upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-18 18:20:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

openssl: Import OpenSSL 3.0.16

Browse source 
This release incorporates the following bug fixes and mitigations:
- [CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
- [CVE-2024-9143](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143)

Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html

MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D49296

(cherry picked from commit 0d0c8621fd181e507f0fb50ffcca606faf66a8c2)
This commit is contained in:
Enji Cooper 2025-03-13 23:40:59 -07:00
parent 7286b7242c
commit cb29db243b
166 changed files with 2039 additions and 1079 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
crypto/openssl/CHANGES.md
View file

@ -28,6 +28,37 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
### Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
* Fixed timing side-channel in ECDSA signature computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
([CVE-2024-13176])
*Tomáš Mráz*
* Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted
explicit values for the field polynomial can lead to out-of-bounds memory
reads or writes.
Applications working with "exotic" explicit binary (GF(2^m)) curve
parameters, that make it possible to represent invalid field polynomials
with a zero constant term, via the above or similar APIs, may terminate
abruptly as a result of reading or writing outside of array bounds. Remote
code execution cannot easily be ruled out.
([CVE-2024-9143])
*Viktor Dukhovni*
### Changes between 3.0.14 and 3.0.15 [3 Sep 2024]
* Fixed possible denial of service in X.509 name checks.
@ -19922,6 +19953,8 @@ ndif
<!-- Links -->
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741

2
crypto/openssl/Configurations/unix-Makefile.tmpl
View file

@ -1688,7 +1688,7 @@ EOF
} elsif ($makedep_scheme eq 'gcc' && !grep /\.rc$/, @srcs) {
$recipe .= <<"EOF";
$obj: $deps
$cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -MT \$\@ -c -o \$\@ $srcs
$cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -c -o \$\@ $srcs
\@touch $dep.tmp
\@if cmp $dep.tmp $dep > /dev/null 2> /dev/null; then \\
rm -f $dep.tmp; \\

16
crypto/openssl/NEWS.md
View file

@ -18,6 +18,20 @@ OpenSSL Releases
OpenSSL 3.0
-----------
### Major changes between OpenSSL 3.0.15 and OpenSSL 3.0.16 [11 Feb 2025]
OpenSSL 3.0.16 is a security patch release. The most severe CVE fixed in this
release is Low.
This release incorporates the following bug fixes and mitigations:
* Fixed timing side-channel in ECDSA signature computation.
([CVE-2024-13176])
* Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
curve parameters.
([CVE-2024-9143])
### Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024]
OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this
@ -1495,6 +1509,8 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741

7
crypto/openssl/NOTES-NONSTOP.md
View file

@ -119,12 +119,9 @@ correctly, you also need the `COMP_ROOT` set, as in:
`COMP_ROOT` needs to be in Windows form.
`Configure` must specify the `no-makedepend` option otherwise errors will
result when running the build because the c99 cross-compiler does not support
the `gcc -MT` option. An example of a `Configure` command to be run from the
OpenSSL directory is:
An example of a `Configure` command to be run from the OpenSSL directory is:
./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu
./Configure nonstop-nsx_64 --with-rand-seed=rdcpu
Do not forget to include any OpenSSL cross-compiling prefix and certificate
options when creating your libraries.

28
crypto/openssl/README.md
View file

@ -59,7 +59,7 @@ For Production Use
------------------
Source code tarballs of the official releases can be downloaded from
[www.openssl.org/source](https://www.openssl.org/source).
[openssl-library.org/source/](https://openssl-library.org/source/).
The OpenSSL project does not distribute the toolkit in binary form.
However, for a large variety of operating systems precompiled versions
@ -75,22 +75,18 @@ the source tarballs, having a local copy of the git repository with
the entire project history gives you much more insight into the
code base.
The official OpenSSL Git Repository is located at [git.openssl.org].
There is a GitHub mirror of the repository at [github.com/openssl/openssl],
The main OpenSSL Git repository is private.
There is a public GitHub mirror of it at [github.com/openssl/openssl],
which is updated automatically from the former on every commit.
A local copy of the Git Repository can be obtained by cloning it from
the original OpenSSL repository using
git clone git://git.openssl.org/openssl.git
or from the GitHub mirror using
A local copy of the Git repository can be obtained by cloning it from
the GitHub mirror using
git clone https://github.com/openssl/openssl.git
If you intend to contribute to OpenSSL, either to fix bugs or contribute
new features, you need to fork the OpenSSL repository openssl/openssl on
GitHub and clone your public fork instead.
new features, you need to fork the GitHub mirror and clone your public fork
instead.
git clone https://github.com/yourname/openssl.git
@ -166,7 +162,7 @@ attempting to develop or distribute cryptographic code.
Copyright
=========
Copyright (c) 1998-2024 The OpenSSL Project
Copyright (c) 1998-2025 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@ -178,14 +174,6 @@ All rights reserved.
<https://www.openssl.org>
"OpenSSL Homepage"
[git.openssl.org]:
<https://git.openssl.org>
"OpenSSL Git Repository"
[git.openssl.org]:
<https://git.openssl.org>
"OpenSSL Git Repository"
[github.com/openssl/openssl]:
<https://github.com/openssl/openssl>
"OpenSSL GitHub Mirror"

4
crypto/openssl/VERSION.dat
View file

@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
PATCH=15
PATCH=16
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="3 Sep 2024"
RELEASE_DATE="11 Feb 2025"
SHLIB_VERSION=3

5
crypto/openssl/apps/asn1parse.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv)
dump = strtol(opt_arg(), NULL, 0);
break;
case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg());
if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0)
goto end;
break;
case OPT_GENSTR:
genstr = opt_arg();

39
crypto/openssl/apps/cms.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -494,13 +494,15 @@ int cms_main(int argc, char **argv)
if (rr_from == NULL
&& (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(rr_from, opt_arg());
if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
goto end;
break;
case OPT_RR_TO:
if (rr_to == NULL
&& (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(rr_to, opt_arg());
if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
goto end;
break;
case OPT_PRINT:
noout = print = 1;
@ -577,13 +579,15 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (keyfile == NULL)
keyfile = signerfile;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
keyfile = NULL;
}
signerfile = opt_arg();
@ -601,12 +605,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
signerfile = NULL;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
}
keyfile = opt_arg();
break;
@ -660,7 +666,8 @@ int cms_main(int argc, char **argv)
key_param->next = nparam;
key_param = nparam;
}
sk_OPENSSL_STRING_push(key_param->param, opt_arg());
if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
goto end;
break;
case OPT_V_CASES:
if (!opt_verify(o, vpm))
@ -749,12 +756,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (keyfile == NULL)
keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
}
if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n");
@ -1014,8 +1023,15 @@ int cms_main(int argc, char **argv)
pwri_tmp = NULL;
}
if (!(flags & CMS_STREAM)) {
if (!CMS_final(cms, in, NULL, flags))
if (!CMS_final(cms, in, NULL, flags)) {
if (originator != NULL
&& ERR_GET_REASON(ERR_peek_error())
== CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) {
BIO_printf(bio_err, "Cannot use originator for encryption\n");
goto end;
}
goto end;
}
}
} else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
@ -1261,6 +1277,7 @@ int cms_main(int argc, char **argv)
X509_free(cert);
X509_free(recip);
X509_free(signer);
X509_free(originator);
EVP_PKEY_free(key);
EVP_CIPHER_free(cipher);
EVP_CIPHER_free(wrap_cipher);

8
crypto/openssl/apps/engine.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -352,10 +352,12 @@ int engine_main(int argc, char **argv)
test_avail++;
break;
case OPT_PRE:
sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
goto end;
break;
case OPT_POST:
sk_OPENSSL_STRING_push(post_cmds, opt_arg());
if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
goto end;
break;
}
}

7
crypto/openssl/apps/lib/http_server.c
View file

@ -220,14 +220,17 @@ BIO *http_server_init_bio(const char *prog, const char *port)
{
BIO *acbio = NULL, *bufbio;
int asock;
char name[40];
snprintf(name, sizeof(name), "[::]:%s", port); /* port may be "0" */
bufbio = BIO_new(BIO_f_buffer());
if (bufbio == NULL)
goto err;
acbio = BIO_new(BIO_s_accept());
if (acbio == NULL
|| BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
|| BIO_set_accept_port(acbio, port) < 0) {
|| BIO_set_accept_ip_family(acbio, BIO_FAMILY_IPANY) <= 0 /* IPv4/6 */
|| BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) <= 0
|| BIO_set_accept_name(acbio, name) <= 0) {
log_message(prog, LOG_ERR, "Error setting up accept BIO");
goto err;
}

24
crypto/openssl/apps/lib/s_cb.c
View file

@ -240,10 +240,10 @@ static const char *get_sigtype(int nid)
return "ECDSA";
case NID_ED25519:
return "Ed25519";
return "ed25519";
case NID_ED448:
return "Ed448";
return "ed448";
case NID_id_GostR3410_2001:
return "gost2001";
@ -288,6 +288,26 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)
SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
if (i)
BIO_puts(out, ":");
switch (rsign | rhash << 8) {
case 0x0809:
BIO_puts(out, "rsa_pss_pss_sha256");
continue;
case 0x080a:
BIO_puts(out, "rsa_pss_pss_sha384");
continue;
case 0x080b:
BIO_puts(out, "rsa_pss_pss_sha512");
continue;
case 0x081a:
BIO_puts(out, "ecdsa_brainpoolP256r1_sha256");
continue;
case 0x081b:
BIO_puts(out, "ecdsa_brainpoolP384r1_sha384");
continue;
case 0x081c:
BIO_puts(out, "ecdsa_brainpoolP512r1_sha512");
continue;
}
sstr = get_sigtype(sign_nid);
if (sstr)
BIO_printf(out, "%s", sstr);

13
crypto/openssl/apps/lib/s_socket.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -380,6 +380,12 @@ int do_server(int *accept_sock, const char *host, const char *port,
BIO_closesocket(asock);
break;
}
if (naccept != -1)
naccept--;
if (naccept == 0)
BIO_closesocket(asock);
BIO_set_tcp_ndelay(sock, 1);
i = (*cb)(sock, type, protocol, context);
@ -410,11 +416,12 @@ int do_server(int *accept_sock, const char *host, const char *port,
BIO_closesocket(sock);
} else {
if (naccept != -1)
naccept--;
i = (*cb)(asock, type, protocol, context);
}
if (naccept != -1)
naccept--;
if (i < 0 || naccept == 0) {
BIO_closesocket(asock);
ret = i;

10
crypto/openssl/apps/lib/vms_term_sock.c
View file

@ -353,7 +353,7 @@ static int CreateSocketPair (int SocketFamily,
/*
** Get the binary (64-bit) time of the specified timeout value
*/
sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
BIO_snprintf(AscTimeBuff, sizeof(AscTimeBuff), "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
AscTimeDesc.dsc$a_pointer = AscTimeBuff;
status = sys$bintim (&AscTimeDesc, BinTimeBuff);
@ -567,10 +567,10 @@ static void LogMessage (char *msg, ...)
/*
** Format the message buffer
*/
sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
LocTime->tm_mday, Month[LocTime->tm_mon],
(LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
LocTime->tm_sec, pid, msg);
BIO_snprintf(MsgBuff, sizeof(MsgBuff), "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
LocTime->tm_mday, Month[LocTime->tm_mon],
(LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
LocTime->tm_sec, pid, msg);
/*
** Get any variable arguments and add them to the print of the message

3
crypto/openssl/apps/passwd.c
View file

@ -589,7 +589,8 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
if (rounds_custom) {
char tmp_buf[80]; /* "rounds=999999999" */
sprintf(tmp_buf, "rounds=%u", rounds);
BIO_snprintf(tmp_buf, sizeof(tmp_buf), "rounds=%u", rounds);
#ifdef CHARSET_EBCDIC
/* In case we're really on a ASCII based platform and just pretend */
if (tmp_buf[0] != 0x72) /* ASCII 'r' */

5
crypto/openssl/apps/pkcs12.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -305,7 +305,8 @@ int pkcs12_main(int argc, char **argv)
if (canames == NULL
&& (canames = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(canames, opt_arg());
if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0)
goto end;
break;
case OPT_IN:
infile = opt_arg();

5
crypto/openssl/apps/pkeyutl.c
View file

@ -81,10 +81,11 @@ const OPTIONS pkeyutl_options[] = {
OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output file - default stdout"},
{"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
{"asn1parse", OPT_ASN1PARSE, '-',
"parse the output as ASN.1 data to check its DER encoding and print errors"},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
{"verifyrecover", OPT_VERIFYRECOVER, '-',
"Verify with public key, recover original data"},
"Verify RSA signature, recovering original signature input data"},
OPT_SECTION("Signing/Derivation"),
{"digest", OPT_DIGEST, 's',

5
crypto/openssl/apps/rehash.c
View file

@ -559,6 +559,11 @@ int rehash_main(int argc, char **argv)
} else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
m = OPENSSL_strdup(env);
if (m == NULL) {
BIO_puts(bio_err, "out of memory\n");
errs = 1;
goto end;
}
for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
errs += do_dir(e, h);
OPENSSL_free(m);

20
crypto/openssl/apps/smime.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -279,13 +279,15 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (keyfile == NULL)
keyfile = signerfile;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
keyfile = NULL;
}
signerfile = opt_arg();
@ -310,12 +312,14 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
signerfile = NULL;
if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
}
keyfile = opt_arg();
break;
@ -390,12 +394,14 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile);
if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
if (!keyfile)
keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile);
if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
}
if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n");

