diff options
Diffstat (limited to 'crypto/openssl')
168 files changed, 2780 insertions, 710 deletions
diff --git a/crypto/openssl/.ctags.d/add-dir.ctags b/crypto/openssl/.ctags.d/add-dir.ctags new file mode 100644 index 000000000000..ec20b51bd4ca --- /dev/null +++ b/crypto/openssl/.ctags.d/add-dir.ctags @@ -0,0 +1,11 @@ +# +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# + +# Allow ctags to load configuration file under the sub directories. +--optlib-dir=+./.ctags.d diff --git a/crypto/openssl/.ctags.d/exclude.ctags b/crypto/openssl/.ctags.d/exclude.ctags new file mode 100644 index 000000000000..c932464e6dbd --- /dev/null +++ b/crypto/openssl/.ctags.d/exclude.ctags @@ -0,0 +1,13 @@ +# +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# + +# List file names or patterns you want ctags to ignore. +--exclude=.ctags.d +--exclude=test +--exclude=check-format-test-positives.c diff --git a/crypto/openssl/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags b/crypto/openssl/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags new file mode 100644 index 000000000000..ddd4fd54bd04 --- /dev/null +++ b/crypto/openssl/.ctags.d/openssl-stage1/10extrac-macrodefs.ctags @@ -0,0 +1,18 @@ +# +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# + +# This file is only for extracting macro definitions. +--langmap=C:+.h +-o - +--sort=no +--languages=C +-R + +--fields-C=+{macrodef} +--fields=+{signature} diff --git a/crypto/openssl/.ctags.d/openssl-stage2/10expand-macros.ctags b/crypto/openssl/.ctags.d/openssl-stage2/10expand-macros.ctags new file mode 100644 index 000000000000..5cf5000df3af --- /dev/null +++ b/crypto/openssl/.ctags.d/openssl-stage2/10expand-macros.ctags @@ -0,0 +1,9 @@ +# +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +--param-CPreProcessor._expand=1 diff --git a/crypto/openssl/BSDmakefile b/crypto/openssl/BSDmakefile index bd2bfe0ea033..d260808ffac3 100644 --- a/crypto/openssl/BSDmakefile +++ b/crypto/openssl/BSDmakefile @@ -12,8 +12,12 @@ LCRYPTO_SRC= ${SRCTOP}/crypto/openssl LCRYPTO_DOC= ${LCRYPTO_SRC}/doc CAT?= /bin/cat +CC?= cc +GMAKE?= gmake +LD?= ld MV?= /bin/mv PERL?= perl +SETENVI= /usr/bin/env -i BN_CONF_H= include/crypto/bn_conf.h BN_CONF_H_ORIG= ${BN_CONF_H}.orig @@ -23,8 +27,14 @@ CONFIGURATION_H_ORIG= ${CONFIGURATION_H}.orig .PHONY: configure patch all .ORDER: configure patch all +LOCALBASE= /usr/local +WRK_ENV= CC=${CC} \ + LD=${LD} \ + PATH=${LOCALBASE}/bin:/bin:/usr/bin + configure: - @cd ${.CURDIR} && \ + @(cd ${.CURDIR} && ${SETENVI} \ + ${WRK_ENV} \ ${PERL} ./Configure \ disable-aria \ disable-egd \ @@ -37,34 +47,45 @@ configure: enable-ktls \ enable-sctp \ --openssldir=etc \ - --prefix=/usr - @cd ${.CURDIR} && gmake configdata.pm - @cd ${LCRYPTO_SRC} && ${PERL} \ - ${LCRYPTO_SRC}/freebsd/dump_version_from_configdata.pl > \ - ${SRCTOP}/secure/lib/libcrypto/Makefile.version + --prefix=/usr) + @echo "Building configdata.pm for later use." + @(cd ${.CURDIR} && \ + ${SETENVI} ${WRK_ENV} ${GMAKE} -j ${.MAKE.JOBS} configdata.pm) -all: patch - # Passing `-j ${.MAKE.JOBS}` doesn't work here for some reason. - @cd ${.CURDIR} && gmake build_all_generated + @echo "Populating Makefile.version with release information" + @(cd ${LCRYPTO_SRC} && ${SETENVI} ${WRK_ENV} ${PERL} \ + ${LCRYPTO_SRC}/freebsd/dump_version_from_configdata.pl > \ + ${SRCTOP}/secure/lib/libcrypto/Makefile.version) - # Clean the pkgconfig files: - # 1. Fix --prefix (not sure why configure --prefix isn't honored properly). +all: patch + @echo "==> Building generated files (headers, manpages, etc)" + @(cd ${.CURDIR} && \ + ${SETENVI} ${WRK_ENV} ${GMAKE} -j ${.MAKE.JOBS} build_all_generated) + + # 1. Fix --prefix. + # a. Not sure why --prefix isn't honored properly, even though it's + # passed to Configure; the files might be getting rebuilt + # post-Configure, somehow. # 2. Remove duplicate path in CFLAGS. # 3. Remove duplicate path in includedir(s). + @echo "==> Fixing pkgconfig files" @find . -name \*.pc -print -exec sed -i '' -E \ -e 's,^prefix=.+,prefix=/usr,' \ -e 's,[[:space:]]+(\-I)?\$\{prefix\}/\./include[[:space:]]*,,g' \ {} + - @cd ${SRCTOP}/secure/lib/libcrypto && \ - ${MAKE} cleanasm && \ - ${MAKE} buildasm + @echo "==> Cleaning / rebuilding ASM" + @(cd ${SRCTOP}/secure/lib/libcrypto && \ + ${SETENVI} ${WRK_ENV} ${MAKE} cleanasm && \ + ${SETENVI} ${WRK_ENV} ${MAKE} buildasm) + @echo "==> Syncing manpages (section 1)" @rsync -a --delete \ --exclude 'Makefile*' --exclude '*.1' \ ${LCRYPTO_DOC}/man/ \ ${SRCTOP}/secure/lib/libcrypto/man + @echo "==> Syncing manpages (sections {3,5,7})" @rsync -a --delete \ --exclude 'Makefile*' --exclude '*.[357]' \ ${LCRYPTO_DOC}/man/man1/ \ @@ -75,25 +96,26 @@ all: patch # depending on the host architecture. patch: configure # Spam arch-specific overrides to config files. + @echo "==> Patching headers" + @(cd ${.CURDIR} && ${SETENVI} ${WRK_ENV} ${GMAKE} ${BN_CONF_H} && \ + ${MV} ${BN_CONF_H} ${BN_CONF_H_ORIG} && \ + ${CAT} ${BN_CONF_H}.orig \ + ${LCRYPTO_SRC}/freebsd/${BN_CONF_H} >> \ + ${BN_CONF_H}) - @cd ${.CURDIR} && gmake ${BN_CONF_H} && \ - ${MV} ${BN_CONF_H} ${BN_CONF_H_ORIG} && \ - ${CAT} ${BN_CONF_H}.orig \ - ${LCRYPTO_SRC}/freebsd/${BN_CONF_H} >> \ - ${BN_CONF_H} - - @cd ${.CURDIR} && \ - ${MV} ${CONFIGURATION_H} ${CONFIGURATION_H_ORIG} && \ - ${CAT} ${CONFIGURATION_H_ORIG} \ - ${LCRYPTO_SRC}/freebsd/${CONFIGURATION_H} >> \ - ${CONFIGURATION_H} + @(cd ${.CURDIR} && \ + ${MV} ${CONFIGURATION_H} ${CONFIGURATION_H_ORIG} && \ + ${CAT} ${CONFIGURATION_H_ORIG} \ + ${LCRYPTO_SRC}/freebsd/${CONFIGURATION_H} >> \ + ${CONFIGURATION_H}) clean: .PHONY - @cd ${.CURDIR} && rm -f ${BN_CONF_H_ORIG} ${CONFIGURATION_H_ORIG} + @(cd ${.CURDIR} && rm -f ${BN_CONF_H_ORIG} ${CONFIGURATION_H_ORIG}) - @cd ${SRCTOP}/secure/lib/libcrypto && ${MAKE} cleanasm + @(cd ${SRCTOP}/secure/lib/libcrypto && \ + ${SETENVI} ${WRK_ENV} ${MAKE} cleanasm) - -@cd ${.CURDIR} && gmake ${.TARGET} + -@(cd ${.CURDIR} && ${GMAKE} ${.TARGET}) .include <sys.mk> diff --git a/crypto/openssl/CHANGES.md b/crypto/openssl/CHANGES.md index 2978ebfa2d10..5f5ba3ef1751 100644 --- a/crypto/openssl/CHANGES.md +++ b/crypto/openssl/CHANGES.md @@ -28,6 +28,63 @@ OpenSSL Releases OpenSSL 3.5 ----------- +### Changes between 3.5.2 and 3.5.3 [16 Sep 2025] + + * Avoided a potential race condition introduced in 3.5.1, where + `OSSL_STORE_CTX` kept open during lookup while potentially being used + by multiple threads simultaneously, that could lead to potential crashes + when multiple concurrent TLS connections are served. + + *Matt Caswell* + + * The FIPS provider no longer performs a PCT on key import for RSA, DH, + and EC keys (that was introduced in 3.5.2), following the latest update + on that requirement in FIPS 140-3 IG 10.3.A additional comment 1. + + *Dr Paul Dale* + + * Secure memory allocation calls are no longer used for HMAC keys. + + *Dr Paul Dale* + + * `openssl req` no longer generates certificates with an empty extension list + when SKID/AKID are set to `none` during generation. + + *David Benjamin* + + * The man page date is now derived from the release date provided + in `VERSION.dat` and not the current date for the released builds. + + *Enji Cooper* + + * Hardened the provider implementation of the RSA public key "encrypt" + operation to add a missing check that the caller-indicated output buffer + size is at least as large as the byte count of the RSA modulus. The issue + was reported by Arash Ale Ebrahim from SYSPWN. + + This operation is typically invoked via `EVP_PKEY_encrypt(3)`. Callers that + in fact provide a sufficiently large buffer, but fail to correctly indicate + its size may now encounter unexpected errors. In applications that attempt + RSA public encryption into a buffer that is too small, an out-of-bounds + write is now avoided and an error is reported instead. + + *Viktor Dukhovni* + + * Added FIPS 140-3 PCT on DH key generation. + + *Nikola Pajkovsky* + + * Fixed the synthesised `OPENSSL_VERSION_NUMBER`. + + *Richard Levitte* + +### Changes between 3.5.1 and 3.5.2 [5 Aug 2025] + + * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. + This is mandated by FIPS 140-3 IG 10.3.A additional comment 1. + + *Dr Paul Dale* + ### Changes between 3.5.0 and 3.5.1 [1 Jul 2025] * Fix x509 application adds trusted use instead of rejected use. diff --git a/crypto/openssl/Configurations/unix-Makefile.tmpl b/crypto/openssl/Configurations/unix-Makefile.tmpl index a6f666957ec0..81f49926ce92 100644 --- a/crypto/openssl/Configurations/unix-Makefile.tmpl +++ b/crypto/openssl/Configurations/unix-Makefile.tmpl @@ -3,6 +3,8 @@ ## ## {- join("\n## ", @autowarntext) -} {- + use Time::Piece; + use OpenSSL::Util; our $makedep_scheme = $config{makedep_scheme}; @@ -74,6 +76,15 @@ FIPSKEY={- $config{FIPSKEY} -} VERSION={- "$config{full_version}" -} VERSION_NUMBER={- "$config{version}" -} +RELEASE_DATE={- my $t = localtime; + if ($config{"release_date"}) { + # Provide the user with a more meaningful error message + # than the default internal parsing error from + # `Time::Piece->strptime(..)`. + eval { $t = Time::Piece->strptime($config{"release_date"}, "%d %b %Y"); } || + die "Parsing \$config{release_date} ('$config{release_date}') failed: $@"; + } + $t->strftime("%Y-%m-%d") -} MAJOR={- $config{major} -} MINOR={- $config{minor} -} SHLIB_VERSION_NUMBER={- $config{shlib_version} -} @@ -1565,7 +1576,8 @@ EOF return <<"EOF"; $args{src}: $pod pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\ - --release=\$(VERSION) $pod >\$\@ + --date=\$(RELEASE_DATE) --release=\$(VERSION) \\ + $pod >\$\@ EOF } elsif (platform->isdef($args{src})) { # diff --git a/crypto/openssl/NEWS.md b/crypto/openssl/NEWS.md index e5fe94779035..5d8a83f43068 100644 --- a/crypto/openssl/NEWS.md +++ b/crypto/openssl/NEWS.md @@ -23,6 +23,20 @@ OpenSSL Releases OpenSSL 3.5 ----------- +### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025] + + * Added FIPS 140-3 PCT on DH key generation. + + *Nikola Pajkovsky* + + * Fixed the synthesised `OPENSSL_VERSION_NUMBER`. + + *Richard Levitte* + +### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025] + + * none + ### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025] OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this diff --git a/crypto/openssl/NOTES-WINDOWS.md b/crypto/openssl/NOTES-WINDOWS.md index e903376db530..5d6287a8e8fd 100644 --- a/crypto/openssl/NOTES-WINDOWS.md +++ b/crypto/openssl/NOTES-WINDOWS.md @@ -125,7 +125,7 @@ format: `\\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\OpenSSL-<version>-<ctx>` Where `<version>` is the major.minor version of the library being -built, and `<ctx>` is the value specified by `-DOPENSSL_WINCTX`. This allows +built, and `<ctx>` is the value specified by `-DOSSL_WINCTX`. This allows for multiple openssl builds to be created and installed on a single system, in which each library can use its own set of registry keys. diff --git a/crypto/openssl/VERSION.dat b/crypto/openssl/VERSION.dat index f931934a1972..8a2893b68006 100644 --- a/crypto/openssl/VERSION.dat +++ b/crypto/openssl/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=5 -PATCH=1 +PATCH=3 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="1 Jul 2025" +RELEASE_DATE="16 Sep 2025" SHLIB_VERSION=3 diff --git a/crypto/openssl/apps/asn1parse.c b/crypto/openssl/apps/asn1parse.c index 4f882396d03d..4540d5f5fb6e 100644 --- a/crypto/openssl/apps/asn1parse.c +++ b/crypto/openssl/apps/asn1parse.c @@ -40,8 +40,8 @@ const OPTIONS asn1parse_options[] = { {"length", OPT_LENGTH, 'p', "length of section in file"}, {"strparse", OPT_STRPARSE, 'p', "offset; a series of these can be used to 'dig'"}, - {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, + {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"}, {"strictpem", OPT_STRICTPEM, 0, "equivalent to '-inform pem' (obsolete)"}, diff --git a/crypto/openssl/apps/cms.c b/crypto/openssl/apps/cms.c index 919d306ff687..6f19414880c9 100644 --- a/crypto/openssl/apps/cms.c +++ b/crypto/openssl/apps/cms.c @@ -1280,6 +1280,7 @@ int cms_main(int argc, char **argv) goto end; } if (ret <= 0) { + BIO_printf(bio_err, "Error writing CMS output\n"); ret = 6; goto end; } diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c index 3f45ba15e576..33949d402dd7 100644 --- a/crypto/openssl/apps/enc.c +++ b/crypto/openssl/apps/enc.c @@ -260,6 +260,8 @@ int enc_main(int argc, char **argv) goto opthelp; if (k) n *= 1024; + if (n > INT_MAX) + goto opthelp; bsize = (int)n; break; case OPT_K: diff --git a/crypto/openssl/apps/include/apps.h b/crypto/openssl/apps/include/apps.h index ceebfde72786..11381ea7da8c 100644 --- a/crypto/openssl/apps/include/apps.h +++ b/crypto/openssl/apps/include/apps.h @@ -103,7 +103,6 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); /* progress callback for dsaparam, dhparam, req, genpkey, etc. */ int progress_cb(EVP_PKEY_CTX *ctx); -int chopup_args(ARGS *arg, char *buf); void dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, const X509_NAME *nm); void print_bignum_var(BIO *, const BIGNUM *, const char *, diff --git a/crypto/openssl/apps/lib/apps.c b/crypto/openssl/apps/lib/apps.c index d4e72307de58..1b9c9e3e9a19 100644 --- a/crypto/openssl/apps/lib/apps.c +++ b/crypto/openssl/apps/lib/apps.c @@ -83,55 +83,6 @@ static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl); int app_init(long mesgwin); -int chopup_args(ARGS *arg, char *buf) -{ - int quoted; - char c = '\0', *p = NULL; - - arg->argc = 0; - if (arg->size == 0) { - arg->size = 20; - arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); - } - - for (p = buf;;) { - /* Skip whitespace. */ - while (*p && isspace(_UC(*p))) - p++; - if (*p == '\0') - break; - - /* The start of something good :-) */ - if (arg->argc >= arg->size) { - char **tmp; - - arg->size += 20; - tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size); - if (tmp == NULL) - return 0; - arg->argv = tmp; - } - quoted = *p == '\'' || *p == '"'; - if (quoted) - c = *p++; - arg->argv[arg->argc++] = p; - - /* now look for the end of this */ - if (quoted) { - while (*p && *p != c) - p++; - *p++ = '\0'; - } else { - while (*p && !isspace(_UC(*p))) - p++; - if (*p) - *p++ = '\0'; - } - } - arg->argv[arg->argc] = NULL; - return 1; -} - #ifndef APP_INIT int app_init(long mesgwin) { diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c index 79b76a2ca747..95a95f56cb99 100644 --- a/crypto/openssl/apps/ocsp.c +++ b/crypto/openssl/apps/ocsp.c @@ -662,7 +662,8 @@ redo_accept: resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); - send_ocsp_response(cbio, resp); + if (resp != NULL) + send_ocsp_response(cbio, resp); } goto done_resp; } @@ -764,16 +765,18 @@ redo_accept: BIO_free(derbio); } - i = OCSP_response_status(resp); - if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%d)\n", - OCSP_response_status_str(i), i); - if (!ignore_err) + if (resp != NULL) { + i = OCSP_response_status(resp); + if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { + BIO_printf(out, "Responder Error: %s (%d)\n", + OCSP_response_status_str(i), i); + if (!ignore_err) goto end; - } + } - if (resp_text) - OCSP_RESPONSE_print(out, resp, 0); + if (resp_text) + OCSP_RESPONSE_print(out, resp, 0); + } /* If running as responder don't verify our own response */ if (cbio != NULL) { diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c index b123a151ea74..da747c1783e4 100644 --- a/crypto/openssl/apps/rand.c +++ b/crypto/openssl/apps/rand.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -199,7 +199,7 @@ int rand_main(int argc, char **argv) int chunk; chunk = scaled_num > buflen ? (int)buflen : (int)scaled_num; - r = RAND_bytes(buf, chunk); + r = RAND_bytes_ex(app_get0_libctx(), buf, chunk, 0); if (r <= 0) goto end; if (format != FORMAT_TEXT) { diff --git a/crypto/openssl/configdata.pm b/crypto/openssl/configdata.pm index ec70eaba9f07..8ea23bf8a681 100755 --- a/crypto/openssl/configdata.pm +++ b/crypto/openssl/configdata.pm @@ -30,6 +30,7 @@ our %config = ( "FIPSKEY" => "f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813", "FIPS_VENDOR" => "OpenSSL non-compliant FIPS Provider", "HASHBANGPERL" => "/usr/bin/env perl", + "LD" => "ld", "LDFLAGS" => [], "LDLIBS" => [], "OBJCOPY" => "objcopy", @@ -167,7 +168,7 @@ our %config = ( ], "dynamic_engines" => "1", "ex_libs" => [], - "full_version" => "3.5.1", + "full_version" => "3.5.3", "includes" => [], "ktls" => "", "lflags" => [], @@ -231,10 +232,10 @@ our %config = ( "openssl_sys_defines" => [], "openssldir" => "etc", "options" => "enable-ec_nistp_64_gcc_128 enable-ktls enable-sctp --openssldir=etc --prefix=/usr no-acvp-tests no-afalgeng no-aria no-asan no-brotli no-brotli-dynamic no-buildtest-c++ no-crypto-mdebug no-crypto-mdebug-backtrace no-demos no-egd no-external-tests no-fips no-fips-jitter no-fips-post no-fips-securitychecks no-fuzz-afl no-fuzz-libfuzzer no-h3demo no-hqinterop no-idea no-jitter no-md2 no-mdc2 no-msan no-pie no-rc5 no-sm2 no-sm3 no-sm4 no-ssl3 no-ssl3-method no-sslkeylog no-tfo no-trace no-ubsan no-unit-test no-uplink no-weak-ssl-ciphers no-winstore no-zlib no-zlib-dynamic no-zstd no-zstd-dynamic", - "patch" => "1", + "patch" => "3", "perl_archname" => "amd64-freebsd-thread-multi", "perl_cmd" => "/usr/local/bin/perl", - "perl_version" => "5.40.2", + "perl_version" => "5.40.3", "perlargv" => [ "disable-aria", "disable-egd", @@ -255,7 +256,7 @@ our %config = ( "AS" => undef, "ASFLAGS" => undef, "BUILDFILE" => undef, - "CC" => undef, + "CC" => "cc", "CFLAGS" => undef, "CPP" => undef, "CPPDEFINES" => undef, @@ -265,7 +266,7 @@ our %config = ( "CXX" => undef, "CXXFLAGS" => undef, "HASHBANGPERL" => undef, - "LD" => undef, + "LD" => "ld", "LDFLAGS" => undef, "LDLIBS" => undef, "MT" => undef, @@ -290,11 +291,11 @@ our %config = ( "prerelease" => "", "processor" => "", "rc4_int" => "unsigned int", - "release_date" => "1 Jul 2025", + "release_date" => "16 Sep 2025", "shlib_version" => "3", "sourcedir" => ".", "target" => "BSD-x86_64", - "version" => "3.5.1" + "version" => "3.5.3" ); our %target = ( "AR" => "ar", diff --git a/crypto/openssl/crypto/aes/asm/aes-s390x.pl b/crypto/openssl/crypto/aes/asm/aes-s390x.pl index 5d1283f57690..2345d4574a41 100755 --- a/crypto/openssl/crypto/aes/asm/aes-s390x.pl +++ b/crypto/openssl/crypto/aes/asm/aes-s390x.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1431,6 +1431,9 @@ $code.=<<___ if (!$softonly); st${g} $s3,0($sp) # backchain la %r1,$stdframe($sp) + xc $stdframe+0(64,$sp),$stdframe+0($sp) # clear reserved/unused + # in parameter block + lmg $s2,$s3,0($key) # copy key stg $s2,$stdframe+80($sp) stg $s3,$stdframe+88($sp) diff --git a/crypto/openssl/crypto/asn1/asn_mime.c b/crypto/openssl/crypto/asn1/asn_mime.c index 806adade7ffc..9afe249965e9 100644 --- a/crypto/openssl/crypto/asn1/asn_mime.c +++ b/crypto/openssl/crypto/asn1/asn_mime.c @@ -168,6 +168,19 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) BIO_write(out, ",", 1); write_comma = 1; md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); + + /* RFC 8702 does not define a micalg for SHAKE, assuming "shake-<bitlen>" */ + if (md_nid == NID_shake128) { + if (BIO_puts(out, "shake-128") < 0) + goto err; + continue; + } + if (md_nid == NID_shake256) { + if (BIO_puts(out, "shake-256") < 0) + goto err; + continue; + } + md = EVP_get_digestbynid(md_nid); if (md && md->md_ctrl) { int rv; @@ -204,15 +217,15 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) case NID_id_GostR3411_94: BIO_puts(out, "gostr3411-94"); - goto err; + break; case NID_id_GostR3411_2012_256: BIO_puts(out, "gostr3411-2012-256"); - goto err; + break; case NID_id_GostR3411_2012_512: BIO_puts(out, "gostr3411-2012-512"); - goto err; + break; default: if (have_unknown) { @@ -272,7 +285,8 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, BIO_printf(bio, "Content-Type: multipart/signed;"); BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); BIO_puts(bio, " micalg=\""); - asn1_write_micalg(bio, mdalgs); + if (!asn1_write_micalg(bio, mdalgs)) + return 0; BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", bound, mime_eol, mime_eol); BIO_printf(bio, "This is an S/MIME signed message%s%s", diff --git a/crypto/openssl/crypto/bio/bss_dgram.c b/crypto/openssl/crypto/bio/bss_dgram.c index ea2550859ccd..784a1abb00bb 100644 --- a/crypto/openssl/crypto/bio/bss_dgram.c +++ b/crypto/openssl/crypto/bio/bss_dgram.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -464,11 +464,11 @@ static int dgram_write(BIO *b, const char *in, int inl) return ret; } -static long dgram_get_mtu_overhead(bio_dgram_data *data) +static long dgram_get_mtu_overhead(BIO_ADDR *addr) { long ret; - switch (BIO_ADDR_family(&data->peer)) { + switch (BIO_ADDR_family(addr)) { case AF_INET: /* * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP @@ -480,7 +480,8 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data) { # ifdef IN6_IS_ADDR_V4MAPPED struct in6_addr tmp_addr; - if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) + + if (BIO_ADDR_rawaddress(addr, &tmp_addr, NULL) && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) /* * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP @@ -666,11 +667,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) &sockopt_len)) < 0 || sockopt_val < 0) { ret = 0; } else { - /* - * we assume that the transport protocol is UDP and no IP - * options are used. - */ - data->mtu = sockopt_val - 8 - 20; + data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); ret = data->mtu; } break; @@ -682,11 +679,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) || sockopt_val < 0) { ret = 0; } else { - /* - * we assume that the transport protocol is UDP and no IPV6 - * options are used. - */ - data->mtu = sockopt_val - 8 - 40; + data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); ret = data->mtu; } break; @@ -700,7 +693,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) # endif break; case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: - ret = -dgram_get_mtu_overhead(data); + ret = -dgram_get_mtu_overhead(&data->peer); switch (BIO_ADDR_family(&data->peer)) { case AF_INET: ret += 576; @@ -956,7 +949,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) } break; case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: - ret = dgram_get_mtu_overhead(data); + ret = dgram_get_mtu_overhead(&data->peer); break; /* diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c index ae23f61839ea..2d899dc96f67 100644 --- a/crypto/openssl/crypto/dh/dh_check.c +++ b/crypto/openssl/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> +#include <openssl/self_test.h> #include "dh_local.h" #include "crypto/dh.h" @@ -329,17 +330,27 @@ end: * FFC pairwise check from SP800-56A R3. * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency */ -int ossl_dh_check_pairwise(const DH *dh) +int ossl_dh_check_pairwise(const DH *dh, int return_on_null_numbers) { int ret = 0; BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL; + OSSL_SELF_TEST *st = NULL; + OSSL_CALLBACK *stcb = NULL; + void *stcbarg = NULL; if (dh->params.p == NULL || dh->params.g == NULL || dh->priv_key == NULL || dh->pub_key == NULL) - return 0; + return return_on_null_numbers; + + OSSL_SELF_TEST_get_callback(dh->libctx, &stcb, &stcbarg); + st = OSSL_SELF_TEST_new(stcb, stcbarg); + if (st == NULL) + goto err; + OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, + OSSL_SELF_TEST_DESC_PCT_DH); ctx = BN_CTX_new_ex(dh->libctx); if (ctx == NULL) @@ -351,10 +362,27 @@ int ossl_dh_check_pairwise(const DH *dh) /* recalculate the public key = (g ^ priv) mod p */ if (!ossl_dh_generate_public_key(ctx, dh, dh->priv_key, pub_key)) goto err; + +#ifdef FIPS_MODULE + { + int len; + unsigned char bytes[1024] = {0}; /* Max key size of 8192 bits */ + + if (BN_num_bytes(pub_key) > (int)sizeof(bytes)) + goto err; + len = BN_bn2bin(pub_key, bytes); + OSSL_SELF_TEST_oncorrupt_byte(st, bytes); + if (BN_bin2bn(bytes, len, pub_key) == NULL) + goto err; + } +#endif /* check it matches the existing public_key */ ret = BN_cmp(pub_key, dh->pub_key) == 0; -err: + err: BN_free(pub_key); BN_CTX_free(ctx); + + OSSL_SELF_TEST_onend(st, ret); + OSSL_SELF_TEST_free(st); return ret; } diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c index 7132b9b68e53..052d4d29ed22 100644 --- a/crypto/openssl/crypto/dh/dh_key.c +++ b/crypto/openssl/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -267,7 +267,7 @@ static int generate_key(DH *dh) int ok = 0; int generate_new_key = 0; #ifndef FIPS_MODULE - unsigned l; + int l; #endif BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -327,11 +327,13 @@ static int generate_key(DH *dh) goto err; #else if (dh->params.q == NULL) { - /* secret exponent length, must satisfy 2^(l-1) <= p */ - if (dh->length != 0 - && dh->length >= BN_num_bits(dh->params.p)) + /* secret exponent length, must satisfy 2^l < (p-1)/2 */ + l = BN_num_bits(dh->params.p); + if (dh->length >= l) goto err; - l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1; + l -= 2; + if (dh->length != 0 && dh->length < l) + l = dh->length; if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; diff --git a/crypto/openssl/crypto/dh/dh_pmeth.c b/crypto/openssl/crypto/dh/dh_pmeth.c index 3b75a537b3e0..74bef9370d3a 100644 --- a/crypto/openssl/crypto/dh/dh_pmeth.c +++ b/crypto/openssl/crypto/dh/dh_pmeth.c @@ -408,7 +408,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, } dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey); dhpub = EVP_PKEY_get0_DH(ctx->peerkey); - if (dhpub == NULL) { + if (dhpub == NULL || dh == NULL) { ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET); return 0; } diff --git a/crypto/openssl/crypto/encode_decode/decoder_lib.c b/crypto/openssl/crypto/encode_decode/decoder_lib.c index ffcf3cde1155..dedfb24e569e 100644 --- a/crypto/openssl/crypto/encode_decode/decoder_lib.c +++ b/crypto/openssl/crypto/encode_decode/decoder_lib.c @@ -537,6 +537,14 @@ static void collect_extra_decoder(OSSL_DECODER *decoder, void *arg) } } +static int decoder_sk_cmp(const OSSL_DECODER_INSTANCE *const *a, + const OSSL_DECODER_INSTANCE *const *b) +{ + if ((*a)->score == (*b)->score) + return (*a)->order - (*b)->order; + return (*a)->score - (*b)->score; +} + int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, OSSL_LIB_CTX *libctx, const char *propq) { @@ -595,6 +603,26 @@ int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, OSSL_DECODER_do_all_provided(libctx, collect_all_decoders, skdecoders); numdecoders = sk_OSSL_DECODER_num(skdecoders); + /* + * If there are provided or default properties, sort the initial decoder list + * by property matching score so that the highest scored provider is selected + * first. + */ + if (propq != NULL || ossl_ctx_global_properties(libctx, 0) != NULL) { + int num_decoder_insts = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts); + int i; + OSSL_DECODER_INSTANCE *di; + sk_OSSL_DECODER_INSTANCE_compfunc old_cmp = + sk_OSSL_DECODER_INSTANCE_set_cmp_func(ctx->decoder_insts, decoder_sk_cmp); + + for (i = 0; i < num_decoder_insts; i++) { + di = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); + di->order = i; + } + sk_OSSL_DECODER_INSTANCE_sort(ctx->decoder_insts); + sk_OSSL_DECODER_INSTANCE_set_cmp_func(ctx->decoder_insts, old_cmp); + } + memset(&data, 0, sizeof(data)); data.ctx = ctx; data.w_prev_start = 0; diff --git a/crypto/openssl/crypto/encode_decode/decoder_pkey.c b/crypto/openssl/crypto/encode_decode/decoder_pkey.c index f99566bde744..9fc4e2312331 100644 --- a/crypto/openssl/crypto/encode_decode/decoder_pkey.c +++ b/crypto/openssl/crypto/encode_decode/decoder_pkey.c @@ -222,15 +222,21 @@ struct collect_data_st { int total; /* number of matching results */ char error_occurred; char keytype_resolved; + OSSL_PROPERTY_LIST *pq; STACK_OF(EVP_KEYMGMT) *keymgmts; }; -static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, - void *provctx, struct collect_data_st *data) +/* + * Add decoder instance to the decoder context if it is compatible. Returns 1 + * if a decoder was added, 0 otherwise. + */ +static int collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, + void *provctx, struct collect_data_st *data) { void *decoderctx = NULL; OSSL_DECODER_INSTANCE *di = NULL; + const OSSL_PROPERTY_LIST *props; /* * We already checked the EVP_KEYMGMT is applicable in check_keymgmt so we @@ -239,17 +245,17 @@ static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, if (keymgmt->name_id != decoder->base.id) /* Mismatch is not an error, continue. */ - return; + return 0; if ((decoderctx = decoder->newctx(provctx)) == NULL) { data->error_occurred = 1; - return; + return 0; } if ((di = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) { decoder->freectx(decoderctx); data->error_occurred = 1; - return; + return 0; } /* @@ -263,7 +269,7 @@ static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, || OPENSSL_strcasecmp(data->ctx->start_input_type, "PEM") != 0)) { /* Mismatch is not an error, continue. */ ossl_decoder_instance_free(di); - return; + return 0; } OSSL_TRACE_BEGIN(DECODER) { @@ -275,13 +281,30 @@ static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, OSSL_DECODER_get0_properties(decoder)); } OSSL_TRACE_END(DECODER); + /* + * Get the property match score so the decoders can be prioritized later. + */ + props = ossl_decoder_parsed_properties(decoder); + if (data->pq != NULL && props != NULL) { + di->score = ossl_property_match_count(data->pq, props); + /* + * Mismatch of mandatory properties is not an error, the decoder is just + * ignored, continue. + */ + if (di->score < 0) { + ossl_decoder_instance_free(di); + return 0; + } + } + if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) { ossl_decoder_instance_free(di); data->error_occurred = 1; - return; + return 0; } ++data->total; + return 1; } static void collect_decoder(OSSL_DECODER *decoder, void *arg) @@ -321,7 +344,9 @@ static void collect_decoder(OSSL_DECODER *decoder, void *arg) for (i = 0; i < end_i; ++i) { keymgmt = sk_EVP_KEYMGMT_value(keymgmts, i); - collect_decoder_keymgmt(keymgmt, decoder, provctx, data); + /* Only add this decoder once */ + if (collect_decoder_keymgmt(keymgmt, decoder, provctx, data)) + break; if (data->error_occurred) return; } @@ -407,6 +432,8 @@ static int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, struct decoder_pkey_data_st *process_data = NULL; struct collect_data_st collect_data = { NULL }; STACK_OF(EVP_KEYMGMT) *keymgmts = NULL; + OSSL_PROPERTY_LIST **plp; + OSSL_PROPERTY_LIST *pq = NULL, *p2 = NULL; OSSL_TRACE_BEGIN(DECODER) { const char *input_type = ctx->start_input_type; @@ -443,6 +470,25 @@ static int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, process_data->keymgmts = keymgmts; /* + * Collect passed and default properties to prioritize the decoders. + */ + if (propquery != NULL) + p2 = pq = ossl_parse_query(libctx, propquery, 1); + + plp = ossl_ctx_global_properties(libctx, 0); + if (plp != NULL && *plp != NULL) { + if (pq == NULL) { + pq = *plp; + } else { + p2 = ossl_property_merge(pq, *plp); + ossl_property_free(pq); + if (p2 == NULL) + goto err; + pq = p2; + } + } + + /* * Enumerate all keymgmts into a stack. * * We could nest EVP_KEYMGMT_do_all_provided inside @@ -457,10 +503,11 @@ static int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, * upfront, as this ensures that the names for all loaded providers have * been registered by the time we try to resolve the keytype string. */ - collect_data.ctx = ctx; - collect_data.libctx = libctx; - collect_data.keymgmts = keymgmts; - collect_data.keytype = keytype; + collect_data.ctx = ctx; + collect_data.libctx = libctx; + collect_data.keymgmts = keymgmts; + collect_data.keytype = keytype; + collect_data.pq = pq; EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, &collect_data); if (collect_data.error_occurred) @@ -496,6 +543,7 @@ static int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, ok = 1; err: decoder_clean_pkey_construct_arg(process_data); + ossl_property_free(p2); return ok; } diff --git a/crypto/openssl/crypto/encode_decode/encoder_local.h b/crypto/openssl/crypto/encode_decode/encoder_local.h index a2846d309ea8..11e52cfeec75 100644 --- a/crypto/openssl/crypto/encode_decode/encoder_local.h +++ b/crypto/openssl/crypto/encode_decode/encoder_local.h @@ -109,6 +109,8 @@ struct ossl_decoder_instance_st { const char *input_type; /* Never NULL */ const char *input_structure; /* May be NULL */ int input_type_id; + int order; /* For stable ordering of decoders wrt proqs */ + int score; /* For ordering decoders wrt proqs */ unsigned int flag_input_structure_was_set : 1; }; diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt index 355b20d627db..7e4c7570ddb3 100644 --- a/crypto/openssl/crypto/err/openssl.txt +++ b/crypto/openssl/crypto/err/openssl.txt @@ -1076,6 +1076,7 @@ PROV_R_FAILED_TO_SIGN:175:failed to sign PROV_R_FINAL_CALL_OUT_OF_ORDER:237:final call out of order PROV_R_FIPS_MODULE_CONDITIONAL_ERROR:227:fips module conditional error PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE:224:fips module entering error state +PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR:253:fips module import pct error PROV_R_FIPS_MODULE_IN_ERROR_STATE:225:fips module in error state PROV_R_GENERATE_ERROR:191:generate error PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:165:\ diff --git a/crypto/openssl/crypto/evp/asymcipher.c b/crypto/openssl/crypto/evp/asymcipher.c index 975170c0aa09..c97ce338fdf8 100644 --- a/crypto/openssl/crypto/evp/asymcipher.c +++ b/crypto/openssl/crypto/evp/asymcipher.c @@ -261,10 +261,12 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, cipher = ctx->op.ciph.cipher; desc = cipher->description != NULL ? cipher->description : ""; + ERR_set_mark(); ret = cipher->encrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE, "%s encrypt:%s", cipher->type_name, desc); + ERR_clear_last_mark(); return ret; legacy: @@ -309,10 +311,12 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, cipher = ctx->op.ciph.cipher; desc = cipher->description != NULL ? cipher->description : ""; + ERR_set_mark(); ret = cipher->decrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE, "%s decrypt:%s", cipher->type_name, desc); + ERR_clear_last_mark(); return ret; diff --git a/crypto/openssl/crypto/evp/keymgmt_meth.c b/crypto/openssl/crypto/evp/keymgmt_meth.c index f54684852b7c..f57153b2c1a1 100644 --- a/crypto/openssl/crypto/evp/keymgmt_meth.c +++ b/crypto/openssl/crypto/evp/keymgmt_meth.c @@ -460,10 +460,12 @@ void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, return NULL; } + ERR_set_mark(); ret = keymgmt->gen(genctx, cb, cbarg); - if (ret == NULL) + if (ret == NULL && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_FAILURE, "%s key generation:%s", keymgmt->type_name, desc); + ERR_clear_last_mark(); return ret; } diff --git a/crypto/openssl/crypto/evp/m_sigver.c b/crypto/openssl/crypto/evp/m_sigver.c index d5df497da770..c27ed6dbe9b2 100644 --- a/crypto/openssl/crypto/evp/m_sigver.c +++ b/crypto/openssl/crypto/evp/m_sigver.c @@ -426,10 +426,12 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) return 0; } + ERR_set_mark(); ret = signature->digest_sign_update(pctx->op.sig.algctx, data, dsize); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_sign_update:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; legacy: @@ -470,10 +472,12 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) return 0; } + ERR_set_mark(); ret = signature->digest_verify_update(pctx->op.sig.algctx, data, dsize); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_verify_update:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; legacy: @@ -523,11 +527,13 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, pctx = dctx; } + ERR_set_mark(); r = signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen, sigret == NULL ? 