diff -Nru openssl-3.0.1/apps/ciphers.c openssl-3.0.2/apps/ciphers.c --- openssl-3.0.1/apps/ciphers.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/ciphers.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -187,7 +187,7 @@ goto end; } - ctx = SSL_CTX_new(meth); + ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth); if (ctx == NULL) goto err; if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) diff -Nru openssl-3.0.1/apps/cmp.c openssl-3.0.2/apps/cmp.c --- openssl-3.0.1/apps/cmp.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/cmp.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -161,7 +161,7 @@ static char *opt_rspout = NULL; static int opt_use_mock_srv = 0; -/* server-side debugging */ +/* mock server */ #ifndef OPENSSL_NO_SOCK static char *opt_port = NULL; static int opt_max_msgs = 0; @@ -287,7 +287,7 @@ {"subject", OPT_SUBJECT, 's', "Distinguished Name (DN) of subject to use in the requested cert template"}, {OPT_MORE_STR, 0, 0, - "For kur, default is subject of -csr arg or else of reference cert (see -oldcert)"}, + "For kur, default is subject of -csr arg or reference cert (see -oldcert)"}, {OPT_MORE_STR, 0, 0, "this default is used for ir and cr only if no Subject Alt Names are set"}, {"issuer", OPT_ISSUER, 's', @@ -336,7 +336,7 @@ {OPT_MORE_STR, 0, 0, "also used as reference (defaulting to -cert) for subject DN and SANs."}, {OPT_MORE_STR, 0, 0, - "Its issuer is used as recipient unless -recipient, -srvcert, or -issuer given"}, + "Issuer is used as recipient unless -recipient, -srvcert, or -issuer given"}, {"revreason", OPT_REVREASON, 'n', "Reason code to include in revocation request (rr); possible values:"}, {OPT_MORE_STR, 0, 0, @@ -470,14 +470,16 @@ "Process sequence of CMP responses provided in file(s), skipping server"}, {"rspout", OPT_RSPOUT, 's', "Save sequence of CMP responses to file(s)"}, - {"use_mock_srv", OPT_USE_MOCK_SRV, '-', "Use mock server at API level, bypassing HTTP"}, + {"use_mock_srv", OPT_USE_MOCK_SRV, '-', + "Use internal mock server at API level, bypassing socket-based HTTP"}, OPT_SECTION("Mock server"), #ifdef OPENSSL_NO_SOCK {OPT_MORE_STR, 0, 0, "NOTE: -port and -max_msgs not supported due to no-sock build"}, #else - {"port", OPT_PORT, 's', "Act as HTTP mock server listening on given port"}, + {"port", OPT_PORT, 's', + "Act as HTTP-based mock server listening on given port"}, {"max_msgs", OPT_MAX_MSGS, 'N', "max number of messages handled by HTTP mock server. Default: 0 = unlimited"}, #endif @@ -1000,7 +1002,7 @@ if (opt_srv_ref == NULL) { if (opt_srv_cert == NULL) { /* opt_srv_cert should determine the sender */ - CMP_err("must give -srv_ref for server if no -srv_cert given"); + CMP_err("must give -srv_ref for mock server if no -srv_cert given"); goto err; } } else { @@ -1011,7 +1013,7 @@ if (opt_srv_secret != NULL) { int res; - char *pass_str = get_passwd(opt_srv_secret, "PBMAC secret of server"); + char *pass_str = get_passwd(opt_srv_secret, "PBMAC secret of mock server"); if (pass_str != NULL) { cleanse(opt_srv_secret); @@ -1022,10 +1024,10 @@ goto err; } } else if (opt_srv_cert == NULL) { - CMP_err("server credentials must be given if -use_mock_srv or -port is used"); + CMP_err("mock server credentials must be given if -use_mock_srv or -port is used"); goto err; } else { - CMP_warn("server will not be able to handle PBM-protected requests since -srv_secret is not given"); + CMP_warn("mock server will not be able to