371
crypto/openssl/apps/speed.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -456,6 +456,14 @@ static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
#define COND(unused_cond) (run && count < INT_MAX)
#define COUNT(d) (count)
#define TAG_LEN 16
static unsigned int mode_op; /* AE Mode of operation */
static unsigned int aead = 0; /* AEAD flag */
static unsigned char aead_iv[12]; /* For AEAD modes */
static unsigned char aad[EVP_AEAD_TLS1_AAD_LEN] = { 0xcc };
static int aead_ivlen = sizeof(aead_iv);
typedef struct loopargs_st {
ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx;
@ -464,6 +472,7 @@ typedef struct loopargs_st {
unsigned char *buf_malloc;
unsigned char *buf2_malloc;
unsigned char *key;
unsigned char tag[TAG_LEN];
size_t buflen;
size_t sigsize;
EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
@ -727,12 +736,8 @@ static int EVP_Update_loop(void *args)
unsigned char *buf = tempargs->buf;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count, rc;
unsigned char faketag[16] = { 0xcc };
if (decrypt) {
if (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
(void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(faketag), faketag);
}
for (count = 0; COND(c[D_EVP][testnum]); count++) {
rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
if (rc != 1) {
@ -757,74 +762,159 @@ static int EVP_Update_loop(void *args)
}
/*
* To make AEAD benchmarking more relevant perform TLS-like operations,
* 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
* payload length is not actually limited by 16KB...
* CCM does not support streaming. For the purpose of performance measurement,
* each message is encrypted using the same (key,iv)-pair. Do not use this
* code in your application.
*/
static int EVP_Update_loop_ccm(void *args)
static int EVP_Update_loop_aead_enc(void *args)
{
loopargs_t *tempargs = *(loopargs_t **) args;
unsigned char *buf = tempargs->buf;
unsigned char *key = tempargs->key;
EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count;
unsigned char tag[12];
int outl, count, realcount = 0;
if (decrypt) {
for (count = 0; COND(c[D_EVP][testnum]); count++) {
(void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag),
tag);
/* reset iv */
(void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
/* counter is reset on every update */
(void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
for (count = 0; COND(c[D_EVP][testnum]); count++) {
/* Set length of iv (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
aead_ivlen, NULL)) {
BIO_printf(bio_err, "\nFailed to set iv length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
} else {
for (count = 0; COND(c[D_EVP][testnum]); count++) {
/* restore iv length field */
(void)EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
/* counter is reset on every update */
(void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
/* Set tag_len (Not for GCM/SIV at encryption stage) */
if (mode_op != EVP_CIPH_GCM_MODE
&& mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
TAG_LEN, NULL)) {
BIO_printf(bio_err, "\nFailed to set tag length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
BIO_printf(bio_err, "\nFailed to set key and iv\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Set total length of input. Only required for CCM */
if (mode_op == EVP_CIPH_CCM_MODE) {
if (!EVP_EncryptUpdate(ctx, NULL, &outl,
NULL, lengths[testnum])) {
BIO_printf(bio_err, "\nCouldn't set input text length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (aead) {
if (!EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
BIO_printf(bio_err, "\nCouldn't insert AAD when encrypting\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum])) {
BIO_printf(bio_err, "\nFailed to encrypt the data\n");
ERR_print_errors(bio_err);
exit(1);
}
if (EVP_EncryptFinal_ex(ctx, buf, &outl))
realcount++;
}
if (decrypt)
(void)EVP_DecryptFinal_ex(ctx, buf, &outl);
else
(void)EVP_EncryptFinal_ex(ctx, buf, &outl);
return count;
return realcount;
}
/*
* To make AEAD benchmarking more relevant perform TLS-like operations,
* 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
* payload length is not actually limited by 16KB...
* CCM does not support streaming. For the purpose of performance measurement,
* each message is decrypted using the same (key,iv)-pair. Do not use this
* code in your application.
* For decryption, we will use buf2 to preserve the input text in buf.
*/
static int EVP_Update_loop_aead(void *args)
static int EVP_Update_loop_aead_dec(void *args)
{
loopargs_t *tempargs = *(loopargs_t **) args;
unsigned char *buf = tempargs->buf;
unsigned char *outbuf = tempargs->buf2;
unsigned char *key = tempargs->key;
unsigned char tag[TAG_LEN];
EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count;
unsigned char aad[13] = { 0xcc };
unsigned char faketag[16] = { 0xcc };
int outl, count, realcount = 0;
if (decrypt) {
for (count = 0; COND(c[D_EVP][testnum]); count++) {
(void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
(void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
sizeof(faketag), faketag);
(void)EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
(void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
(void)EVP_DecryptFinal_ex(ctx, buf + outl, &outl);
for (count = 0; COND(c[D_EVP][testnum]); count++) {
/* Set the length of iv (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
aead_ivlen, NULL)) {
BIO_printf(bio_err, "\nFailed to set iv length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
} else {
for (count = 0; COND(c[D_EVP][testnum]); count++) {
(void)EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
(void)EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
(void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
(void)EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
/* Set the tag length (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE
&& mode_op != EVP_CIPH_GCM_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
TAG_LEN, NULL)) {
BIO_printf(bio_err, "\nFailed to set tag length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
BIO_printf(bio_err, "\nFailed to set key and iv\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Set iv before decryption (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, aead_iv)) {
BIO_printf(bio_err, "\nFailed to set iv\n");
ERR_print_errors(bio_err);
exit(1);
}
}
memcpy(tag, tempargs->tag, TAG_LEN);
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
TAG_LEN, tag)) {
BIO_printf(bio_err, "\nFailed to set tag\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Set the total length of cipher text. Only required for CCM */
if (mode_op == EVP_CIPH_CCM_MODE) {
if (!EVP_DecryptUpdate(ctx, NULL, &outl,
NULL, lengths[testnum])) {
BIO_printf(bio_err, "\nCouldn't set cipher text length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (aead) {
if (!EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
BIO_printf(bio_err, "\nCouldn't insert AAD when decrypting\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_DecryptUpdate(ctx, outbuf, &outl, buf, lengths[testnum])) {
BIO_printf(bio_err, "\nFailed to decrypt the data\n");
ERR_print_errors(bio_err);
exit(1);
}
if (EVP_DecryptFinal_ex(ctx, outbuf, &outl))
realcount++;
}
return count;
return realcount;
}
static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
@ -1370,11 +1460,11 @@ int speed_main(int argc, char **argv)
OPTION_CHOICE o;
int async_init = 0, multiblock = 0, pr_header = 0;
uint8_t doit[ALGOR_NUM] = { 0 };
int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
int ret = 1, misalign = 0, lengths_single = 0;
long count = 0;
unsigned int size_num = SIZE_NUM;
unsigned int i, k, loopargs_len = 0, async_jobs = 0;
int keylen;
int keylen = 0;
int buflen;
BIGNUM *bn = NULL;
EVP_PKEY_CTX *genctx = NULL;
@ -2001,15 +2091,14 @@ int speed_main(int argc, char **argv)
if (doit[D_HMAC]) {
static const char hmac_key[] = "This is a key...";
int len = strlen(hmac_key);
size_t hmac_name_len = sizeof("hmac()") + strlen(evp_mac_mdname);
OSSL_PARAM params[3];
mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", app_get0_propq());
if (mac == NULL || evp_mac_mdname == NULL)
goto end;
evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname),
"HMAC name");
sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname);
evp_hmac_name = app_malloc(hmac_name_len, "HMAC name");
BIO_snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname);
names[D_HMAC] = evp_hmac_name;
params[0] =
@ -2213,12 +2302,20 @@ skip_hmac:
}
}
/*-
* There are three scenarios for D_EVP:
* 1- Using authenticated encryption (AE) e.g. CCM, GCM, OCB etc.
* 2- Using AE + associated data (AD) i.e. AEAD using CCM, GCM, OCB etc.
* 3- Not using AE or AD e.g. ECB, CBC, CFB etc.
*/
if (doit[D_EVP]) {
if (evp_cipher != NULL) {
int (*loopfunc) (void *) = EVP_Update_loop;
int (*loopfunc) (void *);
int outlen = 0;
unsigned int ae_mode = 0;
if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) &
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
if (multiblock && (EVP_CIPHER_get_flags(evp_cipher)
& EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
multiblock_speed(evp_cipher, lengths_single, &seconds);
ret = 0;
goto end;
@ -2226,16 +2323,26 @@ skip_hmac:
names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher);
if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
loopfunc = EVP_Update_loop_ccm;
} else if (aead && (EVP_CIPHER_get_flags(evp_cipher) &
EVP_CIPH_FLAG_AEAD_CIPHER)) {
loopfunc = EVP_Update_loop_aead;
mode_op = EVP_CIPHER_get_mode(evp_cipher);
if (aead) {
if (lengths == lengths_list) {
lengths = aead_lengths_list;
size_num = OSSL_NELEM(aead_lengths_list);
}
}
if (mode_op == EVP_CIPH_GCM_MODE
|| mode_op == EVP_CIPH_CCM_MODE
|| mode_op == EVP_CIPH_OCB_MODE
|| mode_op == EVP_CIPH_SIV_MODE) {
ae_mode = 1;
if (decrypt)
loopfunc = EVP_Update_loop_aead_dec;
else
loopfunc = EVP_Update_loop_aead_enc;
} else {
loopfunc = EVP_Update_loop;
}
for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
@ -2247,37 +2354,144 @@ skip_hmac:
BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
exit(1);
}
if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
NULL, iv, decrypt ? 0 : 1)) {
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
/*
* For AE modes, we must first encrypt the data to get
* a valid tag that enables us to decrypt. If we don't
* encrypt first, we won't have a valid tag that enables
* authenticity and hence decryption will fail.
*/
if (!EVP_CipherInit_ex(loopargs[k].ctx,
evp_cipher, NULL, NULL, NULL,
ae_mode ? 1 : !decrypt)) {
BIO_printf(bio_err, "\nCouldn't init the context\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Padding isn't needed */
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx);
loopargs[k].key = app_malloc(keylen, "evp_cipher key");
EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
loopargs[k].key, NULL, -1)) {
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
ERR_print_errors(bio_err);
exit(1);
}
OPENSSL_clear_free(loopargs[k].key, keylen);
/* SIV mode only allows for a single Update operation */
if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE)
(void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_SET_SPEED, 1, NULL);
if (!ae_mode) {
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
loopargs[k].key, iv, -1)) {
BIO_printf(bio_err, "\nFailed to set the key\n");
ERR_print_errors(bio_err);
exit(1);
}
} else if (mode_op == EVP_CIPH_SIV_MODE) {
EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_SET_SPEED, 1, NULL);
}
if (ae_mode && decrypt) {
/* Set length of iv (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_AEAD_SET_IVLEN,
aead_ivlen, NULL)) {
BIO_printf(bio_err, "\nFailed to set iv length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
/* Set tag_len (Not for SIV at encryption stage) */
if (mode_op != EVP_CIPH_GCM_MODE
&& mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_AEAD_SET_TAG,
TAG_LEN, NULL)) {
BIO_printf(bio_err,
"\nFailed to set tag length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
loopargs[k].key, aead_iv, -1)) {
BIO_printf(bio_err, "\nFailed to set the key\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Set total length of input. Only required for CCM */
if (mode_op == EVP_CIPH_CCM_MODE) {
if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
&outlen, NULL,
lengths[testnum])) {
BIO_printf(bio_err,
"\nCouldn't set input text length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (aead) {
if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
&outlen, aad, sizeof(aad))) {
BIO_printf(bio_err,
"\nCouldn't insert AAD when encrypting\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf,
&outlen, loopargs[k].buf,
lengths[testnum])) {
BIO_printf(bio_err,
"\nFailed to to encrypt the data\n");
ERR_print_errors(bio_err);
exit(1);
}
if (!EVP_EncryptFinal_ex(loopargs[k].ctx,
loopargs[k].buf, &outlen)) {
BIO_printf(bio_err,
"\nFailed finalize the encryption\n");
ERR_print_errors(bio_err);
exit(1);
}
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_AEAD_GET_TAG,
TAG_LEN, &loopargs[k].tag)) {
BIO_printf(bio_err, "\nFailed to get the tag\n");
ERR_print_errors(bio_err);
exit(1);
}
EVP_CIPHER_CTX_free(loopargs[k].ctx);
loopargs[k].ctx = EVP_CIPHER_CTX_new();
if (loopargs[k].ctx == NULL) {
BIO_printf(bio_err,
"\nEVP_CIPHER_CTX_new failure\n");
exit(1);
}
if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher,
NULL, NULL, NULL, 0)) {
BIO_printf(bio_err,
"\nFailed initializing the context\n");
ERR_print_errors(bio_err);
exit(1);
}
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
/* SIV only allows for one Update operation */
if (mode_op == EVP_CIPH_SIV_MODE)
EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_SET_SPEED, 1, NULL);
}
}
Time_F(START);
count = run_benchmark(async_jobs, loopfunc, loopargs);
d = Time_F(STOP);
for (k = 0; k < loopargs_len; k++)
for (k = 0; k < loopargs_len; k++) {
OPENSSL_clear_free(loopargs[k].key, keylen);
EVP_CIPHER_CTX_free(loopargs[k].ctx);
}
print_result(D_EVP, testnum, count, d);
}
} else if (evp_md_name != NULL) {
@ -2297,6 +2511,7 @@ skip_hmac:
}
if (doit[D_EVP_CMAC]) {
size_t len = sizeof("cmac()") + strlen(evp_mac_ciphername);
OSSL_PARAM params[3];
EVP_CIPHER *cipher = NULL;
@ -2312,9 +2527,8 @@ skip_hmac:
BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
goto end;
}
evp_cmac_name = app_malloc(sizeof("cmac()")
+ strlen(evp_mac_ciphername), "CMAC name");
sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername);
evp_cmac_name = app_malloc(len, "CMAC name");
BIO_snprintf(evp_cmac_name, len, "cmac(%s)", evp_mac_ciphername);
names[D_EVP_CMAC] = evp_cmac_name;
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
@ -3675,7 +3889,6 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
print_message(alg_name, 0, mblengths[j], seconds->sym);
Time_F(START);
for (count = 0; run && count < INT_MAX; count++) {
unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
size_t len = mblengths[j];
int packlen;

4
crypto/openssl/configdata.pm.in
View file

@ -145,7 +145,7 @@ _____
# defined in one template stick around for the
# next, making them combinable
PACKAGE => 'OpenSSL::safe')
or die $Text::Template::ERROR;
or die $OpenSSL::Template::ERROR;
close BUILDFILE;
rename("$buildfile.new", $buildfile)
or die "Trying to rename $buildfile.new to $buildfile: $!";
@ -167,7 +167,7 @@ _____
# defined in one template stick around for the
# next, making them combinable
PACKAGE => 'OpenSSL::safe')
or die $Text::Template::ERROR;
or die $OpenSSL::Template::ERROR;
close CONFIGURATION_H;
# When using stat() on Windows, we can get it to perform better by