0 : *siglen); - if (!r) + if (!r && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_sign_final:%s", signature->type_name, desc); + ERR_clear_last_mark(); if (dctx == NULL && sigret != NULL) ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; else @@ -634,11 +640,13 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, if (sigret != NULL) ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + ERR_set_mark(); ret = signature->digest_sign(pctx->op.sig.algctx, sigret, siglen, sigret == NULL ? 0 : *siglen, tbs, tbslen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_sign:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; } } else { @@ -689,10 +697,12 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, pctx = dctx; } + ERR_set_mark(); r = signature->digest_verify_final(pctx->op.sig.algctx, sig, siglen); - if (!r) + if (!r && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_verify_final:%s", signature->type_name, desc); + ERR_clear_last_mark(); if (dctx == NULL) ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; else @@ -765,10 +775,12 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, int ret; ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + ERR_set_mark(); ret = signature->digest_verify(pctx->op.sig.algctx, sigret, siglen, tbs, tbslen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_verify:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; } } else { diff --git a/crypto/openssl/crypto/evp/p_seal.c b/crypto/openssl/crypto/evp/p_seal.c index 94c8462ab457..aa77201a6f41 100644 --- a/crypto/openssl/crypto/evp/p_seal.c +++ b/crypto/openssl/crypto/evp/p_seal.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -55,6 +55,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, for (i = 0; i < npubk; i++) { size_t keylen = len; + size_t outlen = EVP_PKEY_get_size(pubk[i]); pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pubk[i], NULL); if (pctx == NULL) { @@ -63,9 +64,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, } if (EVP_PKEY_encrypt_init(pctx) <= 0 - || EVP_PKEY_encrypt(pctx, ek[i], &keylen, key, keylen) <= 0) + || EVP_PKEY_encrypt(pctx, ek[i], &outlen, key, keylen) <= 0) goto err; - ekl[i] = (int)keylen; + ekl[i] = (int)outlen; EVP_PKEY_CTX_free(pctx); } pctx = NULL; diff --git a/crypto/openssl/crypto/evp/skeymgmt_meth.c b/crypto/openssl/crypto/evp/skeymgmt_meth.c index 10a320e58a60..9ecab50fa046 100644 --- a/crypto/openssl/crypto/evp/skeymgmt_meth.c +++ b/crypto/openssl/crypto/evp/skeymgmt_meth.c @@ -197,7 +197,7 @@ void EVP_SKEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_SKEYMGMT *skeymgmt, void *arg), void *arg) { - evp_generic_do_all(libctx, OSSL_OP_KEYMGMT, + evp_generic_do_all(libctx, OSSL_OP_SKEYMGMT, (void (*)(void *, void *))fn, arg, skeymgmt_from_algorithm, (int (*)(void *))EVP_SKEYMGMT_up_ref, diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c index 9fa215a62846..6173e4608b8a 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_doit.c +++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -361,8 +361,11 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) if (xalg->parameter == NULL) goto err; } - if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) + if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) { + ASN1_TYPE_free(xalg->parameter); + xalg->parameter = NULL; goto err; + } } /* Lets do the pub key stuff :-) */ diff --git a/crypto/openssl/crypto/provider_core.c b/crypto/openssl/crypto/provider_core.c index 0b675946485c..c71c1e74468d 100644 --- a/crypto/openssl/crypto/provider_core.c +++ b/crypto/openssl/crypto/provider_core.c @@ -562,8 +562,10 @@ OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, template.parameters = sk_INFOPAIR_deep_copy(p->parameters, infopair_copy, infopair_free); - if (template.parameters == NULL) + if (template.parameters == NULL) { + CRYPTO_THREAD_unlock(store->lock); return NULL; + } break; } CRYPTO_THREAD_unlock(store->lock); @@ -2419,6 +2421,11 @@ static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle) return ERR_pop_to_mark(); } +static int core_count_to_mark(const OSSL_CORE_HANDLE *handle) +{ + return ERR_count_to_mark(); +} + static void core_indicator_get_callback(OPENSSL_CORE_CTX *libctx, OSSL_INDICATOR_CALLBACK **cb) { @@ -2600,6 +2607,7 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK, (void (*)(void))core_clear_last_error_mark }, { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark }, + { OSSL_FUNC_CORE_COUNT_TO_MARK, (void (*)(void))core_count_to_mark }, { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file }, { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf }, { OSSL_FUNC_BIO_READ_EX, (void (*)(void))ossl_core_bio_read_ex }, diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/openssl/crypto/rand/randfile.c index 9337b36dc8b9..236c1b0c5420 100644 --- a/crypto/openssl/crypto/rand/randfile.c +++ b/crypto/openssl/crypto/rand/randfile.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -167,6 +167,10 @@ int RAND_load_file(const char *file, long bytes) /* If given a bytecount, and we did it, break. */ if (bytes > 0 && (bytes -= i) <= 0) break; + + /* We can hit a signed integer overflow on the next iteration */ + if (ret > INT_MAX - RAND_LOAD_BUF_SIZE) + break; } OPENSSL_cleanse(buf, sizeof(buf)); diff --git a/crypto/openssl/crypto/riscv32cpuid.pl b/crypto/openssl/crypto/riscv32cpuid.pl index 5ee7df0ea63b..9d42ef6b8950 100644 --- a/crypto/openssl/crypto/riscv32cpuid.pl +++ b/crypto/openssl/crypto/riscv32cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -94,7 +94,8 @@ $code .= <<___; .globl riscv_vlen_asm .type riscv_vlen_asm,\@function riscv_vlen_asm: - csrr $ret, vlenb + # 0xc22 is CSR vlenb + csrr $ret, 0xc22 slli $ret, $ret, 3 ret .size riscv_vlen_asm,.-riscv_vlen_asm diff --git a/crypto/openssl/crypto/riscv64cpuid.pl b/crypto/openssl/crypto/riscv64cpuid.pl index 5dcdc5c584cd..5c0d3c429a89 100644 --- a/crypto/openssl/crypto/riscv64cpuid.pl +++ b/crypto/openssl/crypto/riscv64cpuid.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -94,7 +94,8 @@ $code .= <<___; .globl riscv_vlen_asm .type riscv_vlen_asm,\@function riscv_vlen_asm: - csrr $ret, vlenb + # 0xc22 is CSR vlenb + csrr $ret, 0xc22 slli $ret, $ret, 3 ret .size riscv_vlen_asm,.-riscv_vlen_asm diff --git a/crypto/openssl/crypto/rsa/rsa_gen.c b/crypto/openssl/crypto/rsa/rsa_gen.c index f76bb7748369..033f66714add 100644 --- a/crypto/openssl/crypto/rsa/rsa_gen.c +++ b/crypto/openssl/crypto/rsa/rsa_gen.c @@ -734,3 +734,18 @@ err: return ret; } + +#ifdef FIPS_MODULE +int ossl_rsa_key_pairwise_test(RSA *rsa) +{ + OSSL_CALLBACK *stcb; + void *stcbarg; + int res; + + OSSL_SELF_TEST_get_callback(rsa->libctx, &stcb, &stcbarg); + res = rsa_keygen_pairwise_test(rsa, stcb, stcbarg); + if (res <= 0) + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); + return res; +} +#endif /* FIPS_MODULE */ diff --git a/crypto/openssl/crypto/rsa/rsa_pmeth.c b/crypto/openssl/crypto/rsa/rsa_pmeth.c index 8f89f748e7aa..6a2d0327d5ef 100644 --- a/crypto/openssl/crypto/rsa/rsa_pmeth.c +++ b/crypto/openssl/crypto/rsa/rsa_pmeth.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -228,7 +228,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, return -1; ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, RSA_X931_PADDING); - if (ret < 1) + if (ret <= 0) return 0; ret--; if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_get_type(rctx->md))) { @@ -255,7 +255,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, } else { ret = RSA_public_decrypt(siglen, sig, rout, rsa, rctx->pad_mode); } - if (ret < 0) + if (ret <= 0) return ret; *routlen = ret; return 1; @@ -313,7 +313,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, return -1; rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, rctx->pad_mode); - if (rslen == 0) + if (rslen <= 0) return 0; } diff --git a/crypto/openssl/crypto/sleep.c b/crypto/openssl/crypto/sleep.c index dbd0f7802576..08fb064d8331 100644 --- a/crypto/openssl/crypto/sleep.c +++ b/crypto/openssl/crypto/sleep.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,9 +9,10 @@ #include <openssl/crypto.h> #include "internal/e_os.h" +#include "internal/time.h" /* system-specific variants defining OSSL_sleep() */ -#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) +#if (defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)) && !defined(OPENSSL_USE_SLEEP_BUSYLOOP) # if defined(OPENSSL_USE_USLEEP) \ || defined(__DJGPP__) \ @@ -26,7 +27,7 @@ */ # include <unistd.h> -void OSSL_sleep(uint64_t millis) +static void ossl_sleep_millis(uint64_t millis) { unsigned int s = (unsigned int)(millis / 1000); unsigned int us = (unsigned int)((millis % 1000) * 1000); @@ -45,7 +46,7 @@ void OSSL_sleep(uint64_t millis) # elif defined(__TANDEM) && !defined(_REENTRANT) # include <cextdecs.h(PROCESS_DELAY_)> -void OSSL_sleep(uint64_t millis) +static void ossl_sleep_millis(uint64_t millis) { /* HPNS does not support usleep for non threaded apps */ PROCESS_DELAY_(millis * 1000); @@ -55,7 +56,7 @@ void OSSL_sleep(uint64_t millis) /* nanosleep is defined by POSIX.1-2001 */ # include <time.h> -void OSSL_sleep(uint64_t millis) +static void ossl_sleep_millis(uint64_t millis) { struct timespec ts; @@ -68,7 +69,7 @@ void OSSL_sleep(uint64_t millis) #elif defined(_WIN32) && !defined(OPENSSL_SYS_UEFI) # include <windows.h> -void OSSL_sleep(uint64_t millis) +static void ossl_sleep_millis(uint64_t millis) { /* * Windows' Sleep() takes a DWORD argument, which is smaller than @@ -83,7 +84,7 @@ void OSSL_sleep(uint64_t millis) #else /* Fallback to a busy wait */ -# include "internal/time.h" +# define USE_SLEEP_SECS static void ossl_sleep_secs(uint64_t secs) { @@ -107,10 +108,28 @@ static void ossl_sleep_millis(uint64_t millis) while (ossl_time_compare(ossl_time_now(), finish) < 0) /* busy wait */ ; } +#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ void OSSL_sleep(uint64_t millis) { - ossl_sleep_secs(millis / 1000); - ossl_sleep_millis(millis % 1000); + OSSL_TIME now = ossl_time_now(); + OSSL_TIME finish = ossl_time_add(now, ossl_ms2time(millis)); + uint64_t left = millis; + +#if defined(USE_SLEEP_SECS) + do { + ossl_sleep_secs(left / 1000); + now = ossl_time_now(); + left = ossl_time2ms(ossl_time_subtract(finish, now)); + } while (ossl_time_compare(now, finish) < 0 && left > 1000); + + if (ossl_time_compare(now, finish) >= 0) + return; +#endif + + do { + ossl_sleep_millis(left); + now = ossl_time_now(); + left = ossl_time2ms(ossl_time_subtract(finish, now)); + } while (ossl_time_compare(now, finish) < 0); } -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ diff --git a/crypto/openssl/crypto/slh_dsa/slh_dsa_key.c b/crypto/openssl/crypto/slh_dsa/slh_dsa_key.c index d71d55c25829..73c538acca75 100644 --- a/crypto/openssl/crypto/slh_dsa/slh_dsa_key.c +++ b/crypto/openssl/crypto/slh_dsa/slh_dsa_key.c @@ -77,6 +77,17 @@ static void slh_dsa_key_hash_dup(SLH_DSA_KEY *dst, const SLH_DSA_KEY *src) } /** + * @brief Return the libctx associated with a SLH_DSA_KEY object + * + * @param key A SLH_DSA_KEY to extract the libctx from. + * @returns The new OSSL_LIB_CTX object on success, or NULL failure + */ +OSSL_LIB_CTX *ossl_slh_dsa_key_get0_libctx(const SLH_DSA_KEY *key) +{ + return key != NULL ? key->libctx : NULL; +} + +/** * @brief Create a new SLH_DSA_KEY object * * @param libctx A OSSL_LIB_CTX object used for fetching algorithms. @@ -235,6 +246,15 @@ int ossl_slh_dsa_key_pairwise_check(const SLH_DSA_KEY *key) return ret; } +void ossl_slh_dsa_key_reset(SLH_DSA_KEY *key) +{ + key->pub = NULL; + if (key->has_priv) { + key->has_priv = 0; + OPENSSL_cleanse(key->priv, sizeof(key->priv)); + } +} + /** * @brief Load a SLH_DSA key from raw data. * @@ -293,9 +313,7 @@ int ossl_slh_dsa_key_fromdata(SLH_DSA_KEY *key, const OSSL_PARAM params[], key->pub = p; return 1; err: - key->pub = NULL; - key->has_priv = 0; - OPENSSL_cleanse(key->priv, priv_len); + ossl_slh_dsa_key_reset(key); return 0; } diff --git a/crypto/openssl/crypto/slh_dsa/slh_hash.c b/crypto/openssl/crypto/slh_dsa/slh_hash.c index 6a8d6bab03c1..8eb8ab4e8604 100644 --- a/crypto/openssl/crypto/slh_dsa/slh_hash.c +++ b/crypto/openssl/crypto/slh_dsa/slh_hash.c @@ -158,6 +158,9 @@ slh_hmsg_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *r, const uint8_t *pk_seed, int sz = EVP_MD_get_size(hctx->key->md_big); size_t seed_len = (size_t)sz + 2 * n; + if (sz <= 0) + return 0; + memcpy(seed, r, n); memcpy(seed + n, pk_seed, n); return digest_4(hctx->md_big_ctx, r, n, pk_seed, n, pk_root, n, msg, msg_len, diff --git a/crypto/openssl/crypto/sm2/sm2_sign.c b/crypto/openssl/crypto/sm2/sm2_sign.c index 28cf95cc48c9..7c49128b47db 100644 --- a/crypto/openssl/crypto/sm2/sm2_sign.c +++ b/crypto/openssl/crypto/sm2/sm2_sign.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -220,6 +220,10 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) BIGNUM *tmp = NULL; OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); + if (dA == NULL) { + ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY); + goto done; + } kG = EC_POINT_new(group); if (kG == NULL) { ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); diff --git a/crypto/openssl/crypto/store/store_lib.c b/crypto/openssl/crypto/store/store_lib.c index 505d606f4a9b..ebf170c3e8f1 100644 --- a/crypto/openssl/crypto/store/store_lib.c +++ b/crypto/openssl/crypto/store/store_lib.c @@ -428,12 +428,6 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx) if (ctx->loader != NULL) OSSL_TRACE(STORE, "Loading next object\n"); - if (ctx->cached_info != NULL - && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { - sk_OSSL_STORE_INFO_free(ctx->cached_info); - ctx->cached_info = NULL; - } - if (ctx->cached_info != NULL) { v = sk_OSSL_STORE_INFO_shift(ctx->cached_info); } else { @@ -556,14 +550,23 @@ int OSSL_STORE_error(OSSL_STORE_CTX *ctx) int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) { - int ret = 1; + int ret = 0; - if (ctx->fetched_loader != NULL) - ret = ctx->loader->p_eof(ctx->loader_ctx); + if (ctx->cached_info != NULL + && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { + sk_OSSL_STORE_INFO_free(ctx->cached_info); + ctx->cached_info = NULL; + } + + if (ctx->cached_info == NULL) { + ret = 1; + if (ctx->fetched_loader != NULL) + ret = ctx->loader->p_eof(ctx->loader_ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) - ret = ctx->loader->eof(ctx->loader_ctx); + if (ctx->fetched_loader == NULL) + ret = ctx->loader->eof(ctx->loader_ctx); #endif + } return ret != 0; } diff --git a/crypto/openssl/crypto/x509/by_store.c b/crypto/openssl/crypto/x509/by_store.c index def06be1fe8c..0e5627ebc37d 100644 --- a/crypto/openssl/crypto/x509/by_store.c +++ b/crypto/openssl/crypto/x509/by_store.c @@ -17,7 +17,6 @@ typedef struct cached_store_st { char *uri; OSSL_LIB_CTX *libctx; char *propq; - OSSL_STORE_CTX *ctx; } CACHED_STORE; DEFINE_STACK_OF(CACHED_STORE) @@ -27,14 +26,12 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store, const OSSL_STORE_SEARCH *criterion, int depth) { int ok = 0; - OSSL_STORE_CTX *ctx = store->ctx; + OSSL_STORE_CTX *ctx; X509_STORE *xstore = X509_LOOKUP_get_store(lctx); - if (ctx == NULL - && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq, - NULL, NULL, NULL, NULL, NULL)) == NULL) + if ((ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq, + NULL, NULL, NULL, NULL, NULL)) == NULL) return 0; - store->ctx = ctx; /* * We try to set the criterion, but don't care if it was valid or not. @@ -79,7 +76,6 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store, substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info); substore.libctx = store->libctx; substore.propq = store->propq; - substore.ctx = NULL; ok = cache_objects(lctx, &substore, criterion, depth - 1); } } else { @@ -105,7 +101,6 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store, break; } OSSL_STORE_close(ctx); - store->ctx = NULL; return ok; } @@ -114,7 +109,6 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store, static void free_store(CACHED_STORE *store) { if (store != NULL) { - OSSL_STORE_close(store->ctx); OPENSSL_free(store->uri); OPENSSL_free(store->propq); OPENSSL_free(store); @@ -136,6 +130,7 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, if (argp != NULL) { STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store)); + OSSL_STORE_CTX *sctx; if (store == NULL) { return 0; @@ -145,14 +140,20 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, store->libctx = libctx; if (propq != NULL) store->propq = OPENSSL_strdup(propq); - store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL, - NULL, NULL, NULL); - if (store->ctx == NULL + /* + * We open this to check for errors now - so we can report those + * errors early. + */ + sctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL, + NULL, NULL, NULL); + if (sctx == NULL || (propq != NULL && store->propq == NULL) || store->uri == NULL) { + OSSL_STORE_close(sctx); free_store(store); return 0; } + OSSL_STORE_close(sctx); if (stores == NULL) { stores = sk_CACHED_STORE_new_null(); @@ -174,7 +175,6 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, store.uri = (char *)argp; store.libctx = libctx; store.propq = (char *)propq; - store.ctx = NULL; return cache_objects(ctx, &store, NULL, 0); } default: @@ -218,8 +218,14 @@ static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, OSSL_STORE_SEARCH_free(criterion); - if (ok) + if (ok) { + X509_STORE *store = X509_LOOKUP_get_store(ctx); + + if (!ossl_x509_store_read_lock(store)) + return 0; tmp = X509_OBJECT_retrieve_by_subject(store_objects, type, name); + X509_STORE_unlock(store); + } ok = 0; if (tmp != NULL) { diff --git a/crypto/openssl/crypto/x509/t_req.c b/crypto/openssl/crypto/x509/t_req.c index 63626c0d9810..c6b73c1d6208 100644 --- a/crypto/openssl/crypto/x509/t_req.c +++ b/crypto/openssl/crypto/x509/t_req.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,7 +40,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, long l; int i; EVP_PKEY *pkey; - STACK_OF(X509_EXTENSION) *exts; + STACK_OF(X509_EXTENSION) *exts = NULL; char mlch = ' '; int nmindent = 0, printok = 0; @@ -191,6 +191,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, goto err; } sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + exts = NULL; } } @@ -204,6 +205,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, return 1; err: + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); return 0; } diff --git a/crypto/openssl/crypto/x509/v3_attrdesc.c b/crypto/openssl/crypto/x509/v3_attrdesc.c index 45958e9affdc..0745e9acdb60 100644 --- a/crypto/openssl/crypto/x509/v3_attrdesc.c +++ b/crypto/openssl/crypto/x509/v3_attrdesc.c @@ -1,5 +1,5 @@ /* - * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,8 @@ static int i2r_HASH(X509V3_EXT_METHOD *method, } if (BIO_printf(out, "%*sHash Value: ", indent, "") <= 0) return 0; + if (hash->hashValue == NULL) + return 0; return ossl_bio_print_hex(out, hash->hashValue->data, hash->hashValue->length); } diff --git a/crypto/openssl/crypto/x509/v3_purp.c b/crypto/openssl/crypto/x509/v3_purp.c index 4688aaeea412..1db22047cf0f 100644 --- a/crypto/openssl/crypto/x509/v3_purp.c +++ b/crypto/openssl/crypto/x509/v3_purp.c @@ -186,7 +186,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, return 0; } if (trust < X509_TRUST_DEFAULT || name == NULL || sname == NULL || ck == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT); + ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } diff --git a/crypto/openssl/crypto/x509/x509_ext.c b/crypto/openssl/crypto/x509/x509_ext.c index a7b85857bdad..1d40cb5c3811 100644 --- a/crypto/openssl/crypto/x509/x509_ext.c +++ b/crypto/openssl/crypto/x509/x509_ext.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,9 +42,21 @@ X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc) return X509v3_get_ext(x->crl.extensions, loc); } +static X509_EXTENSION *delete_ext(STACK_OF(X509_EXTENSION) **sk, int loc) +{ + X509_EXTENSION *ret = X509v3_delete_ext(*sk, loc); + + /* Empty extension lists are omitted. */ + if (*sk != NULL && sk_X509_EXTENSION_num(*sk) == 0) { + sk_X509_EXTENSION_pop_free(*sk, X509_EXTENSION_free); + *sk = NULL; + } + return ret; +} + X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) { - return X509v3_delete_ext(x->crl.extensions, loc); + return delete_ext(&x->crl.extensions, loc); } void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) @@ -91,7 +103,7 @@ X509_EXTENSION *X509_get_ext(const X509 *x, int loc) X509_EXTENSION *X509_delete_ext(X509 *x, int loc) { - return X509v3_delete_ext(x->cert_info.extensions, loc); + return delete_ext(&x->cert_info.extensions, loc); } int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) @@ -139,7 +151,7 @@ X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) { - return X509v3_delete_ext(x->extensions, loc); + return delete_ext(&x->extensions, loc); } int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) diff --git a/crypto/openssl/crypto/x509/x509_local.h b/crypto/openssl/crypto/x509/x509_local.h index 1393da201339..ca56f478874c 100644 --- a/crypto/openssl/crypto/x509/x509_local.h +++ b/crypto/openssl/crypto/x509/x509_local.h @@ -159,3 +159,4 @@ int ossl_x509_likely_issued(X509 *issuer, X509 *subject); int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject); int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *ctx, X509_LOOKUP_TYPE type, const X509_NAME *name, X509_OBJECT *ret); +int ossl_x509_store_read_lock(X509_STORE *xs); diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/openssl/crypto/x509/x509_lu.c index 9270a0745fbb..05ee7c8c6b51 100644 --- a/crypto/openssl/crypto/x509/x509_lu.c +++ b/crypto/openssl/crypto/x509/x509_lu.c @@ -44,7 +44,7 @@ int X509_STORE_lock(X509_STORE *xs) return CRYPTO_THREAD_write_lock(xs->lock); } -static int x509_store_read_lock(X509_STORE *xs) +int ossl_x509_store_read_lock(X509_STORE *xs) { return CRYPTO_THREAD_read_lock(xs->lock); } @@ -331,7 +331,7 @@ int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *ctx, X509_LOOKUP_TY stmp.type = X509_LU_NONE; stmp.data.x509 = NULL; - if (!x509_store_read_lock(store)) + if (!ossl_x509_store_read_lock(store)) return 0; /* Should already be sorted...but just in case */ if (!sk_X509_OBJECT_is_sorted(store->objs)) { @@ -604,7 +604,7 @@ STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *store) return NULL; } - if (!x509_store_read_lock(store)) + if (!ossl_x509_store_read_lock(store)) return NULL; objs = sk_X509_OBJECT_deep_copy(store->objs, x509_object_dup, diff --git a/crypto/openssl/crypto/x509/x509_vpm.c b/crypto/openssl/crypto/x509/x509_vpm.c index 6f1cfd9320ee..efe08ff68315 100644 --- a/crypto/openssl/crypto/x509/x509_vpm.c +++ b/crypto/openssl/crypto/x509/x509_vpm.c @@ -635,6 +635,11 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) { int num = OSSL_NELEM(default_table); + if (id < 0) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT); + return NULL; + } + if (id < num) return default_table + id; return sk_X509_VERIFY_PARAM_value(param_table, id - num); diff --git a/crypto/openssl/crypto/x509/x_crl.c b/crypto/openssl/crypto/x509/x_crl.c index 2601a019f87e..7af3e9a7e7f2 100644 --- a/crypto/openssl/crypto/x509/x_crl.c +++ b/crypto/openssl/crypto/x509/x_crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -289,6 +289,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) { int idp_only = 0; + int ret = 0; /* Set various flags according to IDP */ crl->idp_flags |= IDP_PRESENT; @@ -320,7 +321,17 @@ static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) crl->idp_reasons &= CRLDP_ALL_REASONS; } - return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); + ret = DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); + + /* + * RFC5280 specifies that if onlyContainsUserCerts, onlyContainsCACerts, + * indirectCRL, and OnlyContainsAttributeCerts are all FALSE, there must + * be either a distributionPoint field or an onlySomeReasons field present. + */ + if (crl->idp_flags == IDP_PRESENT && idp->distpoint == NULL) + crl->idp_flags |= IDP_INVALID; + + return ret; } ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { diff --git a/crypto/openssl/demos/bio/saccept.c b/crypto/openssl/demos/bio/saccept.c index 604051cda966..b0c930d6ce00 100644 --- a/crypto/openssl/demos/bio/saccept.c +++ b/crypto/openssl/demos/bio/saccept.c @@ -1,5 +1,5 @@ /* - * Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -53,7 +53,8 @@ int main(int argc, char *argv[]) { char *port = NULL; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; char buf[512]; int ret = EXIT_FAILURE, i; @@ -83,6 +84,7 @@ int main(int argc, char *argv[]) * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; /* Arrange to leave server loop on interrupt */ sigsetup(); @@ -121,5 +123,6 @@ int main(int argc, char *argv[]) if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff --git a/crypto/openssl/demos/bio/server-arg.c b/crypto/openssl/demos/bio/server-arg.c index 60a87725a9de..ccf59b14056b 100644 --- a/crypto/openssl/demos/bio/server-arg.c +++ b/crypto/openssl/demos/bio/server-arg.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,8 @@ int main(int argc, char *argv[]) { char *port = "*:4433"; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; SSL_CONF_CTX *cctx; char buf[512]; @@ -105,6 +106,7 @@ int main(int argc, char *argv[]) * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; again: /* @@ -140,5 +142,6 @@ int main(int argc, char *argv[]) if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff --git a/crypto/openssl/demos/bio/server-cmod.c b/crypto/openssl/demos/bio/server-cmod.c index 3642fbacf6ce..4970a6b6466b 100644 --- a/crypto/openssl/demos/bio/server-cmod.c +++ b/crypto/openssl/demos/bio/server-cmod.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,8 @@ int main(int argc, char *argv[]) unsigned char buf[512]; char *port = "*:4433"; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; int ret = EXIT_FAILURE, i; @@ -52,6 +53,7 @@ int main(int argc, char *argv[]) * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; again: /* @@ -90,5 +92,6 @@ int main(int argc, char *argv[]) if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff --git a/crypto/openssl/demos/bio/server-conf.c b/crypto/openssl/demos/bio/server-conf.c index 5e07a15e7bc7..2c03d1d367cc 100644 --- a/crypto/openssl/demos/bio/server-conf.c +++ b/crypto/openssl/demos/bio/server-conf.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,8 @@ int main(int argc, char *argv[]) { char *port = "*:4433"; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; SSL_CONF_CTX *cctx = NULL; CONF *conf = NULL; @@ -97,6 +98,7 @@ int main(int argc, char *argv[]) * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; again: /* @@ -135,5 +137,6 @@ int main(int argc, char *argv[]) if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff --git a/crypto/openssl/demos/certs/mkcerts.sh b/crypto/openssl/demos/certs/mkcerts.sh index 1825607fa33c..89300a6c52c5 100644 --- a/crypto/openssl/demos/certs/mkcerts.sh +++ b/crypto/openssl/demos/certs/mkcerts.sh @@ -1,7 +1,7 @@ #!