handle PBM-protected requests since -srv_secret is not given"); } if (opt_srv_secret == NULL @@ -1035,7 +1037,7 @@ } if (opt_srv_cert != NULL) { X509 *srv_cert = load_cert_pwd(opt_srv_cert, opt_srv_keypass, - "certificate of the server"); + "certificate of the mock server"); if (srv_cert == NULL || !OSSL_CMP_CTX_set1_cert(ctx, srv_cert)) { X509_free(srv_cert); @@ -1046,7 +1048,7 @@ if (opt_srv_key != NULL) { EVP_PKEY *pkey = load_key_pwd(opt_srv_key, opt_keyform, opt_srv_keypass, - engine, "private key for server cert"); + engine, "private key for mock server cert"); if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) { EVP_PKEY_free(pkey); @@ -1058,14 +1060,14 @@ if (opt_srv_trusted != NULL) { X509_STORE *ts = - load_trusted(opt_srv_trusted, 0, "certs trusted by server"); + load_trusted(opt_srv_trusted, 0, "certs trusted by mock server"); if (ts == NULL || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { X509_STORE_free(ts); goto err; } } else { - CMP_warn("server will not be able to handle signature-protected requests since -srv_trusted is not given"); + CMP_warn("mock server will not be able to handle signature-protected requests since -srv_trusted is not given"); } if (!setup_certs(opt_srv_untrusted, "untrusted certificates for mock server", ctx, @@ -1073,8 +1075,7 @@ goto err; if (opt_rsp_cert == NULL) { - CMP_err("must give -rsp_cert for mock server"); - goto err; + CMP_warn("no -rsp_cert given for mock server"); } else { X509 *cert = load_cert_pwd(opt_rsp_cert, opt_keypass, "cert to be returned by the mock server"); @@ -1805,13 +1806,31 @@ static char server_port[32] = { '\0' }; const char *proxy_host = NULL; #endif - char server_buf[200] = { '\0' }; - char proxy_buf[200] = { '\0' }; + char server_buf[200] = "mock server"; + char proxy_buf[200] = ""; + if (!opt_use_mock_srv && opt_rspin == NULL) { /* note: -port is not given */ #ifndef OPENSSL_NO_SOCK - if (opt_server == NULL) { - CMP_err("missing -server option"); + if (opt_server == NULL) { + CMP_err("missing -server or -use_mock_srv or -rspin option"); + goto err; + } +#else + CMP_err("missing -use_mock_srv or -rspin option; -server option is not supported due to no-sock build"); goto err; +#endif + } +#ifndef OPENSSL_NO_SOCK + if (opt_server == NULL) { + if (opt_proxy != NULL) + CMP_warn("ignoring -proxy option since -server is not given"); + if (opt_no_proxy != NULL) + CMP_warn("ignoring -no_proxy option since -server is not given"); + if (opt_tls_used) { + CMP_warn("ignoring -tls_used option since -server is not given"); + opt_tls_used = 0; + } + goto set_path; } if (!OSSL_HTTP_parse_url(opt_server, &ssl, NULL /* user */, &host, &port, &portnum, &path, NULL /* q */, NULL /* frag */)) { @@ -1841,6 +1860,7 @@ if (proxy_host != NULL) (void)BIO_snprintf(proxy_buf, sizeof(proxy_buf), " via %s", proxy_host); + set_path: #endif if (!OSSL_CMP_CTX_set1_serverPath(ctx, used_path)) @@ -1886,11 +1906,6 @@ (void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp); #ifndef OPENSSL_NO_SOCK - if ((opt_tls_cert != NULL || opt_tls_key != NULL - || opt_tls_keypass != NULL || opt_tls_extra != NULL - || opt_tls_trusted != NULL || opt_tls_host != NULL) - && !opt_tls_used) - CMP_warn("TLS options(s) given but not -tls_used"); if (opt_tls_used) { APP_HTTP_TLS_INFO *info; @@ -1904,19 +1919,18 @@ goto err; } } - if (opt_use_mock_srv) { - CMP_err("cannot use TLS options together with -use_mock_srv"); - goto