41
crypto/openssl/crypto/asn1/a_bitstr.c
View file

@ -36,25 +36,30 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
if (a->data[len - 1])
break;
}
j = a->data[len - 1];
if (j & 0x01)
if (len == 0) {
bits = 0;
else if (j & 0x02)
bits = 1;
else if (j & 0x04)
bits = 2;
else if (j & 0x08)
bits = 3;
else if (j & 0x10)
bits = 4;
else if (j & 0x20)
bits = 5;
else if (j & 0x40)
bits = 6;
else if (j & 0x80)
bits = 7;
else
bits = 0; /* should not happen */
} else {
j = a->data[len - 1];
if (j & 0x01)
bits = 0;
else if (j & 0x02)
bits = 1;
else if (j & 0x04)
bits = 2;
else if (j & 0x08)
bits = 3;
else if (j & 0x10)
bits = 4;
else if (j & 0x20)
bits = 5;
else if (j & 0x40)
bits = 6;
else if (j & 0x80)
bits = 7;
else
bits = 0; /* should not happen */
}
}
} else
bits = 0;

10
crypto/openssl/crypto/asn1/a_strnid.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -39,10 +39,10 @@ unsigned long ASN1_STRING_get_default_mask(void)
* This function sets the default to various "flavours" of configuration.
* based on an ASCII string. Currently this is:
* MASK:XXXX : a numerical mask value.
* nobmp : Don't use BMPStrings (just Printable, T61).
* pkix : PKIX recommendation in RFC2459.
* utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
* default: the default value, Printable, T61, BMP.
* default : use Printable, IA5, T61, BMP, and UTF8 string types
* nombstr : any string type except variable-sized BMPStrings or UTF8Strings
* pkix : PKIX recommendation in RFC2459
* utf8only : this is the default, use UTF8Strings
*/
int ASN1_STRING_set_default_mask_asc(const char *p)

57
crypto/openssl/crypto/asn1/a_time.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -488,9 +488,9 @@ int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
{
char *v;
int gmt = 0, l;
int l;
struct tm stm;
const char upper_z = 0x5A, period = 0x2E;
const char period = 0x2E;
/* ossl_asn1_time_to_tm will check the time type */
if (!ossl_asn1_time_to_tm(&stm, tm))
@ -498,8 +498,6 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
l = tm->length;
v = (char *)tm->data;
if (v[l - 1] == upper_z)
gmt = 1;
if (tm->type == V_ASN1_GENERALIZEDTIME) {
char *f = NULL;
@ -510,39 +508,36 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
* 'fraction point' in a GeneralizedTime string.
*/
if (tm->length > 15 && v[14] == period) {
f = &v[14];
f_len = 1;
while (14 + f_len < l && ossl_ascii_isdigit(f[f_len]))
/* exclude the . itself */
f = &v[15];
f_len = 0;
while (15 + f_len < l && ossl_ascii_isdigit(f[f_len]))
++f_len;
}
if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s",
if (f_len > 0) {
if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d.%.*sZ",
stm.tm_year + 1900, stm.tm_mon + 1,
stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, f_len, f) > 0;
} else {
return BIO_printf(bp, "%s %2d %02d:%02d:%02d.%.*s %d GMT",
_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, f_len, f,
stm.tm_year + 1900) > 0;
}
}
}
if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02dZ",
stm.tm_year + 1900, stm.tm_mon + 1,
stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, f_len, f,
(gmt ? "Z" : "")) > 0;
}
else {
return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
(gmt ? " GMT" : "")) > 0;
}
stm.tm_min, stm.tm_sec) > 0;
} else {
if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s",
stm.tm_year + 1900, stm.tm_mon + 1,
stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec,
(gmt ? "Z" : "")) > 0;
}
else {
return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d GMT",
_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
(gmt ? " GMT" : "")) > 0;
}
stm.tm_min, stm.tm_sec, stm.tm_year + 1900) > 0;
}
}

5
crypto/openssl/crypto/asn1/asn1_gen.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -498,7 +498,8 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
static int asn1_str2tag(const char *tagstr, int len)
{
unsigned int i;
static const struct tag_name_st *tntmp, tnst[] = {
const struct tag_name_st *tntmp;
static const struct tag_name_st tnst[] = {
ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
ASN1_GEN_STR("NULL", V_ASN1_NULL),

2
crypto/openssl/crypto/asn1/asn_mime.c
View file

@ -300,6 +300,8 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if (ctype_nid == NID_pkcs7_enveloped) {
msg_type = "enveloped-data";
} else if (ctype_nid == NID_id_smime_ct_authEnvelopedData) {
msg_type = "authEnveloped-data";
} else if (ctype_nid == NID_pkcs7_signed) {
if (econt_nid == NID_id_smime_ct_receipt)
msg_type = "signed-receipt";

9
crypto/openssl/crypto/bio/bio_addr.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -547,8 +547,13 @@ int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
*service = NULL;
} else {
*service = OPENSSL_strndup(p, pl);
if (*service == NULL)
if (*service == NULL) {
if (h != NULL && host != NULL) {
OPENSSL_free(*host);
*host = NULL;
}
goto memerr;
}
}
}

4
crypto/openssl/crypto/bio/bio_sock.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -222,7 +222,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
return INVALID_SOCKET;
if (BIO_sock_init() != 1)
return INVALID_SOCKET;
goto err;
if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0)
goto err;

2
crypto/openssl/crypto/bio/bss_log.c
View file

@ -281,7 +281,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
break;
}
sprintf(pidbuf, "[%lu] ", GetCurrentProcessId());
BIO_snprintf(pidbuf, sizeof(pidbuf), "[%lu] ", GetCurrentProcessId());
lpszStrings[0] = pidbuf;
lpszStrings[1] = string;

4
crypto/openssl/crypto/bn/asm/armv8-mont.pl
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -85,10 +85,12 @@ bn_mul_mont:
cmp $num,#32
b.le .Lscalar_impl
#ifndef __KERNEL__
#ifndef __AARCH64EB__
adrp x17,OPENSSL_armv8_rsa_neonized
ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
cbnz w17, bn_mul8x_mont_neon
#endif
#endif
.Lscalar_impl:
tst $num,#7

23
crypto/openssl/crypto/bn/bn_exp.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
* out by Colin Percival,
* http://www.daemonology.net/hyperthreading-considered-harmful/)
*/
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont)
{
@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
unsigned int t4 = 0;
#endif
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
if (!BN_is_odd(m)) {
ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
return 0;
@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
goto err;
} else
#endif
if (!BN_from_montgomery(rr, &tmp, mont, ctx))
if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx))
goto err;
ret = 1;
err:
@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
return ret;
}
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont)
{
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont))
return 0;
bn_correct_top(rr);
return 1;
}
int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
{

30
crypto/openssl/crypto/bn/bn_gf2m.c
View file

@ -15,6 +15,7 @@
#include "bn_local.h"
#ifndef OPENSSL_NO_EC2M
# include <openssl/ec.h>
/*
* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
@ -1140,16 +1141,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
/*
* Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
* x^i) into an array of integers corresponding to the bits with non-zero
* coefficient. Array is terminated with -1. Up to max elements of the array
* will be filled. Return value is total number of array elements that would
* be filled if array was large enough.
* coefficient. The array is intended to be suitable for use with
* `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be
* zero. This translates to a requirement that the input BIGNUM `a` is odd.
*
* Given sufficient room, the array is terminated with -1. Up to max elements
* of the array will be filled.
*
* The return value is total number of array elements that would be filled if
* array was large enough, including the terminating `-1`. It is `0` when `a`
* is not odd or the constant term is zero contrary to requirement.
*
* The return value is also `0` when the leading exponent exceeds
* `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks,
*/
int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
{
int i, j, k = 0;
BN_ULONG mask;
if (BN_is_zero(a))
if (!BN_is_odd(a))
return 0;
for (i = a->top - 1; i >= 0; i--) {
@ -1167,12 +1178,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
}
}
if (k < max) {
p[k] = -1;
k++;
}
if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS)
return 0;
return k;
if (k < max)
p[k] = -1;
return k + 1;
}
/*

8
crypto/openssl/crypto/bn/rsaz_exp_x2.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2020, Intel Corporation. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -495,11 +495,7 @@ static void to_words52(BN_ULONG *out, int out_len,
out_len--;
}
while (out_len > 0) {
*out = 0;
out_len--;
out++;
}
memset(out, 0, out_len * sizeof(BN_ULONG));
}
static ossl_inline void put_digit52(uint8_t *pStr, int strLen, uint64_t digit)

5
crypto/openssl/crypto/cmp/cmp_client.c
View file

@ -107,9 +107,12 @@ static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si)
ss = si->statusString; /* may be NULL */
for (i = 0; i < sk_ASN1_UTF8STRING_num(ss); i++) {
ASN1_UTF8STRING *str = sk_ASN1_UTF8STRING_value(ss, i);
ASN1_UTF8STRING *dup = ASN1_STRING_dup(str);
if (!sk_ASN1_UTF8STRING_push(ctx->statusString, ASN1_STRING_dup(str)))
if (dup == NULL || !sk_ASN1_UTF8STRING_push(ctx->statusString, dup)) {
ASN1_UTF8STRING_free(dup);
return 0;
}
}
return 1;
}

19
crypto/openssl/crypto/cms/cms_asn1.c
View file

@ -51,6 +51,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
EVP_PKEY_free(si->pkey);
X509_free(si->signer);
EVP_MD_CTX_free(si->mctx);
EVP_PKEY_CTX_free(si->pctx);
}
return 1;
}
@ -89,11 +90,21 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = {
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
{
CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval;
if (operation == ASN1_OP_FREE_POST)
OPENSSL_clear_free(ec->key, ec->keylen);
return 1;
}
ASN1_NDEF_SEQUENCE_cb(CMS_EncryptedContentInfo, cms_ec_cb) = {
ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
} ASN1_NDEF_SEQUENCE_END_cb(CMS_EncryptedContentInfo, CMS_EncryptedContentInfo)
ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
@ -317,6 +328,10 @@ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
return 0;
break;
case ASN1_OP_FREE_POST:
OPENSSL_free(cms->ctx.propq);
break;
}
return 1;
}

2
crypto/openssl/crypto/cms/cms_dh.c
View file

@ -34,7 +34,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
goto err;
/* Only absent parameters allowed in RFC XXXX */
if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
if (atype != V_ASN1_UNDEF && atype != V_ASN1_NULL)
goto err;
pk = EVP_PKEY_CTX_get0_pkey(pctx);

9
crypto/openssl/crypto/cms/cms_env.c
View file

@ -51,15 +51,6 @@ static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
return ret;
}
void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf)
{
if (cms_get_enveloped_type_simple(cinf) != 0) {
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cinf);
if (ec != NULL)
OPENSSL_clear_free(ec->key, ec->keylen);
}
}
CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
{
if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {

102
crypto/openssl/crypto/cms/cms_err.c
View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -20,77 +20,79 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT),
"certificate already present"},
"certificate already present"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID),
"certificate has no keyid"},
"certificate has no keyid"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR),
"certificate verify error"},
"certificate verify error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_AEAD_SET_TAG_ERROR),
"cipher aead set tag error"},
"cipher aead set tag error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_GET_TAG), "cipher get tag"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR),
"cipher initialisation error"},
"cipher initialisation error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
"cipher parameter initialisation error"},
"cipher parameter initialisation error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR),
"cms datafinal error"},
"cms datafinal error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH),
"contentidentifier mismatch"},
"contentidentifier mismatch"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH),
"content type mismatch"},
"content type mismatch"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
"content type not compressed data"},
"content type not compressed data"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
"content type not enveloped data"},
"content type not enveloped data"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
"content type not signed data"},
"content type not signed data"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR),
"content verify error"},
"content verify error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECODE_ERROR), "decode error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY),
"error getting public key"},
"error getting public key"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
"error reading messagedigest attribute"},
"error reading messagedigest attribute"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO),
"error setting recipientinfo"},
"error setting recipientinfo"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT),
"error unsupported static key agreement"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR),
"ess signing certid mismatch error"},
"ess signing certid mismatch error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
"invalid encrypted key length"},
"invalid encrypted key length"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
"invalid key encryption parameter"},
"invalid key encryption parameter"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_LABEL), "invalid label"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_OAEP_PARAMETERS),
"invalid oaep parameters"},
"invalid oaep parameters"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_KDF_PARAMETER_ERROR),
"kdf parameter error"},
"kdf parameter error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
"messagedigest attribute wrong length"},
"messagedigest attribute wrong length"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
"messagedigest wrong length"},
"messagedigest wrong length"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
"msgsigdigest verification failure"},
"msgsigdigest verification failure"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
"msgsigdigest wrong length"},
"msgsigdigest wrong length"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT),
"not a signed receipt"},
"not a signed receipt"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
"not supported for this key type"},
"not supported for this key type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"},
@ -100,9 +102,9 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT),
"no matching recipient"},
"no matching recipient"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE),
"no matching signature"},
"no matching signature"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"},
@ -111,56 +113,56 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PEER_KEY_ERROR), "peer key error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
"private key does not match certificate"},
"private key does not match certificate"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR),
"receipt decode error"},
"receipt decode error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SHARED_INFO_ERROR), "shared info error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
"signer certificate not found"},
"signer certificate not found"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA),
"type not compressed data"},
"type not compressed data"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA),
"type not digested data"},
"type not digested data"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA),
"type not encrypted data"},
"type not encrypted data"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA),
"type not enveloped data"},
"type not enveloped data"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
"unable to finalize context"},
"unable to finalize context"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM),
"unknown digest algorithm"},
"unknown digest algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
"unsupported compression algorithm"},
"unsupported compression algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM),
"unsupported content encryption algorithm"},
"unsupported content encryption algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
"unsupported content type"},
"unsupported content type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE),
"unsupported encryption type"},
"unsupported encryption type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM),
"unsupported kek algorithm"},
"unsupported kek algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
"unsupported key encryption algorithm"},
"unsupported key encryption algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_LABEL_SOURCE),
"unsupported label source"},
"unsupported label source"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE),
"unsupported recipientinfo type"},
"unsupported recipientinfo type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
"unsupported recipient type"},
"unsupported recipient type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM),
"unsupported signature algorithm"},
"unsupported signature algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE),
"verification failure"},
"verification failure"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"},
{0, NULL}
};

9
crypto/openssl/crypto/cms/cms_kari.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -502,6 +502,13 @@ int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey);
if (!oik->d.originatorKey)
return 0;
} else {
/*
* Currently it is not possible to get public key as it is not stored
* during kari initialization.
*/
ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT);
return 0;
}
/* Initialise KDF algorithm */
if (!ossl_cms_env_asn1_ctrl(ri, 0))