/bin/sh opensslcmd() { - LD_LIBRARY_PATH=../.. ../../apps/openssl $@ + LD_LIBRARY_PATH=../.. ../../apps/openssl "$@" } OPENSSL_CONF=../../apps/openssl.cnf diff --git a/crypto/openssl/demos/certs/ocspquery.sh b/crypto/openssl/demos/certs/ocspquery.sh index 7cb8e76423bb..b38e10ce2ef5 100644 --- a/crypto/openssl/demos/certs/ocspquery.sh +++ b/crypto/openssl/demos/certs/ocspquery.sh @@ -4,7 +4,7 @@ # called. opensslcmd() { - LD_LIBRARY_PATH=../.. ../../apps/openssl $@ + LD_LIBRARY_PATH=../.. ../../apps/openssl "$@" } OPENSSL_CONF=../../apps/openssl.cnf diff --git a/crypto/openssl/demos/certs/ocsprun.sh b/crypto/openssl/demos/certs/ocsprun.sh index 77fd62fcf1bb..b2e927cd84da 100644 --- a/crypto/openssl/demos/certs/ocsprun.sh +++ b/crypto/openssl/demos/certs/ocsprun.sh @@ -1,7 +1,7 @@ #!/bin/sh opensslcmd() { - LD_LIBRARY_PATH=../.. ../../apps/openssl $@ + LD_LIBRARY_PATH=../.. ../../apps/openssl "$@" } # Example of running an querying OpenSSL test OCSP responder. @@ -18,4 +18,4 @@ opensslcmd version PORT=8888 opensslcmd ocsp -port $PORT -index index.txt -CA intca.pem \ - -rsigner resp.pem -rkey respkey.pem -rother intca.pem $* + -rsigner resp.pem -rkey respkey.pem -rother intca.pem "$@" diff --git a/crypto/openssl/demos/cms/cms_ddec.c b/crypto/openssl/demos/cms/cms_ddec.c index d119e9722226..dd8ef90b6e3f 100644 --- a/crypto/openssl/demos/cms/cms_ddec.c +++ b/crypto/openssl/demos/cms/cms_ddec.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -58,7 +58,7 @@ int main(int argc, char **argv) /* Open file containing detached content */ dcont = BIO_new_file("smencr.out", "rb"); - if (!in) + if (dcont == NULL) goto err; out = BIO_new_file("encrout.txt", "w"); diff --git a/crypto/openssl/demos/cms/cms_denc.c b/crypto/openssl/demos/cms/cms_denc.c index 53b680f67484..e451a108fd46 100644 --- a/crypto/openssl/demos/cms/cms_denc.c +++ b/crypto/openssl/demos/cms/cms_denc.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,7 +57,7 @@ int main(int argc, char **argv) dout = BIO_new_file("smencr.out", "wb"); - if (!in) + if (in == NULL || dout == NULL) goto err; /* encrypt content */ diff --git a/crypto/openssl/demos/pkey/EVP_PKEY_RSA_keygen.c b/crypto/openssl/demos/pkey/EVP_PKEY_RSA_keygen.c index 62dd8405e77b..a889ab6f77d4 100644 --- a/crypto/openssl/demos/pkey/EVP_PKEY_RSA_keygen.c +++ b/crypto/openssl/demos/pkey/EVP_PKEY_RSA_keygen.c @@ -1,5 +1,5 @@ /*- - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -254,7 +254,7 @@ int main(int argc, char **argv) if (argc > 1) { bits_i = atoi(argv[1]); - if (bits < 512) { + if (bits_i < 512) { fprintf(stderr, "Invalid RSA key size\n"); return EXIT_FAILURE; } diff --git a/crypto/openssl/doc/internal/man3/ossl_namemap_new.pod b/crypto/openssl/doc/internal/man3/ossl_namemap_new.pod index 7f4940fc9341..8879c592106b 100644 --- a/crypto/openssl/doc/internal/man3/ossl_namemap_new.pod +++ b/crypto/openssl/doc/internal/man3/ossl_namemap_new.pod @@ -4,7 +4,7 @@ ossl_namemap_new, ossl_namemap_free, ossl_namemap_stored, ossl_namemap_empty, ossl_namemap_add_name, ossl_namemap_add_names, -ossl_namemap_name2num, ossl_namemap_name2num_n, +ossl_namemap_name2num, ossl_namemap_name2num_n, ossl_namemap_num2name, ossl_namemap_doall_names - internal number E<lt>-E<gt> name map @@ -23,6 +23,8 @@ ossl_namemap_doall_names int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name); int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, const char *name, size_t name_len); + const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, + int idx); int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, void (*fn)(const char *name, void *data), void *data); @@ -64,6 +66,9 @@ ossl_namemap_name2num_n() does the same thing as ossl_namemap_name2num(), but takes a string length I<name_len> as well, allowing the caller to use a fragment of a string as a name. +ossl_namemap_num2name() finds the I<idx>th name associated with the +id I<number>. + ossl_namemap_doall_names() walks through all names associated with I<number> in the given I<namemap> and calls the function I<fn> for each of them. @@ -88,9 +93,9 @@ to lock). ossl_namemap_add_name() returns the number associated with the added string, or zero on error. -ossl_namemap_num2names() returns a pointer to a NULL-terminated list of -pointers to the names corresponding to the given number, or NULL if -it's undefined in the given B<OSSL_NAMEMAP>. +ossl_namemap_num2name() returns a pointer to I<idx>th name associated +with id I<number>, or NULL if it's undefined in the given +B<OSSL_NAMEMAP>. ossl_namemap_name2num() and ossl_namemap_name2num_n() return the number corresponding to the given name, or 0 if it's undefined in the given @@ -116,7 +121,7 @@ The functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/openssl-enc.pod.in b/crypto/openssl/doc/man1/openssl-enc.pod.in index 4d7ff3dc77e7..fb4f72ed8a19 100644 --- a/crypto/openssl/doc/man1/openssl-enc.pod.in +++ b/crypto/openssl/doc/man1/openssl-enc.pod.in @@ -193,9 +193,12 @@ Print out the key and IV used. Print out the key and IV used then immediately exit: don't do any encryption or decryption. -=item B<-bufsize> I<number> +=item B<-bufsize> I<number>[B<k>] Set the buffer size for I/O. +The maximum size that can be specified is B<2^31-1> (2147483647) bytes. +The B<k> suffix can be specified to indicate that I<number> is provided +in kibibytes (multiples of 1024 bytes). =item B<-nopad> @@ -279,7 +282,7 @@ Some of the ciphers do not have large keys and others have security implications if not used correctly. A beginner is advised to just use a strong block cipher, such as AES, in CBC mode. -All the block ciphers normally use PKCS#5 padding, also known as standard +All the block ciphers normally use PKCS#7 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. diff --git a/crypto/openssl/doc/man1/openssl-fipsinstall.pod.in b/crypto/openssl/doc/man1/openssl-fipsinstall.pod.in index 9dd4f5a49ffe..d44b4a7dac85 100644 --- a/crypto/openssl/doc/man1/openssl-fipsinstall.pod.in +++ b/crypto/openssl/doc/man1/openssl-fipsinstall.pod.in @@ -237,9 +237,7 @@ explicitly permitted by the various standards. =item B<-hkdf_digest_check> -Configure the module to enable a run-time digest check when deriving a key by -HKDF. -See NIST SP 800-56Cr2 for details. +This option is deprecated. =item B<-tls13_kdf_digest_check> @@ -261,9 +259,7 @@ See NIST SP 800-135r1 for details. =item B<-sskdf_digest_check> -Configure the module to enable a run-time digest check when deriving a key by -SSKDF. -See NIST SP 800-56Cr2 for details. +This option is deprecated. =item B<-x963kdf_digest_check> @@ -493,7 +489,7 @@ B<-ecdh_cofactor_check> =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BN_generate_prime.pod b/crypto/openssl/doc/man3/BN_generate_prime.pod index accc8a749f0c..6b8d1de19cd8 100644 --- a/crypto/openssl/doc/man3/BN_generate_prime.pod +++ b/crypto/openssl/doc/man3/BN_generate_prime.pod @@ -130,7 +130,7 @@ or all the tests passed. If B<p> passes all these tests, it is considered a probable prime. The test performed on B<p> are trial division by a number of small primes -and rounds of the of the Miller-Rabin probabilistic primality test. +and rounds of the Miller-Rabin probabilistic primality test. The functions do at least 64 rounds of the Miller-Rabin test giving a maximum false positive rate of 2^-128. @@ -148,7 +148,7 @@ and BN_is_prime_fasttest() are deprecated. BN_is_prime_fasttest() and BN_is_prime() behave just like BN_is_prime_fasttest_ex() and BN_is_prime_ex() respectively, but with the old -style call back. +style callback. B<ctx> is a preallocated B<BN_CTX> (to save the overhead of allocating and freeing the structure in a loop), or B<NULL>. @@ -246,7 +246,7 @@ BN_check_prime() was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_EncryptInit.pod b/crypto/openssl/doc/man3/EVP_EncryptInit.pod index 2c42e3969e03..3c62659319c2 100644 --- a/crypto/openssl/doc/man3/EVP_EncryptInit.pod +++ b/crypto/openssl/doc/man3/EVP_EncryptInit.pod @@ -850,7 +850,7 @@ See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length(). =item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string> Gets or sets the AEAD tag for the associated cipher context I<ctx>. -See L<EVP_EncryptInit(3)/AEAD Interface>. +See L<EVP_EncryptInit(3)/AEAD INTERFACE>. =item "pipeline-tag" (B<OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG>) <octet ptr> diff --git a/crypto/openssl/doc/man3/EVP_PKEY_new.pod b/crypto/openssl/doc/man3/EVP_PKEY_new.pod index 72d129deff24..0a56600c2b60 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_new.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_new.pod @@ -219,7 +219,19 @@ general private key without reference to any particular algorithm. The structure returned by EVP_PKEY_new() is empty. To add a private or public key to this empty structure use the appropriate functions described in L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_DSA(3)>, L<EVP_PKEY_set1_DH(3)> or -L<EVP_PKEY_set1_EC_KEY(3)>. +L<EVP_PKEY_set1_EC_KEY(3)> for legacy key types implemented in internal +OpenSSL providers. + +For fully provider-managed key types (see L<provider-keymgmt(7)>), +possibly implemented in external providers, use functions such as +L<EVP_PKEY_set1_encoded_public_key(3)> or L<EVP_PKEY_fromdata(3)> +to populate key data. + +Generally caution is advised for using an B<EVP_PKEY> structure across +different library contexts: In order for an B<EVP_PKEY> to be shared by +multiple library contexts the providers associated with the library contexts +must have key managers that support the key type and implement the +OSSL_FUNC_keymgmt_import() and OSSL_FUNC_keymgmt_export() functions. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod b/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod index 485705ea7889..9bac62b10b32 100644 --- a/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod +++ b/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod @@ -127,7 +127,7 @@ EVP_aes_256_ocb() AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode (GCM) and OCB Mode respectively. These ciphers require additional control -operations to function correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> +operations to function correctly, see the L<EVP_EncryptInit(3)/AEAD INTERFACE> section for details. =item EVP_aes_128_wrap(), @@ -184,7 +184,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod b/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod index 91aa75ec3871..74e21444db8f 100644 --- a/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod +++ b/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod @@ -88,7 +88,7 @@ EVP_aria_256_gcm(), ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter Mode (GCM). These ciphers require additional control operations to function -correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> section for details. +correctly, see the L<EVP_EncryptInit(3)/AEAD INTERFACE> section for details. =back @@ -113,7 +113,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_chacha20.pod b/crypto/openssl/doc/man3/EVP_chacha20.pod index 7e80c8de40c9..0dfce7389b78 100644 --- a/crypto/openssl/doc/man3/EVP_chacha20.pod +++ b/crypto/openssl/doc/man3/EVP_chacha20.pod @@ -36,7 +36,7 @@ With an initial counter of 42 (2a in hex) would be expressed as: Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key is 256 bits and the IV is 96 bits. This supports additional authenticated data (AAD) and produces a 128-bit authentication tag. See the -L<EVP_EncryptInit(3)/AEAD Interface> section for more information. +L<EVP_EncryptInit(3)/AEAD INTERFACE> section for more information. =back @@ -64,7 +64,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod b/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod index 1bddd7737069..dbc7073aac18 100644 --- a/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod +++ b/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod @@ -45,7 +45,12 @@ the program's dynamic memory area, where keys and other sensitive information might be stored, OpenSSL supports the concept of a "secure heap." The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your -threat model and concerns. +threat model and concerns. It should be noted that the secure heap +uses a single read/write lock, and therefore any operations +that involve allocation or freeing of secure heap memory are serialised, +blocking other threads. With that in mind, highly concurrent applications +should enable the secure heap with caution and be aware of the performance +implications for multi-threaded code. If a secure heap is used, then private key B<BIGNUM> values are stored there. This protects long-term storage of private keys, but will not necessarily @@ -135,7 +140,7 @@ a B<size_t> in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OSSL_CALLBACK.pod b/crypto/openssl/doc/man3/OSSL_CALLBACK.pod index 5fa8a8f08916..5550819a94b4 100644 --- a/crypto/openssl/doc/man3/OSSL_CALLBACK.pod +++ b/crypto/openssl/doc/man3/OSSL_CALLBACK.pod @@ -47,15 +47,10 @@ Additional parameters can be passed with the L<OSSL_PARAM(3)> array I<params>, =back -=begin comment RETURN VALUES doesn't make sense for a manual that only -describes a type, but document checkers still want that section, and -to have more than just the section title. - =head1 RETURN VALUES -txt - -=end comment +Functions of type B<OSSL_CALLBACK> and B<OSSL_PASSPHRASE_CALLBACK> +must return 1 on success and 0 on failure. =head1 SEE ALSO @@ -67,7 +62,7 @@ The types described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/PEM_read_CMS.pod b/crypto/openssl/doc/man3/PEM_read_CMS.pod index dbccf26cd893..880e31481029 100644 --- a/crypto/openssl/doc/man3/PEM_read_CMS.pod +++ b/crypto/openssl/doc/man3/PEM_read_CMS.pod @@ -84,9 +84,9 @@ see L<openssl_user_macros(7)>: =head1 DESCRIPTION -All of the functions described on this page are deprecated. -Applications should use OSSL_ENCODER_to_bio() and OSSL_DECODER_from_bio() -instead. +To replace the deprecated functions listed above, applications should use the +B<EVP_PKEY> type and OSSL_DECODER_from_bio() and OSSL_ENCODER_to_bio() to +read and write PEM data containing key parameters or private and public keys. In the description below, B<I<TYPE>> is used as a placeholder for any of the OpenSSL datatypes, such as B<X509>. @@ -142,7 +142,7 @@ were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RAND_load_file.pod b/crypto/openssl/doc/man3/RAND_load_file.pod index baca54cb3c89..45570920ca95 100644 --- a/crypto/openssl/doc/man3/RAND_load_file.pod +++ b/crypto/openssl/doc/man3/RAND_load_file.pod @@ -19,7 +19,11 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file RAND_load_file() reads a number of bytes from file B<filename> and adds them to the PRNG. If B<max_bytes> is nonnegative, up to B<max_bytes> are read; -if B<max_bytes> is -1, the complete file is read. +if B<max_bytes> is -1, the complete file is read (unless the file +is not a regular file, in that case a fixed number of bytes, +256 in the current implementation, is attempted to be read). +RAND_load_file() can read less than the complete file or the requested number +of bytes if it doesn't fit in the return value type. Do not load the same file multiple times unless its contents have been updated by RAND_write_file() between reads. Also, note that B<filename> should be adequately protected so that an @@ -77,7 +81,7 @@ L<RAND(7)> =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_domain_flags.pod b/crypto/openssl/doc/man3/SSL_CTX_set_domain_flags.pod index 2f0911608435..cc9ad5911498 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_domain_flags.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_domain_flags.pod @@ -106,7 +106,7 @@ L<SSL_new_domain(3)>, L<openssl-quic-concurrency(7)> =head1 HISTORY -These functions were added in @QUIC_SERVER_VERSION@. +These functions were added in OpenSSL 3.5. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index a14f334cfca8..902cefdfa366 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -58,9 +58,11 @@ the actual key is newly generated during the negotiation. Typically applications should use well known DH parameters that have built-in support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto() configure OpenSSL to use the default built-in DH parameters for the B<SSL_CTX> -and B<SSL> objects respectively. Passing a value of 1 in the I<onoff> parameter -switches the feature on, and passing a value of 0 switches it off. The default -setting is off. +and B<SSL> objects respectively. Passing a value of 2 or 1 in the I<onoff> +parameter switches it on. If the I<onoff> parameter is set to 2, it will force +the DH key size to 1024 if the B<SSL_CTX> or B<SSL> security level +L<SSL_CTX_set_security_level(3)> is 0 or 1. Passing a value of 0 switches +it off. The default setting is off. If "auto" DH parameters are switched on then the parameters will be selected to be consistent with the size of the key associated with the server's certificate. @@ -112,7 +114,7 @@ L<openssl-ciphers(1)>, L<openssl-dhparam(1)> =head1 COPYRIGHT -Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_poll.pod b/crypto/openssl/doc/man3/SSL_poll.pod index 87a1e42b1720..6047bd6750f8 100644 --- a/crypto/openssl/doc/man3/SSL_poll.pod +++ b/crypto/openssl/doc/man3/SSL_poll.pod @@ -5,12 +5,14 @@ SSL_poll, SSL_POLL_EVENT_NONE, SSL_POLL_EVENT_F, +SSL_POLL_EVENT_EL, SSL_POLL_EVENT_EC, SSL_POLL_EVENT_ECD, SSL_POLL_EVENT_ER, SSL_POLL_EVENT_EW, SSL_POLL_EVENT_R, SSL_POLL_EVENT_W, +SSL_POLL_EVENT_IC, SSL_POLL_EVENT_ISB, SSL_POLL_EVENT_ISU, SSL_POLL_EVENT_OSB, @@ -35,27 +37,29 @@ SSL_POLL_FLAG_NO_HANDLE_EVENTS #define SSL_POLL_EVENT_NONE 0 #define SSL_POLL_EVENT_F /* F (Failure) */ + #define SSL_POLL_EVENT_EL /* EL (Exception on Listener) */ #define SSL_POLL_EVENT_EC /* EC (Exception on Conn) */ #define SSL_POLL_EVENT_ECD /* ECD (Exception on Conn Drained) */ #define SSL_POLL_EVENT_ER /* ER (Exception on Read) */ #define SSL_POLL_EVENT_EW /* EW (Exception on Write) */ #define SSL_POLL_EVENT_R /* R (Readable) */ #define SSL_POLL_EVENT_W /* W (Writable) */ + #define SSL_POLL_EVENT_IC /* IC (Incoming Connection) */ #define SSL_POLL_EVENT_ISB /* ISB (Incoming Stream: Bidi) */ #define SSL_POLL_EVENT_ISU /* ISU (Incoming Stream: Uni) */ #define SSL_POLL_EVENT_OSB /* OSB (Outgoing Stream: Bidi) */ #define SSL_POLL_EVENT_OSU /* OSU (Outgoing Stream: Uni) */ - #define SSL_POLL_EVENT_RW /* R | W */ - #define SSL_POLL_EVENT_RE /* R | ER */ - #define SSL_POLL_EVENT_WE /* W | EW */ - #define SSL_POLL_EVENT_RWE /* RE | WE */ - #define SSL_POLL_EVENT_E /* EC | ER | EW */ - #define SSL_POLL_EVENT_IS /* ISB | ISU */ - #define SSL_POLL_EVENT_ISE /* IS | EC */ - #define SSL_POLL_EVENT_I /* IS */ - #define SSL_POLL_EVENT_OS /* OSB | OSU */ - #define SSL_POLL_EVENT_OSE /* OS | EC */ + #define SSL_POLL_EVENT_RW /* R | W */ + #define SSL_POLL_EVENT_RE /* R | ER */ + #define SSL_POLL_EVENT_WE /* W | EW */ + #define SSL_POLL_EVENT_RWE /* RE | WE */ + #define SSL_POLL_EVENT_E /* EL | EC | ER | EW */ + #define SSL_POLL_EVENT_IS /* ISB | ISU */ + #define SSL_POLL_EVENT_ISE /* IS | EC */ + #define SSL_POLL_EVENT_I /* IS */ + #define SSL_POLL_EVENT_OS /* OSB | OSU */ + #define SSL_POLL_EVENT_OSE /* OS | EC */ typedef struct ssl_poll_item_st { BIO_POLL_DESCRIPTOR desc; diff --git a/crypto/openssl/doc/man3/d2i_X509.pod b/crypto/openssl/doc/man3/d2i_X509.pod index df5ea65e596e..8e04c2286c57 100644 --- a/crypto/openssl/doc/man3/d2i_X509.pod +++ b/crypto/openssl/doc/man3/d2i_X509.pod @@ -588,8 +588,9 @@ freed in the event of error and I<*a> is set to NULL. B<i2d_I<TYPE>>() returns the number of bytes successfully encoded or a negative value if an error occurs. -B<i2d_I<TYPE>_bio>() and B<i2d_I<TYPE>_fp>() return 1 for success and 0 if an -error occurs. +B<i2d_I<TYPE>_bio>() and B<i2d_I<TYPE>_fp>(), +as well as i2d_ASN1_bio_stream(), +return 1 for success and 0 if an error occurs. =head1 EXAMPLES diff --git a/crypto/openssl/doc/man5/fips_config.pod b/crypto/openssl/doc/man5/fips_config.pod index a25ced338393..c3f7b8f3ab6b 100644 --- a/crypto/openssl/doc/man5/fips_config.pod +++ b/crypto/openssl/doc/man5/fips_config.pod @@ -62,17 +62,11 @@ A version number for the fips install process. Should be 1. =item B<install-status> -An indicator that the self-tests were successfully run. -This should only be written after the module has -successfully passed its self tests during installation. -If this field is not present, then the self tests will run when the module -loads. +This field is deprecated and is no longer used. =item B<install-mac> -A MAC of the value of the B<install-status> option, to prevent accidental -changes to that value. -It is written-to at the same time as B<install-status> is updated. +This field is deprecated and is no longer used. =back @@ -112,7 +106,7 @@ See L<openssl-fipsinstall(1)/OPTIONS> B<-signature_digest_check> =item B<hkdf-digest-check> -See L<openssl-fipsinstall(1)/OPTIONS> B<-hkdf_digest_check> +This option is deprecated. =item B<tls13-kdf-digest-check> @@ -128,7 +122,7 @@ See L<openssl-fipsinstall(1)/OPTIONS> B<-sshkdf_digest_check> =item B<sskdf-digest-check> -See L<openssl-fipsinstall(1)/OPTIONS> B<-sskdf_digest_check> +This option is deprecated. =item B<x963kdf-digest-check> @@ -233,7 +227,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod b/crypto/openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod index 171a3d130ec0..2b8cf1c12fb8 100644 --- a/crypto/openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod +++ b/crypto/openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod @@ -27,7 +27,8 @@ The default provider understands these RSA padding modes in string form: This padding mode is no longer supported by the FIPS provider for key agreement and key transport. -(This is a FIPS 140-3 requirement) +(This is a FIPS 140-3 requirement). +See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_pkcs15_pad_disabled>. =item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>) @@ -109,7 +110,7 @@ L<OSSL_PROVIDER-FIPS(7)> =head1 COPYRIGHT -Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/EVP_PKEY-DSA.pod b/crypto/openssl/doc/man7/EVP_PKEY-DSA.pod index f3bed36f88a4..d386d8868a1c 100644 --- a/crypto/openssl/doc/man7/EVP_PKEY-DSA.pod +++ b/crypto/openssl/doc/man7/EVP_PKEY-DSA.pod @@ -119,7 +119,7 @@ The following sections of FIPS186-4: =head1 SEE ALSO L<EVP_PKEY-FFC(7)>, -L<EVP_SIGNATURE-DSA(7)> +L<EVP_SIGNATURE-DSA(7)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>, L<EVP_KEYMGMT(3)>, @@ -133,7 +133,7 @@ OpenSSL 3.4. See L<fips_module(7)/FIPS indicators> for more information. =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/EVP_PKEY-FFC.pod b/crypto/openssl/doc/man7/EVP_PKEY-FFC.pod index 7c9848676b8c..a28bb84e0a36 100644 --- a/crypto/openssl/doc/man7/EVP_PKEY-FFC.pod +++ b/crypto/openssl/doc/man7/EVP_PKEY-FFC.pod @@ -213,7 +213,7 @@ The following sections of FIPS186-4: L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>, L<EVP_SIGNATURE-DSA(7)>, -L<EVP_KEYEXCH-DH(7)> +L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>, @@ -222,7 +222,7 @@ L<OSSL_PROVIDER-FIPS(7)>, =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/EVP_SIGNATURE-ML-DSA.pod b/crypto/openssl/doc/man7/EVP_SIGNATURE-ML-DSA.pod index 3e7cc41b2424..3b6e795f0709 100644 --- a/crypto/openssl/doc/man7/EVP_SIGNATURE-ML-DSA.pod +++ b/crypto/openssl/doc/man7/EVP_SIGNATURE-ML-DSA.pod @@ -113,7 +113,7 @@ To sign a message using an ML-DSA EVP_PKEY structure: EVP_PKEY_sign(sctx, sig, &sig_len, msg, msg_len); ... OPENSSL_free(sig); - EVP_SIGNATURE(sig_alg); + EVP_SIGNATURE_free(sig_alg); EVP_PKEY_CTX_free(sctx); } diff --git a/crypto/openssl/doc/man7/EVP_SIGNATURE-SLH-DSA.pod b/crypto/openssl/doc/man7/EVP_SIGNATURE-SLH-DSA.pod index 9ca1e077484a..de2be646ed64 100644 --- a/crypto/openssl/doc/man7/EVP_SIGNATURE-SLH-DSA.pod +++ b/crypto/openssl/doc/man7/EVP_SIGNATURE-SLH-DSA.pod @@ -109,7 +109,7 @@ To sign a message using an SLH-DSA EVP_PKEY structure: EVP_PKEY_sign(sctx, sig, &sig_len, msg, msg_len); ... OPENSSL_free(sig); - EVP_SIGNATURE(sig_alg); + EVP_SIGNATURE_free(sig_alg); EVP_PKEY_CTX_free(sctx); } diff --git a/crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod b/crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod index 571a1e99e089..d14005a89a1c 100644 --- a/crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -14,7 +14,7 @@ accredited testing laboratory. =head2 Properties The implementations in this provider specifically have these properties -defined: +defined for approved algorithms: =over 4 @@ -41,20 +41,17 @@ query. Including C<provider=fips> in your property query guarantees that the OpenSSL FIPS provider is used for cryptographic operations rather than other FIPS capable providers. -=head2 Provider parameters - -See L<provider-base(7)/Provider parameters> for a list of base parameters. -Additionally the OpenSSL FIPS provider also supports the following gettable -parameters: - -=over 4 +=head2 Approved algorithms -=item "security-checks" (B<OSSL_OSSL_PROV_PARAM_SECURITY_CHECKS>) <unsigned integer> +Algorithms that are fetched using "fips=yes" may still be unapproved if certain +conditions are not met. See L<fips_module(7)/FIPS indicators> for additional +information. -For further information refer to the L<openssl-fipsinstall(1)> option -B<-no_security_checks>. +=head2 Provider parameters -=back +See L<provider-base(7)/Provider parameters> for a list of base parameters. +The OpenSSL FIPS provider also handles FIPS indicator related parameters as +specified by L<fips_config(5)/FIPS indicator options>. =head1 OPERATIONS AND ALGORITHMS @@ -84,8 +81,6 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item 3DES, see L<EVP_CIPHER-DES(7)> -This is an unapproved algorithm. - =back =head2 Message Authentication Code (MAC) @@ -212,21 +207,21 @@ for signature generation, but may be used for verification for legacy use cases. =item EC, see L<EVP_KEYMGMT-EC(7)> -=item X25519, see L<EVP_KEYMGMT-X25519(7)> - -This is an unapproved algorithm. - -=item X448, see L<EVP_KEYMGMT-X448(7)> +=item ED25519, see L<EVP_KEYMGMT-ED25519(7)> -This is an unapproved algorithm. +=item ED448, see L<EVP_KEYMGMT-ED448(7)> -=item ED25519, see L<EVP_KEYMGMT-ED25519(7)> +=item X25519, see L<EVP_KEYMGMT-X25519(7)> This is an unapproved algorithm. +The FIPS 140-3 IG states that "Curves that are included in SP 800-186 but not +included in SP 800-56Arev3 are not approved for key agreement". -=item ED448, see L<EVP_KEYMGMT-ED448(7)> +=item X448, see L<EVP_KEYMGMT-X448(7)> This is an unapproved algorithm. +The FIPS 140-3 IG states that "Curves that are included in SP 800-186 but not" +included in SP 800-56Arev3 are not approved for key agreement". =item TLS1-PRF @@ -288,8 +283,11 @@ TEST-RAND is an unapproved algorithm. =head1 SELF TESTING -One of the requirements for the FIPS module is self testing. An optional callback -mechanism is available to return information to the user using +A requirement of FIPS modules is to run cryptographic algorithm self tests. +FIPS 140-3 requires known answer tests to be run on startup as well as +conditional tests that run during cryptographic operations. + +An optional callback mechanism is available to return information to the user using L<OSSL_SELF_TEST_set_callback(3)>. The parameters passed to the callback are described in L<OSSL_SELF_TEST_new(3)> @@ -311,12 +309,10 @@ Uses HMAC SHA256 on the module file to validate that the module has not been modified. The integrity value is compared to a value written to a configuration file during installation. -=item "Install_Integrity" (B<OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY>) +=item "KAT_Integrity" (B<OSSL_SELF_TEST_TYPE_KAT_INTEGRITY>) -Uses HMAC SHA256 on a fixed string to validate that the installation process -has already been performed and the self test KATS have already been tested, -The integrity value is compared to a value written to a configuration -file after successfully running the self tests during installation. +Used during the Module Integrity test to perform a known answer test on +HMAC SHA256 prior to using it. =item "KAT_Cipher" (B<OSSL_SELF_TEST_TYPE_KAT_CIPHER>) @@ -360,24 +356,28 @@ Known answer test for a Deterministic Random Bit Generator. =item "Conditional_PCT" (B<OSSL_SELF_TEST_TYPE_PCT>) -Conditional test that is run during the generation or importing of key pairs. +Conditional test that is run during the generation of key pairs. + +=item "Import_PCT" (B<OSSL_SELF_TEST_TYPE_PCT_IMPORT>) + +Conditional test that is run during the import of key pairs. + +=item "Conditional_KAT" (B<OSSL_SELF_TEST_TYPE_PCT_KAT>) + +Conditional test run during generation that derive the public key from the +private key and checks that the public key matches. This is a SP 800-56A requirement. =item "Continuous_RNG_Test" (B<OSSL_SELF_TEST_TYPE_CRNG>) Continuous random number generator test. -=back - -The "Module_Integrity" self test is always run at startup. -The "Install_Integrity" self test is used to check if the self tests have -already been run at installation time. If they have already run then the -self tests are not run on subsequent startups. -All other self test categories are run once at installation time, except for the -"Pairwise_Consistency_Test". +=item "Install_Integrity" (B<OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY>) -There is only one instance of the "Module_Integrity" and "Install_Integrity" -self tests. All other self tests may have multiple instances. +This is deprecated. The option is no longer used since FIPS 140-3 requires +self tests to always run on startup. Previous FIPS 140-2 validations allowed +the self tests to be run just once. +=back The FIPS module passes the following descriptions(s) to OSSL_SELF_TEST_onbegin(). @@ -385,7 +385,7 @@ The FIPS module passes the following descriptions(s) to OSSL_SELF_TEST_onbegin() =item "HMAC" (B<OSSL_SELF_TEST_DESC_INTEGRITY_HMAC>) -"Module_Integrity" and "Install_Integrity" use this. +"Module_Integrity" uses this. =item "RSA" (B<OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1>) @@ -559,20 +559,6 @@ validated versions alongside F<libcrypto> and F<libssl> compiled from any release within the same major release series. This flexibility enables you to address bug fixes and CVEs that fall outside the FIPS boundary. -The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms, -consequently the property query C<fips=yes> is mandatory for applications that -want to operate in a FIPS approved manner. The algorithms are: - -=over 4 - -=item Triple DES ECB - -=item Triple DES CBC - -=item EdDSA - -=back - You can load the FIPS provider into multiple library contexts as any other provider. However the following restriction applies. The FIPS provider cannot be used by multiple copies of OpenSSL libcrypto in a single process. diff --git a/crypto/openssl/doc/man7/provider-base.pod b/crypto/openssl/doc/man7/provider-base.pod index 0302900a7314..511195770581 100644 --- a/crypto/openssl/doc/man7/provider-base.pod +++ b/crypto/openssl/doc/man7/provider-base.pod @@ -154,6 +154,10 @@ provider): core_new_error OSSL_FUNC_CORE_NEW_ERROR core_set_error_debug OSSL_FUNC_CORE_SET_ERROR_DEBUG core_vset_error OSSL_FUNC_CORE_VSET_ERROR + core_set_error_mark OSSL_FUNC_CORE_SET_ERROR_MARK + core_clear_last_error_mark OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK + core_pop_error_to_mark OSSL_FUNC_CORE_POP_ERROR_TO_MARK + core_count_to_mark OSSL_FUNC_CORE_COUNT_TO_MARK core_obj_add_sigid OSSL_FUNC_CORE_OBJ_ADD_SIGID core_obj_create OSSL_FUNC_CORE_OBJ_CREATE CRYPTO_malloc OSSL_FUNC_CRYPTO_MALLOC @@ -270,6 +274,33 @@ error occurred or was reported. This corresponds to the OpenSSL function L<ERR_vset_error(3)>. +=item core_set_error_mark() + +sets a mark on the current topmost error record if there is one. + +This corresponds to the OpenSSL function L<ERR_set_mark(3)>. + +=item core_clear_last_error_mark() + +removes the last mark added if there is one. + +This corresponds to the OpenSSL function L<ERR_clear_last_mark(3)>. + +=item core_pop_error_to_mark() + +pops the top of the error stack until a mark is found. The mark is then removed. +If there is no mark, the whole stack is removed. + +This corresponds to the OpenSSL function L<ERR_pop_to_mark(3)>. + +=item core_count_to_mark() + +returns the number of entries on the error stack above the most recently +marked entry, not including that entry. If there is no mark in the error stack, +the number of entries in the error stack is returned. + +This corresponds to the OpenSSL function L<ERR_count_to_mark(3)>. + =back The core_obj_create() function registers a new OID and associated short name diff --git a/crypto/openssl/exporters/libcrypto.pc b/crypto/openssl/exporters/libcrypto.pc index e7f3953b7eae..843a328e8509 100644 --- a/crypto/openssl/exporters/libcrypto.pc +++ b/crypto/openssl/exporters/libcrypto.pc @@ -7,7 +7,7 @@ modulesdir=${libdir}/ossl-modules Name: OpenSSL-libcrypto Description: OpenSSL cryptography library -Version: 3.5.1 +Version: 3.5.3 Libs: -L${libdir} -lcrypto Libs.private: -pthread Cflags: -I${includedir} diff --git a/crypto/openssl/exporters/libssl.pc b/crypto/openssl/exporters/libssl.pc index ed6fd275ca26..bbbe0b65b904 100644 --- a/crypto/openssl/exporters/libssl.pc +++ b/crypto/openssl/exporters/libssl.pc @@ -5,7 +5,7 @@ includedir=${prefix}/include Name: OpenSSL-libssl Description: Secure Sockets Layer and cryptography libraries -Version: 3.5.1 +Version: 3.5.3 Requires.private: libcrypto Libs: -L${libdir} -lssl Cflags: -I${includedir} diff --git a/crypto/openssl/exporters/openssl.pc b/crypto/openssl/exporters/openssl.pc index 892ef113ca0f..d930b07420dc 100644 --- a/crypto/openssl/exporters/openssl.pc +++ b/crypto/openssl/exporters/openssl.pc @@ -5,5 +5,5 @@ includedir=${prefix}/include Name: OpenSSL Description: Secure Sockets Layer and cryptography libraries and tools -Version: 3.5.1 +Version: 3.5.3 Requires: libssl libcrypto diff --git a/crypto/openssl/fuzz/dtlsserver.c b/crypto/openssl/fuzz/dtlsserver.c index 68ddb1e6e683..7ea57ea05336 100644 --- a/crypto/openssl/fuzz/dtlsserver.c +++ b/crypto/openssl/fuzz/dtlsserver.