++ b/crypto/openssl/doc/man3/d2i_X509.pod @@ -390,10 +390,12 @@ to the returned structure is also written to I<*a>. If an error occurred then NULL is returned. On a successful return, if I<*a> is not NULL then it is assumed that I<*a> -contains a valid B<I<TYPE>> structure and an attempt is made to reuse it. This -"reuse" capability is present for historical compatibility but its use is -B<strongly discouraged> (see BUGS below, and the discussion in the RETURN -VALUES section). +contains a valid B<I<TYPE>> structure and an attempt is made to reuse it. +For B<I<TYPE>> structures where it matters it is possible to set up a library +context on the decoded structure this way (see the B<EXAMPLES> section). +However using the "reuse" capability for other purposes is B<strongly +discouraged> (see B<BUGS> below, and the discussion in the B<RETURN VALUES> +section). B<d2i_I<TYPE>_bio>() is similar to B<d2i_I<TYPE>>() except it attempts to parse data from BIO I<bp>. @@ -538,6 +540,22 @@ Alternative technique: if (d2i_X509(&x, &p, len) == NULL) /* error */ +Setting up a library context and property query: + + X509 *x; + unsigned char *buf; + const unsigned char *p; + int len; + OSSL_LIB_CTX *libctx = ....; + const char *propq = ....; + + /* Set up buf and len to point to the input buffer. */ + p = buf; + x = X509_new_ex(libctx, propq); + + if (d2i_X509(&x, &p, len) == NULL) + /* error, x was freed and NULL assigned to it (see RETURN VALUES) */ + =head1 WARNINGS Using a temporary variable is mandatory. A common diff --git a/crypto/openssl/include/openssl/cmserr.h b/crypto/openssl/include/openssl/cmserr.h index d48c2a4ab89f..f2d7708f10c8 100644 --- a/crypto/openssl/include/openssl/cmserr.h +++ b/crypto/openssl/include/openssl/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -113,6 +113,7 @@ # define CMS_R_UNSUPPORTED_LABEL_SOURCE 193 # define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 # define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM 195 # define CMS_R_UNSUPPORTED_TYPE 156 # define CMS_R_UNWRAP_ERROR 157 # define CMS_R_UNWRAP_FAILURE 180 diff --git a/crypto/openssl/include/openssl/evp.h b/crypto/openssl/include/openssl/evp.h index 49e8e1df7865..e64072f96562 100644 --- a/crypto/openssl/include/openssl/evp.h +++ b/crypto/openssl/include/openssl/evp.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -85,6 +85,8 @@ /* Easy to use macros for EVP_PKEY related selections */ # define EVP_PKEY_KEY_PARAMETERS \ ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) +# define EVP_PKEY_PRIVATE_KEY \ + ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY ) # define EVP_PKEY_PUBLIC_KEY \ ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) # define EVP_PKEY_KEYPAIR \ diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h index 0bf61ce6a9d7..73590b76ca70 100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 0 -# define OPENSSL_VERSION_PATCH 11 +# define OPENSSL_VERSION_PATCH 12 /* * Additional version information @@ -74,21 +74,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.0.11" -# define OPENSSL_FULL_VERSION_STR "3.0.11" +# define OPENSSL_VERSION_STR "3.0.12" +# define OPENSSL_FULL_VERSION_STR "3.0.12" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "19 Sep 2023" +# define OPENSSL_RELEASE_DATE "24 Oct 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.11 19 Sep 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.12 24 Oct 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/crypto/openssl/include/openssl/pkcs7.h.in b/crypto/openssl/include/openssl/pkcs7.h.in index f5c55a3fbe57..006b38b60411 100644 --- a/crypto/openssl/include/openssl/pkcs7.h.in +++ b/crypto/openssl/include/openssl/pkcs7.