15
crypto/openssl/crypto/cms/cms_lib.c
View file

@ -22,6 +22,7 @@
static STACK_OF(CMS_CertificateChoices)
**cms_get0_certificate_choices(CMS_ContentInfo *cms);
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_ContentInfo)
IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a,
@ -68,20 +69,6 @@ CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq)
return ci;
}
CMS_ContentInfo *CMS_ContentInfo_new(void)
{
return CMS_ContentInfo_new_ex(NULL, NULL);
}
void CMS_ContentInfo_free(CMS_ContentInfo *cms)
{
if (cms != NULL) {
ossl_cms_env_enc_content_free(cms);
OPENSSL_free(cms->ctx.propq);
ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo));
}
}
const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms)
{
return cms != NULL ? &cms->ctx : NULL;

2
crypto/openssl/crypto/cms/cms_local.h
View file

@ -368,6 +368,7 @@ struct CMS_Receipt_st {
DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
DECLARE_ASN1_ITEM(CMS_SignerInfo)
DECLARE_ASN1_ITEM(CMS_EncryptedContentInfo)
DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
@ -444,7 +445,6 @@ BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain);
BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms);
int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio);
void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf);
CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms);
CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms);
CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms);

5
crypto/openssl/crypto/cms/cms_rsa.c
View file

@ -223,7 +223,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
os = ossl_rsa_ctx_to_pss_string(pkctx);
if (os == NULL)
return 0;
return X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
if (X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os))
return 1;
ASN1_STRING_free(os);
return 0;
}
params[0] = OSSL_PARAM_construct_octet_string(

20
crypto/openssl/crypto/cms/cms_sd.c
View file

@ -482,8 +482,12 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
ossl_cms_ctx_get0_libctx(ctx),
ossl_cms_ctx_get0_propq(ctx),
pk, NULL) <= 0) {
si->pctx = NULL;
goto err;
}
else {
EVP_MD_CTX_set_flags(si->mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
}
}
if (!sd->signerInfos)
@ -725,6 +729,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
unsigned int mdlen;
pctx = si->pctx;
si->pctx = NULL;
if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err;
siglen = EVP_PKEY_get_size(si->pkey);
@ -813,6 +818,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
ossl_cms_ctx_get0_propq(ctx), si->pkey,
NULL) <= 0)
goto err;
EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
si->pctx = pctx;
}
@ -884,9 +890,16 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
goto err;
}
mctx = si->mctx;
if (si->pctx != NULL) {
EVP_PKEY_CTX_free(si->pctx);
si->pctx = NULL;
}
if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx,
propq, si->pkey, NULL) <= 0)
propq, si->pkey, NULL) <= 0) {
si->pctx = NULL;
goto err;
}
EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
if (!cms_sd_asn1_ctrl(si, 1))
goto err;
@ -1003,8 +1016,11 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
goto err;
si->pctx = pkctx;
if (!cms_sd_asn1_ctrl(si, 1))
if (!cms_sd_asn1_ctrl(si, 1)) {
si->pctx = NULL;
goto err;
}
si->pctx = NULL;
r = EVP_PKEY_verify(pkctx, si->signature->data,
si->signature->length, mval, mlen);
if (r <= 0) {

3
crypto/openssl/crypto/cms/cms_smime.c
View file

@ -236,7 +236,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
if (cms == NULL)
return NULL;
if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
return NULL;
goto err;
if (!(flags & CMS_DETACHED))
CMS_set_detached(cms, 0);
@ -245,6 +245,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
|| CMS_final(cms, in, NULL, flags))
return cms;
err:
CMS_ContentInfo_free(cms);
return NULL;
}

5
crypto/openssl/crypto/core_fetch.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -120,7 +120,8 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider,
* It is *expected* that the put function increments the refcnt
* of the passed method.
*/
data->mcm->put(data->store, method, provider, algo->algorithm_names,
data->mcm->put(no_store ? data->store : NULL,
method, provider, algo->algorithm_names,
algo->property_definition, data->mcm_data);
/* refcnt-- because we're dropping the reference */

13
crypto/openssl/crypto/dso/dso_dl.c
View file

@ -235,13 +235,12 @@ static char *dl_name_converter(DSO *dso, const char *filename)
ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED);
return NULL;
}
if (transform) {
if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
sprintf(translated, "lib%s%s", filename, DSO_EXTENSION);
else
sprintf(translated, "%s%s", filename, DSO_EXTENSION);
} else
sprintf(translated, "%s", filename);
if (transform)
BIO_snprintf(translated, rsize,
(DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0
? "lib%s%s" : "%s%s", filename, DSO_EXTENSION);
else
BIO_snprintf(translated, rsize, "%s", filename);
return translated;
}

9
crypto/openssl/crypto/dso/dso_dlfcn.c
View file

@ -271,11 +271,12 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
}
if (transform) {
if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
sprintf(translated, "lib%s" DSO_EXTENSION, filename);
BIO_snprintf(translated, rsize, "lib%s" DSO_EXTENSION, filename);
else
sprintf(translated, "%s" DSO_EXTENSION, filename);
} else
sprintf(translated, "%s", filename);
BIO_snprintf(translated, rsize, "%s" DSO_EXTENSION, filename);
} else {
BIO_snprintf(translated, rsize, "%s", filename);
}
return translated;
}

16
crypto/openssl/crypto/dso/dso_win32.c
View file

@ -454,24 +454,20 @@ static char *win32_name_converter(DSO *dso, const char *filename)
char *translated;
int len, transform;
len = strlen(filename);
transform = ((strstr(filename, "/") == NULL) &&
(strstr(filename, "\\") == NULL) &&
(strstr(filename, ":") == NULL));
/* If transform != 0, then we convert to %s.dll, else just dupe filename */
len = strlen(filename) + 1;
if (transform)
/* We will convert this to "%s.dll" */
translated = OPENSSL_malloc(len + 5);
else
/* We will simply duplicate filename */
translated = OPENSSL_malloc(len + 1);
len += strlen(".dll");
translated = OPENSSL_malloc(len);
if (translated == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED);
return NULL;
}
if (transform)
sprintf(translated, "%s.dll", filename);
else
sprintf(translated, "%s", filename);
BIO_snprintf(translated, len, "%s%s", filename, transform ? ".dll" : "");
return translated;
}

2
crypto/openssl/crypto/ec/ec_asn1.c
View file

@ -1161,7 +1161,7 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
size_t buf_len = 0;
int new_buffer = 0;
if (a == NULL) {
if (a == NULL || a->pub_key == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}

8
crypto/openssl/crypto/ec/ec_backend.c
View file

@ -616,14 +616,8 @@ EC_KEY *ossl_ec_key_dup(const EC_KEY *src, int selection)
|| !EC_GROUP_copy(ret->group, src->group))
goto err;
if (src->meth != NULL) {
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (src->engine != NULL && ENGINE_init(src->engine) == 0)
goto err;
ret->engine = src->engine;
#endif
if (src->meth != NULL)
ret->meth = src->meth;
}
}
/* copy the public key */

9
crypto/openssl/crypto/ec/ec_lib.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -20,6 +20,7 @@
#include <openssl/err.h>
#include <openssl/opensslv.h>
#include "crypto/ec.h"
#include "crypto/bn.h"
#include "internal/nelem.h"
#include "ec_local.h"
@ -1262,10 +1263,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
if (!BN_sub(e, group->order, e))
goto err;
/*-
* Exponent e is public.
* No need for scatter-gather or BN_FLG_CONSTTIME.
* Although the exponent is public we want the result to be
* fixed top.
*/
if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data))
goto err;
ret = 1;

4
crypto/openssl/crypto/ec/ec_oct.c
View file

@ -74,6 +74,10 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
point_conversion_form_t form, unsigned char *buf,
size_t len, BN_CTX *ctx)
{
if (point == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (group->meth->point2oct == 0
&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

6
crypto/openssl/crypto/encode_decode/encoder_pkey.c
View file

@ -186,9 +186,13 @@ encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg)
const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder);
if (k_prov != e_prov) {
int selection = data->selection;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
data->encoder_inst = encoder_inst;
if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection,
if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, selection,
&encoder_import_cb, data))
return NULL;
data->obj = data->constructed_obj;

4
crypto/openssl/crypto/err/openssl.txt
View file

@ -1,4 +1,4 @@
# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -307,6 +307,8 @@ CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\
error reading messagedigest attribute
CMS_R_ERROR_SETTING_KEY:115:error setting key
CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo
CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT:196:\
error unsupported static key agreement
CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR:183:ess signing certid mismatch error
CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length
CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter

12
crypto/openssl/crypto/evp/ctrl_params_translate.c
View file

@ -1210,6 +1210,8 @@ static int fix_ecdh_cofactor(enum state state,
/* The initial value for |ctx->action_type| must not be zero. */
if (!ossl_assert(ctx->action_type != NONE))
return 0;
} else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == NONE) {
ctx->action_type = GET;
}
if ((ret = default_check(state, translation, ctx)) <= 0)
@ -1235,6 +1237,8 @@ static int fix_ecdh_cofactor(enum state state,
}
} else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
ctx->p1 = -2;
} else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) {
ctx->p1 = ret;
}
return ret;
@ -2800,8 +2804,14 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
/*
* In POST, we pass the return value as p1, allowing the fixup_args
* function to put it to good use, or maybe affect it.
*
* NOTE: even though EVP_PKEY_CTX_ctrl return value is documented
* as return positive on Success and 0 or negative on falure. There
* maybe parameters (e.g. ecdh_cofactor), which actually return 0
* as success value. That is why we do POST_PARAMS_TO_CTRL for 0
* value as well
*/
if (ret > 0) {
if (ret >= 0) {
ctx.p1 = ret;
fixup(POST_PARAMS_TO_CTRL, translation, &ctx);
ret = ctx.p1;

12
crypto/openssl/crypto/evp/m_sigver.c
View file

@ -662,8 +662,12 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
{
EVP_PKEY_CTX *pctx = ctx->pctx;
if (pctx != NULL
&& pctx->operation == EVP_PKEY_OP_VERIFYCTX
if (pctx == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return -1;
}
if (pctx->operation == EVP_PKEY_OP_VERIFYCTX
&& pctx->op.sig.algctx != NULL
&& pctx->op.sig.signature != NULL) {
if (pctx->op.sig.signature->digest_verify != NULL)
@ -672,8 +676,8 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
tbs, tbslen);
} else {
/* legacy */
if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL)
return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
if (pctx->pmeth != NULL && pctx->pmeth->digestverify != NULL)
return pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
}
if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)

19
crypto/openssl/crypto/http/http_client.c
View file

@ -851,6 +851,20 @@ int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx,
#ifndef OPENSSL_NO_SOCK
static const char *explict_or_default_port(const char *hostserv, const char *port, int use_ssl)
{
if (port == NULL) {
char *service = NULL;
if (!BIO_parse_hostserv(hostserv, NULL, &service, BIO_PARSE_PRIO_HOST))
return NULL;
if (service == NULL) /* implicit port */
port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
OPENSSL_free(service);
} /* otherwise take the explicitly given port */
return port;
}
/* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */
static BIO *http_new_bio(const char *server /* optionally includes ":port" */,
const char *server_port /* explicit server port */,
@ -870,8 +884,7 @@ static BIO *http_new_bio(const char *server /* optionally includes ":port" */,
port = proxy_port;
}
if (port == NULL && strchr(host, ':') == NULL)
port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
port = explict_or_default_port(host, port, use_ssl);
cbio = BIO_new_connect(host /* optionally includes ":port" */);
if (cbio == NULL)
@ -958,8 +971,6 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
}
if (port != NULL && *port == '\0')
port = NULL;
if (port == NULL && strchr(server, ':') == NULL)
port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
proxy = OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl);
if (proxy != NULL
&& !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */,

22
crypto/openssl/crypto/http/http_lib.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -9,11 +9,18 @@
#include <stdio.h> /* for sscanf() */
#include <string.h>
#ifndef OPENSSL_NO_SOCK
# include "../bio/bio_local.h" /* for NI_MAXHOST */
#endif
#include <openssl/http.h>
#include <openssl/httperr.h>
#include <openssl/bio.h> /* for BIO_snprintf() */
#include <openssl/err.h>
#include "internal/cryptlib.h" /* for ossl_assert() */
#ifndef NI_MAXHOST
# define NI_MAXHOST 255
#endif
#include "crypto/ctype.h" /* for ossl_isspace() */
static void init_pstring(char **pstr)
{
@ -251,10 +258,17 @@ static int use_proxy(const char *no_proxy, const char *server)
{
size_t sl;
const char *found = NULL;
char host[NI_MAXHOST];
if (!ossl_assert(server != NULL))
return 0;
sl = strlen(server);
if (sl >= 2 && sl < sizeof(host) + 2 && server[0] == '[' && server[sl - 1] == ']') {
/* strip leading '[' and trailing ']' from escaped IPv6 address */
sl -= 2;
strncpy(host, server + 1, sl);
server = host;
}
/*
* using environment variable names, both lowercase and uppercase variants,
@ -268,8 +282,8 @@ static int use_proxy(const char *no_proxy, const char *server)
if (no_proxy != NULL)
found = strstr(no_proxy, server);
while (found != NULL
&& ((found != no_proxy && found[-1] != ' ' && found[-1] != ',')
|| (found[sl] != '\0' && found[sl] != ' ' && found[sl] != ',')))
&& ((found != no_proxy && !ossl_isspace(found[-1]) && found[-1] != ',')
|| (found[sl] != '\0' && !ossl_isspace(found[sl]) && found[sl] != ',')))
found = strstr(found + 1, server);
return found == NULL;
}
@ -285,7 +299,7 @@ const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
if (proxy == NULL)
proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy");
if (proxy == NULL)
proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTP_PROXY : OPENSSL_HTTPS_PROXY);
proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTPS_PROXY : OPENSSL_HTTP_PROXY);
if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server))
return NULL;

4
crypto/openssl/crypto/pem/pem_pk8.c
View file

@ -173,7 +173,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
X509_SIG *p8 = NULL;
int klen;
EVP_PKEY *ret;
char psbuf[PEM_BUFSIZE];
char psbuf[PEM_BUFSIZE + 1]; /* reserve one byte at the end */
p8 = d2i_PKCS8_bio(bp, NULL);
if (p8 == NULL)
@ -182,7 +182,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (klen < 0) {
if (klen < 0 || klen > PEM_BUFSIZE) {
ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
return NULL;