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -590,10 +590,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) SSL *server; BIO *in; BIO *out; -#if !defined(OPENSSL_NO_EC) \ - || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) BIO *bio_buf; -#endif SSL_CTX *ctx; int ret; #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/crypto/openssl/include/crypto/dh.h b/crypto/openssl/include/crypto/dh.h index 51232d18c244..b4a4a3c1fae8 100644 --- a/crypto/openssl/include/crypto/dh.h +++ b/crypto/openssl/include/crypto/dh.h @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,7 +42,7 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret); int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret); -int ossl_dh_check_pairwise(const DH *dh); +int ossl_dh_check_pairwise(const DH *dh, int return_on_null_numbers); const DH_METHOD *ossl_dh_get_method(const DH *dh); diff --git a/crypto/openssl/include/crypto/rsa.h b/crypto/openssl/include/crypto/rsa.h index dcb465cbcae0..ffbc95a77888 100644 --- a/crypto/openssl/include/crypto/rsa.h +++ b/crypto/openssl/include/crypto/rsa.h @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -124,6 +124,10 @@ ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx); int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, const X509_ALGOR *sigalg, EVP_PKEY *pkey); +# ifdef FIPS_MODULE +int ossl_rsa_key_pairwise_test(RSA *rsa); +# endif /* FIPS_MODULE */ + # if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]); void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst); diff --git a/crypto/openssl/include/crypto/slh_dsa.h b/crypto/openssl/include/crypto/slh_dsa.h index cf1e21215f9e..75b928638309 100644 --- a/crypto/openssl/include/crypto/slh_dsa.h +++ b/crypto/openssl/include/crypto/slh_dsa.h @@ -23,9 +23,11 @@ typedef struct slh_dsa_hash_ctx_st SLH_DSA_HASH_CTX; typedef struct slh_dsa_key_st SLH_DSA_KEY; +__owur OSSL_LIB_CTX *ossl_slh_dsa_key_get0_libctx(const SLH_DSA_KEY *key); __owur SLH_DSA_KEY *ossl_slh_dsa_key_new(OSSL_LIB_CTX *libctx, const char *propq, const char *alg); void ossl_slh_dsa_key_free(SLH_DSA_KEY *key); +void ossl_slh_dsa_key_reset(SLH_DSA_KEY *key); __owur SLH_DSA_KEY *ossl_slh_dsa_key_dup(const SLH_DSA_KEY *src, int selection); __owur int ossl_slh_dsa_key_equal(const SLH_DSA_KEY *key1, const SLH_DSA_KEY *key2, int selection); diff --git a/crypto/openssl/include/internal/quic_ackm.h b/crypto/openssl/include/internal/quic_ackm.h index c271dfca2e1d..949d91903bb1 100644 --- a/crypto/openssl/include/internal/quic_ackm.h +++ b/crypto/openssl/include/internal/quic_ackm.h @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg), void *now_arg, OSSL_STATM *statm, const OSSL_CC_METHOD *cc_method, - OSSL_CC_DATA *cc_data); + OSSL_CC_DATA *cc_data, int is_server); void ossl_ackm_free(OSSL_ACKM *ackm); void ossl_ackm_set_loss_detection_deadline_callback(OSSL_ACKM *ackm, diff --git a/crypto/openssl/include/internal/quic_record_rx.h b/crypto/openssl/include/internal/quic_record_rx.h index 8e0cd6a2c927..24143f91f2f3 100644 --- a/crypto/openssl/include/internal/quic_record_rx.h +++ b/crypto/openssl/include/internal/quic_record_rx.h @@ -168,6 +168,17 @@ int ossl_qrx_provide_secret(OSSL_QRX *qrx, size_t secret_len); /* + * Utility function to update the pn space from a src to a dst qrx. + * Occasionally we use a temporary qrx to do packet validation on quic frames + * that are not yet associated with a channel, and in the event a validation is + * successful AND we allocate a new qrx for the newly created channel, we need + * to migrate the largest_pn values recorded in the tmp qrx to the channel qrx. + * If we don't then PN decoding fails in cases where the initial PN is a large value. + * This function does that migration for us + */ +void ossl_qrx_update_pn_space(OSSL_QRX *src, OSSL_QRX *dst); + +/* * Informs the QRX that it can now discard key material for a given EL. The QRX * will no longer be able to process incoming packets received at that * encryption level. This function is idempotent and succeeds if the EL has diff --git a/crypto/openssl/include/openssl/core_dispatch.h b/crypto/openssl/include/openssl/core_dispatch.h index 690a38206a35..13de04e2622c 100644 --- a/crypto/openssl/include/openssl/core_dispatch.h +++ b/crypto/openssl/include/openssl/core_dispatch.h @@ -253,6 +253,10 @@ OSSL_CORE_MAKE_FUNC(int, provider_up_ref, OSSL_CORE_MAKE_FUNC(int, provider_free, (const OSSL_CORE_HANDLE *prov, int deactivate)) +/* Additional error functions provided by the core */ +# define OSSL_FUNC_CORE_COUNT_TO_MARK 120 +OSSL_CORE_MAKE_FUNC(int, core_count_to_mark, (const OSSL_CORE_HANDLE *prov)) + /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ # define OSSL_FUNC_PROVIDER_TEARDOWN 1024 OSSL_CORE_MAKE_FUNC(void, provider_teardown, (void *provctx)) diff --git a/crypto/openssl/include/openssl/crypto.h b/crypto/openssl/include/openssl/crypto.h index fd2cfd3e5a9a..87fefd4ab73b 100644 --- a/crypto/openssl/include/openssl/crypto.h +++ b/crypto/openssl/include/openssl/crypto.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/crypto.h.in * - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -358,9 +358,9 @@ OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line); OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align, void **freeptr, const char *file, int line); -OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); -OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line); -OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); void CRYPTO_free(void *ptr, const char *file, int line); void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); diff --git a/crypto/openssl/include/openssl/crypto.h.in b/crypto/openssl/include/openssl/crypto.h.in index e0ace5e5a064..c98f5215d54b 100644 --- a/crypto/openssl/include/openssl/crypto.h.in +++ b/crypto/openssl/include/openssl/crypto.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -335,9 +335,9 @@ OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line); OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align, void **freeptr, const char *file, int line); -OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); -OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line); -OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); void CRYPTO_free(void *ptr, const char *file, int line); void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h index dd50d89cb998..bdfee803c79c 100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by Makefile from include/openssl/opensslv.h.in * - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,7 +29,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 5 -# define OPENSSL_VERSION_PATCH 1 +# define OPENSSL_VERSION_PATCH 3 /* * Additional version information @@ -74,33 +74,28 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.5.1" -# define OPENSSL_FULL_VERSION_STR "3.5.1" +# define OPENSSL_VERSION_STR "3.5.3" +# define OPENSSL_FULL_VERSION_STR "3.5.3" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "1 Jul 2025" +# define OPENSSL_RELEASE_DATE "16 Sep 2025" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.1 1 Jul 2025" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.5.3 16 Sep 2025" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ -# ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0L -# else -# define _OPENSSL_VERSION_PRE_RELEASE 0xfL -# endif # define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) \ |(OPENSSL_VERSION_MINOR<<20) \ |(OPENSSL_VERSION_PATCH<<4) \ - |_OPENSSL_VERSION_PRE_RELEASE ) + |0xfL ) # ifdef __cplusplus } diff --git a/crypto/openssl/include/openssl/opensslv.h.in b/crypto/openssl/include/openssl/opensslv.h.in index 3f47a2ac08f0..e547281ff527 100644 --- a/crypto/openssl/include/openssl/opensslv.h.in +++ b/crypto/openssl/include/openssl/opensslv.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -90,16 +90,11 @@ extern "C" { # define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ -# ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0L -# else -# define _OPENSSL_VERSION_PRE_RELEASE 0xfL -# endif # define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) \ |(OPENSSL_VERSION_MINOR<<20) \ |(OPENSSL_VERSION_PATCH<<4) \ - |_OPENSSL_VERSION_PRE_RELEASE ) + |{- @config{prerelease} ? "0x0L" : "0xfL" -} ) # ifdef __cplusplus } diff --git a/crypto/openssl/include/openssl/pem.h b/crypto/openssl/include/openssl/pem.h index 94424e6c209e..de1b6581f28f 100644 --- a/crypto/openssl/include/openssl/pem.h +++ b/crypto/openssl/include/openssl/pem.h @@ -57,6 +57,7 @@ extern "C" { # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" +# define PEM_STRING_SM2PRIVATEKEY "SM2 PRIVATE KEY" # define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" # define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE" diff --git a/crypto/openssl/include/openssl/proverr.h b/crypto/openssl/include/openssl/proverr.h index 0d61b733dc59..10bcd427800f 100644 --- a/crypto/openssl/include/openssl/proverr.h +++ b/crypto/openssl/include/openssl/proverr.h @@ -49,6 +49,7 @@ # define PROV_R_FINAL_CALL_OUT_OF_ORDER 237 # define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227 # define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224 +# define PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR 253 # define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225 # define PROV_R_GENERATE_ERROR 191 # define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165 diff --git a/crypto/openssl/include/openssl/self_test.h b/crypto/openssl/include/openssl/self_test.h index 2d39e096eeab..6c81cef4c300 100644 --- a/crypto/openssl/include/openssl/self_test.h +++ b/crypto/openssl/include/openssl/self_test.h @@ -31,6 +31,7 @@ extern "C" { # define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test" # define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT" # define OSSL_SELF_TEST_TYPE_PCT_KAT "Conditional_KAT" +# define OSSL_SELF_TEST_TYPE_PCT_IMPORT "Import_PCT" # define OSSL_SELF_TEST_TYPE_KAT_INTEGRITY "KAT_Integrity" # define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" # define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher" @@ -50,6 +51,7 @@ extern "C" { # define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA" # define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA" # define OSSL_SELF_TEST_DESC_PCT_EDDSA "EDDSA" +# define OSSL_SELF_TEST_DESC_PCT_DH "DH" # define OSSL_SELF_TEST_DESC_PCT_DSA "DSA" # define OSSL_SELF_TEST_DESC_PCT_ML_DSA "ML-DSA" # define OSSL_SELF_TEST_DESC_PCT_ML_KEM "ML-KEM" diff --git a/crypto/openssl/libcrypto.pc b/crypto/openssl/libcrypto.pc index 97725059adfb..ab8b8f6df792 100644 --- a/crypto/openssl/libcrypto.pc +++ b/crypto/openssl/libcrypto.pc @@ -7,7 +7,7 @@ modulesdir=${libdir}/providers Name: OpenSSL-libcrypto Description: OpenSSL cryptography library -Version: 3.5.1 +Version: 3.5.3 Libs: -L${libdir} -lcrypto Libs.private: -pthread Cflags: -I${prefix}/include -I${prefix}/./include diff --git a/crypto/openssl/libssl.pc b/crypto/openssl/libssl.pc index e2662ee9e5fa..9d1a34a880b0 100644 --- a/crypto/openssl/libssl.pc +++ b/crypto/openssl/libssl.pc @@ -5,7 +5,7 @@ includedir=${prefix}/include ${prefix}/./include Name: OpenSSL-libssl Description: Secure Sockets Layer and cryptography libraries -Version: 3.5.1 +Version: 3.5.3 Requires.private: libcrypto Libs: -L${libdir} -lssl Cflags: -I${prefix}/include -I${prefix}/./include diff --git a/crypto/openssl/openssl.pc b/crypto/openssl/openssl.pc index ff0a0c2f4e09..6ef1ef3ee700 100644 --- a/crypto/openssl/openssl.pc +++ b/crypto/openssl/openssl.pc @@ -5,5 +5,5 @@ includedir=${prefix}/include ${prefix}/./include Name: OpenSSL Description: Secure Sockets Layer and cryptography libraries and tools -Version: 3.5.1 +Version: 3.5.3 Requires: libssl libcrypto diff --git a/crypto/openssl/providers/common/provider_err.c b/crypto/openssl/providers/common/provider_err.c index ea727e8334d5..967d708b516a 100644 --- a/crypto/openssl/providers/common/provider_err.c +++ b/crypto/openssl/providers/common/provider_err.c @@ -63,6 +63,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "fips module conditional error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE), "fips module entering error state"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR), + "fips module import pct error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_IN_ERROR_STATE), "fips module in error state"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_GENERATE_ERROR), "generate error"}, diff --git a/crypto/openssl/providers/common/securitycheck_fips.c b/crypto/openssl/providers/common/securitycheck_fips.c index c02fa960c096..ea07ccd42bb8 100644 --- a/crypto/openssl/providers/common/securitycheck_fips.c +++ b/crypto/openssl/providers/common/securitycheck_fips.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,18 +98,33 @@ int ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND *ind, int id, int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, int nid, int sha1_allowed, + int sha512_trunc_allowed, const char *desc, OSSL_FIPS_IND_CHECK_CB *config_check_f) { int approved; + const char *op = "none"; - if (nid == NID_undef) + switch (nid) { + case NID_undef: approved = 0; - else - approved = sha1_allowed || nid != NID_sha1; + break; + case NID_sha512_224: + case NID_sha512_256: + approved = sha512_trunc_allowed; + op = "Digest Truncated SHA512"; + break; + case NID_sha1: + approved = sha1_allowed; + op = "Digest SHA1"; + break; + default: + approved = 1; + break; + } if (!approved) { - if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "Digest SHA1", + if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, op, config_check_f)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); return 0; diff --git a/crypto/openssl/providers/fips-sources.checksums b/crypto/openssl/providers/fips-sources.checksums index 9f25bac77f3e..d48a9c85f57b 100644 --- a/crypto/openssl/providers/fips-sources.checksums +++ b/crypto/openssl/providers/fips-sources.checksums @@ -16,7 +16,7 @@ e1f3805332eb811d9d0c9377b67fe0681063364f1af84d8598f7daa30da65b4d crypto/aes/asm ecd9bdfaf25cdd3d8ec0c50cb4306d98374da1c6056e27e0cf31a057dc5ee150 crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl d372152dac004b96a89f8531256bd05597ca0b614b444bb02aee93238dcf83ab crypto/aes/asm/aes-riscv64-zvkned.pl f0388e17ba4268ed0b562da60e0780072180a824a379b79fafb60e25b8da3b52 crypto/aes/asm/aes-riscv64.pl -ecbfe826f4c514810c3ee20e265f4f621149694c298554b2682e5de4f029f14f crypto/aes/asm/aes-s390x.pl +290ae2a09826d24e83763415a021e328d41a163f41cff8c9e3b882e973677f33 crypto/aes/asm/aes-s390x.pl ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1 crypto/aes/asm/aes-sparcv9.pl 391497550eaca253f64b2aba7ba2e53c6bae7dff01583bc6bfc12e930bb7e217 crypto/aes/asm/aes-x86_64.pl c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm/aesfx-sparcv9.pl @@ -136,7 +136,7 @@ eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb 9549901d6f0f96cd17bd76c2b6cb33fb25641707bfdb8ed34aab250c34f7f4f6 crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h a54b1b60cf48ca89dfb3f71d299794dd6c2e462c576b0fe583d1448f819c80ea crypto/dh/dh_backend.c -24cf9462da6632c52b726041271f8a43dfb3f74414abe460d9cc9c7fd2fd2d7d crypto/dh/dh_check.c +9db32c052fb3cf7c36ab8e642f4852c2fa68a7b6bae0e3b1746522f826827068 crypto/dh/dh_check.c c117ac4fd24369c7813ac9dc9685640700a82bb32b0f7e038e85afd6c8db75c7 crypto/dh/dh_gen.c 6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a539a8930035fee3b723d74a1d13e931ff69a2b523c83d4a2d0d9db6c78ba902 crypto/dh/dh_kdf.c @@ -204,7 +204,7 @@ a47d8541bb2cc180f4c7d3ac0f888657e17621b318ea8a2eacdefb1926efb500 crypto/ec/ecp_ 43f81968983e9a466b7dc9cffe64302418703f7a66adcbac4b7c4d8cb19c9af5 crypto/ec/ecx_backend.c 5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3 crypto/ec/ecx_backend.h 2be4ca60082891bdc99f8c6ebc5392c1f0a7a53f0bcf18dcf5497a7aee0b9c84 crypto/ec/ecx_key.c -73c956c97fd558b0fd267934657fb829fd8d9ab12dda2d96d3ca1521f0416ca8 crypto/evp/asymcipher.c +c1f04d877f96f2d0852290e34b1994dd48222650ac1121903cee9c259fe3ebf2 crypto/evp/asymcipher.c 80da494704c8fc54fea36e5de7100a6c2fdcc5f8c50f43ac477df5f56fa57e58 crypto/evp/dh_support.c bc9f3b827e3d29ac485fff9fb1c8f71d7e2bcd883ccc44c776de2f620081df58 crypto/evp/digest.c 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c @@ -219,7 +219,7 @@ baccbd623a94ba350c07e0811033ad66a2c892ef51ccb051b4a65bf2ba625a85 crypto/evp/evp 90742590db894920ffdb737a450ee591488aa455802e777400b1bf887618fd7a crypto/evp/kdf_meth.c 948f7904e81008588288a1ba7969b9de83546c687230ffe2a3fd0be1651bce8f crypto/evp/kem.c 55d141a74405415ad21789abcace9557f1d1ef54cf207e99993bf0a801f4b81e crypto/evp/keymgmt_lib.c -5cb9ddc6a7434bd7e063bf85455c2025fb34e4eb846d7d113dbcedc25eeac7a3 crypto/evp/keymgmt_meth.c +d57908a9473d2af324f32549649016f7a3c196b5ac8b54d6ca3c82f84cab5d48 crypto/evp/keymgmt_meth.c 9e44d1ffb52fee194b12c50962907c8637e7d92f08339345ec9fd3bd4a248e69 crypto/evp/mac_lib.c cd611921dc773b47207c036b9108ec820ab39d67780ba4adc9ccb9dc8da58627 crypto/evp/mac_meth.c 4f0a9a7baa72c6984edb53c46101b6ff774543603bec1e1d3a6123adf27e41db crypto/evp/p_lib.c @@ -228,7 +228,7 @@ cd611921dc773b47207c036b9108ec820ab39d67780ba4adc9ccb9dc8da58627 crypto/evp/mac c2c8f6d17dc3d85ffcced051047c0b00ce99d119635f4626c5c6db3d59d86fbb crypto/evp/pmeth_lib.c ba4ff38738cbcfd3841d53a2fab92227638ceca176d3ffe50e486c9dcbabb5dd crypto/evp/s_lib.c 3c003fa01341a69c461b75cffd93cf31a1899373d7e95a1ef3754ea1bfbb77fe crypto/evp/signature.c -a3ba57f8181cfbbf017fe1d4fa8d80f4999eea6d2834b0bcda22b60e6a5e31e3 crypto/evp/skeymgmt_meth.c +30af153213f8b008955486000c5a92507dc694c4af9ac6ed6fef3f290efa3e52 crypto/evp/skeymgmt_meth.c 64f7e366e681930ba10267272b87dba223b9744a01c27ba0504a4941802a580d crypto/ex_data.c d986ec74995b05ff65a68df320ab45894ba35d7be4906f8d78ca5fca294a4e6c crypto/ffc/ffc_backend.c a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c @@ -309,20 +309,20 @@ f50450f7e5f6896fb8e3cde2fdc11cc543124c854ef9d88252a166606ca80081 crypto/params_ d32105cb087d708d0504a787f74bc163cc398c299faf2e98d6bb5ae02f5ce9b7 crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 20e69b9d594dfc443075eddbb0e6bcc0ed36ca51993cd50cc5a4f86eb31127f8 crypto/property/property_string.c -faa002fd33a147494ea93dbd1cef07138c6f61432d6465ceb4a34118e31e0a72 crypto/provider_core.c +10644e9d20214660706de58d34edf635c110d4e4f2628cd5284a08c60ed9aff8 crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c e13cf63765dd538a75eb9d2cb8fcb0243e6bd2988dd420c83806a69984dad558 crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h 426ba915ca65a770f8264129f8ac47db7aaf06c6ae51517c5d775eacdf91b9f6 crypto/rcu_internal.h -48f6a98e3d7e9ae79f2d2b8ea9965d0c4ec3b1a4473adbceb47fe1e7930dc3c1 crypto/riscv32cpuid.pl -f6c5a1440de995a115dbba5f732b294e2e6d94aa520687afd1e776af1ba48cf8 crypto/riscv64cpuid.pl +0c1d3e0e857e9e4f84752a8ef0b619d8af0d81427b52facbd0174e685dac9a47 crypto/riscv32cpuid.pl +231263dffc16987f5288592ebf4c0738902d5146bfc16bcd8a157e044cb697da crypto/riscv64cpuid.pl 0b0f3c7757447c2374338f2008c6545a1d176dcbdb41f06873f4681dc43fd42e crypto/riscvcap.c f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c 1b828f428f0e78b591378f7b780164c4574620c68f9097de041cbd576f811bf6 crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e762c599b17d5c89f4b1c9eb7d0ca1f04a95d815c86a3e72c30b231ce57fb199 crypto/rsa/rsa_crpt.c -a3d20f27ae3cb41af5b62febd0bb19025e59d401b136306d570cdba103b15542 crypto/rsa/rsa_gen.c +0fa3e4687510e2d91c8f4b1c460b1d51375d9855ed825b3d6697620b146b52d1 crypto/rsa/rsa_gen.c f22bc4e2c3acab83e67820c906c1caf048ec1f0d4fcb7472c1bec753c75f8e93 crypto/rsa/rsa_lib.c 5ae8edaf654645996385fbd420ef73030762fc146bf41deb5294d6d83e257a16 crypto/rsa/rsa_local.h cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c @@ -393,11 +393,11 @@ dfd99e02830973ab349409ac6ba0ee901ba7736216030965bd7e5a54356abd7c crypto/slh_dsa 1a2e505ac8ef45ff46f36ab89f5fb1d6a6888b2123a7cb75cf0eae849ee5de70 crypto/slh_dsa/slh_adrs.h 11d3895ea104d1238999f00b2beee4de71f35eea79065ac7b4536ee79d61d2dd crypto/slh_dsa/slh_dsa.c ab7b580b1cba302c5675918b457794a3b3d00aac42297312d9447bc6f6a40b09 crypto/slh_dsa/slh_dsa_hash_ctx.c -c26498960895d435af4ef5f592d98a0c011c00609bbba8bbd0078d4a4f081609 crypto/slh_dsa/slh_dsa_key.c +36007c2d3c7f6a405745a25d1a10b97ce781c7541b1610e51981f549c9852a5b crypto/slh_dsa/slh_dsa_key.c 4c7981f7db69025f52495c549fb3b3a76be62b9e13072c3f3b7f1dedeaf8cc91 crypto/slh_dsa/slh_dsa_key.h 5dcb631891eb6afcd27a6b19d2de4d493c71dab159e53620d86d9b96642e97e8 crypto/slh_dsa/slh_dsa_local.h adb3f4dea52396935b8442df7b36ed99324d3f3e8ce3fdf714d6dfd683e1f9f0 crypto/slh_dsa/slh_fors.c -ff320d5fc65580eb85e4e0530f332af515124a5ec8915b5a7ec04acad524c11d crypto/slh_dsa/slh_hash.c +3891252acdefc4eff77d7a65cc35d77bdca8083c9dd0d44ff91889ceafcccb45 crypto/slh_dsa/slh_hash.c a146cdf01b4b6e20127f0e48b30ed5e8820bec0fca2d9423c7b63eddf0f19af3 crypto/slh_dsa/slh_hash.h 6402664fbb259808a6f7b5a5d6be2b4a3cc8a905399d97b160cdb3e4a97c02c4 crypto/slh_dsa/slh_hypertree.c 98ba100862bb45d13bcddff79bc55e44eadd95f528dd49accb4da3ca85fcc52d crypto/slh_dsa/slh_params.c @@ -433,7 +433,7 @@ e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504 include/crypto 6c72cfa9e59d276c1debcfd36a0aff277539b43d2272267147fad4165d72747c include/crypto/ctype.h f69643f16687c5a290b2ce6b846c6d1dddabfaf7e4d26fde8b1181955de32833 include/crypto/decoder.h 89693e0a7528a9574e1d2f80644b29e3b895d3684111dd07c18cc5bed28b45b7 include/crypto/des_platform.h -daf508bb7ed5783f1c8c622f0c230e179244dd3f584e1223a19ab95930fbcb4f include/crypto/dh.h +48d133a1eb8c3b3198cfe1cafda47f9abe8050d53004f3874f258a78f29b9e48 include/crypto/dh.h 679f6e52d9becdf51fde1649478083d18fa4f5a6ece21eeb1decf70f739f49d5 include/crypto/dsa.h c7aafee54cc3ace0c563f15aa5af2cdce13e2cfc4f9a9a133952825fb7c8faf5 include/crypto/ec.h adf369f3c9392e9f2dec5a87f61ac9e48160f4a763dae51d4ad5306c4ca4e226 include/crypto/ecx.h @@ -445,10 +445,10 @@ bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto 6e7762e7fb63f56d25b24f70209f4dc834c59a87f74467531ec81646f565dbe3 include/crypto/modes.h 920bc48a4dad3712bdcef188c0ce8e8a8304e0ce332b54843bab366fc5eab472 include/crypto/rand.h 71f23915ea74e93971fb0205901031be3abea7ffef2c52e4cc4848515079f68d include/crypto/rand_pool.h -6f16685ffbc97dc2ac1240bfddf4bbac2dd1ad83fff6da91aee6f3f64c6ee8ff include/crypto/rsa.h +b1df067691f9741ef9c42b2e5f12461bcd87b745514fc5701b9c9402fb10b224 include/crypto/rsa.h 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h 80338f3865b7c74aab343879432a6399507b834e2f55dd0e9ee7a5eeba11242a include/crypto/sha.h -0814571bff328719cc1e5a73a4daf6f5810b17f9e50fe63287f91f445f053213 include/crypto/slh_dsa.h +dc7808729c3231a08bbe470b3e1b562420030f59f7bc05b14d7b516fa77b4f3a include/crypto/slh_dsa.h 7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h d6d1cd1ec7581046f5a84359a32ed41caad9e7c1b4d1eb9665ea4763de10e6b3 include/crypto/types.h 27d13538d9303b1c2f0b2ce9b6d376097ce7661354fbefbde24b7ef07206ea45 include/internal/bio.h @@ -511,9 +511,9 @@ bb45de4eafdd89c14096e9af9b0aee12b09adcee43b9313a3a373294dec99142 include/openss 69d98c5230b1c2a1b70c3e6b244fcfd8460a80ebf548542ea43bb1a57fe6cf57 include/openssl/configuration.h.in 6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h 28c6f0ede39c821dcf4abeeb4e41972038ebb3e3c9d0a43ffdf28edb559470e1 include/openssl/core.h -940f6276e5bab8a7c59eedba56150902e619823c10dc5e50cf63575be6be9ba0 include/openssl/core_dispatch.h +b59255ddb1ead5531c3f0acf72fa6627d5c7192f3d23e9536eed00f32258c43b include/openssl/core_dispatch.h d37532e62315d733862d0bff8d8de9fe40292a75deacae606f4776e544844316 include/openssl/core_names.h.in -57898905771752f6303e2b1cca1c9a41ea5e9c7bf08ee06531213a65e960e424 include/openssl/crypto.h.in +01ed3af4e25b9be3453a8f13d7dd3b4e9e73889bbed338e0d4b8021f0d17aa82 include/openssl/crypto.h.in 628e2a9e67412e2903ecb75efb27b262db1f266b805c07ece6b85bf7ffa19dac include/openssl/cryptoerr.h bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h 83af275af84cf88c4e420030a9ea07c38d1887009c8f471874ed1458a4b1cda7 include/openssl/decoder.h @@ -546,20 +546,20 @@ a8a45996fd21411cb7ed610bc202dbd06570cdfa0a2d14f7dfc8bfadc820e636 include/openss cb6bca3913c60a57bac39583eee0f789d49c3d29be3ecde9aecc7f3287117aa5 include/openssl/objects.h d25537af264684dff033dd8ae62b0348f868fcfec4aa51fa8f07bcfa4bd807ad include/openssl/objectserr.h fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970 include/openssl/opensslconf.h -1bf52d136e94f727a96651c1f48ad040482f35dae152519ccd585efd410b92f0 include/openssl/opensslv.h.in +fc914a750d798ac9fc9287e6359cfa1da214b91651deaaaa7e1a46b595cd0425 include/openssl/opensslv.h.in 767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20 include/openssl/param_build.h 1c442aaaa4dda7fbf727a451bc676fb4d855ef617c14dc77ff2a5e958ae33c3e include/openssl/params.h 44f178176293c6ce8142890ff9dc2d466364c734e4e811f56bd62010c5403183 include/openssl/pkcs7.h.in 8394828da6fd7a794777320c955d27069bfef694356c25c62b7a9eb47cd55832 include/openssl/pkcs7err.h ed785c451189aa5f7299f9f32a841e7f25b67c4ee937c8de8491a39240f5bd9d include/openssl/prov_ssl.h -7c0e616ec99ac03d241da8def32cebf2679d9cacc93f58d2c2c4b05faf0011ea include/openssl/proverr.h +d8e2e31fbf88649efaabb6a999d9c464d4462b016c65c6bdf830b2ab4261a792 include/openssl/proverr.h 01ecfa6add534dfe98c23382e0f2faf86f627c21ce16c5b49bf90333fb4cac9f include/openssl/provider.h 765846563fbd69411aff6ce00bcc22f577f6407f5a80d592edb1dc10b580a145 include/openssl/rand.h 1c135b1e5ef06e052f554d52a744a9a807a8c371c848389ad836f9e4a923dd8e include/openssl/randerr.h 2f4f0106e9b2db6636491dbe3ef81b80dbf01aefe6f73d19663423b7fcd54466 include/openssl/rsa.h 2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in -b0c9ed3ce37034524623c579e8a2ea0feb6aab39e7489ce66e2b6bf28ec81840 include/openssl/self_test.h +39300fe80a46e0b76e07f10ada73a0ba55887c8cd5f98180b337ef6d5a3344d1 include/openssl/self_test.h a435cb5d87a37c05921afb2d68f581018ec9f62fd9b3194ab651139b24f616d2 include/openssl/sha.h c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h @@ -604,23 +604,23 @@ c02d1fa866192dee1bf6d06338714efad5e7cae6ac0470ba20820599b4f811e8 providers/comm f221ca9b117c9cccb776bb230f71b86553ce6c24196bea120124a4be7b8a712f providers/common/include/prov/providercommon.h 4a6e35be7600e78633324422f019443747a62777eba4987efc50f900c43fda25 providers/common/include/prov/securitycheck.h ba12773ee7d5afbd55e240798a0e36a2b0bdb4472f3aa3984bb8059f68cfba25 providers/common/provider_ctx.c -c67989723273186af8d0fa7019fe5564957a21dd9867645cfab6ba54f8871df4 providers/common/provider_err.c +1f724e74106fa406999d706ec4b88c7185d2d1ceb7cc431a3340f778f533dbda providers/common/provider_err.c c4032b7cb033b588c6eb0585b8dfbed029d5b112a74ddd134dbcb1d78b0f9684 providers/common/provider_seeding.c 976aed982b0091a8f5320ee15e9b3d56c638c2a6b8481ddf9478d07927522f82 providers/common/provider_util.c bde6107744cf6840a4c350a48265ed000c49b0524fa60b0d68d6d7b33df5fce6 providers/common/securitycheck.c -8ea192553b423e881d85118c70bcb26a40fbdee4e110f230c966939c76f4aa7e providers/common/securitycheck_fips.c +c0ba8608dd7719c9a8d9f8668ce60007eaadd6635162d4448815a7b76a9b2439 providers/common/securitycheck_fips.c abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c d8cb05784ae8533a7d9569d4fbaaea4175b63a7c9f4fb0f254215224069dea6b providers/fips/fipsindicator.c -e9383013a79a8223784a69a66bb610d16d54e61ea978f67a3d31de9f48cd4627 providers/fips/fipsprov.c -7be8349d3b557b6d9d5f87d318253a73d21123628a08f50726502abf0e3d8a44 providers/fips/include/fips/fipsindicator.h +485441c31b5ff7916a12d0b8438d131a58cbc1ff6267cd266ae2dd6128c825cc providers/fips/fipsprov.c +6e024bbebae12014997c105df04c22bd07bbbc0a0b0a9ddd14fb798dbd3f0f26 providers/fips/include/fips/fipsindicator.h ef204adc49776214dbb299265bc4f2c40b48848cbea4c25b8029f2b46a5c9797 providers/fips/include/fips_indicator_params.inc f2581d7b4e105f2bb6d30908f3c2d9959313be08cec6dbeb49030c125a7676d3 providers/fips/include/fips_selftest_params.inc 669f76f742bcaaf28846b057bfab97da7c162d69da244de71b7c743bf16e430f providers/fips/include/fipscommon.h -1af975061d9ea273fd337c74ccaab7b9331ab781d887c4e7164c5ac35e2c2e94 