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,8 +57,8 @@ typedef struct pkcs7_signer_info_st { PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *digest_alg; STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ - X509_ALGOR *digest_enc_alg; - ASN1_OCTET_STRING *enc_digest; + X509_ALGOR *digest_enc_alg; /* confusing name, actually used for signing */ + ASN1_OCTET_STRING *enc_digest; /* confusing name, actually signature */ STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ /* The private key to sign with */ EVP_PKEY *pkey; diff --git a/crypto/openssl/providers/fips-sources.checksums b/crypto/openssl/providers/fips-sources.checksums index f55fa914be7f..fa977f5a9838 100644 --- a/crypto/openssl/providers/fips-sources.checksums +++ b/crypto/openssl/providers/fips-sources.checksums @@ -21,7 +21,7 @@ c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6 crypto/aes/asm/aesp8-ppc.pl e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl -a097f9d71de7cefa8e93629033ff1986fb01128623ec051d9b5afef55c0e5ebb crypto/aes/asm/aesv8-armx.pl +e3955352a92d56905d63e68937e4758f13190a14a10a3dcb1e5c641c49913c0c crypto/aes/asm/aesv8-armx.pl 5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl 0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl 1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196 crypto/aes/asm/vpaes-armv8.pl @@ -79,7 +79,7 @@ d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_d 74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c a29b8b7fa8460f11e50f880e3c3c9e0755b93889bcbb5476206c4d938a9c5735 crypto/bn/bn_exp.c ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c -1abab2cc5466b005b939d156e7d8664a4d42a191c9040dbb83941269d6844f0c crypto/bn/bn_gcd.c +baba7c8ae95af6aa36bc9f4be3a2eed33d500451e568ca4bfc6bc7cb48d4f7ea crypto/bn/bn_gcd.c 4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c 081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c 602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c @@ -122,20 +122,20 @@ eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb 61926e30dd940616e80936d1c94c5f522daf0d475fb3a40a9e589e78f322901e crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h 816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c -d2d0569bea2598bd405f23b60e5283a6ce353f1145a25ff8f28cf15711743156 crypto/dh/dh_check.c +fcbfe5acb73e1b4094efec56a754b803d2c1a53644c78cf6a73ae868e3f3886d crypto/dh/dh_check.c 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c 6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c -0afa7dd237f9b21b0cfb0de10505facd57eb07ded905d888d43a1de2356d4002 crypto/dh/dh_key.c -b0046b2c4e1d74ff4e93f2486a00f63728909b8a75cbdd29b9100e607f97995c crypto/dh/dh_lib.c +9e61a0b5017d835b348b15e93760c42d8d899ffae4251455c7b3085cfd25294c crypto/dh/dh_key.c +92345c259ea2a8c09e6d6b069d0942bd6ca4642231580f3e8148ae7a832a1115 crypto/dh/dh_lib.c 8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c -b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7 crypto/dsa/dsa_check.c +d7e0d87494e3b3f0898a56785a219e87a2ce14416393ec32d8c0b5f539c7bdbf crypto/dsa/dsa_check.c ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c b1de1624e590dbf76f76953802ff162cc8de7c5e2eaba897313c866424d6902b crypto/dsa/dsa_key.c -9e436a2e0867920c3a5ac58bc14300cad4ab2c4c8fe5e40b355dfd21bfdfe146 crypto/dsa/dsa_lib.c +9f4837c5abe53613a2dc1c5db81d073d4f42bd28b6a2d1e93a2b350d8e25d52a crypto/dsa/dsa_lib.c f4d52d3897219786c6046bf76abb2f174655c584caa50272bf5d281720df5022 crypto/dsa/dsa_local.h -38062c6eebdb2f88fa0c6592837a96a49de2ae520d3ad483a3e02921c8adb094 crypto/dsa/dsa_ossl.c +c5c252f205482a71efeabe226d51a1c541a6ba2dfa9b8b8a70901087a9dc1667 crypto/dsa/dsa_ossl.c d612fd05ff98816ba6cf37f84c0e31443ad9d840ed587a7ab2066027da390325 crypto/dsa/dsa_sign.c 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ecp_nistp521-ppc64.pl @@ -193,7 +193,7 @@ b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_ 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c 1af3872164b4a4757bc7896a24b4d2f8eb2cfb4cba0d872a93db69975693e0a6 crypto/evp/digest.c 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c -1c3d1b1f800b1f1f5adb1fdbdd67cdf37ca7ea93b264d1468c72a63c140873ce crypto/evp/evp_enc.c +61df3942752307b7006f09d7628348a0cc9e5555469a3a8862349067a52824b7 crypto/evp/evp_enc.c 7f10367f9b6191c4a8c01784130d26b2d778485a41cdac5fa17c9a1c4096f132 crypto/evp/evp_fetch.c ebe32b2895f7f9767710674352c8949efe93b4bbb5e7b71c27bb5d1822339b46 crypto/evp/evp_lib.c 78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h @@ -213,11 +213,11 @@ e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac 1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c 76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c 4b2dbddf0f9ceed34c3822347138be754fb194febca1c21c46bcc3a5cce33674 crypto/evp/signature.c -b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c +f2acfb82aac20251d05a9c252cc6c282bd44e43feac4ac2e0faf68b9a38aef57 crypto/ex_data.c 1c8389c5d49616d491978f0f2b2a54ba82d805ec41c8f75c67853216953cf46a crypto/ffc/ffc_backend.c a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c 854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c -2695c9c8ad9193a8c1ab53d5d09712d50d12c91eb8d62e8a15cbc78f327afe84 crypto/ffc/ffc_key_validate.c +4e973d956d4ec2087994de8e963be1a512da1441f22e6e7b9cd7ee536e3ff834 crypto/ffc/ffc_key_validate.c 8b72d5a7452b2c15aec6d20027053a83f7df89d49a3b6cfedd77e2b1a29e9fc1 crypto/ffc/ffc_params.c 1a1d227f9a0f427d2ec93bc646c726c9cd49a84a343b4aff0c9c744fa6df05a9 crypto/ffc/ffc_params_generate.c 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c @@ -225,7 +225,7 @@ a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h 0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c -5482c47c266523129980302426d25839fda662f1544f4b684707e6b272a952c9 crypto/lhash/lhash.c +7290d8d7ec31a98b17618f218d4f27b393501c7606c814a43db8af1975ad1d10 crypto/lhash/lhash.c 5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c e14f48d4112c0efe3826b4aa390cc24045a85298cc551ec7f3f36ac4236d7d81 crypto/modes/asm/aes-gcm-armv8_64.pl @@ -240,7 +240,7 @@ e472d73d06933667a51a0af973479993eed333c71b43af03095450acb36dbeb4 crypto/modes/a 26f55a57e77f774d17dfba93d757f78edfa3a03f68a71ffa37ccf3bfc468b1e2 crypto/modes/asm/ghash-x86.pl 72744131007d2389c09665a59a862f5f6bb61b64bd3456e9b400985cb56586b8 crypto/modes/asm/ghash-x86_64.pl a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/asm/ghashp8-ppc.pl -0029b5beb1d4cd4c5ad47164c23f3e7c9d1eaff66ef54af025ee26795b11a1c7 crypto/modes/asm/ghashv8-armx.pl +69a13f423ca74c22543900c14aef4a848e3bc75504b65d2f51c6903aebcc17a7 crypto/modes/asm/ghashv8-armx.pl 65112dfe63cd59487e7bdb1706b44acfcf48ecede12cc3ae51daa5b661f41f06 crypto/modes/cbc128.c 1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c @@ -252,7 +252,7 @@ e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/w 8aa2504f84a0637b5122f0c963c9d82773ba248bad972ab92be7169995d162b5 crypto/o_str.c 8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c a20bfd927d69737c86ca95d3cf636afa8cefd8fe23412d1a3897644a0da21211 crypto/param_build.c -c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c +2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d crypto/param_build_set.c 0e4a5388a92fabbe5a540176c0b4c5ce258b78dc9168ecc2e805352a06aaf0ba crypto/params.c 4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c @@ -261,7 +261,7 @@ a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_ b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c 3c4ade2fed4605e374d85ec1134a98da34e7124f89f44b81a754e8cfe81f14ba crypto/property/property.c 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h -921305e62749aec22da4843738bee3448b61e7e30d5309beddc7141ad07a8004 crypto/property/property_parse.c +099407e68e705f1458b701b9336f633565fc0843355fedf1ec83794349548a51 crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c 0ba5d0297837940c972224c97cbbf3ea4a723c1eed9ce1112538c9bb26208639 crypto/provider_core.c @@ -270,11 +270,11 @@ d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provide a5a4472636b8b0095ad8d4acd37e275ad79da1a67ecff7b7b5c3e46c9ebc65b7 crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c -9e7dd6fc91d3266d4aa4f0f41b7986381122b7d98114e63ebf04c5ee298b5fda crypto/rsa/rsa_backend.c +5834d7c518ad53ea0dd3db811c0e51568c81cc6c117012030101d29003d0725c crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c e995da1c2e5007bd7f5907f369fe45ed15f4e657143a85078c755bd5e6863d0b crypto/rsa/rsa_gen.c -74ed75d1d8e0844800504a137bfd81c3dbcb6c4bd58b5d5fe9d0a362092b6e88 crypto/rsa/rsa_lib.c +f2222f270e57559537d3da8abbeb1390bc5376b73dae59d536af6e73eb48bba0 crypto/rsa/rsa_lib.c a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b crypto/rsa/rsa_local.h cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c @@ -430,7 +430,7 @@ bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openss 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h c6ee8f17d7252bdd0807a124dc6d50a95c32c04e17688b7c2e061998570b7028 include/openssl/err.h.in -12ec111c0e22581e0169be5e1838353a085fb51e3042ef59a7db1cee7da73c5b include/openssl/evp.h +b23bf3e2d0a60fe4d768afbe7aab48b47791e1274ae42b28895255119ae7f61d include/openssl/evp.h 5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h 5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783 include/openssl/fipskey.h.in @@ -567,7 +567,7 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/impl 589f6133799da80760e8bc3ab0191a341ab6d4d2706e92e6eb4a24b0250fefa6 providers/implementations/kdfs/tls1_prf.c 4d4a6d9a562d2dcfec941d3f113a544663b5ac2fbe4accd89ec70c1cc11751d0 providers/implementations/kdfs/x942kdf.c 6b6c776b12664164f3cb54c21df61e1c4477c7855d89431a16fb338cdae58d43 providers/implementations/kem/rsa_kem.c -9d5eb7e056e790b1b4292ec7af03fbf0b26e34625c70eb36643451965bcfc696 providers/implementations/keymgmt/dh_kmgmt.c +11a0d0fb88ed88e965f10b3a0ef6c880f60341df995128f57ad943053aaf15b2 providers/implementations/keymgmt/dh_kmgmt.c a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304 providers/implementations/keymgmt/dsa_kmgmt.c 9bc88451d3ae110c7a108ee73d3b3b6bda801ec3494d2dfb9c9970b85c2d34fe providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc @@ -578,7 +578,7 @@ a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304 providers/impl aeb42590728ca87b916b8a3d337351b1c82ee0747213e5ce740c2350b3db7185 providers/implementations/macs/cmac_prov.c e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c 895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c -f75fbfe5348f93ad610da7d310f4e8fecf18c0549f27605da25d393c33e0edc2 providers/implementations/macs/kmac_prov.c +8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c 9d23df7f99beec7392c9d4ed813407050bc2d150098888fe802e2c9705fc33fa providers/implementations/rands/drbg.c bb5f8161a80d0d1a7ee919af2b167972b00afd62e326252ca6aa93101f315f19 providers/implementations/rands/drbg_ctr.c diff --git a/crypto/openssl/providers/fips.checksum b/crypto/openssl/providers/fips.checksum index db5ddc6cb7c6..347a9614339e 100644 --- a/crypto/openssl/providers/fips.checksum +++ b/crypto/openssl/providers/fips.checksum @@ -1 +1 @@ -8d97c837eeb1288f74788f0e48cb0cbc8498d4cf7ddc25c89344df7d5309ffc8 providers/fips-sources.checksums +114b59f288ec2d6ddfcd26187f43cad614c6d4e4a7aba24410494f46f627671c providers/fips-sources.checksums diff --git a/crypto/openssl/providers/implementations/encode_decode/encode_key2text.c b/crypto/openssl/providers/implementations/encode_decode/encode_key2text.c index 7d983f5e51c6..3e75a9afb370 100644 --- a/crypto/openssl/providers/implementations/encode_decode/encode_key2text.c +++ b/crypto/openssl/providers/implementations/encode_decode/encode_key2text.