6
crypto/openssl/crypto/pkcs12/p12_crt.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -210,8 +210,10 @@ PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags,
/* Make a PKCS#8 structure */
if ((p8 = EVP_PKEY2PKCS8(key)) == NULL)
goto err;
if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) {
PKCS8_PRIV_KEY_INFO_free(p8);
goto err;
}
if (nid_key != -1) {
/* This call does not take ownership of p8 */
bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0,

6
crypto/openssl/crypto/pkcs7/pk7_doit.c
View file

@ -1023,6 +1023,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
STACK_OF(X509_ATTRIBUTE) *sk;
BIO *btmp;
EVP_PKEY *pkey;
unsigned char *abuf = NULL;
const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx);
const char *propq = ossl_pkcs7_ctx_get0_propq(ctx);
@ -1072,7 +1073,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
sk = si->auth_attr;
if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
unsigned char md_dat[EVP_MAX_MD_SIZE];
unsigned int md_len;
int alen;
ASN1_OCTET_STRING *message_digest;
@ -1114,8 +1115,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
}
if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
goto err;
OPENSSL_free(abuf);
}
os = si->enc_digest;
@ -1133,6 +1132,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
}
ret = 1;
err:
OPENSSL_free(abuf);
EVP_MD_CTX_free(mdc_tmp);
EVP_MD_free(fetched_md);
return ret;

5
crypto/openssl/crypto/pkcs7/pk7_lib.c
View file

@ -28,6 +28,11 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
/* NOTE(emilia): does not support detached digested data. */
case PKCS7_OP_SET_DETACHED_SIGNATURE:
if (nid == NID_pkcs7_signed) {
if (p7->d.sign == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
ret = 0;
break;
}
ret = p7->detached = (int)larg;
if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
ASN1_OCTET_STRING *os;

10
crypto/openssl/crypto/sm2/sm2_sign.c
View file

@ -331,12 +331,10 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key);
ctx = BN_CTX_new_ex(libctx);
pt = EC_POINT_new(group);
if (ctx == NULL || pt == NULL) {
if (ctx == NULL) {
ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE);
goto done;
}
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
x1 = BN_CTX_get(ctx);
@ -345,6 +343,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
goto done;
}
pt = EC_POINT_new(group);
if (pt == NULL) {
ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE);
goto done;
}
/*
* B1: verify whether r' in [1,n-1], verification failed if not
* B2: verify whether s' in [1,n-1], verification failed if not

2
crypto/openssl/crypto/srp/srp_vfy.c
View file

@ -216,6 +216,8 @@ int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id,
{
OPENSSL_free(vinfo->id);
OPENSSL_free(vinfo->info);
vinfo->id = NULL;
vinfo->info = NULL;
if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
return 0;
return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));

3
crypto/openssl/crypto/threads_win.c
View file

@ -212,7 +212,8 @@ int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
{
*ret = (int)InterlockedExchangeAdd((long volatile *)val, (long)amount) + amount;
*ret = (int)InterlockedExchangeAdd((LONG volatile *)val, (LONG)amount)
+ amount;
return 1;
}

2
crypto/openssl/crypto/trace.c
View file

@ -473,7 +473,7 @@ BIO *OSSL_trace_begin(int category)
char *prefix = NULL;
category = ossl_trace_get_category(category);
if (category < 0)
if (category < 0 || !OSSL_trace_enabled(category))
return NULL;
channel = trace_channels[category].bio;

12
crypto/openssl/crypto/ui/ui_util.c
View file

@ -105,14 +105,18 @@ static int ui_read(UI *ui, UI_STRING *uis)
switch (UI_get_string_type(uis)) {
case UIT_PROMPT:
{
char result[PEM_BUFSIZE + 1];
int len;
char result[PEM_BUFSIZE + 1]; /* reserve one byte at the end */
const struct pem_password_cb_data *data =
UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index);
int maxsize = UI_get_result_maxsize(uis);
int len = data->cb(result,
maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize,
data->rwflag, UI_get0_user_data(ui));
if (maxsize > PEM_BUFSIZE)
maxsize = PEM_BUFSIZE;
len = data->cb(result, maxsize, data->rwflag,
UI_get0_user_data(ui));
if (len > maxsize)
return -1;
if (len >= 0)
result[len] = '\0';
if (len < 0)

34
crypto/openssl/crypto/x509/v3_admis.c
View file

@ -67,11 +67,10 @@ const X509V3_EXT_METHOD ossl_v3_ext_admission = {
NULL /* extension-specific data */
};
static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
BIO *bp, int ind)
{
NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in;
NAMING_AUTHORITY *namingAuthority = (NAMING_AUTHORITY *) in;
if (namingAuthority == NULL)
return 0;
@ -81,14 +80,14 @@ static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
&& namingAuthority->namingAuthorityUrl == NULL)
return 0;
if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0)
if (BIO_printf(bp, "%*snamingAuthority:\n", ind, "") <= 0)
goto err;
if (namingAuthority->namingAuthorityId != NULL) {
char objbuf[128];
const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId));
if (BIO_printf(bp, "%*s admissionAuthorityId: ", ind, "") <= 0)
if (BIO_printf(bp, "%*s namingAuthorityId: ", ind, "") <= 0)
goto err;
OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1);
@ -130,9 +129,10 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
}
for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) {
ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i);
ADMISSIONS *entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i);
if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err;
if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0)
goto err;
if (entry->admissionAuthority != NULL) {
if (BIO_printf(bp, "%*s admissionAuthority:\n", ind, "") <= 0
@ -143,12 +143,12 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
}
if (entry->namingAuthority != NULL) {
if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0)
if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind + 2) <= 0)
goto err;
}
for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) {
PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j);
PROFESSION_INFO *pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j);
if (BIO_printf(bp, "%*s Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0)
goto err;
@ -161,7 +161,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
}
if (pinfo->namingAuthority != NULL) {
if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0)
if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 4) <= 0)
goto err;
}
@ -170,7 +170,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
if (BIO_printf(bp, "%*s Info Entries:\n", ind, "") <= 0)
goto err;
for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) {
ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k);
ASN1_STRING *val = sk_ASN1_STRING_value(pinfo->professionItems, k);
if (BIO_printf(bp, "%*s ", ind, "") <= 0
|| ASN1_STRING_print(bp, val) <= 0
@ -183,7 +183,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
if (BIO_printf(bp, "%*s Profession OIDs:\n", ind, "") <= 0)
goto err;
for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) {
ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k);
ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k);
const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj));
char objbuf[128];
@ -207,31 +207,29 @@ const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n)
return n->namingAuthorityId;
}
void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id)
void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT *id)
{
ASN1_OBJECT_free(n->namingAuthorityId);
n->namingAuthorityId = id;
}
const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
const NAMING_AUTHORITY *n)
const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(const NAMING_AUTHORITY *n)
{
return n->namingAuthorityUrl;
}
void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u)
void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING *u)
{
ASN1_IA5STRING_free(n->namingAuthorityUrl);
n->namingAuthorityUrl = u;
}
const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
const NAMING_AUTHORITY *n)
const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(const NAMING_AUTHORITY *n)
{
return n->namingAuthorityText;
}
void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t)
void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING *t)
{
ASN1_IA5STRING_free(n->namingAuthorityText);
n->namingAuthorityText = t;

3
crypto/openssl/crypto/x509/v3_san.c
View file

@ -336,7 +336,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
{
GENERAL_NAMES *ialt;
GENERAL_NAMES *ialt = NULL;
GENERAL_NAME *gen;
X509_EXTENSION *ext;
int i, num;
@ -371,6 +371,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
return 1;
err:
sk_GENERAL_NAME_free(ialt);
return 0;
}

4
crypto/openssl/crypto/x509/x509_cmp.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -196,6 +196,8 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags)
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (cert == NULL)
return 0;
if ((flags & X509_ADD_FLAG_NO_DUP) != 0) {
/*
* not using sk_X509_set_cmp_func() and sk_X509_find()

4
crypto/openssl/crypto/x509/x_all.c
View file

@ -92,11 +92,13 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
int timeout, const ASN1_ITEM *it)
{
size_t max_resp_len = (it == ASN1_ITEM_rptr(X509_CRL)) ?
OSSL_HTTP_DEFAULT_MAX_CRL_LEN : OSSL_HTTP_DEFAULT_MAX_RESP_LEN;
BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */,
bio, rbio, NULL /* cb */, NULL /* arg */,
1024 /* buf_size */, NULL /* headers */,
NULL /* expected_ct */, 1 /* expect_asn1 */,
OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout);
max_resp_len, timeout);
ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
BIO_free(mem);

2
crypto/openssl/demos/cipher/aesccm.c
View file

@ -94,7 +94,7 @@ int aes_ccm_encrypt(void)
if ((cipher = EVP_CIPHER_fetch(libctx, "AES-192-CCM", propq)) == NULL)
goto err;
/* Set nonce length if default 96 bits is not appropriate */
/* Default nonce length for AES-CCM is 7 bytes (56 bits). */
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
&ccm_nonce_len);
/* Set tag length */

2
crypto/openssl/doc/man1/openssl-ca.pod.in
View file

@ -701,7 +701,7 @@ A sample configuration file with the relevant sections for this command:
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use
default_md = sha256 # md to use
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN

11
crypto/openssl/doc/man1/openssl-cmp.pod.in
View file

@ -453,8 +453,11 @@ Reason numbers defined in RFC 5280 are:
=item B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
The DNS hostname or IP address and optionally port
The I<host> domain name or IP address and optionally I<port>
of the CMP server to connect to using HTTP(S).
IP address may be for v4 or v6, such as C<127.0.0.1> or C<[::1]> for localhost.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
This option excludes I<-port> and I<-use_mock_srv>.
It is ignored if I<-rspin> is given with enough filename arguments.
@ -468,6 +471,7 @@ If a path is included it provides the default value for the B<-path> option.
The HTTP(S) proxy server to use for reaching the CMP server unless B<-no_proxy>
applies, see below.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
the optional C<http://> or C<https://> prefix is ignored (note that TLS may be
selected by B<-tls_used>), as well as any path, userinfo, and query, and fragment
@ -969,8 +973,9 @@ This excludes the B<-server> and B<-port> options.
=item B<-port> I<number>
Act as HTTP-based CMP server mock-up listening on the given port.
This excludes the B<-server> and B<-use_mock_srv> options.
Act as HTTP-based CMP server mock-up listening on the given local port.
The client may address the server via, e.g., C<127.0.0.1> or C<[::1]>.
This option excludes the B<-server> and B<-use_mock_srv> options.
The B<-rspin>, B<-rspout>, B<-reqin>, and B<-reqout> options
so far are not supported in this mode.

9
crypto/openssl/doc/man1/openssl-cms.pod.in
View file

@ -191,6 +191,10 @@ to the output file.
Verify signed data. Expects a signed data on input and outputs
the signed data. Both clear text and opaque signing is supported.
By default, validation of signer certificates and their chain
is done w.r.t. the S/MIME signing (C<smimesign>) purpose.
For details see L<openssl-verification-options(1)/Certificate Extensions>.
=item B<-resign>
Resign a message: take an existing message and one or more new signers.
@ -374,7 +378,8 @@ See L<openssl-format-options(1)> for details.
=item B<-originator> I<file>
A certificate of the originator of the encrypted message. Necessary for
decryption when Key Agreement is in use for a shared key.
decryption when Key Agreement is in use for a shared key. Currently, not
allowed for encryption.
=item B<-recip> I<file>
@ -902,7 +907,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man1/openssl-fipsinstall.pod.in
View file

@ -239,6 +239,10 @@ L<fips_config(5)>,
L<OSSL_PROVIDER-FIPS(7)>,
L<EVP_MAC(3)>
=head1 HISTORY
The B<openssl-fipsinstall> application was added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.

30
crypto/openssl/doc/man1/openssl-ocsp.pod.in
View file

@ -30,8 +30,8 @@ B<openssl> B<ocsp>
[B<-respin> I<file>]
[B<-url> I<URL>]
[B<-host> I<host>:I<port>]
[B<-path>]
[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
[B<-path> I<pathname>]
[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>]
[B<-no_proxy> I<addresses>]
[B<-header>]
[B<-timeout> I<seconds>]
@ -160,24 +160,32 @@ with B<-serial>, B<-cert> and B<-host> options).
=item B<-url> I<responder_url>
Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
Specify the responder host and optionally port and path via a URL.
Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
The optional userinfo and fragment components are ignored.
Any given query component is handled as part of the path component.
For details, see the B<-host> and B<-path> options described next.
=item B<-host> I<hostname>:I<port>, B<-path> I<pathname>
=item B<-host> I<host>:I<port>, B<-path> I<pathname>
If the B<-host> option is present then the OCSP request is sent to the host
I<hostname> on port I<port>. The B<-path> option specifies the HTTP pathname
to use or "/" by default. This is equivalent to specifying B<-url> with scheme
http:// and the given hostname, port, and pathname.
I<host> on port I<port>.
The I<host> may be a domain name or an IP (v4 or v6) address,
such as C<127.0.0.1> or C<[::1]> for localhost.
If it is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>
The B<-path> option specifies the HTTP pathname to use or "/" by default.
This is equivalent to specifying B<-url> with scheme
http:// and the given I<host>, I<port>, and optional I<pathname>.
=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
applies, see below.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
the optional C<http://> or C<https://> prefix is ignored,
as well as any userinfo and path components.
as well as any userinfo, path, query, and fragment components.
Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
@ -369,8 +377,8 @@ subject name.
=item B<-port> I<portnum>
Port to listen for OCSP requests on. The port may also be specified
using the B<url> option.
Port to listen for OCSP requests on. Both IPv4 and IPv6 are possible.
The port may also be specified using the B<-url> option.
A C<0> argument indicates that any available port shall be chosen automatically.
=item B<-ignore_err>