providers/fips/self_test.c +f111fd7e016af8cc6f96cd8059c28227b328dd466ed137ae0c0bc0c3c3eec3ba providers/fips/self_test.c 5c2c6c2f69e2eb01b88fa35630f27948e00dd2c2fd351735c74f34ccb2005cbe providers/fips/self_test.h -9c5c8131ee9a5b2d1056b5548db3269c00445294134cb30b631707f69f8904f1 providers/fips/self_test_data.inc +663441de9aba1d1b81ce02b3acded520b88cc460330d4d98adb7450d9664c474 providers/fips/self_test_data.inc 2e568e2b161131240e97bd77a730c2299f961c2f1409ea8466422fc07f9be23f providers/fips/self_test_kats.c -7a368f6c6a5636593018bf10faecc3be1005e7cb3f0647f25c62b6f0fb7ac974 providers/implementations/asymciphers/rsa_enc.c +dde79dfdedfe0e73006a0cf912fdde1ff109dfbc5ba6ecab319c938bc4275950 providers/implementations/asymciphers/rsa_enc.c c2f1b12c64fc369dfc3b9bc9e76a76de7280e6429adaee55d332eb1971ad1879 providers/implementations/ciphers/cipher_aes.c 6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6 providers/implementations/ciphers/cipher_aes.h c20072ecf42c87f9fad2ea241d358f57ed2a04cf0cc51bdb8cb5086172f6fc8a providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -692,24 +692,24 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/impl e18ef50cd62647a2cc784c45169d75054dccd58fc106bf623d921de995bb3c34 providers/implementations/kdfs/sskdf.c 6d9767a99a5b46d44ac9e0898ee18d219c04dfb34fda42e71d54adccbed7d57c providers/implementations/kdfs/tls1_prf.c 88d04ff4c93648a4fbfd9ce137cfc64f2c85e1850593c1ab35334b8b3de8ad99 providers/implementations/kdfs/x942kdf.c -3e199221ff78d80a3678e917dbbd232c5cd15f35b7c41bac92b60f766f656af7 providers/implementations/kem/ml_kem_kem.c +b04249bcc64d6f7ec16f494afef252356b2f56424a034ab53def90463de0cb6f providers/implementations/kem/ml_kem_kem.c a2e2b44064ef44b880b89ab6adc83686936acaa906313a37e5ec69d632912034 providers/implementations/kem/mlx_kem.c c764555b9dc9b273c280514a5d2d44156f82f3e99155a77c627f2c773209bcd7 providers/implementations/kem/rsa_kem.c -b9f7fc5c19f637cee55b0a435b838f5de3a5573ca376ba602e90f70855a78852 providers/implementations/keymgmt/dh_kmgmt.c +56e173f4ddb3e91314abd79b18de513c8cbc645669a287942fca4632c3851f6b providers/implementations/keymgmt/dh_kmgmt.c 24cc3cc8e8681c77b7f96c83293bd66045fd8ad69f756e673ca7f8ca9e82b0af providers/implementations/keymgmt/dsa_kmgmt.c -e10086c31aafae0562054e3b07f12409e39b87b5e96ee7668c231c37861aa447 providers/implementations/keymgmt/ec_kmgmt.c +36a9c1c8658ce7918453827cb58ed52787e590e3f148c5510deeb2c16c25a29d providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc -d042d687da861d2a39658c6b857a6507a70fa78cecdf883bd1dcdafcf102e084 providers/implementations/keymgmt/ecx_kmgmt.c +9728d696d249b2d224724c9872138a60e1998e5cfa5c49f3f48ad0666f7eed34 providers/implementations/keymgmt/ecx_kmgmt.c daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d providers/implementations/keymgmt/kdf_legacy_kmgmt.c d97d7c8d3410b3e560ef2becaea2a47948e22205be5162f964c5e51a7eef08cb providers/implementations/keymgmt/mac_legacy_kmgmt.c -24384616fcba4eb5594ccb2ebc199bcee8494ce1b3f4ac7824f17743e39c0279 providers/implementations/keymgmt/ml_dsa_kmgmt.c -830c339dfc7f301ce5267ef9b0dc173b84d9597509c1a61ae038f3c01af78f45 providers/implementations/keymgmt/ml_kem_kmgmt.c +a428de71082fd01e5dcfa030a6fc34f6700b86d037b4e22f015c917862a158ce providers/implementations/keymgmt/ml_dsa_kmgmt.c +ae129b80f400c2d520262a44842fb02898d6986dd1417ac468293dc104337120 providers/implementations/keymgmt/ml_kem_kmgmt.c e15b780a1489bbe4c7d40d6aaa3bccfbf973e3946578f460eeb8373c657eee91 providers/implementations/keymgmt/mlx_kmgmt.c -9376a19735fcc79893cb3c6b0cff17a2cae61db9e9165d9a30f8def7f8e8e7c7 providers/implementations/keymgmt/rsa_kmgmt.c -6f0a786170ba9af860e36411d158ac0bd74bcb4d75c818a0cebadbc764759283 providers/implementations/keymgmt/slh_dsa_kmgmt.c +d37e7a96253cf146e45c9adf9dbf83ab83fccbe41a5e5a6736f9085a60c38167 providers/implementations/keymgmt/rsa_kmgmt.c +6bb62b5417afb24a43b726148862770689f420a310722398f714f396ba07f205 providers/implementations/keymgmt/slh_dsa_kmgmt.c 9d02d481b9c7c0c9e0932267d1a3e1fef00830aaa03093f000b88aa042972b9f providers/implementations/macs/cmac_prov.c 3c558b57fff3588b6832475e0b1c5be590229ad50d95a6ebb089b62bf5fe382d providers/implementations/macs/gmac_prov.c -3b5e591e8f6c6ba721a20d978452c9aae9a8259b3595b158303a49b35f286e53 providers/implementations/macs/hmac_prov.c +b78305d36f248499a97800873a6bd215b2b7ae2e767c04b7ffcbad7add066040 providers/implementations/macs/hmac_prov.c 6f9100c9cdd39f94601d04a6564772686571711ff198cf8469e86444d1ba25f3 providers/implementations/macs/kmac_prov.c 4115f822e2477cd2c92a1c956cca1e4dbc5d86366e2a44a37526756153c0e432 providers/implementations/rands/drbg.c b7e24bb9265501e37253e801028f3fd0af5111a100c0b2005c53d43f02c03389 providers/implementations/rands/drbg_ctr.c @@ -718,12 +718,12 @@ b7e24bb9265501e37253e801028f3fd0af5111a100c0b2005c53d43f02c03389 providers/impl 2c63defffcc681ada17a6cc3eb895634fd8bf86110796a6381cc3dedd26fd47d providers/implementations/rands/drbg_local.h ddae75f1e08416c92802faafba9d524e3bf58c13e9fcb51735733e161006f89e providers/implementations/rands/fips_crng_test.c 04e726d547a00d0254362b0ebd3ddf87f58a53b78d3a070a1620f5fa714330bb providers/implementations/rands/test_rng.c -bd3c3d166be0e171e08e1cd03a943a643b4c181f11d8dde5e508d50163ac0cb8 providers/implementations/signature/dsa_sig.c -848ecf7587757410f98661a22fdf6eece53cc317224a22826d838131a47de8b0 providers/implementations/signature/ecdsa_sig.c +732a4402f2621e2b676f0c0e885fb5ca8bc22d00842d47e7607a875fdff8a980 providers/implementations/signature/dsa_sig.c +72d09f89a9645d365fb357a512fb5687c04a924c34f1bbfc17e17c1ca169d7c6 providers/implementations/signature/ecdsa_sig.c bd48b0fe43f0d0d91eb34bdfd48fbcfd69bceabf0ddc678702fe9ef968064bb6 providers/implementations/signature/eddsa_sig.c e0e67e402ff19b0d2eb5228d7ebd70b9477c12595ac34d6f201373d7c8a516f4 providers/implementations/signature/mac_legacy_sig.c 51251a1ca4c0b6faea059de5d5268167fe47565163317177d09db39978134f78 providers/implementations/signature/ml_dsa_sig.c -6c370ec1d3393fa9ac7125e26700fbc0ea05bfd489ddacd1bb6da9b990da26d1 providers/implementations/signature/rsa_sig.c +bab268ab5ad1d5e8dfdd8c01d25b216c657406ec2ff4e7ce190814ac7b92509f providers/implementations/signature/rsa_sig.c 14e7640b4db5e59e29b0266256d3d821adf871afa9703e18285f2fc957ac5971 providers/implementations/signature/slh_dsa_sig.c 21f537f9083f0341d9d1b0ace090a8d8f0b2b9e9cf76771c359b6ea00667a469 providers/implementations/skeymgmt/aes_skmgmt.c 2dbf9b8e738fad556c3248fb554ff4cc269ade3c86fa3d2786ba9b6d6016bf22 providers/implementations/skeymgmt/generic.c diff --git a/crypto/openssl/providers/fips.checksum b/crypto/openssl/providers/fips.checksum index f9e822a7f9f1..7fa4ea19bba3 100644 --- a/crypto/openssl/providers/fips.checksum +++ b/crypto/openssl/providers/fips.checksum @@ -1 +1 @@ -cffe76b0bc6464c7c864d5e2eaaf528439cb6c9908dc75666d530aa8a65e152e providers/fips-sources.checksums +8d0c2c2b986f4c98f511c9aa020e98aa984dce5976d8e1966a7721f8b559cda8 providers/fips-sources.checksums diff --git a/crypto/openssl/providers/fips/fipsprov.c b/crypto/openssl/providers/fips/fipsprov.c index 4b9a0574625d..e260b5b6652e 100644 --- a/crypto/openssl/providers/fips/fipsprov.c +++ b/crypto/openssl/providers/fips/fipsprov.c @@ -65,6 +65,7 @@ static OSSL_FUNC_core_vset_error_fn *c_vset_error; static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; +static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark; static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc; static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free; @@ -797,6 +798,9 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(in)); break; + case OSSL_FUNC_CORE_COUNT_TO_MARK: + set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in)); + break; case OSSL_FUNC_CRYPTO_MALLOC: set_func(c_CRYPTO_malloc, OSSL_FUNC_CRYPTO_malloc(in)); break; @@ -1035,6 +1039,11 @@ int ERR_pop_to_mark(void) return c_pop_error_to_mark(NULL); } +int ERR_count_to_mark(void) +{ + return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0; +} + /* * This must take a library context, since it's called from the depths * of crypto/initthread.c code, where it's (correctly) assumed that the diff --git a/crypto/openssl/providers/fips/include/fips/fipsindicator.h b/crypto/openssl/providers/fips/include/fips/fipsindicator.h index 045d2108d549..9b2b5b49a7fa 100644 --- a/crypto/openssl/providers/fips/include/fips/fipsindicator.h +++ b/crypto/openssl/providers/fips/include/fips/fipsindicator.h @@ -1,5 +1,5 @@ /* - * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -134,6 +134,7 @@ int ossl_fips_ind_digest_exch_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *li int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, int nid, int sha1_allowed, + int sha512_trunc_allowed, const char *desc, OSSL_FIPS_IND_CHECK_CB *config_check_f); diff --git a/crypto/openssl/providers/fips/self_test.c b/crypto/openssl/providers/fips/self_test.c index ef7be26ca722..456efd139e94 100644 --- a/crypto/openssl/providers/fips/self_test.c +++ b/crypto/openssl/providers/fips/self_test.c @@ -424,9 +424,18 @@ void SELF_TEST_disable_conditional_error_state(void) void ossl_set_error_state(const char *type) { - int cond_test = (type != NULL && strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0); + int cond_test = 0; + int import_pct = 0; - if (!cond_test || (FIPS_conditional_error_check == 1)) { + if (type != NULL) { + cond_test = strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0; + import_pct = strcmp(type, OSSL_SELF_TEST_TYPE_PCT_IMPORT) == 0; + } + + if (import_pct) { + /* Failure to import is transient to avoid a DoS attack */ + ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR); + } else if (!cond_test || (FIPS_conditional_error_check == 1)) { set_fips_state(FIPS_STATE_ERROR); ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE); } else { diff --git a/crypto/openssl/providers/fips/self_test_data.inc b/crypto/openssl/providers/fips/self_test_data.inc index 5cbb5352a596..b6aa433ca93c 100644 --- a/crypto/openssl/providers/fips/self_test_data.inc +++ b/crypto/openssl/providers/fips/self_test_data.inc @@ -169,6 +169,12 @@ typedef struct st_kat_kem_st { } ST_KAT_KEM; /*- DIGEST SELF TEST DATA */ +static const unsigned char sha1_pt[] = "abc"; +static const unsigned char sha1_digest[] = { + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, + 0x9C, 0xD0, 0xD8, 0x9D +}; static const unsigned char sha512_pt[] = "abc"; static const unsigned char sha512_digest[] = { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49, @@ -187,12 +193,18 @@ static const unsigned char sha3_256_digest[] = { /* * Note: - * SHA1 and SHA256 are tested by higher level algorithms so a + * SHA256 is tested by higher level algorithms so a * CAST is not needed. */ static const ST_KAT_DIGEST st_kat_digest_tests[] = { { + OSSL_SELF_TEST_DESC_MD_SHA1, + "SHA1", + ITM_STR(sha1_pt), + ITM(sha1_digest), + }, + { OSSL_SELF_TEST_DESC_MD_SHA2, "SHA512", ITM_STR(sha512_pt), @@ -208,28 +220,6 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] = /*- CIPHER TEST DATA */ -/* DES3 test data */ -static const unsigned char des_ede3_cbc_pt[] = { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, - 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, - 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 -}; -static const unsigned char des_ede3_cbc_key[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, - 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, - 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 -}; -static const unsigned char des_ede3_cbc_iv[] = { - 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17 -}; -static const unsigned char des_ede3_cbc_ct[] = { - 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, - 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62, - 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, - 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 -}; - /* AES-256 GCM test data */ static const unsigned char aes_256_gcm_key[] = { 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, @@ -364,7 +354,7 @@ static const ST_KAT_PARAM hkdf_params[] = { ST_KAT_PARAM_END() }; -static const char sskdf_digest[] = "SHA224"; +static const char sskdf_digest[] = "SHA256"; static const unsigned char sskdf_secret[] = { 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4, 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1, @@ -383,8 +373,8 @@ static const unsigned char sskdf_otherinfo[] = { 0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe }; static const unsigned char sskdf_expected[] = { - 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46, - 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8 + 0x27, 0xce, 0x57, 0xed, 0xb1, 0x7e, 0x1f, 0xf2, + 0xe4, 0x79, 0x2e, 0x84, 0x8b, 0x04, 0xf1, 0xae }; static const ST_KAT_PARAM sskdf_params[] = { ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest), @@ -393,7 +383,7 @@ static const ST_KAT_PARAM sskdf_params[] = { ST_KAT_PARAM_END() }; -static const char x942kdf_digest[] = "SHA1"; +static const char x942kdf_digest[] = "SHA256"; static const char x942kdf_cekalg[] = "AES-128-WRAP"; static const unsigned char x942kdf_secret[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -401,8 +391,8 @@ static const unsigned char x942kdf_secret[] = { 0x10, 0x11, 0x12, 0x13 }; static const unsigned char x942kdf_expected[] = { - 0xd6, 0xd6, 0xb0, 0x94, 0xc1, 0x02, 0x7a, 0x7d, - 0xe6, 0xe3, 0x11, 0x72, 0x94, 0xa3, 0x53, 0x64 + 0x79, 0x66, 0xa0, 0x38, 0x22, 0x28, 0x1e, 0xa3, + 0xeb, 0x08, 0xd9, 0xbc, 0x69, 0x5b, 0xd8, 0xff }; static const ST_KAT_PARAM x942kdf_params[] = { ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x942kdf_digest), @@ -809,51 +799,73 @@ static const unsigned char drbg_ctr_aes128_pr_df_expected[] = { /* * HMAC_DRBG.rsp * - * [SHA-1] + * [SHA-256] * [PredictionResistance = True] - * [EntropyInputLen = 128] - * [NonceLen = 64] - * [PersonalizationStringLen = 128] - * [AdditionalInputLen = 128] - * [ReturnedBitsLen = 640] + * [EntropyInputLen = 256] + * [NonceLen = 128] + * [PersonalizationStringLen = 256] + * [AdditionalInputLen = 256] + * [ReturnedBitsLen = 1024] * * COUNT = 0 */ -static const unsigned char drbg_hmac_sha1_pr_entropyin[] = { - 0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7, - 0x79, 0x9e, 0xe5, 0xd8 -}; -static const unsigned char drbg_hmac_sha1_pr_nonce[] = { - 0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b -}; -static const unsigned char drbg_hmac_sha1_pr_persstr[] = { - 0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0, - 0xa9, 0x31, 0x3d, 0xd7 -}; -static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = { - 0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f, - 0x5f, 0x22, 0xc6, 0xa4 -}; -static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = { - 0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82, - 0x2d, 0x1a, 0xf7, 0xa6 -}; -static const unsigned char drbg_hmac_sha1_pr_addin0[] = { - 0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3, - 0xc1, 0x8c, 0xd9, 0xd7 -}; -static const unsigned char drbg_hmac_sha1_pr_addin1[] = { - 0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5, - 0xa1, 0x37, 0x12, 0x0c -}; -static const unsigned char drbg_hmac_sha1_pr_expected[] = { - 0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71, - 0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b, - 0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b, - 0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf, - 0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0, - 0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2, - 0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc +static const unsigned char drbg_hmac_sha2_pr_entropyin[] = { + 0xca, 0x85, 0x19, 0x11, 0x34, 0x93, 0x84, 0xbf, + 0xfe, 0x89, 0xde, 0x1c, 0xbd, 0xc4, 0x6e, 0x68, + 0x31, 0xe4, 0x4d, 0x34, 0xa4, 0xfb, 0x93, 0x5e, + 0xe2, 0x85, 0xdd, 0x14, 0xb7, 0x1a, 0x74, 0x88 +}; +static const unsigned char drbg_hmac_sha2_pr_nonce[] = { + 0x65, 0x9b, 0xa9, 0x6c, 0x60, 0x1d, 0xc6, 0x9f, + 0xc9, 0x02, 0x94, 0x08, 0x05, 0xec, 0x0c, 0xa8 +}; +static const unsigned char drbg_hmac_sha2_pr_persstr[] = { + 0xe7, 0x2d, 0xd8, 0x59, 0x0d, 0x4e, 0xd5, 0x29, + 0x55, 0x15, 0xc3, 0x5e, 0xd6, 0x19, 0x9e, 0x9d, + 0x21, 0x1b, 0x8f, 0x06, 0x9b, 0x30, 0x58, 0xca, + 0xa6, 0x67, 0x0b, 0x96, 0xef, 0x12, 0x08, 0xd0 +}; +static const unsigned char drbg_hmac_sha2_pr_entropyinpr0[] = { + 0x5c, 0xac, 0xc6, 0x81, 0x65, 0xa2, 0xe2, 0xee, + 0x20, 0x81, 0x2f, 0x35, 0xec, 0x73, 0xa7, 0x9d, + 0xbf, 0x30, 0xfd, 0x47, 0x54, 0x76, 0xac, 0x0c, + 0x44, 0xfc, 0x61, 0x74, 0xcd, 0xac, 0x2b, 0x55 +}; +static const unsigned char drbg_hmac_sha2_pr_entropyinpr1[] = { + 0x8d, 0xf0, 0x13, 0xb4, 0xd1, 0x03, 0x52, 0x30, + 0x73, 0x91, 0x7d, 0xdf, 0x6a, 0x86, 0x97, 0x93, + 0x05, 0x9e, 0x99, 0x43, 0xfc, 0x86, 0x54, 0x54, + 0x9e, 0x7a, 0xb2, 0x2f, 0x7c, 0x29, 0xf1, 0x22 +}; +static const unsigned char drbg_hmac_sha2_pr_addin0[] = { + 0x79, 0x3a, 0x7e, 0xf8, 0xf6, 0xf0, 0x48, 0x2b, + 0xea, 0xc5, 0x42, 0xbb, 0x78, 0x5c, 0x10, 0xf8, + 0xb7, 0xb4, 0x06, 0xa4, 0xde, 0x92, 0x66, 0x7a, + 0xb1, 0x68, 0xec, 0xc2, 0xcf, 0x75, 0x73, 0xc6 +}; +static const unsigned char drbg_hmac_sha2_pr_addin1[] = { + 0x22, 0x38, 0xcd, 0xb4, 0xe2, 0x3d, 0x62, 0x9f, + 0xe0, 0xc2, 0xa8, 0x3d, 0xd8, 0xd5, 0x14, 0x4c, + 0xe1, 0xa6, 0x22, 0x9e, 0xf4, 0x1d, 0xab, 0xe2, + 0xa9, 0x9f, 0xf7, 0x22, 0xe5, 0x10, 0xb5, 0x30 +}; +static const unsigned char drbg_hmac_sha2_pr_expected[] = { + 0xb1, 0xd1, 0x7c, 0x00, 0x2a, 0x7f, 0xeb, 0xd2, + 0x84, 0x12, 0xd8, 0xe5, 0x8a, 0x7f, 0x32, 0x31, + 0x8e, 0x4e, 0xe3, 0x60, 0x5a, 0x99, 0xb0, 0x5b, + 0x05, 0xd5, 0x93, 0x56, 0xd5, 0xf0, 0xc6, 0xb4, + 0x96, 0x0a, 0x4b, 0x8f, 0x96, 0x3b, 0x7e, 0xfa, + 0x55, 0xbb, 0x68, 0x72, 0xfb, 0xea, 0xc7, 0xb9, + 0x9b, 0x78, 0xde, 0xa8, 0xf3, 0x53, 0x19, 0x73, + 0x63, 0x7c, 0x94, 0x6a, 0x9c, 0xab, 0x33, 0x49, + 0x74, 0x4b, 0x24, 0xa0, 0x85, 0x1d, 0xd4, 0x7f, + 0x2b, 0x3b, 0x46, 0x0c, 0x2c, 0x61, 0x84, 0x6e, + 0x91, 0x18, 0x1d, 0x62, 0xd4, 0x2c, 0x60, 0xa4, + 0xef, 0xda, 0x5e, 0xd5, 0x79, 0x02, 0xbf, 0xd7, + 0x02, 0xb3, 0x49, 0xc5, 0x49, 0x52, 0xc7, 0xf6, + 0x44, 0x76, 0x9d, 0x8e, 0xf4, 0x01, 0x5e, 0xcc, + 0x5f, 0x5b, 0xbd, 0x4a, 0xf0, 0x61, 0x34, 0x68, + 0x8e, 0x30, 0x05, 0x0e, 0x04, 0x97, 0xfb, 0x0a }; static const ST_KAT_DRBG st_kat_drbg_tests[] = @@ -884,15 +896,15 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] = }, { OSSL_SELF_TEST_DESC_DRBG_HMAC, - "HMAC-DRBG", "digest", "SHA1", - ITM(drbg_hmac_sha1_pr_entropyin), - ITM(drbg_hmac_sha1_pr_nonce), - ITM(drbg_hmac_sha1_pr_persstr), - ITM(drbg_hmac_sha1_pr_entropyinpr0), - ITM(drbg_hmac_sha1_pr_entropyinpr1), - ITM(drbg_hmac_sha1_pr_addin0), - ITM(drbg_hmac_sha1_pr_addin1), - ITM(drbg_hmac_sha1_pr_expected) + "HMAC-DRBG", "digest", "SHA256", + ITM(drbg_hmac_sha2_pr_entropyin), + ITM(drbg_hmac_sha2_pr_nonce), + ITM(drbg_hmac_sha2_pr_persstr), + ITM(drbg_hmac_sha2_pr_entropyinpr0), + ITM(drbg_hmac_sha2_pr_entropyinpr1), + ITM(drbg_hmac_sha2_pr_addin0), + ITM(drbg_hmac_sha2_pr_addin1), + ITM(drbg_hmac_sha2_pr_expected) } }; @@ -907,38 +919,39 @@ static const unsigned char dh_priv[] = { 0x40, 0xb8, 0xfc, 0xe6 }; static const unsigned char dh_pub[] = { - 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, - 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, - 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, - 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, - 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, - 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, - 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, - 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, - 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, - 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, - 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, - 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, - 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, - 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, - 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, - 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, - 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, - 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, - 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, - 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, - 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, - 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, - 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, - 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, - 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, - 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, - 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, - 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, - 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, - 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, - 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, - 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 + 0x00, 0x8f, 0x81, 0x67, 0x68, 0xce, 0x97, 0x99, + 0x7e, 0x11, 0x5c, 0xad, 0x5b, 0xe1, 0x0c, 0xd4, + 0x15, 0x44, 0xdf, 0xc2, 0x47, 0xe7, 0x06, 0x27, + 0x5e, 0xf3, 0x9d, 0x5c, 0x4b, 0x2e, 0x35, 0x05, + 0xfd, 0x3c, 0x8f, 0x35, 0x85, 0x1b, 0x82, 0xdd, + 0x49, 0xc9, 0xa8, 0x7e, 0x3a, 0x5f, 0x33, 0xdc, + 0x8f, 0x5e, 0x32, 0x76, 0xe1, 0x52, 0x1b, 0x88, + 0x85, 0xda, 0xa9, 0x1d, 0x5f, 0x1c, 0x05, 0x3a, + 0xd4, 0x8d, 0xbb, 0xe7, 0x46, 0x46, 0x1e, 0x29, + 0x4b, 0x5a, 0x02, 0x88, 0x46, 0x94, 0xd0, 0x68, + 0x7d, 0xb2, 0x9f, 0x3a, 0x3d, 0x82, 0x05, 0xe5, + 0xa7, 0xbe, 0x6c, 0x7e, 0x24, 0x35, 0x25, 0x14, + 0xf3, 0x45, 0x08, 0x90, 0xfc, 0x55, 0x2e, 0xa8, + 0xb8, 0xb1, 0x89, 0x15, 0x94, 0x51, 0x44, 0xa9, + 0x9f, 0x68, 0xcb, 0x90, 0xbc, 0xd3, 0xae, 0x02, + 0x37, 0x26, 0xe4, 0xe9, 0x1a, 0x90, 0x95, 0x7e, + 0x1d, 0xac, 0x0c, 0x91, 0x97, 0x83, 0x24, 0x83, + 0xb9, 0xa1, 0x40, 0x72, 0xac, 0xf0, 0x55, 0x32, + 0x18, 0xab, 0xb8, 0x90, 0xda, 0x13, 0x4a, 0xc8, + 0x4b, 0x7c, 0x18, 0xbc, 0x33, 0xbf, 0x99, 0x85, + 0x39, 0x3e, 0xc6, 0x95, 0x9b, 0x48, 0x8e, 0xbe, + 0x46, 0x59, 0x48, 0x41, 0x0d, 0x37, 0x25, 0x94, + 0xbe, 0x8d, 0xf5, 0x81, 0x52, 0xf6, 0xdc, 0xeb, + 0x98, 0xd7, 0x3b, 0x44, 0x61, 0x6f, 0xa3, 0xef, + 0x7b, 0xfe, 0xbb, 0xc2, 0x8e, 0x46, 0x63, 0xbc, + 0x52, 0x65, 0xf9, 0xf8, 0x85, 0x41, 0xdf, 0x82, + 0x4a, 0x10, 0x2a, 0xe3, 0x0c, 0xb7, 0xad, 0x84, + 0xa6, 0x6f, 0x4e, 0x8e, 0x96, 0x1e, 0x04, 0xf7, + 0x57, 0x39, 0xca, 0x58, 0xd4, 0xef, 0x5a, 0xf1, + 0xf5, 0x69, 0xc2, 0xb1, 0x5c, 0x0a, 0xce, 0xbe, + 0x38, 0x01, 0xb5, 0x3f, 0x07, 0x8a, 0x72, 0x90, + 0x10, 0xac, 0x51, 0x3a, 0x96, 0x43, 0xdf, 0x6f, + 0xea }; static const unsigned char dh_peer_pub[] = { 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, diff --git a/crypto/openssl/providers/implementations/asymciphers/rsa_enc.c b/crypto/openssl/providers/implementations/asymciphers/rsa_enc.c index 6ee127caff80..e6b676d0f8fa 100644 --- a/crypto/openssl/providers/implementations/asymciphers/rsa_enc.c +++ b/crypto/openssl/providers/implementations/asymciphers/rsa_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -151,6 +151,7 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, size_t outsize, const unsigned char *in, size_t inlen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + size_t len = RSA_size(prsactx->rsa); int ret; if (!ossl_prov_is_running()) @@ -168,17 +169,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, } #endif - if (out == NULL) { - size_t len = RSA_size(prsactx->rsa); + if (len == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } - if (len == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); - return 0; - } + if (out == NULL) { *outlen = len; return 1; } + if (outsize < len) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING) { int rsasize = RSA_size(prsactx->rsa); unsigned char *tbuf; diff --git a/crypto/openssl/providers/implementations/encode_decode/decode_pem2der.c b/crypto/openssl/providers/implementations/encode_decode/decode_pem2der.c index abea679fe19a..a38c71883dd1 100644 --- a/crypto/openssl/providers/implementations/encode_decode/decode_pem2der.c +++ b/crypto/openssl/providers/implementations/encode_decode/decode_pem2der.c @@ -151,6 +151,7 @@ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, { PEM_STRING_DSAPARAMS, OSSL_OBJECT_PKEY, "DSA", "type-specific" }, { PEM_STRING_ECPRIVATEKEY, OSSL_OBJECT_PKEY, "EC", "type-specific" }, { PEM_STRING_ECPARAMETERS, OSSL_OBJECT_PKEY, "EC", "type-specific" }, + { PEM_STRING_SM2PRIVATEKEY, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, { PEM_STRING_SM2PARAMETERS, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, { PEM_STRING_RSA, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, { PEM_STRING_RSA_PUBLIC, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, diff --git a/crypto/openssl/providers/implementations/kem/ml_kem_kem.c b/crypto/openssl/providers/implementations/kem/ml_kem_kem.c index ac798cb4b6ba..27aa3b819836 100644 --- a/crypto/openssl/providers/implementations/kem/ml_kem_kem.c +++ b/crypto/openssl/providers/implementations/kem/ml_kem_kem.c @@ -171,7 +171,7 @@ static int ml_kem_encapsulate(void *vctx, unsigned char *ctext, size_t *clen, return 1; } if (shsec == NULL) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL, + ERR_raise_data(ERR_LIB_PROV, PROV_R_NULL_OUTPUT_BUFFER, "NULL shared-secret buffer"); goto end; } diff --git a/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c index c2ee8593557a..0e9e837383f2 100644 --- a/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,10 +19,12 @@ #include <openssl/core_names.h> #include <openssl/bn.h> #include <openssl/err.h> +#include <openssl/self_test.h> #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "crypto/dh.h" +#include "internal/fips.h" #include "internal/sizes.h" static OSSL_FUNC_keymgmt_new_fn dh_newdata; @@ -440,7 +442,7 @@ static int dh_validate(const void *keydata, int selection, int checktype) if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR) - ok = ok && ossl_dh_check_pairwise(dh); + ok = ok && ossl_dh_check_pairwise(dh, 0); return ok; } @@ -792,6 +794,15 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) gctx->gen_type == DH_PARAMGEN_TYPE_FIPS_186_2); if (DH_generate_key(dh) <= 0) goto end; +#ifdef FIPS_MODULE + if (!ossl_fips_self_testing()) { + ret = ossl_dh_check_pairwise(dh, 0); + if (ret <= 0) { + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + goto end; + } + } +#endif /* FIPS_MODULE */ } DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, gctx->dh_type); diff --git a/crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c index 9421aabb1455..a1d04bc3fdd3 100644 --- a/crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/ec_kmgmt.c @@ -20,12 +20,14 @@ #include <openssl/err.h> #include <openssl/objects.h> #include <openssl/proverr.h> +#include <openssl/self_test.h> #include "crypto/bn.h" #include "crypto/ec.h" #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "prov/securitycheck.h" +#include "internal/fips.h" #include "internal/param_build_set.h" #ifndef FIPS_MODULE @@ -1330,6 +1332,21 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (gctx->group_check != NULL) ret = ret && ossl_ec_set_check_group_type_from_name(ec, gctx->group_check); +#ifdef FIPS_MODULE + if (ret > 0 + && !ossl_fips_self_testing() + && EC_KEY_get0_public_key(ec) != NULL + && EC_KEY_get0_private_key(ec) != NULL + && EC_KEY_get0_group(ec) != NULL) { + BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); + + ret = bnctx != NULL && ossl_ec_key_pairwise_check(ec, bnctx); + BN_CTX_free(bnctx); + if (ret <= 0) + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + } +#endif /* FIPS_MODULE */ + if (ret) return ec; err: diff --git a/crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c index c2ac805ad1f6..e6d326a90705 100644 --- a/crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/ecx_kmgmt.c @@ -17,6 +17,7 @@ #include <openssl/evp.h> #include <openssl/rand.h> #include <openssl/self_test.h> +#include "internal/fips.h" #include "internal/param_build_set.h" #include <openssl/param_build.h> #include "crypto/ecx.h" @@ -92,6 +93,15 @@ static void *s390x_ecd_keygen25519(struct ecx_gen_ctx *gctx); static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx); #endif +#ifdef FIPS_MODULE +static int ecd_fips140_pairwise_test(const ECX_KEY *ecx, int type, int self_test); +#endif /* FIPS_MODULE */ + +static ossl_inline int ecx_key_type_is_ed(ECX_KEY_TYPE type) +{ + return type == ECX_KEY_TYPE_ED25519 || type == ECX_KEY_TYPE_ED448; +} + static void *x25519_new_key(void *provctx) { if (!ossl_prov_is_running()) @@ -208,6 +218,14 @@ static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[]) include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_ecx_key_fromdata(key, params, include_private); +#ifdef FIPS_MODULE + if (ok > 0 && ecx_key_type_is_ed(key->type) && !ossl_fips_self_testing()) + if (key->haspubkey && key->privkey != NULL) { + ok = ecd_fips140_pairwise_test(key, key->type, 1); + if (ok <= 0) + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); + } +#endif /* FIPS_MODULE */ return ok; } @@ -703,8 +721,7 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx) } #ifndef FIPS_MODULE if (gctx->dhkem_ikm != NULL && gctx->dhkem_ikmlen != 0) { - if (gctx->type == ECX_KEY_TYPE_ED25519 - || gctx->type == ECX_KEY_TYPE_ED448) + if (ecx_key_type_is_ed(gctx->type)) goto err; if (!ossl_ecx_dhkem_derive_private(key, privkey, gctx->dhkem_ikm, gctx->dhkem_ikmlen)) @@ -968,7 +985,7 @@ static int ecx_validate(const void *keydata, int selection, int type, if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != OSSL_KEYMGMT_SELECT_KEYPAIR) return ok; - if (type == ECX_KEY_TYPE_ED25519 || type == ECX_KEY_TYPE_ED448) + if (ecx_key_type_is_ed(type)) ok = ok && ecd_key_pairwise_check(ecx, type); else ok = ok && ecx_key_pairwise_check(ecx, type); diff --git a/crypto/openssl/providers/implementations/keymgmt/ml_dsa_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/ml_dsa_kmgmt.c index 53feeba4ac3d..6b99e093c6d5 100644 --- a/crypto/openssl/providers/implementations/keymgmt/ml_dsa_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/ml_dsa_kmgmt.c @@ -268,6 +268,7 @@ static int ml_dsa_import(void *keydata, int selection, const OSSL_PARAM params[] { ML_DSA_KEY *key = keydata; int include_priv; + int res; if (!ossl_prov_is_running() || key == NULL) return 0; @@ -276,7 +277,17 @@ static int ml_dsa_import(void *keydata, int selection, const OSSL_PARAM params[] return 0; include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0); - return ml_dsa_key_fromdata(key, params, include_priv); + res = ml_dsa_key_fromdata(key, params, include_priv); +#ifdef FIPS_MODULE + if (res > 0) { + res = ml_dsa_pairwise_test(key); + if (!res) { + ossl_ml_dsa_key_reset(key); + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); + } + } +#endif /* FIPS_MODULE */ + return res; } #define ML_DSA_IMEXPORTABLE_PARAMETERS \ diff --git a/crypto/openssl/providers/implementations/keymgmt/ml_kem_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/ml_kem_kmgmt.c index 3936b6c3cd40..9b34fe1c0331 100644 --- a/crypto/openssl/providers/implementations/keymgmt/ml_kem_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/ml_kem_kmgmt.c @@ -475,7 +475,7 @@ static int ml_kem_import(void *vkey, int selection, const OSSL_PARAM params[]) if (res > 0 && include_private && !ml_kem_pairwise_test(key, key->prov_flags)) { #ifdef FIPS_MODULE - ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); #endif ossl_ml_kem_key_reset(key); res = 0; @@ -504,7 +504,7 @@ static const OSSL_PARAM *ml_kem_gettable_params(void *provctx) } #ifndef FIPS_MODULE -void *ml_kem_load(const void *reference, size_t reference_sz) +static void *ml_kem_load(const void *reference, size_t reference_sz) { ML_KEM_KEY *key = NULL; uint8_t *encoded_dk = NULL; diff --git a/crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c index 77d095009421..cd74275d604b 100644 --- a/crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/rsa_kmgmt.c @@ -25,6 +25,7 @@ #include "prov/provider_ctx.h" #include "crypto/rsa.h" #include "crypto/cryptlib.h" +#include "internal/fips.h" #include "internal/param_build_set.h" static OSSL_FUNC_keymgmt_new_fn rsa_newdata; diff --git a/crypto/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c b/crypto/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c index cd2ebea72abb..721617229467 100644 --- a/crypto/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c +++ b/crypto/openssl/providers/implementations/keymgmt/slh_dsa_kmgmt.c @@ -11,6 +11,7 @@ #include <openssl/core_names.h> #include <openssl/param_build.h> #include <openssl/self_test.h> +#include <openssl/proverr.h> #include "crypto/slh_dsa.h" #include "internal/fips.h" #include "internal/param_build_set.h" @@ -18,6 +19,11 @@ #include "prov/providercommon.h" #include "prov/provider_ctx.h" +#ifdef FIPS_MODULE +static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key, + SLH_DSA_HASH_CTX *ctx); +#endif /* FIPS_MODULE */ + static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key; static OSSL_FUNC_keymgmt_has_fn slh_dsa_has; static OSSL_FUNC_keymgmt_match_fn slh_dsa_match; @@ -281,9 +287,8 @@ static void *slh_dsa_gen_init(void *provctx, int selection, * Refer to FIPS 140-3 IG 10.3.A Additional Comment 1 * Perform a pairwise test for SLH_DSA by signing and verifying a signature. */ -static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx, - const SLH_DSA_KEY *key, - OSSL_LIB_CTX *lib_ctx) +static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key, + SLH_DSA_HASH_CTX *ctx) { int ret = 0; OSSL_SELF_TEST *st = NULL; @@ -293,15 +298,25 @@ static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx, size_t msg_len = sizeof(msg); uint8_t *sig = NULL; size_t sig_len; + OSSL_LIB_CTX *lib_ctx; + int alloc_ctx = 0; /* During self test, it is a waste to do this test */ if (ossl_fips_self_testing()) return 1; + if (ctx == NULL) { + ctx = ossl_slh_dsa_hash_ctx_new(key); + if (ctx == NULL) + return 0; + alloc_ctx = 1; + } + lib_ctx = ossl_slh_dsa_key_get0_libctx(key); + OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg); st = OSSL_SELF_TEST_new(cb, cb_arg); if (st == NULL) - return 0; + goto err; OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, OSSL_SELF_TEST_DESC_PCT_SLH_DSA); @@ -322,6 +337,8 @@ static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx, ret = 1; err: + if (alloc_ctx) + ossl_slh_dsa_hash_ctx_free(ctx); OPENSSL_free(sig); OSSL_SELF_TEST_onend(st, ret); OSSL_SELF_TEST_free(st); @@ -342,12 +359,12 @@ static void *slh_dsa_gen(void *genctx, const char *alg) return NULL; ctx = ossl_slh_dsa_hash_ctx_new(key); if (ctx == NULL) - return NULL; + goto err; if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx, gctx->entropy, gctx->entropy_len)) goto err; #ifdef FIPS_MODULE - if (!slh_dsa_fips140_pairwise_test(ctx, key, gctx->libctx)) { + if (!slh_dsa_fips140_pairwise_test(key, ctx)) { ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); goto err; } diff --git a/crypto/openssl/providers/implementations/macs/hmac_prov.c b/crypto/openssl/providers/implementations/macs/hmac_prov.c index e9c3087027c6..eb5ecaa300ef 100644 --- a/crypto/openssl/providers/implementations/macs/hmac_prov.c +++ b/crypto/openssl/providers/implementations/macs/hmac_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,7 +98,7 @@ static void hmac_free(void *vmacctx) if (macctx != NULL) { HMAC_CTX_free(macctx->ctx); ossl_prov_digest_reset(&macctx->digest); - OPENSSL_secure_clear_free(macctx->key, macctx->keylen); + OPENSSL_clear_free(macctx->key, macctx->keylen); OPENSSL_free(macctx); } } @@ -127,13 +127,13 @@ static void *hmac_dup(void *vsrc) return NULL; } if (src->key != NULL) { - /* There is no "secure" OPENSSL_memdup */ - dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1); + dst->key = OPENSSL_malloc(src->keylen > 0 ? src->keylen : 1); if (dst->key == NULL) { hmac_free(dst); return 0; } - memcpy(dst->key, src->key, src->keylen); + if (src->keylen > 0) + memcpy(dst->key, src->key, src->keylen); } return dst; } @@ -178,13 +178,14 @@ static int hmac_setkey(struct hmac_data_st *macctx, #endif if (macctx->key != NULL) - OPENSSL_secure_clear_free(macctx->key, macctx->keylen); + OPENSSL_clear_free(macctx->key, macctx->keylen); /* Keep a copy of the key in case we need it for TLS HMAC */ - macctx->key = OPENSSL_secure_malloc(keylen > 0 ? keylen : 1); + macctx->key = OPENSSL_malloc(keylen > 0 ? keylen : 1); if (macctx->key == NULL) return 0; - memcpy(macctx->key, key, keylen); + if (keylen > 0) + memcpy(macctx->key, key, keylen); macctx->keylen = keylen; digest = ossl_prov_digest_md(&macctx->digest); diff --git a/crypto/openssl/providers/implementations/signature/dsa_sig.c b/crypto/openssl/providers/implementations/signature/dsa_sig.c index c5adbf80021b..887f6cbb9018 100644 --- a/crypto/openssl/providers/implementations/signature/dsa_sig.c +++ b/crypto/openssl/providers/implementations/signature/dsa_sig.c @@ -193,7 +193,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, ctx->libctx, - md_nid, sha1_allowed, desc, + md_nid, sha1_allowed, 0, desc, ossl_fips_config_signature_digest_check)) goto err; } diff --git a/crypto/openssl/providers/implementations/signature/ecdsa_sig.c b/crypto/openssl/providers/implementations/signature/ecdsa_sig.c index 4018a772ff13..73bfbf4aa9c1 100644 --- a/crypto/openssl/providers/implementations/signature/ecdsa_sig.c +++ b/crypto/openssl/providers/implementations/signature/ecdsa_sig.c @@ -219,7 +219,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, ctx->libctx, - md_nid, sha1_allowed, desc, + md_nid, sha1_allowed, 0, desc, ossl_fips_config_signature_digest_check)) goto err; } diff --git a/crypto/openssl/providers/implementations/signature/rsa_sig.c b/crypto/openssl/providers/implementations/signature/rsa_sig.c index e75b90840b9a..d8357cfe1578 100644 --- a/crypto/openssl/providers/implementations/signature/rsa_sig.c +++ b/crypto/openssl/providers/implementations/signature/rsa_sig.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -411,7 +411,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, ctx->libctx, - md_nid, sha1_allowed, desc, + md_nid, sha1_allowed, 1, desc, ossl_fips_config_signature_digest_check)) goto err; } @@ -952,7 +952,7 @@ static int rsa_verify_recover(void *vprsactx, return 0; ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa, RSA_X931_PADDING); - if (ret < 1) { + if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; } @@ -1002,7 +1002,7 @@ static int rsa_verify_recover(void *vprsactx, } else { ret = RSA_public_decrypt(siglen, sig, rout, prsactx->rsa, prsactx->pad_mode); - if (ret < 0) { + if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; } diff --git a/crypto/openssl/providers/legacyprov.c b/crypto/openssl/providers/legacyprov.c index 16e3639e76f1..6dbe3a8505d0 100644 --- a/crypto/openssl/providers/legacyprov.c +++ b/crypto/openssl/providers/legacyprov.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -48,6 +48,7 @@ static OSSL_FUNC_core_vset_error_fn *c_vset_error; static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; +static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark; #endif /* Parameters we provide to the core */ @@ -234,6 +235,9 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(tmp)); break; + case OSSL_FUNC_CORE_COUNT_TO_MARK: + set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in)); + break; } } #endif @@ -301,4 +305,9 @@ int ERR_pop_to_mark(void) { return c_pop_error_to_mark(NULL); } + +int ERR_count_to_mark(void) +{ + return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0; +} #endif diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c index 9e1fbb0b2945..a5a52a7ee80e 100644 --- a/crypto/openssl/ssl/d1_lib.c +++ b/crypto/openssl/ssl/d1_lib.c @@ -863,7 +863,7 @@ int dtls1_shutdown(SSL *s) BIO *wbio; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); - if (s == NULL) + if (sc == NULL) return -1; wbio = SSL_get_wbio(s); diff --git a/crypto/openssl/ssl/quic/quic_ackm.c b/crypto/openssl/ssl/quic/quic_ackm.c index 75a1e5741a03..93c83a36d8fe 100644 --- a/crypto/openssl/ssl/quic/quic_ackm.c +++ b/crypto/openssl/ssl/quic/quic_ackm.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -536,6 +536,9 @@ struct ossl_ackm_st { /* Set to 1 when the handshake is confirmed. */ char handshake_confirmed; + /* Set to 1 when attached to server channel */ + char is_server; + /* Set to 1 when the peer has completed address validation. */ char peer_completed_addr_validation; @@ -855,7 +858,13 @@ static OSSL_TIME ackm_get_pto_time_and_space(OSSL_ACKM *ackm, int *space) } for (i = QUIC_PN_SPACE_INITIAL; i < QUIC_PN_SPACE_NUM; ++i) { - if (ackm->ack_eliciting_bytes_in_flight[i] == 0) + /* + * RFC 9002 section 6.2.2.1 keep probe timeout armed until + * handshake is confirmed (client sees HANDSHAKE_DONE message + * from server). + */ + if (ackm->ack_eliciting_bytes_in_flight[i] == 0 && + (ackm->handshake_confirmed == 1 || ackm->is_server == 1)) continue; if (i == QUIC_PN_SPACE_APP) { @@ -875,10 +884,18 @@ static OSSL_TIME ackm_get_pto_time_and_space(OSSL_ACKM *ackm, int *space) } } - t = ossl_time_add(ackm->time_of_last_ack_eliciting_pkt[i], duration); - if (ossl_time_compare(t, pto_timeout) < 0) { - pto_timeout = t; - pto_space = i; + /* + * Only re-arm timer if stack has sent at least one ACK eliciting frame. + * If stack has sent no ACK eliciting frame at given encryption level then + * particular timer is zero and we must not attempt to set it. Timer keeps + * time since epoch (Jan 1 1970) and we must not set timer to past. + */ + if (!ossl_time_is_zero(ackm->time_of_last_ack_eliciting_pkt[i])) { + t = ossl_time_add(ackm->time_of_last_ack_eliciting_pkt[i], duration); + if (ossl_time_compare(t, pto_timeout) < 0) { + pto_timeout = t; + pto_space = i; + } } } @@ -1021,7 +1038,8 @@ OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg), void *now_arg, OSSL_STATM *statm, const OSSL_CC_METHOD *cc_method, - OSSL_CC_DATA *cc_data) + OSSL_CC_DATA *cc_data, + int is_server) { OSSL_ACKM *ackm; int i; @@ -1045,6 +1063,7 @@ OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg), ackm->statm = statm; ackm->cc_method = cc_method; ackm->cc_data = cc_data; + ackm->is_server = (char)is_server; ackm->rx_max_ack_delay = ossl_ms2time(QUIC_DEFAULT_MAX_ACK_DELAY); ackm->tx_max_ack_delay = DEFAULT_TX_MAX_ACK_DELAY; diff --git a/crypto/openssl/ssl/quic/quic_channel.c b/crypto/openssl/ssl/quic/quic_channel.c index 8fb651d9ceb6..652c653b9120 100644 --- a/crypto/openssl/ssl/quic/quic_channel.c +++ b/crypto/openssl/ssl/quic/quic_channel.c @@ -242,7 +242,8 @@ static int ch_init(QUIC_CHANNEL *ch) goto err; if ((ch->ackm = ossl_ackm_new(get_time, ch, &ch->statm, - ch->cc_method, ch->cc_data)) == NULL) + ch->cc_method, ch->cc_data, + ch->is_server)) == NULL) goto err; if (!ossl_quic_stream_map_init(&ch->qsm, get_stream_limit, ch, @@ -1330,8 +1331,20 @@ static int ch_on_transport_params(const unsigned char *params, ossl_unused uint64_t rx_max_idle_timeout = 0; ossl_unused const void *stateless_reset_token_p = NULL; QUIC_PREFERRED_ADDR pfa; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ch->tls); - if (ch->got_remote_transport_params) { + /* + * When HRR happens the client sends the transport params in the new client + * hello again. Reset the transport params here and load them again. + */ + if (ch->is_server && sc->hello_retry_request != SSL_HRR_NONE + && ch->got_remote_transport_params) { + ch->max_local_streams_bidi = 0; + ch->max_local_streams_uni = 0; + ch->got_local_transport_params = 0; + OPENSSL_free(ch->local_transport_params); + ch->local_transport_params = NULL; + } else if (ch->got_remote_transport_params) { reason = "multiple transport parameter extensions"; goto malformed; } @@ -2422,7 +2435,6 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch, int channel_only) if (!PACKET_get_net_4(&vpkt, &supported_ver)) return; - supported_ver = ntohl(supported_ver); if (supported_ver == QUIC_VERSION_1) { /* * If the server supports version 1, set it as diff --git a/crypto/openssl/ssl/quic/quic_impl.c b/crypto/openssl/ssl/quic/quic_impl.c index 5ad5a79157f4..c44e6b33c2a8 100644 --- a/crypto/openssl/ssl/quic/quic_impl.c +++ b/crypto/openssl/ssl/quic/quic_impl.c @@ -4769,6 +4769,7 @@ void ossl_quic_free_token_store(SSL_TOKEN_STORE *hdl) ossl_crypto_mutex_free(&hdl->mutex); lh_QUIC_TOKEN_doall(hdl->cache, free_this_token); lh_QUIC_TOKEN_free(hdl->cache); + CRYPTO_FREE_REF(&hdl->references); OPENSSL_free(hdl); return; } diff --git a/crypto/openssl/ssl/quic/quic_port.c b/crypto/openssl/ssl/quic/quic_port.c index 684c088c08c0..d6e6d4d25cb5 100644 --- a/crypto/openssl/ssl/quic/quic_port.c +++ b/crypto/openssl/ssl/quic/quic_port.c @@ -1267,7 +1267,7 @@ static void port_send_version_negotiation(QUIC_PORT *port, BIO_ADDR *peer, * Add the array of supported versions to the end of the packet */ for (i = 0; i < OSSL_NELEM(supported_versions); i++) { - if (!WPACKET_put_bytes_u32(&wpkt, htonl(supported_versions[i]))) + if (!WPACKET_put_bytes_u32(&wpkt, supported_versions[i])) return; } @@ -1691,6 +1691,7 @@ static void port_default_packet_handler(QUIC_URXE *e, void *arg, */ while (ossl_qrx_read_pkt(qrx_src, &qrx_pkt) == 1) ossl_quic_channel_inject_pkt(new_ch, qrx_pkt); + ossl_qrx_update_pn_space(qrx_src, new_ch->qrx); } /* diff --git a/crypto/openssl/ssl/quic/quic_record_rx.c b/crypto/openssl/ssl/quic/quic_record_rx.c index e01cc5253457..1a8194b396d7 100644 --- a/crypto/openssl/ssl/quic/quic_record_rx.c +++ b/crypto/openssl/ssl/quic/quic_record_rx.c @@ -237,6 +237,16 @@ static void qrx_cleanup_urxl(OSSL_QRX *qrx, QUIC_URXE_LIST *l) } } +void ossl_qrx_update_pn_space(OSSL_QRX *src, OSSL_QRX *dst) +{ + size_t i; + + for (i = 0; i < QUIC_PN_SPACE_NUM; i++) + dst->largest_pn[i] = src->largest_pn[i]; + + return; +} + void ossl_qrx_free(OSSL_QRX *qrx) { uint32_t i; diff --git a/crypto/openssl/ssl/quic/quic_record_tx.c b/crypto/openssl/ssl/quic/quic_record_tx.c index ef93a14f94a8..ae37353a9b26 100644 --- a/crypto/openssl/ssl/quic/quic_record_tx.c +++ b/crypto/openssl/ssl/quic/quic_record_tx.c @@ -279,12 +279,12 @@ static TXE *qtx_resize_txe(OSSL_QTX *qtx, TXE_LIST *txl, TXE *txe, size_t n) * data. */ txe2 = OPENSSL_realloc(txe, sizeof(TXE) + n); - if (txe2 == NULL || txe == txe2) { + if (txe2 == NULL) { if (p == NULL) ossl_list_txe_insert_head(txl, txe); else ossl_list_txe_insert_after(txl, p, txe); - return txe2; + return NULL; } if (p == NULL) diff --git a/crypto/openssl/ssl/quic/quic_rx_depack.c b/crypto/openssl/ssl/quic/quic_rx_depack.c index a36b02d5dcb4..f800d8984193 100644 --- a/crypto/openssl/ssl/quic/quic_rx_depack.c +++ b/crypto/openssl/ssl/quic/quic_rx_depack.c @@ -1429,16 +1429,8 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket) uint32_t enc_level; size_t dgram_len = qpacket->datagram_len; - /* - * ok has three states: - * -1 error with ackm_data uninitialized - * 0 error with ackm_data initialized - * 1 success (ackm_data initialized) - */ - int ok = -1; /* Assume the worst */ - if (ch == NULL) - goto end; + return 0; ch->did_crypto_frame = 0; @@ -1456,9 +1448,8 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket) * Retry and Version Negotiation packets should not be passed to this * function. */ - goto end; + return 0; - ok = 0; /* Still assume the worst */ ackm_data.pkt_space = ossl_quic_enc_level_to_pn_space(enc_level); /* @@ -1480,18 +1471,9 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket) enc_level, qpacket->time, &ackm_data)) - goto end; + return 0; - ok = 1; - end: - /* - * ASSUMPTION: If this function is called at all, |qpacket| is - * a legitimate packet, even if its contents aren't. - * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as - * |ackm_data| has at least been initialized. - */ - if (ok >= 0) - ossl_ackm_on_rx_packet(ch->ackm, &ackm_data); + ossl_ackm_on_rx_packet(ch->ackm, &ackm_data); - return ok > 0; + return 1; } diff --git a/crypto/openssl/ssl/statem/extensions_clnt.c b/crypto/openssl/ssl/statem/extensions_clnt.c index baa7c47b3cd9..d958373875a3 100644 --- a/crypto/openssl/ssl/statem/extensions_clnt.c +++ b/crypto/openssl/ssl/statem/extensions_clnt.c @@ -745,6 +745,7 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, /* SSLfatal() already called */ return EXT_RETURN_FAIL; } + valid_keyshare++; } else { if (s->ext.supportedgroups == NULL) /* use default */ add_only_one = 1; @@ -766,13 +767,18 @@ EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, /* SSLfatal() already called */ return EXT_RETURN_FAIL; } + valid_keyshare++; if (add_only_one) break; - - valid_keyshare++; } } + if (valid_keyshare == 0) { + /* No key shares were allowed */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_KEY_SHARE); + return EXT_RETURN_FAIL; + } + if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; diff --git a/crypto/openssl/test/crltest.c b/crypto/openssl/test/crltest.c index c18448122024..9cea5b2f072f 100644 --- a/crypto/openssl/test/crltest.c +++ b/crypto/openssl/test/crltest.c @@ -9,6 +9,7 @@ #include "internal/nelem.h" #include <string.h> +#include <time.h> #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/err.h> @@ -17,7 +18,16 @@ #include "testutil.h" +/* + * We cannot use old certificates for new tests because the private key + * associated with them is no longer available. Therefore, we add kCRLTestLeaf, + * kCRLTestLeaf2 and PARAM_TIME2, as well as pass the verification time to the + * verify function as a parameter. Certificates and CRL from + * https://github.com/openssl/openssl/issues/27506 are used. + */ + #define PARAM_TIME 1474934400 /* Sep 27th, 2016 */ +#define PARAM_TIME2 1753284700 /* July 23th, 2025 */ static const char *kCRLTestRoot[] = { "-----BEGIN CERTIFICATE-----\n", @@ -70,6 +80,61 @@ static const char *kCRLTestLeaf[] = { NULL }; +static const char *kCRLTestRoot2[] = { + "-----BEGIN CERTIFICATE-----\n", + "MIID4zCCAsugAwIBAgIUGTcyNat9hTOo8nnGdzF7MTzL9WAwDQYJKoZIhvcNAQEL\n", + "BQAweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM\n", + "DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk15IENvbXBhbnkxEzARBgNVBAMMCk15\n", + "IFJvb3QgQ0ExEzARBgNVBAsMCk15IFJvb3QgQ0EwHhcNMjUwMzAzMDcxNDA0WhcN\n", + "MzUwMzAxMDcxNDA0WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p\n", + "YTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwKTXkgQ29tcGFueTET\n", + "MBEGA1UEAwwKTXkgUm9vdCBDQTETMBEGA1UECwwKTXkgUm9vdCBDQTCCASIwDQYJ\n", + "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6jjwkmV+pse430MQfyaWv+JtAd2r6K\n", + "qzEquBcoofzuf/yvdEhQPjK3bcotgfEcFq3QMo1MJ7vqRHEIu0hJ+5ZnEQtIRcrg\n", + "Vm7/EoVCBpDc9BDtW40TDp69z9kaKyyKYy6rxmSKgJydGBeGGMwBxgTK/o0xAriC\n", + "C3lLXHT8G8YMamKUpToPL5iCRX+GJPnnizB2ODvpQGMWkbp9+1xEc4dD7Db2wfUb\n", + "gatDYUoGndQKWD49UhURavQZeLpDxlz93YutRRkZTWc4IB7WebiEb39BDjSP3QYm\n", + "2h+rZYyjp3Gxy8pBNTPzE9Dk4yjiqS7o3WGvi/S6zKTLDvWl9t6pMOMCAwEAAaNj\n", + "MGEwHQYDVR0OBBYEFNdhiR+Tlot2VBbp5XfcfLdlG4AkMA4GA1UdDwEB/wQEAwIB\n", + "hjAfBgNVHSMEGDAWgBTXYYkfk5aLdlQW6eV33Hy3ZRuAJDAPBgNVHRMBAf8EBTAD\n", + "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvwutY0WMcKoqulifnYfhxGLtXSSvD2GET\n", + "uNRv+S1KI5JKcAdfvnbNDpUwlujMDIpe3ewmv9i6kcitpHwZXdVAw6KWagJ0kDSt\n", + "jbArJxuuuFmSFDS7kj8x7FZok5quAWDSSg+ubV2tCVxmDuTs1WXJXD3l9g+3J9GU\n", + "kyeFMKqwRp8w22vm9ilgXrzeesAmmAg/pEb56ljTPeaONQxVe7KJhv2q8J17sML8\n", + "BE7TdVx7UFQbO/t9XqdT5O9eF8JUx4Vn4QSr+jdjJ/ns4T3/IC9dJq9k7tjD48iA\n", + "TNc+7x+uj8P39VA96HpjujVakj8/qn5SQMPJgDds+MSXrX+6JBWm\n", + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *kCRLTestLeaf2[] = { + "-----BEGIN CERTIFICATE-----\n", + "MIIECjCCAvKgAwIBAgIUPxuMqMtuN1j3XZVRVrNmaTCIP04wDQYJKoZIhvcNAQEL\n", + "BQAweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM\n", + "DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk15IENvbXBhbnkxEzARBgNVBAMMCk15\n", + "IFJvb3QgQ0ExEzARBgNVBAsMCk15IFJvb3QgQ0EwHhcNMjUwNDE3MTAxNjQ5WhcN\n", + "MjYwNDE3MTAxNjQ5WjBoMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQ\n", + "MA4GA1UEBwwHQmVpamluZzEYMBYGA1UECgwPTXkgT3JnYW5pemF0aW9uMRswGQYD\n", + "VQQDDBJNeSBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\n", + "ggEKAoIBAQDIxRxZQokflDaLYoD21HT2U4EshqtKpSf9zPS5unBMCfnQkU4IJjBF\n", + "3qQmfgz5ZOpZv3x0w48fDjiysk0eOVCFAo+uixEjMeuln6Wj3taetch2Sk0YNm5J\n", + "SJCNF2olHZXn5R8ngEmho2j1wbwNnpcccZyRNzUSjR9oAgObkP3O7fyQKJRxwNU0\n", + "sN7mfoyEOczKtUaYbqi2gPx6OOqNLjXlLmfZ8PJagKCN/oYkGU5PoRNXp65Znhu6\n", + "s8FuSmvTodu8Qhs9Uizo+SycaBXn5Fbqt32S+9vPfhH9FfELDfQIaBp+iQAxcKPX\n", + "tUglXEjiEVrbNf722PuWIWN9EIBolULVAgMBAAGjgZowgZcwEgYDVR0TAQH/BAgw\n", + "BgEB/wIBATAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vbG9jYWxob3N0OjgwMDAv\n", + "Y2FfY3JsLmRlcjAdBgNVHQ4EFgQUh40vFgoopz5GUggPEEk2+bKgbwQwHwYDVR0j\n", + "BBgwFoAU12GJH5OWi3ZUFunld9x8t2UbgCQwDgYDVR0PAQH/BAQDAgGGMA0GCSqG\n", + "SIb3DQEBCwUAA4IBAQDANfJuTgo0vRaMPYqOeW8R4jLHdVazdGLeQQ/85vXr/Gl1\n", + "aL40tLp4yZbThxuxTzPzfY1OGkG69YQ/8Vo0gCEi5KjBMYPKmZISKy1MwROQ1Jfp\n", + "HkmyZk1TfuzG/4fN/bun2gjpDYcihf4xA4NhSVzQyvqm1N6VkTgK+bEWTOGzqw66\n", + "6IYPN6oVDmLbwU1EvV3rggB7HUJCJP4qW9DbAQRAijUurPUGoU2vEbrSyYkfQXCf\n", + "p4ouOTMl6O7bJ110SKzxbCfWqom+iAwHlU2tOPVmOp1CLDCClMRNHIFMDGAoBomH\n", + "s01wD+IcIi9OkQEbqVb/XDKes8fqzQgTtSM9C9Ot\n", + "-----END CERTIFICATE-----\n", + NULL +}; + static const char *kBasicCRL[] = { "-----BEGIN X509 CRL-----\n", "MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n", @@ -124,6 +189,24 @@ static const char *kBadIssuerCRL[] = { NULL }; +static const char *kEmptyIdpCRL[] = { + "-----BEGIN X509 CRL-----\n", + "MIICOTCCASECAQEwDQYJKoZIhvcNAQELBQAweTELMAkGA1UEBhMCVVMxEzARBgNV\n", + "BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoM\n", + "Ck15IENvbXBhbnkxEzARBgNVBAMMCk15IFJvb3QgQ0ExEzARBgNVBAsMCk15IFJv\n", + "b3QgQ0EXDTI1MDEwMTAwMDAwMFoXDTI1MTIwMTAwMDAwMFowJzAlAhQcgAIu+B8k\n", + "Be6WphLcth/grHAeXhcNMjUwNDE3MTAxNjUxWqBLMEkwGAYDVR0UBBECDxnP/97a\n", + "dO3y9qRGDM7hQDAfBgNVHSMEGDAWgBTXYYkfk5aLdlQW6eV33Hy3ZRuAJDAMBgNV\n", + "HRwBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAf+mtlDi9IftsYwTcxYYKxE203\n", + "+prttFB00om29jjtkGYRxcs3vZQRTvera21YFn3mrS/lxvhBq6GMx0I61AQ48Pr4\n", + "63bDvZgf+/P6T2+MLgLds23o3TOfy2SBSdnFEcN0bFUgF5U0bFpQqlQWx+FYhrAf\n", + "ZX3RAhURiKKfGKGeVOVKS0u+x666FoDQ7pbhbHM3+jnuzdtv8RQMkj1AZMw0FMl8\n", + "m2dFQhZqT9WdJqZAc8ldc6V3a0rUeOV8BUPACf1k4B0CKhn4draIqltZkWgl3cmU\n", + "SX2V/a51lS12orfNYSEx+vtJ9gpx4LDxyOnai18vueVyljrXuQSrcYuxS2Cd\n", + "-----END X509 CRL-----\n", + NULL +}; + /* * This is kBasicCRL but with a critical issuing distribution point * extension. @@ -189,6 +272,8 @@ static const char **unknown_critical_crls[] = { static X509 *test_root = NULL; static X509 *test_leaf = NULL; +static X509 *test_root2 = NULL; +static X509 *test_leaf2 = NULL; /* * Glue an array of strings together. Return a BIO and put the string @@ -251,7 +336,7 @@ static X509 *X509_from_strings(const char **pem) * Returns a value from X509_V_ERR_xxx or X509_V_OK. */ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, - unsigned long flags) + unsigned long flags, time_t verification_time) { X509_STORE_CTX *ctx = X509_STORE_CTX_new(); X509_STORE *store = X509_STORE_new(); @@ -276,8 +361,8 @@ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, goto err; X509_STORE_CTX_set0_trusted_stack(ctx, roots); X509_STORE_CTX_set0_crls(ctx, crls); - X509_VERIFY_PARAM_set_time(param, PARAM_TIME); - if (!TEST_long_eq((long)X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) + X509_VERIFY_PARAM_set_time(param, verification_time); + if (!TEST_long_eq((long)X509_VERIFY_PARAM_get_time(param), (long)verification_time)) goto err; X509_VERIFY_PARAM_set_depth(param, 16); if (flags) @@ -341,10 +426,11 @@ static int test_basic_crl(void) && TEST_ptr(revoked_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(basic_crl, NULL), - X509_V_FLAG_CRL_CHECK), X509_V_OK) + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_OK) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(basic_crl, revoked_crl), - X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED); + X509_V_FLAG_CRL_CHECK, PARAM_TIME), + X509_V_ERR_CERT_REVOKED); X509_CRL_free(basic_crl); X509_CRL_free(revoked_crl); return r; @@ -353,7 +439,7 @@ static int test_basic_crl(void) static int test_no_crl(void) { return TEST_int_eq(verify(test_leaf, test_root, NULL, - X509_V_FLAG_CRL_CHECK), + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_ERR_UNABLE_TO_GET_CRL); } @@ -365,12 +451,26 @@ static int test_bad_issuer_crl(void) r = TEST_ptr(bad_issuer_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(bad_issuer_crl, NULL), - X509_V_FLAG_CRL_CHECK), + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_ERR_UNABLE_TO_GET_CRL); X509_CRL_free(bad_issuer_crl); return r; } +static int test_crl_empty_idp(void) +{ + X509_CRL *empty_idp_crl = CRL_from_strings(kEmptyIdpCRL); + int r; + + r = TEST_ptr(empty_idp_crl) + && TEST_int_eq(verify(test_leaf2, test_root2, + make_CRL_stack(empty_idp_crl, NULL), + X509_V_FLAG_CRL_CHECK, PARAM_TIME2), + X509_V_ERR_UNABLE_TO_GET_CRL); + X509_CRL_free(empty_idp_crl); + return r; +} + static int test_known_critical_crl(void) { X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); @@ -379,7 +479,7 @@ static int test_known_critical_crl(void) r = TEST_ptr(known_critical_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(known_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK), X509_V_OK); + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_OK); X509_CRL_free(known_critical_crl); return r; } @@ -392,7 +492,7 @@ static int test_unknown_critical_crl(int n) r = TEST_ptr(unknown_critical_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(unknown_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK), + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION); X509_CRL_free(unknown_critical_crl); return r; @@ -412,7 +512,7 @@ static int test_reuse_crl(int idx) if (idx & 1) { if (!TEST_true(X509_CRL_up_ref(reused_crl))) goto err; - addref_crl = reused_crl; + addref_crl = reused_crl; } idx >>= 1; @@ -455,12 +555,15 @@ static int test_reuse_crl(int idx) int setup_tests(void) { if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot)) - || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf))) + || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf)) + || !TEST_ptr(test_root2 = X509_from_strings(kCRLTestRoot2)) + || !TEST_ptr(test_leaf2 = X509_from_strings(kCRLTestLeaf2))) return 0; ADD_TEST(test_no_crl); ADD_TEST(test_basic_crl); ADD_TEST(test_bad_issuer_crl); + ADD_TEST(test_crl_empty_idp); ADD_TEST(test_known_critical_crl); ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); ADD_ALL_TESTS(test_reuse_crl, 6); @@ -471,4 +574,6 @@ void cleanup_tests(void) { X509_free(test_root); X509_free(test_leaf); + X509_free(test_root2); + X509_free(test_leaf2); } diff --git a/crypto/openssl/test/evp_extra_test.c b/crypto/openssl/test/evp_extra_test.c index 2bcc2797aa69..aebf5c41d715 100644 --- a/crypto/openssl/test/evp_extra_test.c +++ b/crypto/openssl/test/evp_extra_test.c @@ -3938,6 +3938,48 @@ static int test_RSA_OAEP_set_null_label(void) return ret; } +static int test_RSA_encrypt(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + unsigned char *cbuf = NULL, *pbuf = NULL; + size_t clen = 0, plen = 0; + + if (!TEST_ptr(pkey = load_example_rsa_key()) + || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, + pkey, testpropq)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0) + || !TEST_ptr(cbuf = OPENSSL_malloc(clen)) + || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)) + goto done; + + /* Require failure when the output buffer is too small */ + plen = clen - 1; + if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0)) + goto done; + /* flush error stack */ + TEST_openssl_errors(); + + /* Check decryption of encrypted result */ + if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) + || !TEST_ptr(pbuf = OPENSSL_malloc(plen)) + || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) + || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)) + goto done; + + ret = 1; +done: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(pkey); + OPENSSL_free(cbuf); + OPENSSL_free(pbuf); + return ret; +} + #ifndef OPENSSL_NO_DEPRECATED_3_0 static int test_RSA_legacy(void) { @@ -6810,6 +6852,7 @@ int setup_tests(void) ADD_TEST(test_RSA_get_set_params); ADD_TEST(test_RSA_OAEP_set_get_params); ADD_TEST(test_RSA_OAEP_set_null_label); + ADD_TEST(test_RSA_encrypt); #ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_TEST(test_RSA_legacy); #endif diff --git a/crypto/openssl/test/fake_rsaprov.c b/crypto/openssl/test/fake_rsaprov.c index c1b8e2828614..46fc9104ef95 100644 --- a/crypto/openssl/test/fake_rsaprov.c +++ b/crypto/openssl/test/fake_rsaprov.