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -241,7 +241,7 @@ static int dh_to_text(BIO *out, const void *key, int selection) return 0; } } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { pub_key = DH_get0_pub_key(dh); if (pub_key == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); @@ -316,7 +316,7 @@ static int dsa_to_text(BIO *out, const void *key, int selection) return 0; } } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { pub_key = DSA_get0_pub_key(dsa); if (pub_key == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); @@ -525,7 +525,7 @@ static int ec_to_text(BIO *out, const void *key, int selection) if (priv_len == 0) goto err; } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { const EC_POINT *pub_pt = EC_KEY_get0_public_key(ec); if (pub_pt == NULL) { @@ -575,26 +575,31 @@ static int ecx_to_text(BIO *out, const void *key, int selection) return 0; } + switch (ecx->type) { + case ECX_KEY_TYPE_X25519: + type_label = "X25519"; + break; + case ECX_KEY_TYPE_X448: + type_label = "X448"; + break; + case ECX_KEY_TYPE_ED25519: + type_label = "ED25519"; + break; + case ECX_KEY_TYPE_ED448: + type_label = "ED448"; + break; + } + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (ecx->privkey == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); return 0; } - switch (ecx->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Private-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Private-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Private-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Private-Key"; - break; - } + if (BIO_printf(out, "%s Private-Key:\n", type_label) <= 0) + return 0; + if (!print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen)) + return 0; } else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { /* ecx->pubkey is an array, not a pointer... */ if (!ecx->haspubkey) { @@ -602,29 +607,11 @@ static int ecx_to_text(BIO *out, const void *key, int selection) return 0; } - switch (ecx->type) { - case ECX_KEY_TYPE_X25519: - type_label = "X25519 Public-Key"; - break; - case ECX_KEY_TYPE_X448: - type_label = "X448 Public-Key"; - break; - case ECX_KEY_TYPE_ED25519: - type_label = "ED25519 Public-Key"; - break; - case ECX_KEY_TYPE_ED448: - type_label = "ED448 Public-Key"; - break; - } + if (BIO_printf(out, "%s Public-Key:\n", type_label) <= 0) + return 0; } - if (BIO_printf(out, "%s:\n", type_label) <= 0) - return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && !print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen)) - return 0; - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 - && !print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen)) + if (!print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen)) return 0; return 1; diff --git a/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c index 4ca9c1a3fad8..c14b9765d11b 100644 --- a/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c @@ -392,7 +392,7 @@ static int dh_validate_public(const DH *dh, int checktype) && ossl_dh_is_named_safe_prime_group(dh)) return ossl_dh_check_pub_key_partial(dh, pub_key, &res); - return DH_check_pub_key(dh, pub_key, &res); + return DH_check_pub_key_ex(dh, pub_key); } static int dh_validate_private(const DH *dh) diff --git a/crypto/openssl/providers/implementations/macs/kmac_prov.c b/crypto/openssl/providers/implementations/macs/kmac_prov.c index b2f85398b4e2..99e7c60a74ce 100644 --- a/crypto/openssl/providers/implementations/macs/kmac_prov.c +++ b/crypto/openssl/providers/implementations/macs/kmac_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -249,7 +249,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key, ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; } - if (w < 0) { + if (w <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH); return 0; } @@ -289,7 +289,7 @@ static int kmac_init(void *vmacctx, const unsigned char *key, return 0; t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest)); - if (t < 0) { + if (t <= 0) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH); return 0; } diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 7b016d988a34..65925f972ba7 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -2,8 +2,8 @@ .include <bsd.own.mk> # OpenSSL version used for manual page generation -OPENSSL_VER= 3.0.11 -OPENSSL_DATE= 2023-09-19 +OPENSSL_VER= 3.0.12 +OPENSSL_DATE= 2023-10-24 LCRYPTO_SRC= ${SRCTOP}/crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc diff --git a/sys/crypto/openssl/aarch64/aesv8-armx.S b/sys/crypto/openssl/aarch64/aesv8-armx.S index d92a1d60c65c..7666667e4782 100644 --- a/sys/crypto/openssl/aarch64/aesv8-armx.S +++ b/sys/crypto/openssl/aarch64/aesv8-armx.S @@ -104,7 +104,7 @@ aes_v8_set_encrypt_key: .Loop192: tbl v6.16b,{v4.16b},v2.16b ext v5.16b,v0.16b,v3.16b,#12 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ st1 {v4.4s},[x2],#16 sub x2,x2,#8 #else @@ -1511,7 +1511,7 @@ aes_v8_ctr32_encrypt_blocks: ldr w5,[x3,#240] ldr w8, [x4, #12] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ld1 {v0.16b},[x4] #else ld1 {v0.4s},[x4] @@ -1528,7 +1528,7 @@ aes_v8_ctr32_encrypt_blocks: add x7,x3,#32 mov w6,w5 csel x12,xzr,x12,lo -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev w8, w8 #endif orr v1.16b,v0.16b,v0.16b diff --git a/sys/crypto/openssl/aarch64/arm_arch.h b/sys/crypto/openssl/aarch64/arm_arch.h index 45d7e1556475..ec4a087fede2 100644 --- a/sys/crypto/openssl/aarch64/arm_arch.h +++ b/sys/crypto/openssl/aarch64/arm_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,11 +21,6 @@ # elif defined(__GNUC__) # if defined(__aarch64__) # define __ARM_ARCH__ 8 -# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define __ARMEB__ -# else -# define __ARMEL__ -# endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectures[] table in diff --git a/sys/crypto/openssl/aarch64/ghashv8-armx.S b/sys/crypto/openssl/aarch64/ghashv8-armx.S index fe5cd49a25aa..cb7aa9a3908b 100644 --- a/sys/crypto/openssl/aarch64/ghashv8-armx.S +++ b/sys/crypto/openssl/aarch64/ghashv8-armx.S @@ -102,7 +102,7 @@ gcm_gmult_v8: movi v19.16b,#0xe1 ld1 {v20.2d,v21.2d},[x1] //load twisted H, ... shl v19.2d,v19.2d,#57 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v17.16b,v17.16b #endif ext v3.16b,v17.16b,v17.16b,#8 @@ -127,7 +127,7 @@ gcm_gmult_v8: eor v18.16b,v18.16b,v2.16b eor v0.16b,v0.16b,v18.16b -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v0.16b,v0.16b #endif ext v0.16b,v0.16b,v0.16b,#8 @@ -164,14 +164,14 @@ gcm_ghash_v8: ext v0.16b,v0.16b,v0.16b,#8 //rotate Xi ld1 {v16.2d},[x2],#16 //load [rotated] I[0] shl v19.2d,v19.2d,#57 //compose 0xc2.0 constant -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v16.16b,v16.16b rev64 v0.16b,v0.16b #endif ext v3.16b,v16.16b,v16.16b,#8 //rotate I[0] b.lo .Lodd_tail_v8 //x3 was less than 32 ld1 {v17.2d},[x2],x12 //load [rotated] I[1] -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v17.16b,v17.16b #endif ext v7.16b,v17.16b,v17.16b,#8 @@ -203,13 +203,13 @@ gcm_ghash_v8: eor v18.16b,v0.16b,v2.16b eor v1.16b,v1.16b,v17.16b ld1 {v17.2d},[x2],x12 //load [rotated] I[i+3] -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v16.16b,v16.16b #endif eor v1.16b,v1.16b,v18.16b pmull v18.1q,v0.1d,v19.1d //1st phase of reduction -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v17.16b,v17.16b #endif ins v2.d[0],v1.d[1] @@ -259,7 +259,7 @@ gcm_ghash_v8: eor v0.16b,v0.16b,v18.16b .Ldone_v8: -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v0.16b,v0.16b #endif ext v0.16b,v0.16b,v0.16b,#8 @@ -278,7 +278,7 @@ gcm_ghash_v8_4x: shl v19.2d,v19.2d,#57 //compose 0xc2.0 constant ld1 {v4.2d,v5.2d,v6.2d,v7.2d},[x2],#64 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v0.16b,v0.16b rev64 v5.16b,v5.16b rev64 v6.16b,v6.16b @@ -322,7 +322,7 @@ gcm_ghash_v8_4x: eor v16.16b,v4.16b,v0.16b ld1 {v4.2d,v5.2d,v6.2d,v7.2d},[x2],#64 ext v3.16b,v16.16b,v16.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v5.16b,v5.16b rev64 v6.16b,v6.16b rev64 v7.16b,v7.16b @@ -405,7 +405,7 @@ gcm_ghash_v8_4x: eor v1.16b,v1.16b,v17.16b ld1 {v4.2d,v5.2d,v6.2d},[x2] eor v1.16b,v1.16b,v18.16b -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v5.16b,v5.16b rev64 v6.16b,v6.16b rev64 v4.16b,v4.16b @@ -457,7 +457,7 @@ gcm_ghash_v8_4x: eor v1.16b,v1.16b,v17.16b ld1 {v4.2d,v5.2d},[x2] eor v1.16b,v1.16b,v18.16b -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v5.16b,v5.16b rev64 v4.16b,v4.16b #endif @@ -500,7 +500,7 @@ gcm_ghash_v8_4x: eor v1.16b,v1.16b,v17.16b ld1 {v4.2d},[x2] eor v1.16b,v1.16b,v18.16b -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v4.16b,v4.16b #endif @@ -540,7 +540,7 @@ gcm_ghash_v8_4x: eor v0.16b,v0.16b,v18.16b ext v0.16b,v0.16b,v0.16b,#8 -#ifndef __ARMEB__ +#ifndef __AARCH64EB__ rev64 v0.16b,v0.16b #endif st1 {v0.2d},[x0] //write out Xi diff --git a/sys/crypto/openssl/aarch64/poly1305-armv8.S b/sys/crypto/openssl/aarch64/poly1305-armv8.S index 101e4fb40552..bf1daa3adaff 100644 --- a/sys/crypto/openssl/aarch64/poly1305-armv8.S +++ b/sys/crypto/openssl/aarch64/poly1305-armv8.S @@ -29,7 +29,7 @@ poly1305_init: ldp x7,x8,[x1] // load key mov x9,#0xfffffffc0fffffff movk x9,#0x0fff,lsl#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x7,x7 // flip bytes rev x8,x8 #endif @@ -76,7 +76,7 @@ poly1305_blocks: .Loop: ldp x10,x11,[x1],#16 // load input sub x2,x2,#16 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x10,x10 rev x11,x11 #endif @@ -141,13 +141,13 @@ poly1305_emit: csel x4,x4,x12,eq csel x5,x5,x13,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror x10,x10,#32 // flip nonce words ror x11,x11,#32 #endif adds x4,x4,x10 // accumulate nonce adc x5,x5,x11 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x4,x4 // flip output bytes rev x5,x5 #endif @@ -267,7 +267,7 @@ poly1305_blocks_neon: adcs x5,x5,xzr adc x6,x6,xzr -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x12,x12 rev x13,x13 #endif @@ -313,7 +313,7 @@ poly1305_blocks_neon: ldp x12,x13,[x1],#16 // load input sub x2,x2,#16 add x9,x8,x8,lsr#2 // s1 = r1 + (r1 >> 2) -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x12,x12 rev x13,x13 #endif @@ -398,7 +398,7 @@ poly1305_blocks_neon: lsl x3,x3,#24 add x15,x0,#48 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -434,7 +434,7 @@ poly1305_blocks_neon: ld1 {v4.4s,v5.4s,v6.4s,v7.4s},[x15],#64 ld1 {v8.4s},[x15] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -495,7 +495,7 @@ poly1305_blocks_neon: umull v20.2d,v14.2s,v1.s[2] ldp x9,x13,[x16],#48 umull v19.2d,v14.2s,v0.s[2] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -560,7 +560,7 @@ poly1305_blocks_neon: umlal v23.2d,v11.2s,v3.s[0] umlal v20.2d,v11.2s,v8.s[0] umlal v21.2d,v11.2s,v0.s[0] -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x8,x8 rev x12,x12 rev x9,x9 @@ -841,13 +841,13 @@ poly1305_emit_neon: csel x4,x4,x12,eq csel x5,x5,x13,eq -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ ror x10,x10,#32 // flip nonce words ror x11,x11,#32 #endif adds x4,x4,x10 // accumulate nonce adc x5,x5,x11 -#ifdef __ARMEB__ +#ifdef __AARCH64EB__ rev x4,x4 // flip output bytes rev x5,x5 #endif |