77
crypto/openssl/doc/man1/openssl-pkeyutl.pod.in
View file

@ -44,6 +44,8 @@ B<openssl> B<pkeyutl>
This command can be used to perform low-level public key
operations using any supported algorithm.
By default the signing operation (see B<-sign> option) is assumed.
=head1 OPTIONS
=over 4
@ -59,20 +61,29 @@ if this option is not specified.
=item B<-rawin>
This indicates that the input data is raw data, which is not hashed by any
message digest algorithm. The user can specify a digest algorithm by using
the B<-digest> option. This option can only be used with B<-sign> and
B<-verify> and must be used with the Ed25519 and Ed448 algorithms.
This indicates that the signature or verification input data is raw data,
which is not hashed by any message digest algorithm.
Except with EdDSA,
the user can specify a digest algorithm by using the B<-digest> option.
For signature algorithms like RSA, DSA and ECDSA,
the default digest algorithm is SHA-256. For SM2, it is SM3.
This option can only be used with B<-sign> and B<-verify>.
For EdDSA (the Ed25519 and Ed448 algorithms) this option is required.
=item B<-digest> I<algorithm>
This specifies the digest algorithm which is used to hash the input data before
signing or verifying it with the input key. This option could be omitted if the
signature algorithm does not require one (for instance, EdDSA). If this option
is omitted but the signature algorithm requires one, a default value will be
used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the
default digest algorithm. For SM2, it will be SM3. If this option is present,
then the B<-rawin> option must be also specified.
This option can only be used with B<-sign> and B<-verify>.
It specifies the digest algorithm that is used to hash the input data
before signing or verifying it with the input key. This option could be omitted
if the signature algorithm does not require preprocessing the input through
a pluggable hash function before signing (for instance, EdDSA). If this option
is omitted but the signature algorithm requires one and the B<-rawin> option
is given, a default value will be used (see B<-rawin> for details).
If this option is present, then the B<-rawin> option is required.
At this time, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported,
so the B<-digest> option cannot be used with EdDSA.
=item B<-out> I<filename>
@ -81,7 +92,7 @@ default.
=item B<-sigfile> I<file>
Signature file, required for B<-verify> operations only
Signature file, required and allowed for B<-verify> operations only
=item B<-inkey> I<filename>|I<uri>
@ -117,21 +128,42 @@ The input is a certificate containing a public key.
=item B<-rev>
Reverse the order of the input buffer. This is useful for some libraries
(such as CryptoAPI) which represent the buffer in little endian format.
(such as CryptoAPI) which represent the buffer in little-endian format.
This cannot be used in conjunction with B<-rawin>.
=item B<-sign>
Sign the input data (which must be a hash) and output the signed result. This
requires a private key.
Sign the input data and output the signed result. This requires a private key.
Using a message digest operation along with this is recommended,
when applicable, see the B<-rawin> and B<-digest> options for details.
Otherwise, the input data given with the B<-in> option is assumed to already
be a digest, but this may then require an additional B<-pkeyopt> C<digest:>I<md>
in some cases (e.g., RSA with the default PKCS#1 padding mode).
Even for other algorithms like ECDSA, where the additional B<-pkeyopt> option
does not affect signature output, it is recommended, as it enables
checking that the input length is consistent with the intended digest.
=item B<-verify>
Verify the input data (which must be a hash) against the signature file and
indicate if the verification succeeded or failed.
Verify the input data against the signature given with the B<-sigfile> option
and indicate if the verification succeeded or failed.
The input data given with the B<-in> option is assumed to be a hash value
unless the B<-rawin> option is specified or implied.
With raw data, when a digest algorithm is applicable, though it may be inferred
from the signature or take a default value, it should also be specified.
=item B<-verifyrecover>
Verify the input data (which must be a hash) and output the recovered data.
Verify the given signature and output the recovered data (signature payload).
For example, in case of RSA PKCS#1 the recovered data is the B<EMSA-PKCS-v1_5>
DER encoding of the digest algorithm OID and value as specified in
L<RFC8017 Section 9.2|https://datatracker.ietf.org/doc/html/rfc8017#section-9.2>.
Note that here the input given with the B<-in> option is not a signature input
(as with the B<-sign> and B<-verify> options) but a signature output value,
typically produced using the B<-sign> option.
This option is available only for use with RSA keys.
=item B<-encrypt>
@ -175,8 +207,9 @@ hex dump the output data.
=item B<-asn1parse>
Parse the ASN.1 output data, this is useful when combined with the
B<-verifyrecover> option when an ASN1 structure is signed.
Parse the ASN.1 output data to check its DER encoding and print any errors.
When combined with the B<-verifyrecover> option, this may be useful only in case
an ASN.1 DER-encoded structure had been signed directly (without hashing it).
{- $OpenSSL::safe::opt_engine_item -}
@ -200,8 +233,8 @@ engine I<id> for crypto operations.
The operations and options supported vary according to the key algorithm
and its implementation. The OpenSSL operations and options are indicated below.
Unless otherwise mentioned all algorithms support the B<digest:>I<alg> option
which specifies the digest in use for sign, verify and verifyrecover operations.
Unless otherwise mentioned, all algorithms support the B<digest:>I<alg> option,
which specifies the digest in use for the signing and verification operations.
The value I<alg> should represent a digest name as used in the
EVP_get_digestbyname() function for example B<sha1>. This value is not used to
hash the input data. It is used (by some algorithms) for sanity-checking the

4
crypto/openssl/doc/man1/openssl-req.pod.in
View file

@ -638,7 +638,7 @@ Sample configuration file prompting for field values:
attributes = req_attributes
req_extensions = v3_ca
dirstring_type = nobmp
dirstring_type = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
@ -778,7 +778,7 @@ The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

77
crypto/openssl/doc/man1/openssl-s_client.pod.in
View file

@ -10,11 +10,11 @@ openssl-s_client - SSL/TLS client program
B<openssl> B<s_client>
[B<-help>]
[B<-ssl_config> I<section>]
[B<-connect> I<host:port>]
[B<-connect> I<host>:I<port>]
[B<-host> I<hostname>]
[B<-port> I<port>]
[B<-bind> I<host:port>]
[B<-proxy> I<host:port>]
[B<-bind> I<host>:I<port>]
[B<-proxy> I<host>:I<port>]
[B<-proxy_user> I<userid>]
[B<-proxy_pass> I<arg>]
[B<-unix> I<path>]
@ -157,6 +157,7 @@ This specifies the host and optional port to connect to. It is possible to
select the host and port using the optional target positional argument instead.
If neither this nor the target positional argument are specified then an attempt
is made to connect to the local host on port 4433.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-host> I<hostname>
@ -166,17 +167,19 @@ Host to connect to; use B<-connect> instead.
Connect to the specified port; use B<-connect> instead.
=item B<-bind> I<host:port>
=item B<-bind> I<host>:I<port>
This specifies the host address and or port to bind as the source for the
connection. For Unix-domain sockets the port is ignored and the host is
used as the source socket address.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-proxy> I<host:port>
=item B<-proxy> I<host>:I<port>
When used with the B<-connect> flag, the program uses the host and port
specified with this flag and issues an HTTP CONNECT command to connect
to the desired server.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-proxy_user> I<userid>
@ -260,7 +263,9 @@ See L<openssl-format-options(1)> for details.
=item B<-crl_download>
Download CRL from distribution points in the certificate.
Download CRL from distribution points in the certificate. Note that this option
is ignored if B<-crl_check> option is not provided. Note that the maximum size
of CRL is limited by L<X509_CRL_load_http(3)> function.
=item B<-key> I<filename>|I<uri>
@ -282,14 +287,20 @@ see L<openssl-passphrase-options(1)>.
The verify depth to use. This specifies the maximum length of the
server certificate chain and turns on server certificate verification.
Currently the verify operation continues after errors so all the problems
Unless the B<-verify_return_error> option is given,
the verify operation continues after errors so all the problems
with a certificate chain can be seen. As a side effect the connection
will never fail due to a server certificate verify failure.
By default, validation of server certificates and their chain
is done w.r.t. the (D)TLS Server (C<sslserver>) purpose.
For details see L<openssl-verification-options(1)/Certificate Extensions>.
=item B<-verify_return_error>
Return verification errors instead of continuing. This will typically
abort the handshake with a fatal error.
Turns on server certificate verification, like with B<-verify>,
but returns verification errors instead of continuing.
This will typically abort the handshake with a fatal error.
=item B<-verify_quiet>
@ -799,10 +810,11 @@ proceed unless the B<-verify_return_error> option is used.
=item I<host>:I<port>
Rather than providing B<-connect>, the target hostname and optional port may
Rather than providing B<-connect>, the target host and optional port may
be provided as a single positional argument after all options. If neither this
nor B<-connect> are provided, falls back to attempting to connect to
I<localhost> on port I<4433>.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=back
@ -881,6 +893,51 @@ option: any verify errors are then returned aborting the handshake.
The B<-bind> option may be useful if the server or a firewall requires
connections to come from some particular address and or port.
=head2 Note on Non-Interactive Use
When B<s_client> is run in a non-interactive environment (e.g., a cron job or
a script without a valid I<stdin>), it may close the connection prematurely,
especially with TLS 1.3. To prevent this, you can use the B<-ign_eof> flag,
which keeps B<s_client> running even after reaching EOF from I<stdin>.
For example:
openssl s_client -connect <server address>:443 -tls1_3
-sess_out /path/to/tls_session_params_file
-ign_eof </dev/null
However, relying solely on B<-ign_eof> can lead to issues if the server keeps
the connection open, expecting the client to close first. In such cases, the
client may hang indefinitely. This behavior is not uncommon, particularly with
protocols where the server waits for a graceful disconnect from the client.
For example, when connecting to an SMTP server, the session may pause if the
server expects a QUIT command before closing:
$ openssl s_client -brief -ign_eof -starttls smtp
-connect <server address>:25 </dev/null
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
...
250 CHUNKING
[long pause]
To avoid such hangs, it's better to use an application-level command to
initiate a clean disconnect. For SMTP, you can send a QUIT command:
printf 'QUIT\r\n' | openssl s_client -connect <server address>:25
-starttls smtp -brief -ign_eof
Similarly, for HTTP/1.1 connections, including a `Connection: close` header
ensures the server closes the connection after responding:
printf 'GET / HTTP/1.1\r\nHost: <server address>\r\nConnection: close\r\n\r\n'
| openssl s_client -connect <server address>:443 -brief
These approaches help manage the connection closure gracefully and prevent
hangs caused by the server waiting for the client to initiate the disconnect.
=head1 BUGS
Because this program has a lot of options and also because some of the

11
crypto/openssl/doc/man1/openssl-s_server.pod.in
View file

@ -74,7 +74,7 @@ B<openssl> B<s_server>
[B<-status>]
[B<-status_verbose>]
[B<-status_timeout> I<int>]
[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>]
[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>]
[B<-no_proxy> I<addresses>]
[B<-status_url> I<val>]
[B<-status_file> I<infile>]
@ -202,6 +202,10 @@ must supply a certificate or an error occurs.
If the cipher suite cannot request a client certificate (for example an
anonymous cipher suite or PSK) this option has no effect.
By default, validation of any supplied client certificate and its chain
is done w.r.t. the (D)TLS Client (C<sslclient>) purpose.
For details see L<openssl-verification-options(1)/Certificate Extensions>.
=item B<-cert> I<infile>
The certificate to use, most servers cipher suites require the use of a
@ -504,13 +508,14 @@ a verbose printout of the OCSP response.
Sets the timeout for OCSP response to I<int> seconds.
=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>
=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
applies, see below.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
the optional C<http://> or C<https://> prefix is ignored,
as well as any userinfo and path components.
as well as any userinfo, path, query, and fragment components.
Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.

1
crypto/openssl/doc/man1/openssl-s_time.pod.in
View file

@ -50,6 +50,7 @@ Print out a usage message.
=item B<-connect> I<host>:I<port>
This specifies the host and optional port to connect to.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-www> I<page>

4
crypto/openssl/doc/man1/openssl-smime.pod.in
View file

@ -394,9 +394,9 @@ Verify a message and extract the signer's certificate if successful:
Send encrypted mail using triple DES:
openssl smime -encrypt -in in.txt -from steve@openssl.org \
openssl smime -encrypt -in in.txt -out mail.msg -from steve@openssl.org \
-to someone@somewhere -subject "Encrypted message" \
-des3 user.pem -out mail.msg
-des3 user.pem
Sign and encrypt mail:

2
crypto/openssl/doc/man1/openssl-ts.pod.in
View file

@ -584,10 +584,12 @@ To verify a timestamp reply that includes the certificate chain:
-CAfile cacert.pem
To verify a timestamp token against the original data file:
openssl ts -verify -data design2.txt -in design2.tsr \
-CAfile cacert.pem
To verify a timestamp token against a message imprint:
openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-in design2.tsr -CAfile cacert.pem