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -9,12 +9,15 @@ */ #include <string.h> +#include <openssl/asn1.h> +#include <openssl/asn1t.h> #include <openssl/core_names.h> #include <openssl/core_object.h> #include <openssl/rand.h> #include <openssl/provider.h> #include "testutil.h" #include "fake_rsaprov.h" +#include "internal/asn1.h" static OSSL_FUNC_keymgmt_new_fn fake_rsa_keymgmt_new; static OSSL_FUNC_keymgmt_free_fn fake_rsa_keymgmt_free; @@ -32,6 +35,16 @@ static int exptypes_selection; static int query_id; static int key_deleted; +typedef struct { + OSSL_LIB_CTX *libctx; +} PROV_FAKE_RSA_CTX; + +#define PROV_FAKE_RSA_LIBCTX_OF(provctx) (((PROV_FAKE_RSA_CTX *)provctx)->libctx) + +#define FAKE_RSA_STATUS_IMPORTED 1 +#define FAKE_RSA_STATUS_GENERATED 2 +#define FAKE_RSA_STATUS_DECODED 3 + struct fake_rsa_keydata { int selection; int status; @@ -86,7 +99,7 @@ static int fake_rsa_keymgmt_import(void *keydata, int selection, struct fake_rsa_keydata *fake_rsa_key = keydata; /* key was imported */ - fake_rsa_key->status = 1; + fake_rsa_key->status = FAKE_RSA_STATUS_IMPORTED; return 1; } @@ -219,11 +232,11 @@ static void *fake_rsa_keymgmt_load(const void *reference, size_t reference_sz) { struct fake_rsa_keydata *key = NULL; - if (reference_sz != sizeof(*key)) + if (reference_sz != sizeof(key)) return NULL; key = *(struct fake_rsa_keydata **)reference; - if (key->status != 1) + if (key->status != FAKE_RSA_STATUS_IMPORTED && key->status != FAKE_RSA_STATUS_DECODED) return NULL; /* detach the reference */ @@ -258,7 +271,7 @@ static void *fake_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL))) return NULL; - keydata->status = 2; + keydata->status = FAKE_RSA_STATUS_GENERATED; return keydata; } @@ -638,7 +651,7 @@ static int fake_rsa_st_load(void *loaderctx, /* The address of the key becomes the octet string */ params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, - &key, sizeof(*key)); + &key, sizeof(key)); params[3] = OSSL_PARAM_construct_end(); rv = object_cb(params, object_cbarg); *storectx = 1; @@ -702,6 +715,502 @@ static const OSSL_ALGORITHM fake_rsa_store_algs[] = { { NULL, NULL, NULL } }; +struct der2key_ctx_st; /* Forward declaration */ +typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); +typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); +typedef void free_key_fn(void *); +typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, + struct der2key_ctx_st *); +struct keytype_desc_st { + const char *keytype_name; + const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ + + /* The input structure name */ + const char *structure_name; + + /* + * The EVP_PKEY_xxx type macro. Should be zero for type specific + * structures, non-zero when the outermost structure is PKCS#8 or + * SubjectPublicKeyInfo. This determines which of the function + * pointers below will be used. + */ + int evp_type; + + /* The selection mask for OSSL_FUNC_decoder_does_selection() */ + int selection_mask; + + /* For type specific decoders, we use the corresponding d2i */ + d2i_of_void *d2i_private_key; /* From type-specific DER */ + d2i_of_void *d2i_public_key; /* From type-specific DER */ + d2i_of_void *d2i_key_params; /* From type-specific DER */ + d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ + d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ + + /* + * For any key, we may need to check that the key meets expectations. + * This is useful when the same functions can decode several variants + * of a key. + */ + check_key_fn *check_key; + + /* + * For any key, we may need to make provider specific adjustments, such + * as ensure the key carries the correct library context. + */ + adjust_key_fn *adjust_key; + /* {type}_free() */ + free_key_fn *free_key; +}; + +/* + * Start blatant code steal. Alternative: Open up d2i_X509_PUBKEY_INTERNAL + * as per https://github.com/openssl/openssl/issues/16697 (TBD) + * Code from openssl/crypto/x509/x_pubkey.c as + * ossl_d2i_X509_PUBKEY_INTERNAL is presently not public + */ +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + + EVP_PKEY *pkey; + + /* extra data for the callback, used by d2i_PUBKEY_ex */ + OSSL_LIB_CTX *libctx; + char *propq; +}; + +ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = { + ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), + ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) +} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) + +static X509_PUBKEY *fake_rsa_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, + long len, OSSL_LIB_CTX *libctx) +{ + X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); + + if (xpub == NULL) + return NULL; + return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len, + ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), + libctx, NULL); +} +/* end steal https://github.com/openssl/openssl/issues/16697 */ + +/* + * Context used for DER to key decoding. + */ +struct der2key_ctx_st { + PROV_FAKE_RSA_CTX *provctx; + struct keytype_desc_st *desc; + /* The selection that is passed to fake_rsa_der2key_decode() */ + int selection; + /* Flag used to signal that a failure is fatal */ + unsigned int flag_fatal : 1; +}; + +static int fake_rsa_read_der(PROV_FAKE_RSA_CTX *provctx, OSSL_CORE_BIO *cin, + unsigned char **data, long *len) +{ + BUF_MEM *mem = NULL; + BIO *in = BIO_new_from_core_bio(provctx->libctx, cin); + int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + + if (ok) { + *data = (unsigned char *)mem->data; + *len = (long)mem->length; + OPENSSL_free(mem); + } + BIO_free(in); + return ok; +} + +typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); +static void *fake_rsa_der2key_decode_p8(const unsigned char **input_der, + long input_der_len, struct der2key_ctx_st *ctx, + key_from_pkcs8_t *key_from_pkcs8) +{ + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + const X509_ALGOR *alg = NULL; + void *key = NULL; + + if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL + && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) + && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) + key = key_from_pkcs8(p8inf, PROV_FAKE_RSA_LIBCTX_OF(ctx->provctx), NULL); + PKCS8_PRIV_KEY_INFO_free(p8inf); + + return key; +} + +static struct fake_rsa_keydata *fake_rsa_d2i_PUBKEY(struct fake_rsa_keydata **a, + const unsigned char **pp, long length) +{ + struct fake_rsa_keydata *key = NULL; + X509_PUBKEY *xpk; + + xpk = fake_rsa_d2i_X509_PUBKEY_INTERNAL(pp, length, NULL); + if (xpk == NULL) + goto err_exit; + + key = fake_rsa_keymgmt_new(NULL); + if (key == NULL) + goto err_exit; + + key->status = FAKE_RSA_STATUS_DECODED; + + if (a != NULL) { + fake_rsa_keymgmt_free(*a); + *a = key; + } + +err_exit: + X509_PUBKEY_free(xpk); + return key; +} + +/* ---------------------------------------------------------------------- */ + +static OSSL_FUNC_decoder_freectx_fn der2key_freectx; +static OSSL_FUNC_decoder_decode_fn fake_rsa_der2key_decode; +static OSSL_FUNC_decoder_export_object_fn der2key_export_object; + +static struct der2key_ctx_st * +der2key_newctx(void *provctx, struct keytype_desc_st *desc, const char *tls_name) +{ + struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) { + ctx->provctx = provctx; + ctx->desc = desc; + if (desc->evp_type == 0) + ctx->desc->evp_type = OBJ_sn2nid(tls_name); + } + return ctx; +} + +static void der2key_freectx(void *vctx) +{ + struct der2key_ctx_st *ctx = vctx; + + OPENSSL_free(ctx); +} + +static int der2key_check_selection(int selection, + const struct keytype_desc_st *desc) +{ + /* + * The selections are kinda sorta "levels", i.e. each selection given + * here is assumed to include those following. + */ + int checks[] = { + OSSL_KEYMGMT_SELECT_PRIVATE_KEY, + OSSL_KEYMGMT_SELECT_PUBLIC_KEY, + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS + }; + size_t i; + + /* The decoder implementations made here support guessing */ + if (selection == 0) + return 1; + + for (i = 0; i < OSSL_NELEM(checks); i++) { + int check1 = (selection & checks[i]) != 0; + int check2 = (desc->selection_mask & checks[i]) != 0; + + /* + * If the caller asked for the currently checked bit(s), return + * whether the decoder description says it's supported. + */ + if (check1) + return check2; + } + + /* This should be dead code, but just to be safe... */ + return 0; +} + +static int fake_rsa_der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + struct der2key_ctx_st *ctx = vctx; + unsigned char *der = NULL; + const unsigned char *derp; + long der_len = 0; + void *key = NULL; + int ok = 0; + + ctx->selection = selection; + /* + * The caller is allowed to specify 0 as a selection mark, to have the + * structure and key type guessed. For type-specific structures, this + * is not recommended, as some structures are very similar. + * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter + * signifies a private key structure, where everything else is assumed + * to be present as well. + */ + if (selection == 0) + selection = ctx->desc->selection_mask; + if ((selection & ctx->desc->selection_mask) == 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + + ok = fake_rsa_read_der(ctx->provctx, cin, &der, &der_len); + if (!ok) + goto next; + + ok = 0; /* Assume that we fail */ + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + derp = der; + if (ctx->desc->d2i_PKCS8 != NULL) { + key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); + if (ctx->flag_fatal) + goto end; + } else if (ctx->desc->d2i_private_key != NULL) { + key = ctx->desc->d2i_private_key(NULL, &derp, der_len); + } + if (key == NULL && ctx->selection != 0) + goto next; + } + if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + derp = der; + if (ctx->desc->d2i_PUBKEY != NULL) + key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len); + else + key = ctx->desc->d2i_public_key(NULL, &derp, der_len); + if (key == NULL && ctx->selection != 0) + goto next; + } + if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { + derp = der; + if (ctx->desc->d2i_key_params != NULL) + key = ctx->desc->d2i_key_params(NULL, &derp, der_len); + if (key == NULL && ctx->selection != 0) + goto next; + } + + /* + * Last minute check to see if this was the correct type of key. This + * should never lead to a fatal error, i.e. the decoding itself was + * correct, it was just an unexpected key type. This is generally for + * classes of key types that have subtle variants, like RSA-PSS keys as + * opposed to plain RSA keys. + */ + if (key != NULL + && ctx->desc->check_key != NULL + && !ctx->desc->check_key(key, ctx)) { + ctx->desc->free_key(key); + key = NULL; + } + + if (key != NULL && ctx->desc->adjust_key != NULL) + ctx->desc->adjust_key(key, ctx); + + next: + /* + * Indicated that we successfully decoded something, or not at all. + * Ending up "empty handed" is not an error. + */ + ok = 1; + + /* + * We free memory here so it's not held up during the callback, because + * we know the process is recursive and the allocated chunks of memory + * add up. + */ + OPENSSL_free(der); + der = NULL; + + if (key != NULL) { + OSSL_PARAM params[4]; + int object_type = OSSL_OBJECT_PKEY; + + params[0] = + OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)ctx->desc->keytype_name, + 0); + /* The address of the key becomes the octet string */ + params[2] = + OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, + &key, sizeof(key)); + params[3] = OSSL_PARAM_construct_end(); + + ok = data_cb(params, data_cbarg); + } + + end: + ctx->desc->free_key(key); + OPENSSL_free(der); + + return ok; +} + +static OSSL_FUNC_keymgmt_export_fn * +fake_rsa_prov_get_keymgmt_export(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT) + return OSSL_FUNC_keymgmt_export(fns); + + return NULL; +} + +static int der2key_export_object(void *vctx, + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) +{ + struct der2key_ctx_st *ctx = vctx; + OSSL_FUNC_keymgmt_export_fn *export = fake_rsa_prov_get_keymgmt_export(ctx->desc->fns); + void *keydata; + + if (reference_sz == sizeof(keydata) && export != NULL) { + /* The contents of the reference is the address to our object */ + keydata = *(void **)reference; + + return export(keydata, ctx->selection, export_cb, export_cbarg); + } + return 0; +} + +/* ---------------------------------------------------------------------- */ + +static struct fake_rsa_keydata *fake_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq) +{ + struct fake_rsa_keydata *key = fake_rsa_keymgmt_new(NULL); + + if (key) + key->status = FAKE_RSA_STATUS_DECODED; + return key; +} + +#define rsa_evp_type EVP_PKEY_RSA + +static void *fake_rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, + struct der2key_ctx_st *ctx) +{ + return fake_rsa_der2key_decode_p8(der, der_len, ctx, + (key_from_pkcs8_t *)fake_rsa_key_from_pkcs8); +} + +static void fake_rsa_key_adjust(void *key, struct der2key_ctx_st *ctx) +{ +} + +/* ---------------------------------------------------------------------- */ + +#define DO_PrivateKeyInfo(keytype) \ + "PrivateKeyInfo", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PRIVATE_KEY), \ + NULL, \ + NULL, \ + NULL, \ + fake_rsa_d2i_PKCS8, \ + NULL, \ + NULL, \ + fake_rsa_key_adjust, \ + (free_key_fn *)fake_rsa_keymgmt_free + +#define DO_SubjectPublicKeyInfo(keytype) \ + "SubjectPublicKeyInfo", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PUBLIC_KEY), \ + NULL, \ + NULL, \ + NULL, \ + NULL, \ + (d2i_of_void *)fake_rsa_d2i_PUBKEY, \ + NULL, \ + fake_rsa_key_adjust, \ + (free_key_fn *)fake_rsa_keymgmt_free + +/* + * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. + * It takes the following arguments: + * + * keytype_name The implementation key type as a string. + * keytype The implementation key type. This must correspond exactly + * to our existing keymgmt keytype names... in other words, + * there must exist an ossl_##keytype##_keymgmt_functions. + * type The type name for the set of functions that implement the + * decoder for the key type. This isn't necessarily the same + * as keytype. For example, the key types ed25519, ed448, + * x25519 and x448 are all handled by the same functions with + * the common type name ecx. + * kind The kind of support to implement. This translates into + * the DO_##kind macros above, to populate the keytype_desc_st + * structure. + */ +#define MAKE_DECODER(keytype_name, keytype, type, kind) \ + static struct keytype_desc_st kind##_##keytype##_desc = \ + { keytype_name, fake_rsa_keymgmt_funcs, \ + DO_##kind(keytype) }; \ + \ + static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ + \ + static void *kind##_der2##keytype##_newctx(void *provctx) \ + { \ + return der2key_newctx(provctx, &kind##_##keytype##_desc, keytype_name);\ + } \ + static int kind##_der2##keytype##_does_selection(void *provctx, \ + int selection) \ + { \ + return der2key_check_selection(selection, \ + &kind##_##keytype##_desc); \ + } \ + static const OSSL_DISPATCH \ + fake_rsa_##kind##_der_to_##keytype##_decoder_functions[] = { \ + { OSSL_FUNC_DECODER_NEWCTX, \ + (void (*)(void))kind##_der2##keytype##_newctx }, \ + { OSSL_FUNC_DECODER_FREECTX, \ + (void (*)(void))der2key_freectx }, \ + { OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))kind##_der2##keytype##_does_selection }, \ + { OSSL_FUNC_DECODER_DECODE, \ + (void (*)(void))fake_rsa_der2key_decode }, \ + { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ + (void (*)(void))der2key_export_object }, \ + OSSL_DISPATCH_END \ + } + +MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo); +MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo); + +static const OSSL_ALGORITHM fake_rsa_decoder_algs[] = { +#define DECODER_PROVIDER "fake-rsa" +#define DECODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" +#define DECODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" + +/* Arguments are prefixed with '_' to avoid build breaks on certain platforms */ +/* + * Obviously this is not FIPS approved, but in order to test in conjunction + * with the FIPS provider we pretend that it is. + */ + +#define DECODER(_name, _input, _output) \ + { _name, \ + "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input, \ + (fake_rsa_##_input##_to_##_output##_decoder_functions) \ + } +#define DECODER_w_structure(_name, _input, _structure, _output) \ + { _name, \ + "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input \ + ",structure=" DECODER_STRUCTURE_##_structure, \ + (fake_rsa_##_structure##_##_input##_to_##_output##_decoder_functions) \ + } + +DECODER_w_structure("RSA:rsaEncryption", der, PrivateKeyInfo, rsa), +DECODER_w_structure("RSA:rsaEncryption", der, SubjectPublicKeyInfo, rsa), +#undef DECODER_PROVIDER + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM *fake_rsa_query(void *provctx, int operation_id, int *no_cache) @@ -716,13 +1225,24 @@ static const OSSL_ALGORITHM *fake_rsa_query(void *provctx, case OSSL_OP_STORE: return fake_rsa_store_algs; + + case OSSL_OP_DECODER: + return fake_rsa_decoder_algs; } return NULL; } +static void fake_rsa_prov_teardown(void *provctx) +{ + PROV_FAKE_RSA_CTX *pctx = (PROV_FAKE_RSA_CTX *)provctx; + + OSSL_LIB_CTX_free(pctx->libctx); + OPENSSL_free(pctx); +} + /* Functions we provide to the core */ static const OSSL_DISPATCH fake_rsa_method[] = { - { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free }, + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fake_rsa_prov_teardown }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fake_rsa_query }, OSSL_DISPATCH_END }; @@ -731,8 +1251,20 @@ static int fake_rsa_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) { - if (!TEST_ptr(*provctx = OSSL_LIB_CTX_new())) + OSSL_LIB_CTX *libctx; + PROV_FAKE_RSA_CTX *prov_ctx; + + if (!TEST_ptr(libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in))) + return 0; + + if (!TEST_ptr(prov_ctx = OPENSSL_malloc(sizeof(*prov_ctx)))) { + OSSL_LIB_CTX_free(libctx); return 0; + } + + prov_ctx->libctx = libctx; + + *provctx = prov_ctx; *out = fake_rsa_method; return 1; } diff --git a/crypto/openssl/test/ml_kem_internal_test.c b/crypto/openssl/test/ml_kem_internal_test.c index bb745a2afc1a..c8c4cdf6f4d0 100644 --- a/crypto/openssl/test/ml_kem_internal_test.c +++ b/crypto/openssl/test/ml_kem_internal_test.c @@ -107,8 +107,10 @@ static int sanity_test(void) return 0; if (!TEST_ptr(privctx = RAND_get0_private(NULL)) - || !TEST_ptr(pubctx = RAND_get0_public(NULL))) - return 0; + || !TEST_ptr(pubctx = RAND_get0_public(NULL))) { + ret = -1; + goto err; + } decap_entropy = ml_kem_public_entropy + ML_KEM_RANDOM_BYTES; @@ -134,8 +136,10 @@ static int sanity_test(void) params[1] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); params[2] = OSSL_PARAM_construct_end(); - if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params))) - return 0; + if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params))) { + ret = -1; + goto err; + } public_key = ossl_ml_kem_key_new(NULL, NULL, alg[i]); private_key = ossl_ml_kem_key_new(NULL, NULL, alg[i]); @@ -254,6 +258,8 @@ static int sanity_test(void) OPENSSL_free(encoded_public_key); OPENSSL_free(ciphertext); } + +err: EVP_MD_free(sha256); return ret == 0; } diff --git a/crypto/openssl/test/provider_pkey_test.c b/crypto/openssl/test/provider_pkey_test.c index 4abbdd33ec4d..cb656a62a650 100644 --- a/crypto/openssl/test/provider_pkey_test.c +++ b/crypto/openssl/test/provider_pkey_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -424,6 +424,292 @@ end: return ret; } +#define DEFAULT_PROVIDER_IDX 0 +#define FAKE_RSA_PROVIDER_IDX 1 + +static int reset_ctx_providers(OSSL_LIB_CTX **ctx, OSSL_PROVIDER *providers[2], const char *prop) +{ + OSSL_PROVIDER_unload(providers[DEFAULT_PROVIDER_IDX]); + providers[DEFAULT_PROVIDER_IDX] = NULL; + fake_rsa_finish(providers[FAKE_RSA_PROVIDER_IDX]); + providers[FAKE_RSA_PROVIDER_IDX] = NULL; + OSSL_LIB_CTX_free(*ctx); + *ctx = NULL; + + if (!TEST_ptr(*ctx = OSSL_LIB_CTX_new()) + || !TEST_ptr(providers[DEFAULT_PROVIDER_IDX] = OSSL_PROVIDER_load(*ctx, "default")) + || !TEST_ptr(providers[FAKE_RSA_PROVIDER_IDX] = fake_rsa_start(*ctx)) + || !TEST_true(EVP_set_default_properties(*ctx, prop))) + return 0; + return 1; +} + +struct test_pkey_decoder_properties_t { + const char *provider_props; + const char *explicit_props; + int curr_provider_idx; +}; + +static int test_pkey_provider_decoder_props(void) +{ + OSSL_LIB_CTX *my_libctx = NULL; + OSSL_PROVIDER *providers[2] = { NULL }; + struct test_pkey_decoder_properties_t properties_test[] = { + { "?provider=fake-rsa", NULL, FAKE_RSA_PROVIDER_IDX }, + { "?provider=default", NULL, DEFAULT_PROVIDER_IDX }, + { NULL, "?provider=fake-rsa", FAKE_RSA_PROVIDER_IDX }, + { NULL, "?provider=default", DEFAULT_PROVIDER_IDX }, + { NULL, "provider=fake-rsa", FAKE_RSA_PROVIDER_IDX }, + { NULL, "provider=default", DEFAULT_PROVIDER_IDX }, + }; + EVP_PKEY *pkey = NULL; + BIO *bio_priv = NULL; + unsigned char *encoded_pub = NULL; + int len_pub; + const unsigned char *p; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + size_t i; + int ret = 0; + const char pem_rsa_priv_key[] = { + 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20, 0x50, + 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, + 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49, 0x49, 0x45, 0x76, 0x51, 0x49, 0x42, + 0x41, 0x44, 0x41, 0x4E, 0x42, 0x67, 0x6B, 0x71, 0x68, 0x6B, 0x69, 0x47, + 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43, + 0x42, 0x4B, 0x63, 0x77, 0x67, 0x67, 0x53, 0x6A, 0x41, 0x67, 0x45, 0x41, + 0x41, 0x6F, 0x49, 0x42, 0x41, 0x51, 0x44, 0x45, 0x6B, 0x43, 0x34, 0x5A, + 0x57, 0x76, 0x33, 0x75, 0x63, 0x46, 0x62, 0x55, 0x0A, 0x46, 0x38, 0x59, + 0x77, 0x6C, 0x55, 0x72, 0x6D, 0x51, 0x6C, 0x4C, 0x43, 0x5A, 0x77, 0x41, + 0x67, 0x72, 0x34, 0x44, 0x50, 0x55, 0x41, 0x46, 0x56, 0x48, 0x6C, 0x2B, + 0x77, 0x46, 0x63, 0x58, 0x79, 0x70, 0x56, 0x67, 0x53, 0x63, 0x56, 0x59, + 0x34, 0x4B, 0x37, 0x51, 0x6D, 0x64, 0x57, 0x4B, 0x73, 0x59, 0x71, 0x62, + 0x38, 0x74, 0x70, 0x4F, 0x78, 0x71, 0x77, 0x30, 0x4E, 0x77, 0x5A, 0x57, + 0x58, 0x0A, 0x4F, 0x2B, 0x74, 0x61, 0x34, 0x2B, 0x79, 0x32, 0x37, 0x43, + 0x4F, 0x75, 0x66, 0x6F, 0x4F, 0x68, 0x52, 0x54, 0x4D, 0x77, 0x4E, 0x79, + 0x4E, 0x32, 0x4C, 0x77, 0x53, 0x4E, 0x54, 0x50, 0x4E, 0x33, 0x65, 0x45, + 0x6B, 0x34, 0x65, 0x65, 0x35, 0x51, 0x6E, 0x70, 0x70, 0x45, 0x79, 0x44, + 0x72, 0x71, 0x6F, 0x43, 0x67, 0x76, 0x54, 0x6C, 0x41, 0x41, 0x64, 0x54, + 0x6F, 0x46, 0x61, 0x58, 0x76, 0x6A, 0x0A, 0x78, 0x31, 0x33, 0x59, 0x62, + 0x6A, 0x37, 0x6A, 0x66, 0x68, 0x77, 0x4E, 0x37, 0x34, 0x71, 0x4B, 0x64, + 0x71, 0x73, 0x53, 0x45, 0x74, 0x50, 0x57, 0x79, 0x67, 0x67, 0x65, 0x6F, + 0x74, 0x69, 0x51, 0x53, 0x50, 0x79, 0x36, 0x4B, 0x79, 0x42, 0x49, 0x75, + 0x57, 0x74, 0x49, 0x78, 0x50, 0x41, 0x41, 0x38, 0x6A, 0x41, 0x76, 0x66, + 0x41, 0x6E, 0x51, 0x6A, 0x31, 0x65, 0x58, 0x68, 0x67, 0x68, 0x46, 0x0A, + 0x4E, 0x32, 0x4E, 0x78, 0x6B, 0x71, 0x67, 0x78, 0x76, 0x42, 0x59, 0x64, + 0x4E, 0x79, 0x31, 0x6D, 0x33, 0x2B, 0x6A, 0x58, 0x41, 0x43, 0x50, 0x4C, + 0x52, 0x7A, 0x63, 0x31, 0x31, 0x5A, 0x62, 0x4E, 0x48, 0x4B, 0x69, 0x77, + 0x68, 0x43, 0x59, 0x31, 0x2F, 0x48, 0x69, 0x53, 0x42, 0x6B, 0x77, 0x48, + 0x6C, 0x49, 0x4B, 0x2B, 0x2F, 0x56, 0x4C, 0x6A, 0x32, 0x73, 0x6D, 0x43, + 0x4B, 0x64, 0x55, 0x51, 0x0A, 0x67, 0x76, 0x4C, 0x58, 0x53, 0x6E, 0x6E, + 0x56, 0x67, 0x51, 0x75, 0x6C, 0x48, 0x69, 0x6F, 0x44, 0x36, 0x55, 0x67, + 0x59, 0x38, 0x78, 0x41, 0x32, 0x61, 0x34, 0x4D, 0x31, 0x72, 0x68, 0x59, + 0x75, 0x54, 0x56, 0x38, 0x42, 0x72, 0x50, 0x52, 0x5A, 0x34, 0x42, 0x46, + 0x78, 0x32, 0x6F, 0x30, 0x6A, 0x59, 0x57, 0x76, 0x47, 0x62, 0x41, 0x2F, + 0x48, 0x6C, 0x70, 0x37, 0x66, 0x54, 0x4F, 0x79, 0x2B, 0x0A, 0x46, 0x35, + 0x4F, 0x6B, 0x69, 0x48, 0x53, 0x37, 0x41, 0x67, 0x4D, 0x42, 0x41, 0x41, + 0x45, 0x43, 0x67, 0x67, 0x45, 0x41, 0x59, 0x67, 0x43, 0x75, 0x38, 0x31, + 0x5A, 0x69, 0x51, 0x42, 0x56, 0x44, 0x76, 0x57, 0x69, 0x44, 0x47, 0x4B, + 0x72, 0x2B, 0x31, 0x70, 0x49, 0x66, 0x32, 0x43, 0x78, 0x70, 0x72, 0x47, + 0x4A, 0x45, 0x6D, 0x31, 0x68, 0x38, 0x36, 0x5A, 0x63, 0x45, 0x78, 0x33, + 0x4C, 0x37, 0x0A, 0x71, 0x46, 0x44, 0x57, 0x2B, 0x67, 0x38, 0x48, 0x47, + 0x57, 0x64, 0x30, 0x34, 0x53, 0x33, 0x71, 0x76, 0x68, 0x39, 0x4C, 0x75, + 0x62, 0x6C, 0x41, 0x4A, 0x7A, 0x65, 0x74, 0x41, 0x50, 0x78, 0x52, 0x58, + 0x4C, 0x39, 0x7A, 0x78, 0x33, 0x50, 0x58, 0x6A, 0x4A, 0x5A, 0x73, 0x37, + 0x65, 0x33, 0x48, 0x4C, 0x45, 0x75, 0x6E, 0x79, 0x33, 0x54, 0x61, 0x57, + 0x65, 0x7A, 0x30, 0x58, 0x49, 0x30, 0x4F, 0x0A, 0x34, 0x4C, 0x53, 0x59, + 0x38, 0x53, 0x38, 0x64, 0x36, 0x70, 0x56, 0x42, 0x50, 0x6D, 0x55, 0x45, + 0x74, 0x77, 0x47, 0x57, 0x4E, 0x34, 0x76, 0x59, 0x71, 0x48, 0x6E, 0x4B, + 0x4C, 0x58, 0x4F, 0x62, 0x34, 0x51, 0x51, 0x41, 0x58, 0x73, 0x34, 0x4D, + 0x7A, 0x66, 0x6B, 0x4D, 0x2F, 0x4D, 0x65, 0x2F, 0x62, 0x2B, 0x7A, 0x64, + 0x75, 0x31, 0x75, 0x6D, 0x77, 0x6A, 0x4D, 0x6C, 0x33, 0x44, 0x75, 0x64, + 0x0A, 0x35, 0x72, 0x56, 0x68, 0x6B, 0x67, 0x76, 0x74, 0x38, 0x75, 0x68, + 0x44, 0x55, 0x47, 0x33, 0x58, 0x53, 0x48, 0x65, 0x6F, 0x4A, 0x59, 0x42, + 0x4D, 0x62, 0x54, 0x39, 0x69, 0x6B, 0x4A, 0x44, 0x56, 0x4D, 0x4A, 0x35, + 0x31, 0x72, 0x72, 0x65, 0x2F, 0x31, 0x52, 0x69, 0x64, 0x64, 0x67, 0x78, + 0x70, 0x38, 0x53, 0x6B, 0x74, 0x56, 0x6B, 0x76, 0x47, 0x6D, 0x4D, 0x6C, + 0x39, 0x6B, 0x51, 0x52, 0x38, 0x0A, 0x38, 0x64, 0x76, 0x33, 0x50, 0x78, + 0x2F, 0x6B, 0x54, 0x4E, 0x39, 0x34, 0x45, 0x75, 0x52, 0x67, 0x30, 0x43, + 0x6B, 0x58, 0x42, 0x68, 0x48, 0x70, 0x6F, 0x47, 0x6F, 0x34, 0x71, 0x6E, + 0x4D, 0x33, 0x51, 0x33, 0x42, 0x35, 0x50, 0x6C, 0x6D, 0x53, 0x4B, 0x35, + 0x67, 0x6B, 0x75, 0x50, 0x76, 0x57, 0x79, 0x39, 0x6C, 0x38, 0x4C, 0x2F, + 0x54, 0x56, 0x74, 0x38, 0x4C, 0x62, 0x36, 0x2F, 0x7A, 0x4C, 0x0A, 0x42, + 0x79, 0x51, 0x57, 0x2B, 0x67, 0x30, 0x32, 0x77, 0x78, 0x65, 0x4E, 0x47, + 0x68, 0x77, 0x31, 0x66, 0x6B, 0x44, 0x2B, 0x58, 0x46, 0x48, 0x37, 0x4B, + 0x6B, 0x53, 0x65, 0x57, 0x6C, 0x2B, 0x51, 0x6E, 0x72, 0x4C, 0x63, 0x65, + 0x50, 0x4D, 0x30, 0x68, 0x51, 0x4B, 0x42, 0x67, 0x51, 0x44, 0x78, 0x6F, + 0x71, 0x55, 0x6B, 0x30, 0x50, 0x4C, 0x4F, 0x59, 0x35, 0x57, 0x67, 0x4F, + 0x6B, 0x67, 0x72, 0x0A, 0x75, 0x6D, 0x67, 0x69, 0x65, 0x2F, 0x4B, 0x31, + 0x57, 0x4B, 0x73, 0x2B, 0x69, 0x7A, 0x54, 0x74, 0x41, 0x70, 0x6A, 0x7A, + 0x63, 0x4D, 0x37, 0x36, 0x73, 0x7A, 0x61, 0x36, 0x33, 0x62, 0x35, 0x52, + 0x39, 0x77, 0x2B, 0x50, 0x2B, 0x4E, 0x73, 0x73, 0x4D, 0x56, 0x34, 0x61, + 0x65, 0x56, 0x39, 0x65, 0x70, 0x45, 0x47, 0x5A, 0x4F, 0x36, 0x38, 0x49, + 0x55, 0x6D, 0x69, 0x30, 0x51, 0x6A, 0x76, 0x51, 0x0A, 0x6E, 0x70, 0x6C, + 0x75, 0x51, 0x6F, 0x61, 0x64, 0x46, 0x59, 0x77, 0x65, 0x46, 0x77, 0x53, + 0x51, 0x31, 0x31, 0x42, 0x58, 0x48, 0x6F, 0x65, 0x51, 0x42, 0x41, 0x34, + 0x6E, 0x4E, 0x70, 0x6B, 0x72, 0x56, 0x35, 0x38, 0x68, 0x67, 0x7A, 0x5A, + 0x4E, 0x33, 0x6D, 0x39, 0x4A, 0x4C, 0x52, 0x37, 0x4A, 0x78, 0x79, 0x72, + 0x49, 0x71, 0x58, 0x73, 0x52, 0x6E, 0x55, 0x7A, 0x6C, 0x31, 0x33, 0x4B, + 0x6A, 0x0A, 0x47, 0x7A, 0x5A, 0x42, 0x43, 0x4A, 0x78, 0x43, 0x70, 0x4A, + 0x6A, 0x66, 0x54, 0x7A, 0x65, 0x2F, 0x79, 0x6D, 0x65, 0x38, 0x64, 0x33, + 0x70, 0x61, 0x35, 0x51, 0x4B, 0x42, 0x67, 0x51, 0x44, 0x51, 0x50, 0x35, + 0x6D, 0x42, 0x34, 0x6A, 0x49, 0x2B, 0x67, 0x33, 0x58, 0x48, 0x33, 0x4D, + 0x75, 0x4C, 0x79, 0x42, 0x6A, 0x4D, 0x6F, 0x54, 0x49, 0x76, 0x6F, 0x79, + 0x37, 0x43, 0x59, 0x4D, 0x68, 0x5A, 0x0A, 0x36, 0x2F, 0x2B, 0x4B, 0x6B, + 0x70, 0x77, 0x31, 0x33, 0x32, 0x4A, 0x31, 0x36, 0x6D, 0x71, 0x6B, 0x4C, + 0x72, 0x77, 0x55, 0x4F, 0x5A, 0x66, 0x54, 0x30, 0x65, 0x31, 0x72, 0x4A, + 0x42, 0x73, 0x43, 0x55, 0x6B, 0x45, 0x6F, 0x42, 0x6D, 0x67, 0x4B, 0x4E, + 0x74, 0x52, 0x6B, 0x48, 0x6F, 0x33, 0x2F, 0x53, 0x6A, 0x55, 0x49, 0x2F, + 0x39, 0x66, 0x48, 0x6A, 0x33, 0x75, 0x53, 0x74, 0x50, 0x48, 0x56, 0x0A, + 0x6F, 0x50, 0x63, 0x66, 0x58, 0x6A, 0x2F, 0x67, 0x46, 0x52, 0x55, 0x6B, + 0x44, 0x44, 0x7A, 0x59, 0x2B, 0x61, 0x75, 0x42, 0x33, 0x64, 0x48, 0x4F, + 0x4E, 0x46, 0x31, 0x55, 0x31, 0x7A, 0x30, 0x36, 0x45, 0x41, 0x4E, 0x6B, + 0x6B, 0x50, 0x43, 0x43, 0x33, 0x61, 0x35, 0x33, 0x38, 0x55, 0x41, 0x4E, + 0x42, 0x49, 0x61, 0x50, 0x6A, 0x77, 0x70, 0x52, 0x64, 0x42, 0x7A, 0x4E, + 0x77, 0x31, 0x78, 0x6C, 0x0A, 0x62, 0x76, 0x6E, 0x35, 0x61, 0x43, 0x74, + 0x33, 0x48, 0x77, 0x4B, 0x42, 0x67, 0x42, 0x66, 0x4F, 0x6C, 0x34, 0x6A, + 0x47, 0x45, 0x58, 0x59, 0x6D, 0x4E, 0x36, 0x4B, 0x2B, 0x75, 0x30, 0x65, + 0x62, 0x71, 0x52, 0x44, 0x6B, 0x74, 0x32, 0x67, 0x49, 0x6F, 0x57, 0x36, + 0x62, 0x46, 0x6F, 0x37, 0x58, 0x64, 0x36, 0x78, 0x63, 0x69, 0x2F, 0x67, + 0x46, 0x57, 0x6A, 0x6F, 0x56, 0x43, 0x4F, 0x42, 0x59, 0x0A, 0x67, 0x43, + 0x38, 0x47, 0x4C, 0x4D, 0x6E, 0x77, 0x33, 0x7A, 0x32, 0x71, 0x67, 0x61, + 0x76, 0x34, 0x63, 0x51, 0x49, 0x67, 0x38, 0x45, 0x44, 0x59, 0x70, 0x62, + 0x70, 0x45, 0x34, 0x46, 0x48, 0x51, 0x6E, 0x6E, 0x74, 0x50, 0x6B, 0x4B, + 0x57, 0x2F, 0x62, 0x72, 0x75, 0x30, 0x4E, 0x74, 0x33, 0x79, 0x61, 0x4E, + 0x62, 0x38, 0x69, 0x67, 0x79, 0x31, 0x61, 0x5A, 0x4F, 0x52, 0x66, 0x49, + 0x76, 0x5A, 0x0A, 0x71, 0x54, 0x4D, 0x4C, 0x45, 0x33, 0x6D, 0x65, 0x6C, + 0x63, 0x5A, 0x57, 0x37, 0x4C, 0x61, 0x69, 0x71, 0x65, 0x4E, 0x31, 0x56, + 0x30, 0x76, 0x48, 0x2F, 0x4D, 0x43, 0x55, 0x64, 0x70, 0x58, 0x39, 0x59, + 0x31, 0x34, 0x4B, 0x39, 0x43, 0x4A, 0x59, 0x78, 0x7A, 0x73, 0x52, 0x4F, + 0x67, 0x50, 0x71, 0x64, 0x45, 0x67, 0x4D, 0x57, 0x59, 0x44, 0x46, 0x41, + 0x6F, 0x47, 0x41, 0x41, 0x65, 0x39, 0x6C, 0x0A, 0x58, 0x4D, 0x69, 0x65, + 0x55, 0x4F, 0x68, 0x6C, 0x30, 0x73, 0x71, 0x68, 0x64, 0x5A, 0x59, 0x52, + 0x62, 0x4F, 0x31, 0x65, 0x69, 0x77, 0x54, 0x49, 0x4C, 0x58, 0x51, 0x36, + 0x79, 0x47, 0x4D, 0x69, 0x42, 0x38, 0x61, 0x65, 0x2F, 0x76, 0x30, 0x70, + 0x62, 0x42, 0x45, 0x57, 0x6C, 0x70, 0x6E, 0x38, 0x6B, 0x32, 0x2B, 0x4A, + 0x6B, 0x71, 0x56, 0x54, 0x77, 0x48, 0x67, 0x67, 0x62, 0x43, 0x41, 0x5A, + 0x0A, 0x6A, 0x4F, 0x61, 0x71, 0x56, 0x74, 0x58, 0x31, 0x6D, 0x55, 0x79, + 0x54, 0x59, 0x7A, 0x6A, 0x73, 0x54, 0x7A, 0x34, 0x5A, 0x59, 0x6A, 0x68, + 0x61, 0x48, 0x4A, 0x33, 0x6A, 0x31, 0x57, 0x6C, 0x65, 0x67, 0x6F, 0x4D, + 0x63, 0x73, 0x74, 0x64, 0x66, 0x54, 0x2B, 0x74, 0x78, 0x4D, 0x55, 0x37, + 0x34, 0x6F, 0x67, 0x64, 0x4F, 0x71, 0x4D, 0x7A, 0x68, 0x78, 0x53, 0x55, + 0x4F, 0x34, 0x35, 0x67, 0x38, 0x0A, 0x66, 0x39, 0x57, 0x38, 0x39, 0x6D, + 0x70, 0x61, 0x38, 0x62, 0x42, 0x6A, 0x4F, 0x50, 0x75, 0x2B, 0x79, 0x46, + 0x79, 0x36, 0x36, 0x74, 0x44, 0x61, 0x5A, 0x36, 0x73, 0x57, 0x45, 0x37, + 0x63, 0x35, 0x53, 0x58, 0x45, 0x48, 0x58, 0x6C, 0x38, 0x43, 0x67, 0x59, + 0x45, 0x41, 0x74, 0x41, 0x57, 0x77, 0x46, 0x50, 0x6F, 0x44, 0x53, 0x54, + 0x64, 0x7A, 0x6F, 0x58, 0x41, 0x77, 0x52, 0x6F, 0x66, 0x30, 0x0A, 0x51, + 0x4D, 0x4F, 0x30, 0x38, 0x2B, 0x50, 0x6E, 0x51, 0x47, 0x6F, 0x50, 0x62, + 0x4D, 0x4A, 0x54, 0x71, 0x72, 0x67, 0x78, 0x72, 0x48, 0x59, 0x43, 0x53, + 0x38, 0x75, 0x34, 0x63, 0x59, 0x53, 0x48, 0x64, 0x44, 0x4D, 0x4A, 0x44, + 0x43, 0x4F, 0x4D, 0x6F, 0x35, 0x67, 0x46, 0x58, 0x79, 0x43, 0x2B, 0x35, + 0x46, 0x66, 0x54, 0x69, 0x47, 0x77, 0x42, 0x68, 0x79, 0x35, 0x38, 0x7A, + 0x35, 0x62, 0x37, 0x0A, 0x67, 0x42, 0x77, 0x46, 0x4B, 0x49, 0x39, 0x52, + 0x67, 0x52, 0x66, 0x56, 0x31, 0x44, 0x2F, 0x4E, 0x69, 0x6D, 0x78, 0x50, + 0x72, 0x6C, 0x6A, 0x33, 0x57, 0x48, 0x79, 0x65, 0x63, 0x31, 0x2F, 0x43, + 0x73, 0x2B, 0x42, 0x72, 0x2B, 0x2F, 0x76, 0x65, 0x6B, 0x4D, 0x56, 0x46, + 0x67, 0x35, 0x67, 0x65, 0x6B, 0x65, 0x48, 0x72, 0x34, 0x61, 0x47, 0x53, + 0x46, 0x34, 0x62, 0x6B, 0x30, 0x41, 0x6A, 0x56, 0x0A, 0x54, 0x76, 0x2F, + 0x70, 0x51, 0x6A, 0x79, 0x52, 0x75, 0x5A, 0x41, 0x74, 0x36, 0x36, 0x49, + 0x62, 0x52, 0x5A, 0x64, 0x6C, 0x32, 0x49, 0x49, 0x3D, 0x0A, 0x2D, 0x2D, + 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D + }; + /* + * PEM of pem_rsa_priv_key: + * -----BEGIN PRIVATE KEY----- + * MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEkC4ZWv3ucFbU + * F8YwlUrmQlLCZwAgr4DPUAFVHl+wFcXypVgScVY4K7QmdWKsYqb8tpOxqw0NwZWX + * O+ta4+y27COufoOhRTMwNyN2LwSNTPN3eEk4ee5QnppEyDrqoCgvTlAAdToFaXvj + * x13Ybj7jfhwN74qKdqsSEtPWyggeotiQSPy6KyBIuWtIxPAA8jAvfAnQj1eXhghF + * N2NxkqgxvBYdNy1m3+jXACPLRzc11ZbNHKiwhCY1/HiSBkwHlIK+/VLj2smCKdUQ + * gvLXSnnVgQulHioD6UgY8xA2a4M1rhYuTV8BrPRZ4BFx2o0jYWvGbA/Hlp7fTOy+ + * F5OkiHS7AgMBAAECggEAYgCu81ZiQBVDvWiDGKr+1pIf2CxprGJEm1h86ZcEx3L7 + * qFDW+g8HGWd04S3qvh9LublAJzetAPxRXL9zx3PXjJZs7e3HLEuny3TaWez0XI0O + * 4LSY8S8d6pVBPmUEtwGWN4vYqHnKLXOb4QQAXs4MzfkM/Me/b+zdu1umwjMl3Dud + * 5rVhkgvt8uhDUG3XSHeoJYBMbT9ikJDVMJ51rre/1Riddgxp8SktVkvGmMl9kQR8 + * 8dv3Px/kTN94EuRg0CkXBhHpoGo4qnM3Q3B5PlmSK5gkuPvWy9l8L/TVt8Lb6/zL + * ByQW+g02wxeNGhw1fkD+XFH7KkSeWl+QnrLcePM0hQKBgQDxoqUk0PLOY5WgOkgr + * umgie/K1WKs+izTtApjzcM76sza63b5R9w+P+NssMV4aeV9epEGZO68IUmi0QjvQ + * npluQoadFYweFwSQ11BXHoeQBA4nNpkrV58hgzZN3m9JLR7JxyrIqXsRnUzl13Kj + * GzZBCJxCpJjfTze/yme8d3pa5QKBgQDQP5mB4jI+g3XH3MuLyBjMoTIvoy7CYMhZ + * 6/+Kkpw132J16mqkLrwUOZfT0e1rJBsCUkEoBmgKNtRkHo3/SjUI/9fHj3uStPHV + * oPcfXj/gFRUkDDzY+auB3dHONF1U1z06EANkkPCC3a538UANBIaPjwpRdBzNw1xl + * bvn5aCt3HwKBgBfOl4jGEXYmN6K+u0ebqRDkt2gIoW6bFo7Xd6xci/gFWjoVCOBY + * gC8GLMnw3z2qgav4cQIg8EDYpbpE4FHQnntPkKW/bru0Nt3yaNb8igy1aZORfIvZ + * qTMLE3melcZW7LaiqeN1V0vH/MCUdpX9Y14K9CJYxzsROgPqdEgMWYDFAoGAAe9l + * XMieUOhl0sqhdZYRbO1eiwTILXQ6yGMiB8ae/v0pbBEWlpn8k2+JkqVTwHggbCAZ + * jOaqVtX1mUyTYzjsTz4ZYjhaHJ3j1WlegoMcstdfT+txMU74ogdOqMzhxSUO45g8 + * f9W89mpa8bBjOPu+yFy66tDaZ6sWE7c5SXEHXl8CgYEAtAWwFPoDSTdzoXAwRof0 + * QMO08+PnQGoPbMJTqrgxrHYCS8u4cYSHdDMJDCOMo5gFXyC+5FfTiGwBhy58z5b7 + * gBwFKI9RgRfV1D/NimxPrlj3WHyec1/Cs+Br+/vekMVFg5gekeHr4aGSF4bk0AjV + * Tv/pQjyRuZAt66IbRZdl2II= + * -----END PRIVATE KEY----- + */ + + /* Load private key BIO, DER-encoded public key and PKCS#8 private key for testing */ + if (!TEST_ptr(bio_priv = BIO_new(BIO_s_mem())) + || !TEST_int_gt(BIO_write(bio_priv, pem_rsa_priv_key, sizeof(pem_rsa_priv_key)), 0) + || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(bio_priv, NULL, NULL, NULL, NULL, NULL)) + || !TEST_int_ge(BIO_seek(bio_priv, 0), 0) + || !TEST_int_gt((len_pub = i2d_PUBKEY(pkey, &encoded_pub)), 0) + || !TEST_ptr(p8 = EVP_PKEY2PKCS8(pkey))) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + for (i = 0; i < OSSL_NELEM(properties_test); i++) { + const char *libctx_prop = properties_test[i].provider_props; + const char *explicit_prop = properties_test[i].explicit_props; + /* *curr_provider will be updated in reset_ctx_providers */ + OSSL_PROVIDER **curr_provider = &providers[properties_test[i].curr_provider_idx]; + + /* + * Decoding a PEM-encoded key uses the properties to select the right provider. + * Using a PEM-encoding adds an extra decoder before the key is created. + */ + if (!TEST_int_eq(reset_ctx_providers(&my_libctx, providers, libctx_prop), 1)) + goto end; + if (!TEST_int_ge(BIO_seek(bio_priv, 0), 0) + || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(bio_priv, NULL, NULL, NULL, my_libctx, + explicit_prop)) + || !TEST_ptr_eq(EVP_PKEY_get0_provider(pkey), *curr_provider)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Decoding a DER-encoded X509_PUBKEY uses the properties to select the right provider */ + if (!TEST_int_eq(reset_ctx_providers(&my_libctx, providers, libctx_prop), 1)) + goto end; + p = encoded_pub; + if (!TEST_ptr(pkey = d2i_PUBKEY_ex(NULL, &p, len_pub, my_libctx, explicit_prop)) + || !TEST_ptr_eq(EVP_PKEY_get0_provider(pkey), *curr_provider)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Decoding a PKCS8_PRIV_KEY_INFO uses the properties to select the right provider */ + if (!TEST_int_eq(reset_ctx_providers(&my_libctx, providers, libctx_prop), 1)) + goto end; + if (!TEST_ptr(pkey = EVP_PKCS82PKEY_ex(p8, my_libctx, explicit_prop)) + || !TEST_ptr_eq(EVP_PKEY_get0_provider(pkey), *curr_provider)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + } + + ret = 1; + +end: + PKCS8_PRIV_KEY_INFO_free(p8); + BIO_free(bio_priv); + OPENSSL_free(encoded_pub); + EVP_PKEY_free(pkey); + OSSL_PROVIDER_unload(providers[DEFAULT_PROVIDER_IDX]); + fake_rsa_finish(providers[FAKE_RSA_PROVIDER_IDX]); + OSSL_LIB_CTX_free(my_libctx); + return ret; +} + int setup_tests(void) { libctx = OSSL_LIB_CTX_new(); @@ -436,6 +722,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_pkey_store, 2); ADD_TEST(test_pkey_delete); ADD_TEST(test_pkey_store_open_ex); + ADD_TEST(test_pkey_provider_decoder_props); return 1; } diff --git a/crypto/openssl/test/quic-openssl-docker/hq-interop/quic-hq-interop.c b/crypto/openssl/test/quic-openssl-docker/hq-interop/quic-hq-interop.c index 14375d178a77..80b93c68c91e 100644 --- a/crypto/openssl/test/quic-openssl-docker/hq-interop/quic-hq-interop.c +++ b/crypto/openssl/test/quic-openssl-docker/hq-interop/quic-hq-interop.c @@ -906,8 +906,6 @@ int main(int argc, char *argv[]) goto end; } } - BIO_free(req_bio); - req_bio = NULL; reqnames[read_offset + 1] = '\0'; if (!setup_connection(hostname, port, &ctx, &ssl)) { @@ -1037,6 +1035,7 @@ int main(int argc, char *argv[]) */ BIO_ADDR_free(peer_addr); OPENSSL_free(reqnames); + BIO_free(req_bio); BIO_free(session_bio); for (poll_idx = 0; poll_idx < poll_count; poll_idx++) { BIO_free(outbiolist[poll_idx]); diff --git a/crypto/openssl/test/quic_ackm_test.c b/crypto/openssl/test/quic_ackm_test.c index 0f26e9d38a0e..7b42fa5410fa 100644 --- a/crypto/openssl/test/quic_ackm_test.c +++ b/crypto/openssl/test/quic_ackm_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -104,7 +104,8 @@ static int helper_init(struct helper *h, size_t num_pkts) /* Initialise ACK manager. */ h->ackm = ossl_ackm_new(fake_now, NULL, &h->statm, - &ossl_cc_dummy_method, h->ccdata); + &ossl_cc_dummy_method, h->ccdata, + /* is_server */0); if (!TEST_ptr(h->ackm)) goto err; diff --git a/crypto/openssl/test/quic_fifd_test.c b/crypto/openssl/test/quic_fifd_test.c index cfa5a77745b7..7f93ca40d924 100644 --- a/crypto/openssl/test/quic_fifd_test.c +++ b/crypto/openssl/test/quic_fifd_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -329,7 +329,8 @@ static int test_fifd(int idx) || !TEST_ptr(info.ackm = ossl_ackm_new(fake_now, NULL, &info.statm, &ossl_cc_dummy_method, - info.ccdata)) + info.ccdata, + /* is_server */0)) || !TEST_true(ossl_ackm_on_handshake_confirmed(info.ackm)) || !TEST_ptr(info.cfq = ossl_quic_cfq_new()) || !TEST_ptr(info.txpim = ossl_quic_txpim_new()) diff --git a/crypto/openssl/test/quic_txp_test.c b/crypto/openssl/test/quic_txp_test.c index 329953a3bd75..bf576c31f2d5 100644 --- a/crypto/openssl/test/quic_txp_test.c +++ b/crypto/openssl/test/quic_txp_test.c @@ -182,7 +182,8 @@ static int helper_init(struct helper *h) if (!TEST_ptr(h->args.ackm = ossl_ackm_new(fake_now, NULL, &h->statm, h->cc_method, - h->cc_data))) + h->cc_data, + /* is_server */0))) goto err; if (!TEST_true(ossl_quic_stream_map_init(&h->qsm, NULL, NULL, diff --git a/crypto/openssl/test/quicapitest.c b/crypto/openssl/test/quicapitest.c index b98a94055301..f665c511bb72 100644 --- a/crypto/openssl/test/quicapitest.c +++ b/crypto/openssl/test/quicapitest.c @@ -2863,6 +2863,62 @@ static int test_ssl_set_verify(void) return testresult; } +/* + * When the server has a different primary group than the client, the server + * should not fail on the client hello retry. + */ +static int test_client_hello_retry(void) +{ +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECX) + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL; + int testresult = 0, i = 0, ret = 0; + + if (!TEST_ptr(sctx = create_server_ctx()) + || !TEST_ptr(cctx = create_client_ctx())) + goto err; + /* + * set the specific groups for the test + */ + if (!TEST_true(SSL_CTX_set1_groups_list(cctx, "secp384r1:secp256r1"))) + goto err; + if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "secp256r1"))) + goto err; + + if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl)) + goto err; + + /* Send ClientHello and server retry */ + for (i = 0; i < 2; i++) { + ret = SSL_connect(clientssl); + if (!TEST_int_le(ret, 0) + || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ)) + goto err; + SSL_handle_events(qlistener); + } + + /* We expect a server SSL object which has not yet completed its handshake */ + serverssl = SSL_accept_connection(qlistener, 0); + + /* Call SSL_accept() and SSL_connect() until we are connected */ + if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE, 0, 0))) + goto err; + + testresult = 1; + +err: + SSL_CTX_free(cctx); + SSL_CTX_free(sctx); + SSL_free(clientssl); + SSL_free(serverssl); + SSL_free(qlistener); + + return testresult; +#else + return TEST_skip("EC(X) keys are not supported in this build"); +#endif +} /***********************************************************************************/ OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n") @@ -2964,6 +3020,7 @@ int setup_tests(void) ADD_TEST(test_server_method_with_ssl_new); ADD_TEST(test_ssl_accept_connection); ADD_TEST(test_ssl_set_verify); + ADD_TEST(test_client_hello_retry); return 1; err: cleanup_tests(); diff --git a/crypto/openssl/test/radix/quic_bindings.c b/crypto/openssl/test/radix/quic_bindings.c index 49b8e28ef69a..c33a5bb9236d 100644 --- a/crypto/openssl/test/radix/quic_bindings.c +++ b/crypto/openssl/test/radix/quic_bindings.c @@ -799,9 +799,9 @@ DEF_FUNC(hf_spawn_thread) if (!TEST_ptr(child_rt->debug_bio = BIO_new(BIO_s_mem()))) goto err; - ossl_crypto_mutex_lock(child_rt->m); - child_rt->child_script_info = script_info; + + ossl_crypto_mutex_lock(child_rt->m); if (!TEST_ptr(child_rt->t = ossl_crypto_thread_native_start(RADIX_THREAD_worker_main, child_rt, 1))) { ossl_crypto_mutex_unlock(child_rt->m); diff --git a/crypto/openssl/test/recipes/15-test_ec.t b/crypto/openssl/test/recipes/15-test_ec.t index c953fad9f1ec..9bf946e81b4b 100644 --- a/crypto/openssl/test/recipes/15-test_ec.t +++ b/crypto/openssl/test/recipes/15-test_ec.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ setup("test_ec"); plan skip_all => 'EC is not supported in this build' if disabled('ec'); -plan tests => 15; +plan tests => 16; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -33,6 +33,16 @@ subtest 'EC conversions -- private key' => sub { tconversion( -type => 'ec', -prefix => 'ec-priv', -in => srctop_file("test","testec-p256.pem") ); }; + +SKIP: { + skip "SM2 is not supported by this OpenSSL build", 1 + if disabled("sm2"); + subtest 'EC conversions -- private key' => sub { + tconversion( -type => 'ec', -prefix => 'sm2-priv', + -in => srctop_file("test","testec-sm2.pem") ); + }; +} + subtest 'EC conversions -- private key PKCS#8' => sub { tconversion( -type => 'ec', -prefix => 'ec-pkcs8', -in => srctop_file("test","testec-p256.pem"), diff --git a/crypto/openssl/test/recipes/20-test_cli_list.t b/crypto/openssl/test/recipes/20-test_cli_list.t new file mode 100644 index 000000000000..a039b20978e4 --- /dev/null +++ b/crypto/openssl/test/recipes/20-test_cli_list.t @@ -0,0 +1,25 @@ +#! /usr/bin/env perl +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file bldtop_dir with/; +use OpenSSL::Test::Utils; + +setup("test_cli_list"); + +plan tests => 2; + +ok(run(app(["openssl", "list", "-skey-managers"], + stdout => "listout.txt")), +"List skey managers - default configuration"); +open DATA, "listout.txt"; +my @match = grep /secret key/, <DATA>; +close DATA; +ok(scalar @match > 1 ? 1 : 0, "Several skey managers are listed - default configuration"); diff --git a/crypto/openssl/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/crypto/openssl/test/recipes/30-test_evp_data/evppkey_ecdsa.txt index 54b143beada4..07dc4b429819 100644 --- a/crypto/openssl/test/recipes/30-test_evp_data/evppkey_ecdsa.txt +++ b/crypto/openssl/test/recipes/30-test_evp_data/evppkey_ecdsa.txt @@ -1,5 +1,5 @@ # -# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -261,6 +261,15 @@ Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Result = KEYOP_MISMATCH +FIPSversion = >=3.6.0 +Sign = P-256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = digest-check:0 +Ctrl = digest:SHA512-224 +Input = "0123456789ABCDEF1234" +Result = KEYOP_ERROR + Title = XOF disallowed DigestVerify = SHAKE256 diff --git a/crypto/openssl/test/recipes/80-test_cms.t b/crypto/openssl/test/recipes/80-test_cms.t index 5c967c581835..4031dbec77f5 100644 --- a/crypto/openssl/test/recipes/80-test_cms.t +++ b/crypto/openssl/test/recipes/80-test_cms.t @@ -89,6 +89,15 @@ my @smime_pkcs7_tests = ( \&final_compare ], + [ "signed text content DER format, RSA key", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-certfile", $smroot, "-signer", $smrsa1, "-text", + "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", + "-text", "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], + [ "signed detached content DER format, RSA key", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -222,6 +231,14 @@ my @smime_pkcs7_tests = ( \&final_compare ], + [ "enveloped text content streaming S/MIME format, DES, 1 recipient", + [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, + "-stream", "-text", "-out", "{output}.cms", $smrsa1 ], + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1, + "-in", "{output}.cms", "-text", "-out", "{output}.txt" ], + \&final_compare + ], + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", diff --git a/crypto/openssl/test/recipes/90-test_store_cases.t b/crypto/openssl/test/recipes/90-test_store_cases.t index 05b00e6b4eb1..5915a1b76a53 100644 --- a/crypto/openssl/test/recipes/90-test_store_cases.t +++ b/crypto/openssl/test/recipes/90-test_store_cases.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,9 +18,10 @@ use OpenSSL::Test::Utils; my $test_name = "test_store_cases"; setup($test_name); -plan tests => 2; +plan tests => 3; my $stderr; +my @stdout; # The case of the garbage PKCS#12 DER file where a passphrase was # prompted for. That should not have happened. @@ -34,3 +35,24 @@ open DATA, $stderr; close DATA; ok(scalar @match > 0 ? 0 : 1, "checking that storeutl didn't ask for a passphrase"); + + SKIP: { + skip "The objects in test-BER.p12 contain EC keys, which is disabled in this build", 1 + if disabled("ec"); + skip "test-BER.p12 has contents encrypted with DES-EDE3-CBC, which is disabled in this build", 1 + if disabled("des"); + + # The case with a BER-encoded PKCS#12 file, using infinite + EOC + # constructs. There was a bug with those in OpenSSL 3.0 and newer, + # where OSSL_STORE_load() (and by consequence, 'openssl storeutl') + # only extracted the first available object from that file and + # ignored the rest. + # Our test file has a total of four objects, and this should be + # reflected in the total that 'openssl storeutl' outputs + @stdout = run(app(['openssl', 'storeutl', '-passin', 'pass:12345', + data_file('test-BER.p12')]), + capture => 1); + @stdout = map { my $x = $_; $x =~ s/\R$//; $x } @stdout; # Better chomp + ok((grep { $_ eq 'Total found: 4' } @stdout), + "Checking that 'openssl storeutl' with test-BER.p12 returns 4 objects"); +} diff --git a/crypto/openssl/test/recipes/90-test_store_cases_data/test-BER.p12 b/crypto/openssl/test/recipes/90-test_store_cases_data/test-BER.p12 Binary files differnew file mode 100644 index 000000000000..256e697bac1a --- /dev/null +++ b/crypto/openssl/test/recipes/90-test_store_cases_data/test-BER.p12 diff --git a/crypto/openssl/test/recipes/90-test_threads_data/store/8489a545.0 b/crypto/openssl/test/recipes/90-test_threads_data/store/8489a545.0 new file mode 100644 index 000000000000..7fd65dfe924b --- /dev/null +++ b/crypto/openssl/test/recipes/90-test_threads_data/store/8489a545.0 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTIwMTIxMjIwMTEzN1oYDzIxMjAxMjEzMjAxMTM3WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo3UwczAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB +BjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3o1IwHwYDVR0jBBgwFoAUjvUl +rx6ba4Q9fICayVOcTXL3o1IwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN +AQELBQADggEBABWUjaqtkdRDhVAJZTxkJVgohjRrBwp86Y0JZWdCDua/sErmEaGu +nQVxWWFWIgu6sb8tyQo3/7dBIQl3Rpij9bsgKhToO1OzoG3Oi3d0+zRDHfY6xNrj +TUE00FeLHGNWsgZSIvu99DrGApT/+uPdWfJgMu5szillqW+4hcCUPLjG9ekVNt1s +KhdEklo6PrP6eMbm6s22EIVUxqGE6xxAmrvyhlY1zJH9BJ23Ps+xabjG6OeMRZzT +0F/fU7XIFieSO7rqUcjgo1eYc3ghsDxNUJ6TPBgv5z4SPnstoOBj59rjpJ7Qkpyd +L17VfEadezat37Cpeha7vGDduCsyMfN4kiw= +-----END CERTIFICATE----- diff --git a/crypto/openssl/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh b/crypto/openssl/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh new file mode 100755 index 000000000000..716172f029d3 --- /dev/null +++ b/crypto/openssl/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +# Test openssl CA functionality using oqsprovider for alg $1 + +if [ $# -ne 1 ]; then + echo "Usage: $0 <algorithmname>. Exiting." + exit 1 +fi + +if [ -z "$OPENSSL_APP" ]; then + echo "OPENSSL_APP env var not set. Exiting." + exit 1 +fi + +if [ -z "$OPENSSL_MODULES" ]; then + echo "Warning: OPENSSL_MODULES env var not set." +fi + +if [ -z "$OPENSSL_CONF" ]; then + echo "Warning: OPENSSL_CONF env var not set." +fi + +# Set OSX DYLD_LIBRARY_PATH if not already externally set +if [ -z "$DYLD_LIBRARY_PATH" ]; then + export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH +fi + +echo "oqsprovider-ca.sh commencing..." + +#rm -rf tmp +mkdir -p tmp && cd tmp +rm -rf demoCA && mkdir -p demoCA/newcerts +touch demoCA/index.txt +echo '01' > demoCA/serial +$OPENSSL_APP req -x509 -new -newkey $1 -keyout $1_rootCA.key -out $1_rootCA.crt -subj "/CN=test CA" -nodes + +if [ $? -ne 0 ]; then + echo "Failed to generate root CA. Exiting." + exit 1 +fi + +$OPENSSL_APP req -new -newkey $1 -keyout $1.key -out $1.csr -nodes -subj "/CN=test Server" + +if [ $? -ne 0 ]; then + echo "Failed to generate test server CSR. Exiting." + exit 1 +fi + +$OPENSSL_APP ca -batch -days 100 -keyfile $1_rootCA.key -cert $1_rootCA.crt -policy policy_anything -notext -out $1.crt -infiles $1.csr + +if [ $? -ne 0 ]; then + echo "Failed to generate server CRT. Exiting." + exit 1 +fi + +# Don't forget to use provider(s) when not activated via config file +$OPENSSL_APP verify -CAfile $1_rootCA.crt $1.crt + diff --git a/crypto/openssl/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh b/crypto/openssl/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh index a03c3722fc43..18e0391d520f 100755 --- a/crypto/openssl/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh +++ b/crypto/openssl/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh @@ -70,5 +70,7 @@ export OPENSSL_APP="$O_EXE/openssl" export OPENSSL_MODULES=$PWD/_build/lib export OQS_PROVIDER_TESTSCRIPTS=$SRCTOP/oqs-provider/scripts export OPENSSL_CONF=$OQS_PROVIDER_TESTSCRIPTS/openssl-ca.cnf +# hotfix for wrong cert validity period +cp $SRCTOP/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh $SRCTOP/oqs-provider/scripts/ # Be verbose if harness is verbose: $SRCTOP/oqs-provider/scripts/runtests.sh -V diff --git a/crypto/openssl/test/sanitytest.c b/crypto/openssl/test/sanitytest.c index dd19bfbc71da..449e21f55180 100644 --- a/crypto/openssl/test/sanitytest.c +++ b/crypto/openssl/test/sanitytest.c @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,10 @@ #include "internal/numbers.h" #include "internal/time.h" +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L +# include <signal.h> +#endif + static int test_sanity_null_zero(void) { char *p; @@ -130,22 +134,77 @@ static int test_sanity_memcmp(void) return CRYPTO_memcmp("ab", "cd", 2); } -static int test_sanity_sleep(void) +static const struct sleep_test_vector { + uint64_t val; +} sleep_test_vectors[] = { { 0 }, { 1 }, { 999 }, { 1000 } }; + +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L +static void +alrm_handler(int sig) +{ +} +#endif /* defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L */ + +static int test_sanity_sleep(int i) { + const struct sleep_test_vector * const td = sleep_test_vectors + i; OSSL_TIME start = ossl_time_now(); - uint64_t seconds; + uint64_t ms; +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L /* - * On any reasonable system this must sleep at least one second - * but not more than 20. - * Assuming there is no interruption. + * Set up an interrupt timer to check that OSSL_sleep doesn't return early + * due to interrupts. */ - OSSL_sleep(1000); + do { + static const struct itimerval it = { { 0, 111111 } }; + struct sigaction sa; + sigset_t mask; + + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = alrm_handler; + + if (sigaction(SIGALRM, &sa, NULL)) { + TEST_perror("test_sanity_sleep: sigaction"); + break; + } + + sigemptyset(&mask); + sigaddset(&mask, SIGALRM); + if (sigprocmask(SIG_UNBLOCK, &mask, NULL)) { + TEST_perror("test_sanity_sleep: sigprocmask"); + break; + } + + if (setitimer(ITIMER_REAL, &it, NULL)) { + TEST_perror("test_sanity_sleep: arm setitimer"); + break; + } + } while (0); +#endif /* defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L */ - seconds = ossl_time2seconds(ossl_time_subtract(ossl_time_now(), start)); + /* + * On any reasonable system this must sleep at least the specified time + * but not more than 20 seconds more than that. + */ + OSSL_sleep(td->val); + +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L + /* disarm the timer */ + do { + static const struct itimerval it; - if (!TEST_uint64_t_ge(seconds, 1) || !TEST_uint64_t_le(seconds, 20)) - return 0; + if (setitimer(ITIMER_REAL, &it, NULL)) { + TEST_perror("test_sanity_sleep: disarm setitimer"); + break; + } + } while (0); +#endif /* defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L */ + + ms = ossl_time2ms(ossl_time_subtract(ossl_time_now(), start)); + + if (!TEST_uint64_t_ge(ms, td->val) + !TEST_uint64_t_le(ms, td->val + 20000)) + return 0; return 1; } @@ -158,6 +217,6 @@ int setup_tests(void) ADD_TEST(test_sanity_unsigned_conversion); ADD_TEST(test_sanity_range); ADD_TEST(test_sanity_memcmp); - ADD_TEST(test_sanity_sleep); + ADD_ALL_TESTS(test_sanity_sleep, OSSL_NELEM(sleep_test_vectors)); return 1; } diff --git a/crypto/openssl/test/slh_dsa_test.c b/crypto/openssl/test/slh_dsa_test.c index eff9071937a2..35a8d784de40 100644 --- a/crypto/openssl/test/slh_dsa_test.c +++ b/crypto/openssl/test/slh_dsa_test.c @@ -183,10 +183,11 @@ static int slh_dsa_key_validate_failure_test(void) * Loading 128s private key data into a 128f algorithm will have an incorrect * public key. */ - if (!TEST_ptr(key = slh_dsa_key_from_data("SLH-DSA-SHA2-128f", - slh_dsa_sha2_128s_0_keygen_priv, - sizeof(slh_dsa_sha2_128s_0_keygen_priv), 0))) - return 0; + key = slh_dsa_key_from_data("SLH-DSA-SHA2-128f", + slh_dsa_sha2_128s_0_keygen_priv, + sizeof(slh_dsa_sha2_128s_0_keygen_priv), 0); + if (!TEST_ptr(key)) + goto end; if (!TEST_ptr(vctx = EVP_PKEY_CTX_new_from_pkey(lib_ctx, key, NULL))) goto end; if (!TEST_int_eq(EVP_PKEY_pairwise_check(vctx), 0)) diff --git a/crypto/openssl/test/testec-sm2.pem b/crypto/openssl/test/testec-sm2.pem new file mode 100644 index 000000000000..30e25613b38e --- /dev/null +++ b/crypto/openssl/test/testec-sm2.pem @@ -0,0 +1,5 @@ +-----BEGIN SM2 PRIVATE KEY----- +MHcCAQEEIKPB7gEYKGAwAkz0MfGwQm0BXclgzvSTxQG9bm4RCAxXoAoGCCqBHM9V +AYItoUQDQgAE+FuibOpfjVfj716O3LglhK4HzjUR82mgn8kTZinQsEafw3FFZzZJ +vwHIGHUsSKxVTRIEs+BICQDBg99OA3VU/Q== +-----END SM2 PRIVATE KEY----- diff --git a/crypto/openssl/test/threadstest.c b/crypto/openssl/test/threadstest.c index 76db07f3baf6..38401911d87f 100644 --- a/crypto/openssl/test/threadstest.c +++ b/crypto/openssl/test/threadstest.c @@ -49,6 +49,7 @@ static int do_fips = 0; static char *privkey; +static char *storedir; static char *config_file = NULL; static int multidefault_run = 0; @@ -320,7 +321,8 @@ static void writer_fn(int id, int *iterations) t1 = ossl_time_now(); for (count = 0; ; count++) { - new = CRYPTO_zalloc(sizeof(uint64_t), NULL, 0); + new = CRYPTO_malloc(sizeof(uint64_t), NULL, 0); + *new = (uint64_t)0xBAD; if (contention == 0) OSSL_sleep(1000); ossl_rcu_write_lock(rcu_lock); @@ -380,6 +382,8 @@ static void reader_fn(int *iterations) if (oldval > val) { TEST_info("rcu torture value went backwards! %llu : %llu", (unsigned long long)oldval, (unsigned long long)val); + if (valp == NULL) + TEST_info("ossl_rcu_deref did return NULL!"); rcu_torture_result = 0; } oldval = val; /* just try to deref the pointer */ @@ -1135,7 +1139,7 @@ static int test_multi_default(void) multidefault_run = 1; return thread_run_test(&thread_multi_simple_fetch, - 2, &thread_multi_simple_fetch, 0, default_provider); + 2, &thread_multi_simple_fetch, 0, NULL); } static int test_multi_load(void) @@ -1295,6 +1299,62 @@ static int test_pem_read(void) &test_pem_read_one, 1, default_provider); } +static X509_STORE *store = NULL; + +static void test_x509_store_by_subject(void) +{ + X509_STORE_CTX *ctx; + X509_OBJECT *obj = NULL; + X509_NAME *name = NULL; + int success = 0; + + ctx = X509_STORE_CTX_new(); + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_true(X509_STORE_CTX_init(ctx, store, NULL, NULL))) + goto err; + + name = X509_NAME_new(); + if (!TEST_ptr(name)) + goto err; + if (!TEST_true(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, + (unsigned char *)"Root CA", + -1, -1, 0))) + goto err; + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, name); + if (!TEST_ptr(obj)) + goto err; + + success = 1; + err: + X509_OBJECT_free(obj); + X509_STORE_CTX_free(ctx); + X509_NAME_free(name); + if (!success) + multi_set_success(0); +} + +/* Test accessing an X509_STORE from multiple threads */ +static int test_x509_store(void) +{ + int ret = 0; + + store = X509_STORE_new(); + if (!TEST_ptr(store)) + return 0; + if (!TEST_true(X509_STORE_load_store(store, storedir))) + goto err; + + ret = thread_run_test(&test_x509_store_by_subject, MAXIMUM_THREADS, + &test_x509_store_by_subject, 0, NULL); + + err: + X509_STORE_free(store); + store = NULL; + return ret; +} + typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, @@ -1341,6 +1401,10 @@ int setup_tests(void) if (!TEST_ptr(privkey)) return 0; + storedir = test_mk_file_path(datadir, "store"); + if (!TEST_ptr(storedir)) + return 0; + if (!TEST_ptr(global_lock = CRYPTO_THREAD_lock_new())) return 0; @@ -1379,12 +1443,14 @@ int setup_tests(void) ADD_TEST(test_bio_dgram_pair); #endif ADD_TEST(test_pem_read); + ADD_TEST(test_x509_store); return 1; } void cleanup_tests(void) { OPENSSL_free(privkey); + OPENSSL_free(storedir); #ifdef TSAN_REQUIRES_LOCKING CRYPTO_THREAD_lock_free(tsan_lock); #endif diff --git a/crypto/openssl/test/tls13groupselection_test.c b/crypto/openssl/test/tls13groupselection_test.c index 01d1eded5f87..351b3102c70b 100644 --- a/crypto/openssl/test/tls13groupselection_test.c +++ b/crypto/openssl/test/tls13groupselection_test.c @@ -311,17 +311,17 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] = { "X25519:secp256r1:X448:secp521r1:-X448:-secp256r1:-X25519:-secp521r1", "", CLIENT_PREFERENCE, - NEGOTIATION_FAILURE + NEGOTIATION_FAILURE, INIT }, { "secp384r1:secp521r1:X25519", /* test 39 */ "prime256v1:X448", CLIENT_PREFERENCE, - NEGOTIATION_FAILURE + NEGOTIATION_FAILURE, INIT }, { "secp521r1:secp384r1:X25519", /* test 40 */ "prime256v1:X448", SERVER_PREFERENCE, - NEGOTIATION_FAILURE + NEGOTIATION_FAILURE, INIT }, /* * These are allowed @@ -340,6 +340,15 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] = SERVER_PREFERENCE, "secp521r1", SH }, + /* + * Not a syntax error, but invalid because brainpoolP256r1 is the only + * key share and is not valid in TLSv1.3 + */ + { "*brainpoolP256r1:X25519", /* test 43 */ + "X25519", + SERVER_PREFERENCE, + NEGOTIATION_FAILURE, INIT + } }; static void server_response_check_cb(int write_p, int version, @@ -489,6 +498,10 @@ static int test_groupnegotiation(const struct tls13groupselection_test_st *curre ok = 1; } else { TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)); + if (test_type == TEST_NEGOTIATION_FAILURE && + !TEST_int_eq((int)current_test_vector->expected_server_response, + (int)server_response)) + goto end; ok = 1; } diff --git a/crypto/openssl/test/x509_test.c b/crypto/openssl/test/x509_test.c index 1c6e569a4c44..a9023a809471 100644 --- a/crypto/openssl/test/x509_test.c +++ b/crypto/openssl/test/x509_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -176,6 +176,112 @@ static int test_asn1_item_verify(void) return ret; } +static int test_x509_delete_last_extension(void) +{ + int ret = 0; + X509 *x509 = NULL; + X509_EXTENSION *ext = NULL; + ASN1_OBJECT *obj = NULL; + + if (!TEST_ptr((x509 = X509_new())) + /* Initially, there are no extensions and thus no extension list. */ + || !TEST_ptr_null(X509_get0_extensions(x509)) + /* Add an extension. */ + || !TEST_ptr((ext = X509_EXTENSION_new())) + || !TEST_ptr((obj = OBJ_nid2obj(NID_subject_key_identifier))) + || !TEST_int_eq(X509_EXTENSION_set_object(ext, obj), 1) + || !TEST_int_eq(X509_add_ext(x509, ext, -1), 1) + /* There should now be an extension list. */ + || !TEST_ptr(X509_get0_extensions(x509)) + || !TEST_int_eq(sk_X509_EXTENSION_num(X509_get0_extensions(x509)), 1)) + goto err; + + /* Delete the extension. */ + X509_EXTENSION_free(X509_delete_ext(x509, 0)); + + /* The extension list should be NULL again. */ + if (!TEST_ptr_null(X509_get0_extensions(x509))) + goto err; + + ret = 1; + +err: + X509_free(x509); + X509_EXTENSION_free(ext); + return ret; +} + +static int test_x509_crl_delete_last_extension(void) +{ + int ret = 0; + X509_CRL *crl = NULL; + X509_EXTENSION *ext = NULL; + ASN1_OBJECT *obj = NULL; + + if (!TEST_ptr((crl = X509_CRL_new())) + /* Initially, there are no extensions and thus no extension list. */ + || !TEST_ptr_null(X509_CRL_get0_extensions(crl)) + /* Add an extension. */ + || !TEST_ptr((ext = X509_EXTENSION_new())) + || !TEST_ptr((obj = OBJ_nid2obj(NID_subject_key_identifier))) + || !TEST_int_eq(X509_EXTENSION_set_object(ext, obj), 1) + || !TEST_int_eq(X509_CRL_add_ext(crl, ext, -1), 1) + /* There should now be an extension list. */ + || !TEST_ptr(X509_CRL_get0_extensions(crl)) + || !TEST_int_eq(sk_X509_EXTENSION_num(X509_CRL_get0_extensions(crl)), + 1)) + goto err; + + /* Delete the extension. */ + X509_EXTENSION_free(X509_CRL_delete_ext(crl, 0)); + + /* The extension list should be NULL again. */ + if (!TEST_ptr_null(X509_CRL_get0_extensions(crl))) + goto err; + + ret = 1; + +err: + X509_CRL_free(crl); + X509_EXTENSION_free(ext); + return ret; +} + +static int test_x509_revoked_delete_last_extension(void) +{ + int ret = 0; + X509_REVOKED *rev = NULL; + X509_EXTENSION *ext = NULL; + ASN1_OBJECT *obj = NULL; + + if (!TEST_ptr((rev = X509_REVOKED_new())) + /* Initially, there are no extensions and thus no extension list. */ + || !TEST_ptr_null(X509_REVOKED_get0_extensions(rev)) + /* Add an extension. */ + || !TEST_ptr((ext = X509_EXTENSION_new())) + || !TEST_ptr((obj = OBJ_nid2obj(NID_subject_key_identifier))) + || !TEST_int_eq(X509_EXTENSION_set_object(ext, obj), 1) + || !TEST_int_eq(X509_REVOKED_add_ext(rev, ext, -1), 1) + /* There should now be an extension list. */ + || !TEST_ptr(X509_REVOKED_get0_extensions(rev)) + || !TEST_int_eq(sk_X509_EXTENSION_num(X509_REVOKED_get0_extensions(rev)), 1)) + goto err; + + /* Delete the extension. */ + X509_EXTENSION_free(X509_REVOKED_delete_ext(rev, 0)); + + /* The extension list should be NULL again. */ + if (!TEST_ptr_null(X509_REVOKED_get0_extensions(rev))) + goto err; + + ret = 1; + +err: + X509_REVOKED_free(rev); + X509_EXTENSION_free(ext); + return ret; +} + OPT_TEST_DECLARE_USAGE("<pss-self-signed-cert.pem>\n") int setup_tests(void) @@ -210,6 +316,9 @@ int setup_tests(void) ADD_TEST(test_x509_tbs_cache); ADD_TEST(test_x509_crl_tbs_cache); ADD_TEST(test_asn1_item_verify); + ADD_TEST(test_x509_delete_last_extension); + ADD_TEST(test_x509_crl_delete_last_extension); + ADD_TEST(test_x509_revoked_delete_last_extension); return 1; } diff --git a/crypto/openssl/util/perl/TLSProxy/Proxy.pm b/crypto/openssl/util/perl/TLSProxy/Proxy.pm index b76f9e931ec0..ccc4814f6fd2 100644 --- a/crypto/openssl/util/perl/TLSProxy/Proxy.pm +++ b/crypto/openssl/util/perl/TLSProxy/Proxy.pm @@ -97,7 +97,23 @@ sub new_dtls { sub init { - require IO::Socket::IP; + my $useSockInet = 0; + eval { + require IO::Socket::IP; + my $s = IO::Socket::IP->new( + LocalAddr => "::1", + LocalPort => 0, + Listen=>1, + ); + $s or die "\n"; + $s->close(); + }; + if ($@ eq "") { + require IO::Socket::IP; + } else { + $useSockInet = 1; + } + my $class = shift; my ($filter, $execute, @@ -118,8 +134,13 @@ sub init $test_client_port = 49152 + int(rand(65535 - 49152)); my $test_sock; if ($useINET6 == 0) { - $test_sock = IO::Socket::IP->new(LocalPort => $test_client_port, - LocalAddr => $test_client_addr); + if ($useSockInet == 0) { + $test_sock = IO::Socket::IP->new(LocalPort => $test_client_port, + LocalAddr => $test_client_addr); + } else { + $test_sock = IO::Socket::INET->new(LocalAddr => $test_client_addr, + LocalPort => $test_client_port); + } } else { $test_sock = IO::Socket::INET6->new(LocalAddr => $test_client_addr, LocalPort => $test_client_port, |