192
crypto/openssl/doc/man1/openssl-verification-options.pod
View file

@ -24,8 +24,9 @@ The most important of them are detailed in the following sections.
In a nutshell, a valid chain of certificates needs to be built up and verified
starting from the I<target certificate> that is to be verified
and ending in a certificate that due to some policy is trusted.
Verification is done relative to the given I<purpose>, which is the intended use
of the target certificate, such as SSL server, or by default for any purpose.
Certificate validation can be performed in the context of a I<purpose>, which
is a high-level specification of the intended use of the target certificate,
such as C<sslserver> for TLS servers, or (by default) for any purpose.
The details of how each OpenSSL command handles errors
are documented on the specific command page.
@ -150,16 +151,17 @@ the chain components and their links are checked thoroughly.
The first step is to check that each certificate is well-formed.
Part of these checks are enabled only if the B<-x509_strict> option is given.
The second step is to check the extensions of every untrusted certificate
for consistency with the supplied purpose.
If the B<-purpose> option is not given then no such checks are done
except for SSL/TLS connection setup,
where by default C<sslserver> or C<sslclient>, are checked.
The target or "leaf" certificate, as well as any other untrusted certificates,
must have extensions compatible with the specified purpose.
All certificates except the target or "leaf" must also be valid CA certificates.
The precise extensions required are described in more detail in
L<openssl-x509(1)/CERTIFICATE EXTENSIONS>.
The second step is to check the X.509v3 extensions of every certificate
for consistency with the intended specific purpose, if any.
If the B<-purpose> option is not given then no such checks are done except for
CMS signature checking, where by default C<smimesign> is checked, and SSL/(D)TLS
connection setup, where by default C<sslserver> or C<sslclient> are checked.
The X.509v3 extensions of the target or "leaf" certificate
must be compatible with the specified purpose.
All other certificates down the chain are checked to be valid CA certificates,
and possibly also further non-standard checks are performed.
The precise extensions required are described in detail
in the L</Certificate Extensions> section below.
The third step is to check the trust settings on the last certificate
(which typically is a self-signed root CA certificate).
@ -455,13 +457,16 @@ Set policy variable inhibit-policy-mapping (see RFC5280).
=item B<-purpose> I<purpose>
The intended use for the certificate.
Currently defined purposes are C<sslclient>, C<sslserver>, C<nssslserver>,
A high-level specification of the intended use of the target certificate.
Currently predefined purposes are C<sslclient>, C<sslserver>, C<nssslserver>,
C<smimesign>, C<smimeencrypt>, C<crlsign>, C<ocsphelper>, C<timestampsign>,
and C<any>.
If peer certificate verification is enabled, by default the TLS implementation
as well as the commands B<s_client> and B<s_server> check for consistency
with TLS server or TLS client use, respectively.
and thus the commands L<openssl-s_client(1)> and L<openssl-s_server(1)>
check for consistency with
TLS server (C<sslserver>) or TLS client use (C<sslclient>), respectively.
By default, CMS signature validation, which can be done via L<openssl-cms(1)>,
checks for consistency with S/MIME signing use (C<smimesign>).
While IETF RFC 5280 says that B<id-kp-serverAuth> and B<id-kp-clientAuth>
are only for WWW use, in practice they are used for all kinds of TLS clients
@ -491,19 +496,20 @@ the subject certificate.
=item B<-verify_name> I<name>
Use default verification policies like trust model and required certificate
policies identified by I<name>.
Use a set of verification parameters, also known as verification method,
identified by I<name>. The currently predefined methods are named C<ssl_client>,
C<ssl_server>, C<smime_sign> with alias C<pkcs7>, and C<default>.
These mimic the combinations of purpose and trust settings used in SSL/(D)TLS,
and CMS/PKCS7 (including S/MIME).
The verification parameters include the trust model, various flags that can
partly be set also via other command-line options, and the verification purpose,
which in turn implies certificate key usage and extended key usage requirements.
The trust model determines which auxiliary trust or reject OIDs are applicable
to verifying the given certificate chain.
They can be given using the B<-addtrust> and B<-addreject> options
for L<openssl-x509(1)>.
Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>,
B<ssl_client>, B<ssl_server>.
These mimics the combinations of purpose and trust settings used in SSL, CMS
and S/MIME.
As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not
specified, so the B<-verify_name> options are functionally equivalent to the
corresponding B<-purpose> settings.
=back
@ -548,9 +554,8 @@ This option has no effect and is retained for backward compatibility only.
=head2 Certificate Extensions
Options like B<-purpose> lead to checking the certificate extensions,
which determine what the target certificate and intermediate CA certificates
can be used for.
Options like B<-purpose> and B<-verify_name> trigger the processing of specific
certificate extensions, which determine what certificates can be used for.
=head3 Basic Constraints
@ -574,87 +579,117 @@ keyCertSign bit set if the keyUsage extension is present.
=head3 Extended Key Usage
The extKeyUsage (EKU) extension places additional restrictions on the
certificate uses. If this extension is present (whether critical or not)
the key can only be used for the purposes specified.
The extKeyUsage (EKU) extension places additional restrictions on
certificate use. If this extension is present (whether critical or not)
in an end-entity certficiate, the key is allowed only for the uses specified,
while the special EKU B<anyExtendedKeyUsage> allows for all uses.
A complete description of each check is given below. The comments about
Note that according to RFC 5280 section 4.2.1.12,
the Extended Key Usage extension will appear only in end-entity certificates,
and consequently the standard certification path validation described
in its section 6 does not include EKU checks for CA certificates.
The CA/Browser Forum requires for TLS server, S/MIME, and code signing use
the presence of respective EKUs in subordinate CA certificates (while excluding
them for root CA certificates), while taking over from RFC 5280
the certificate validity concept and certificate path validation.
For historic reasons, OpenSSL has its own way of interpreting and checking
EKU extensions on CA certificates, which may change in the future.
It does not require the presence of EKU extensions in CA certificates,
but in case the verification purpose is
C<sslclient>, C<nssslserver>, C<sslserver>, C<smimesign>, or C<smimeencrypt>,
it checks that any present EKU extension (that does not contain
B<anyExtendedKeyUsage>) contains the respective EKU as detailed below.
Moreover, it does these checks even for trust anchor certificates.
=head3 Checks Implied by Specific Predefined Policies
A specific description of each check is given below. The comments about
basicConstraints and keyUsage and X.509v1 certificates above apply to B<all>
CA certificates.
=over 4
=item B<SSL Client>
=item B<(D)TLS Client> (C<sslclient>)
The extended key usage extension must be absent or include the "web client
authentication" OID. The keyUsage extension must be absent or it must have the
digitalSignature bit set. The Netscape certificate type must be absent
or it must have the SSL client bit set.
Any given extended key usage extension must allow for C<clientAuth>
("TLS WWW client authentication").
=item B<SSL Client CA>
For target certificates,
the key usage must allow for C<digitalSignature> and/or C<keyAgreement>.
The Netscape certificate type must be absent or have the SSL client bit set.
The extended key usage extension must be absent or include the "web client
authentication" OID.
The Netscape certificate type must be absent or it must have the SSL CA bit set.
This is used as a work around if the basicConstraints extension is absent.
For all other certificates the normal CA checks apply. In addition,
the Netscape certificate type must be absent or have the SSL CA bit set.
This is used as a workaround if the basicConstraints extension is absent.
=item B<SSL Server>
=item B<(D)TLS Server> (C<sslserver>)
The extended key usage extension must be absent or include the "web server
authentication" and/or one of the SGC OIDs. The keyUsage extension must be
absent or it
must have the digitalSignature, the keyEncipherment set or both bits set.
Any given extended key usage extension must allow for C<serverAuth>
("TLS WWW server authentication") and/or include one of the SGC OIDs.
For target certificates, the key usage must
allow for C<digitalSignature>, C<keyEncipherment>, and/or C<keyAgreement>.
The Netscape certificate type must be absent or have the SSL server bit set.
=item B<SSL Server CA>
For all other certificates the normal CA checks apply. In addition,
the Netscape certificate type must be absent or have the SSL CA bit set.
This is used as a workaround if the basicConstraints extension is absent.
The extended key usage extension must be absent or include the "web server
authentication" and/or one of the SGC OIDs. The Netscape certificate type must
be absent or the SSL CA bit must be set.
This is used as a work around if the basicConstraints extension is absent.
=item B<Netscape SSL Server> (C<nssslserver>)
=item B<Netscape SSL Server>
For Netscape SSL clients to connect to an SSL server it must have the
keyEncipherment bit set if the keyUsage extension is present. This isn't
In addition to what has been described for B<sslserver>, for a Netscape
SSL client to connect to an SSL server, its EE certficate must have the
B<keyEncipherment> bit set if the keyUsage extension is present. This isn't
always valid because some cipher suites use the key for digital signing.
Otherwise it is the same as a normal SSL server.
=item B<Common S/MIME Client Tests>
=item B<Common S/MIME Checks>
The extended key usage extension must be absent or include the "email
protection" OID. The Netscape certificate type must be absent or should have the
S/MIME bit set. If the S/MIME bit is not set in the Netscape certificate type
Any given extended key usage extension must allow for C<emailProtection>.
For target certificates,
the Netscape certificate type must be absent or should have the S/MIME bit set.
If the S/MIME bit is not set in the Netscape certificate type
then the SSL client bit is tolerated as an alternative but a warning is shown.
This is because some Verisign certificates don't set the S/MIME bit.
=item B<S/MIME Signing>
For all other certificates the normal CA checks apply. In addition,
the Netscape certificate type must be absent or have the S/MIME CA bit set.
This is used as a workaround if the basicConstraints extension is absent.
In addition to the common S/MIME client tests the digitalSignature bit or
the nonRepudiation bit must be set if the keyUsage extension is present.
=item B<S/MIME Signing> (C<smimesign>)
=item B<S/MIME Encryption>
In addition to the common S/MIME checks, for target certficiates
the key usage must allow for C<digitalSignature> and/or B<nonRepudiation>.
In addition to the common S/MIME tests the keyEncipherment bit must be set
if the keyUsage extension is present.
=item B<S/MIME Encryption> (C<smimeencrypt>)
=item B<S/MIME CA>
In addition to the common S/MIME checks, for target certficiates
the key usage must allow for C<keyEncipherment>.
The extended key usage extension must be absent or include the "email
protection" OID. The Netscape certificate type must be absent or must have the
S/MIME CA bit set.
This is used as a work around if the basicConstraints extension is absent.
=item B<CRL Signing> (C<crlsign>)
=item B<CRL Signing>
For target certificates, the key usage must allow for C<cRLSign>.
The keyUsage extension must be absent or it must have the CRL signing bit
set.
For all other certifcates the normal CA checks apply.
Except in this case the basicConstraints extension must be present.
=item B<CRL Signing CA>
=item B<OCSP Helper> (C<ocsphelper>)
The normal CA tests apply. Except in this case the basicConstraints extension
must be present.
For target certificates, no checks are performed at this stage,
but special checks apply; see L<OCSP_basic_verify(3)>.
For all other certifcates the normal CA checks apply.
=item B<Timestamp Signing> (C<timestampsign>)
For target certificates, if the key usage extension is present, it must include
C<digitalSignature> and/or C<nonRepudiation> and must not include other bits.
The EKU extension must be present and contain C<timeStamping> only.
Moreover, it must be marked as critical.
For all other certifcates the normal CA checks apply.
=back
@ -671,6 +706,7 @@ only the first one (in the mentioned order of locations) is recognised.
=head1 SEE ALSO
L<X509_verify_cert(3)>,
L<OCSP_basic_verify(3)>,
L<openssl-verify(1)>,
L<openssl-ocsp(1)>,
L<openssl-ts(1)>,

107
crypto/openssl/doc/man1/openssl.pod
View file

@ -653,111 +653,22 @@ See L<property(7)> for a more detailed description.
=head1 ENVIRONMENT
The OpenSSL library can be take some configuration parameters from the
environment. Some of these variables are listed below. For information
about specific commands, see L<openssl-engine(1)>,
L<openssl-rehash(1)>, and L<tsget(1)>.
The OpenSSL libraries can take some configuration parameters from the
environment.
For information about all environment variables used by the OpenSSL libraries,
such as B<OPENSSL_CONF>, B<OPENSSL_MODULES>, and B<OPENSSL_TRACE>,
see L<openssl-env(7)>.
For information about the use of environment variables in configuration,
see L<config(5)/ENVIRONMENT>.
For information about specific commands, see L<openssl-engine(1)>,
L<openssl-rehash(1)>, and L<tsget(1)>.
For information about querying or specifying CPU architecture flags, see
L<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>.
For information about all environment variables used by the OpenSSL libraries,
see L<openssl-env(7)>.
=over 4
=item B<OPENSSL_TRACE=>I<name>[,...]
Enable tracing output of OpenSSL library, by name.
This output will only make sense if you know OpenSSL internals well.
Also, it might not give you any output at all, depending on how
OpenSSL was built.
The value is a comma separated list of names, with the following
available:
=over 4
=item B<TRACE>
Traces the OpenSSL trace API itself.
=item B<INIT>
Traces OpenSSL library initialization and cleanup.
=item B<TLS>
Traces the TLS/SSL protocol.
=item B<TLS_CIPHER>
Traces the ciphers used by the TLS/SSL protocol.
=item B<CONF>
Show details about provider and engine configuration.
=item B<ENGINE_TABLE>
The function that is used by RSA, DSA (etc) code to select registered
ENGINEs, cache defaults and functional references (etc), will generate
debugging summaries.
=item B<ENGINE_REF_COUNT>
Reference counts in the ENGINE structure will be monitored with a line
of generated for each change.
=item B<PKCS5V2>
Traces PKCS#5 v2 key generation.
=item B<PKCS12_KEYGEN>
Traces PKCS#12 key generation.
=item B<PKCS12_DECRYPT>
Traces PKCS#12 decryption.
=item B<X509V3_POLICY>
Generates the complete policy tree at various points during X.509 v3
policy evaluation.
=item B<BN_CTX>
Traces BIGNUM context operations.
=item B<CMP>
Traces CMP client and server activity.
=item B<STORE>
Traces STORE operations.
=item B<DECODER>
Traces decoder operations.
=item B<ENCODER>
Traces encoder operations.
=item B<REF_COUNT>
Traces decrementing certain ASN.1 structure references.
=back
=back
=head1 SEE ALSO
L<openssl-asn1parse(1)>,
L<openssl-ca(1)>,

10
crypto/openssl/doc/man3/ASN1_TIME_set.pod
View file

@ -102,8 +102,8 @@ functions check the syntax of the time structure I<s>.
The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print()
functions print the time structure I<s> to BIO I<b> in human readable
format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example
"Feb 3 00:55:52 2015 GMT", which does not include a newline.
format. It will be of the format MMM DD HH:MM:SS[.s*] YYYY GMT, for example
"Feb E<32>3 00:55:52 2015 GMT", which does not include a newline.
If the time structure has invalid format it prints out "Bad time value" and
returns an error. The output for generalized time may include a fractional part
following the second.
@ -179,6 +179,10 @@ starting with B<ASN1_UTCTIME> and B<ASN1_GENERALIZEDTIME> act only on that
specific time format. The functions starting with B<ASN1_TIME> will operate on
either format.
Users familiar with RFC822 should note that when specifying the flag
B<ASN1_DTFLGS_RFC822> the year will be formatted as documented above,
i.e., using 4 digits, not 2 as specified in RFC822.
=head1 BUGS
ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() do
@ -272,7 +276,7 @@ The ASN1_TIME_compare() function was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

6
crypto/openssl/doc/man3/ASN1_aux_cb.pod
View file

@ -87,7 +87,7 @@ found for the purposes of reference counting.
=item I<asn1_cb>
A callback that will be invoked at various points during the processing of
the the B<ASN1_VALLUE>. See below for further details.
the B<ASN1_VALUE>. See below for further details.
=item I<enc_offset>
@ -97,7 +97,7 @@ will be saved if the B<ASN1_AFLG_ENCODING> flag has been set.
=item I<asn1_const_cb>
A callback that will be invoked at various points during the processing of
the the B<ASN1_VALLUE>. This is used in preference to the I<asn1_cb> callback if
the B<ASN1_VALUE>. This is used in preference to the I<asn1_cb> callback if
the B<ASN1_AFLG_CONST_CB> flag is set. See below for further details.
=back
@ -274,7 +274,7 @@ B<ASN1_OP_GET0_PROPQ> operation types were added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

6
crypto/openssl/doc/man3/BIO_s_accept.pod
View file

@ -169,16 +169,16 @@ BIO_set_bind_mode(), BIO_get_bind_mode() and BIO_do_accept() are macros.
BIO_do_accept(),
BIO_set_accept_name(), BIO_set_accept_port(), BIO_set_nbio_accept(),
BIO_set_accept_bios(), BIO_set_accept_ip_family(), and BIO_set_bind_mode()
return 1 for success and <=0 for failure.
return 1 for success and <= 0 for failure.
BIO_get_accept_name() returns the accept name or NULL on error.
BIO_get_peer_name() returns the peer name or NULL on error.
BIO_get_accept_port() returns the accept port as a string or NULL on error.
BIO_get_peer_port() returns the peer port as a string or NULL on error.
BIO_get_accept_ip_family() returns the IP family or <=0 on error.
BIO_get_accept_ip_family() returns the IP family or <= 0 on error.
BIO_get_bind_mode() returns the set of B<BIO_BIND> flags, or <=0 on failure.
BIO_get_bind_mode() returns the set of B<BIO_BIND> flags, or <= 0 on failure.
BIO_new_accept() returns a BIO or NULL on error.

2
crypto/openssl/doc/man3/BIO_s_connect.pod
View file

@ -59,7 +59,7 @@ a single call: that is it creates a new connect BIO with hostname B<name>.
BIO_set_conn_hostname() uses the string B<name> to set the hostname.
The hostname can be an IP address; if the address is an IPv6 one, it
must be enclosed with brackets C<[> and C<]>.
must be enclosed in brackets C<[> and C<]>.
The hostname can also include the port in the form hostname:port;
see L<BIO_parse_hostserv(3)> and BIO_set_conn_port() for details.

4
crypto/openssl/doc/man3/ECDSA_sign.pod
View file

@ -52,7 +52,7 @@ size use L<EVP_PKEY_sign(3)> with a NULL I<sig> parameter.
ECDSA_sign() computes a digital signature of the I<dgstlen> bytes hash value
I<dgst> using the private EC key I<eckey>. The DER encoded signatures is
stored in I<sig> and its length is returned in I<sig_len>. Note: I<sig> must
stored in I<sig> and its length is returned in I<siglen>. Note: I<sig> must
point to ECDSA_size(eckey) bytes of memory. The parameter I<type> is currently
ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with I<kinv>
and I<rp> set to NULL.
@ -82,7 +82,7 @@ used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().
ECDSA_sign_ex() computes a digital signature of the I<dgstlen> bytes hash value
I<dgst> using the private EC key I<eckey> and the optional pre-computed values
I<kinv> and I<rp>. The DER encoded signature is stored in I<sig> and its
length is returned in I<sig_len>. Note: I<sig> must point to ECDSA_size(eckey)
length is returned in I<siglen>. Note: I<sig> must point to ECDSA_size(eckey)
bytes of memory. The parameter I<type> is ignored.
ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is

16
crypto/openssl/doc/man3/EVP_EncryptInit.pod
View file

@ -1284,6 +1284,15 @@ indicates whether the operation was successful. If it does not indicate success,
the authentication operation has failed and any output data B<MUST NOT> be used
as it is corrupted.
Please note that the number of authenticated bytes returned by
EVP_CipherUpdate() depends on the cipher used. Stream ciphers, such as ChaCha20
or ciphers in GCM mode, can handle 1 byte at a time, resulting in an effective
"block" size of 1. Conversely, ciphers in OCB mode must process data one block
at a time, and the block size is returned.
Regardless of the returned size, it is safe to pass unpadded data to an
EVP_CipherUpdate() call in a single operation.
=head2 GCM and OCB Modes
The following I<ctrl>s are supported in GCM and OCB modes.
@ -1319,10 +1328,9 @@ For GCM, this call is only valid when decrypting data.
For OCB, this call is valid when decrypting data to set the expected tag,
and when encrypting to set the desired tag length.
In OCB mode, calling this when encrypting with C<tag> set to C<NULL> sets the
tag length. The tag length can only be set before specifying an IV. If this is
not called prior to setting the IV during encryption, then a default tag length
is used.
In OCB mode, calling this with C<tag> set to C<NULL> sets the tag length.
The tag length can only be set before specifying an IV. If this is not called
prior to setting the IV, then a default tag length is used.
For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the
maximum tag length for OCB.

9
crypto/openssl/doc/man3/EVP_PKEY_decapsulate.pod
View file

@ -25,10 +25,13 @@ specifying the private key to use.
The EVP_PKEY_decapsulate() function performs a private key decapsulation
operation using I<ctx>. The data to be decapsulated is specified using the
I<wrapped> and I<wrappedlen> parameters.
If I<unwrapped> is NULL then the maximum size of the output secret buffer
If I<unwrapped> is NULL then the size of the output secret buffer
is written to I<*unwrappedlen>. If I<unwrapped> is not NULL and the
call is successful then the decapsulated secret data is written to I<unwrapped>
and the amount of data written to I<*unwrappedlen>.
and the amount of data written to I<*unwrappedlen>. Note that, if I<unwrappedlen>
is not NULL in this call, the value it points to must be initialised to the length of
I<unwrapped>, so that the call can validate it is of sufficient size to hold the
result of the operation.
=head1 NOTES
@ -57,7 +60,7 @@ Decapsulate data using RSA:
unsigned char *secret = NULL;;
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_priv_key, NULL);
if (ctx = NULL)
if (ctx == NULL)
/* Error */
if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0)
/* Error */

7
crypto/openssl/doc/man3/EVP_PKEY_encapsulate.pod
View file

@ -35,7 +35,10 @@ unless I<genkeylen> is NULL.
If I<wrappedkey> is not NULL and the call is successful then the
internally generated key is written to I<genkey> and its size is written to
I<*genkeylen>. The encapsulated version of the generated key is written to
I<wrappedkey> and its size is written to I<*wrappedkeylen>.
I<wrappedkey> and its size is written to I<*wrappedkeylen>. Note that if
I<wrappedlen> is not NULL, then the value it points to must initially hold the size of
the I<unwrapped> buffer so that its size can be validated by the call, ensuring
it is large enough to hold the result written to I<wrapped>.
=head1 NOTES
@ -63,7 +66,7 @@ Encapsulate an RSASVE key (for RSA keys).
unsigned char *out = NULL, *secret = NULL;
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_pub_key, NULL);
if (ctx = NULL)
if (ctx == NULL)
/* Error */
if (EVP_PKEY_encapsulate_init(ctx, NULL) <= 0)
/* Error */

6
crypto/openssl/doc/man3/OSSL_CMP_CTX_new.pod
View file

@ -355,8 +355,10 @@ If TLS is not used this defaults to the value of
the environment variable C<http_proxy> if set, else C<HTTP_PROXY>.
Otherwise defaults to the value of C<https_proxy> if set, else C<HTTPS_PROXY>.
An empty proxy string specifies not to use a proxy.
Else the format is C<[http[s]://]address[:port][/path]>,
where any path given is ignored.
Otherwise the format is
C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>,
where any given userinfo, path, query, and fragment is ignored.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The default port number is 80, or 443 in case C<https:> is given.
OSSL_CMP_CTX_set1_no_proxy() sets the list of server hostnames not to use

4
crypto/openssl/doc/man3/OSSL_CMP_validate_msg.pod
View file

@ -44,7 +44,7 @@ any self-issued certificate from the I<msg> extraCerts field may be used
as a trust anchor for the path verification of an 'acceptable' cert if it can be
used also to validate the issued certificate returned in the IP message. This is
according to TS 33.310 [Network Domain Security (NDS); Authentication Framework
(AF)] document specified by the The 3rd Generation Partnership Project (3GPP).
(AF)] document specified by The 3rd Generation Partnership Project (3GPP).
Note that using this option is dangerous as the certificate obtained this way
has not been authenticated (at least not at CMP level).
Taking it over as a trust anchor implements trust-on-first-use (TOFU).
@ -77,7 +77,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

11
crypto/openssl/doc/man3/OSSL_HTTP_parse_url.pod
View file

@ -42,20 +42,25 @@ take any further default value from the C<HTTP_PROXY>
environment variable, or from C<HTTPS_PROXY> if I<use_ssl> is nonzero.
If I<no_proxy> is NULL, take any default exclusion value from the C<no_proxy>
environment variable, or else from C<NO_PROXY>.
Return the determined proxy hostname unless the exclusion contains I<server>.
Return the determined proxy host unless the exclusion value,
which is a list of proxy hosts separated by C<,> and/or whitespace,
contains I<server>.
Otherwise return NULL.
When I<server> is a string delimited by C<[> and C<]>, which are used for IPv6
addresses, the enclosing C<[> and C<]> are stripped prior to comparison.
OSSL_parse_url() parses its input string I<url> as a URL of the form
C<[scheme://][userinfo@]host[:port][/path][?query][#fragment]> and splits it up
into scheme, userinfo, host, port, path, query, and fragment components.
The host (or server) component may be a DNS name or an IP address
where IPv6 addresses should be enclosed in square brackets C<[> and C<]>.
where IPv6 addresses must be enclosed in square brackets C<[> and C<]>.
The port component is optional and defaults to C<0>.
If given, it must be in decimal form. If the I<pport_num> argument is not NULL
the integer value of the port number is assigned to I<*pport_num> on success.
The path component is also optional and defaults to C</>.
Each non-NULL result pointer argument I<pscheme>, I<puser>, I<phost>, I<pport>,
I<ppath>, I<pquery>, and I<pfrag>, is assigned the respective url component.
Any IPv6 address in I<*phost> is enclosed in C<[> and C<]>.
On success, they are guaranteed to contain non-NULL string pointers, else NULL.
It is the responsibility of the caller to free them using L<OPENSSL_free(3)>.
If I<pquery> is NULL, any given query component is handled as part of the path.
@ -70,7 +75,7 @@ and the scheme is C<https>, else 0.
The port component is optional and defaults to C<443> if the scheme is C<https>,
else C<80>.
Note that relative paths must be given with a leading C</>,
otherwise the first path element is interpreted as the hostname.
otherwise the first path element is interpreted as the host.
Calling the deprecated function OCSP_parse_url(url, host, port, path, ssl)
is equivalent to

6
crypto/openssl/doc/man3/OSSL_HTTP_transfer.pod
View file

@ -77,12 +77,14 @@ If TLS is not used this defaults to the environment variable C<http_proxy>
if set, else C<HTTP_PROXY>.
If I<use_ssl> != 0 it defaults to C<https_proxy> if set, else C<HTTPS_PROXY>.
An empty proxy string C<""> forbids using a proxy.
Else the format is
Otherwise, the format is
C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>,
where any userinfo, path, query, and fragment given is ignored.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The default proxy port number is 80, or 443 in case "https:" is given.
The HTTP client functions connect via the given proxy unless the I<server>
is found in the optional list I<no_proxy> of proxy hostnames (if not NULL;
is found in the optional list I<no_proxy> of proxy hostnames or IP addresses
separated by C<,> and/or whitespace (if not NULL;
default is the environment variable C<no_proxy> if set, else C<NO_PROXY>).
Proxying plain HTTP is supported directly,
while using a proxy for HTTPS connections requires a suitable callback function

2
crypto/openssl/doc/man3/OSSL_PARAM.pod
View file

@ -11,7 +11,7 @@ OSSL_PARAM - a structure to pass or request object parameters
typedef struct ossl_param_st OSSL_PARAM;
struct ossl_param_st {
const char *key; /* the name of the parameter */
unsigned char data_type; /* declare what kind of content is in data */
unsigned int data_type; /* declare what kind of content is in data */
void *data; /* value being passed in or out */
size_t data_size; /* data size */
size_t return_size; /* returned size */

8
crypto/openssl/doc/man3/OSSL_trace_enabled.pod
View file

@ -88,9 +88,10 @@ but rather uses a set of convenience macros, see the L</Macros> section below.
OSSL_trace_enabled() can be used to check if tracing for the given
I<category> is enabled.
OSSL_trace_begin() is used to starts a tracing section, and get the
channel for the given I<category> in form of a BIO.
OSSL_trace_begin() is used to start a tracing section,
and get the channel for the given I<category> in form of a BIO.
This BIO can only be used for output.
The pointer returned is NULL if the category is invalid or not enabled.
OSSL_trace_end() is used to end a tracing section.
@ -187,6 +188,9 @@ expands to
=head1 NOTES
It is not needed to guard trace output function calls like
I<OSSL_TRACE(category, ...)> by I<OSSL_TRACE_ENABLED(category)>.
If producing the trace output requires carrying out auxiliary calculations,
this auxiliary code should be placed inside a conditional block which is
executed only if the trace category is enabled.

10
crypto/openssl/doc/man3/SSL_CTX_new.pod
View file

@ -104,10 +104,12 @@ On session establishment, by default, no peer credentials verification is done.
This must be explicitly requested, typically using L<SSL_CTX_set_verify(3)>.
For verifying peer certificates many options can be set using various functions
such as L<SSL_CTX_load_verify_locations(3)> and L<SSL_CTX_set1_param(3)>.
The L<X509_VERIFY_PARAM_set_purpose(3)> function can be used, also in conjunction
with L<SSL_CTX_get0_param(3)>, to set the intended purpose of the session.
The default is B<X509_PURPOSE_SSL_SERVER> on the client side
The SSL/(D)TLS implementation uses the L<X509_STORE_CTX_set_default(3)>
function to prepare checks for B<X509_PURPOSE_SSL_SERVER> on the client side
and B<X509_PURPOSE_SSL_CLIENT> on the server side.
The L<X509_VERIFY_PARAM_set_purpose(3)> function can be used, also in conjunction
with L<SSL_CTX_get0_param(3)>, to override the default purpose of the session.
The SSL_CTX object uses I<method> as the connection method.
Three method variants are available: a generic method (for either client or
@ -228,7 +230,7 @@ SSL_CTX_up_ref() returns 1 for success and 0 for failure.
=head1 SEE ALSO
L<SSL_CTX_set_options(3)>, L<SSL_CTX_free(3)>,
L<SSL_CTX_set_options(3)>, L<SSL_CTX_free(3)>, L<X509_STORE_CTX_set_default(3)>,
SSL_CTX_set_verify(3), L<SSL_CTX_set1_param(3)>, L<SSL_CTX_get0_param(3)>,
L<SSL_connect(3)>, L<SSL_accept(3)>,
L<SSL_CTX_set_min_proto_version(3)>, L<ssl(7)>, L<SSL_set_connect_state(3)>

Some files were not shown because too many files have changed in this diff Show more