err; - } + if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL) goto err; (void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info); /* info will be freed along with CMP ctx */ info->server = opt_server; info->port = server_port; - info->use_proxy = opt_proxy != NULL; + /* workaround for callback design flaw, see #17088: */ + info->use_proxy = proxy_host != NULL; info->timeout = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT); info->ssl_ctx = setup_ssl_ctx(ctx, host, engine); + if (info->ssl_ctx == NULL) goto err; (void)OSSL_CMP_CTX_set_http_cb(ctx, app_http_tls_cb); @@ -1938,7 +1952,10 @@ goto err; /* not printing earlier, to minimize confusion in case setup fails before */ - CMP_info2("will contact %s%s", server_buf, proxy_buf); + if (opt_rspin != NULL) + CMP_info("will not contact any server since -rspin is given"); + else + CMP_info2("will contact %s%s", server_buf, proxy_buf); ret = 1; @@ -2692,9 +2709,6 @@ int i; X509 *newcert = NULL; ENGINE *engine = NULL; -#ifndef OPENSSL_NO_SOCK - char mock_server[] = "mock server:1"; -#endif OSSL_CMP_CTX *srv_cmp_ctx = NULL; int ret = 0; /* default: failure */ @@ -2785,27 +2799,41 @@ } } + cmp_ctx = OSSL_CMP_CTX_new(app_get0_libctx(), app_get0_propq()); + if (cmp_ctx == NULL) + goto err; + OSSL_CMP_CTX_set_log_verbosity(cmp_ctx, opt_verbosity); + if (!OSSL_CMP_CTX_set_log_cb(cmp_ctx, print_to_bio_out)) { + CMP_err1("cannot set up error reporting and logging for %s", prog); + goto err; + } + #ifndef OPENSSL_NO_SOCK + if ((opt_tls_cert != NULL || opt_tls_key != NULL + || opt_tls_keypass != NULL || opt_tls_extra != NULL + || opt_tls_trusted != NULL || opt_tls_host != NULL) + && !opt_tls_used) + CMP_warn("Ingnoring TLS options(s) since -tls_used is not given"); if (opt_port != NULL) { - if (opt_use_mock_srv) { - CMP_err("cannot use both -port and -use_mock_srv options"); + if (opt_tls_used) { + CMP_err("-tls_used option not supported with -port option"); goto err; } - if (opt_server != NULL) { - CMP_err("cannot use both -port and -server options"); + if (opt_use_mock_srv || opt_server != NULL || opt_rspin != NULL) { + CMP_err("cannot use -port with -use_mock_srv, -server, or -rspin options"); goto err; } } -#endif - - cmp_ctx = OSSL_CMP_CTX_new(app_get0_libctx(), app_get0_propq()); - if (cmp_ctx == NULL) + if (opt_server != NULL && opt_use_mock_srv) { + CMP_err("cannot use both -server and -use_mock_srv options"); goto err; - OSSL_CMP_CTX_set_log_verbosity(cmp_ctx, opt_verbosity); - if (!OSSL_CMP_CTX_set_log_cb(cmp_ctx, print_to_bio_out)) { - CMP_err1("cannot set up error reporting and logging for %s", prog); + } +#endif + if (opt_rspin != NULL && opt_use_mock_srv) { + CMP_err("cannot use both -rspin and -use_mock_srv options"); goto err; } + if (opt_use_mock_srv #ifndef OPENSSL_NO_SOCK || opt_port != NULL @@ -2824,29 +2852,26 @@ OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity); } - #ifndef OPENSSL_NO_SOCK + if (opt_tls_used && (opt_use_mock_srv || opt_rspin != NULL)) { + CMP_warn("ignoring -tls_used option since -use_mock_srv or -rspin is given"); + opt_tls_used = 0; + } + if (opt_port != NULL) { /* act as very basic CMP HTTP server */ ret = cmp_server(srv_cmp_ctx); goto err; } -#endif - /* else act as CMP client */ - if (opt_use_mock_srv) { -#ifndef OPENSSL_NO_SOCK - if (opt_server != NULL) { - CMP_err("cannot use both -use_mock_srv and -server options"); - goto err; - } - if (opt_proxy != NULL) { - CMP_err("cannot use both -use_mock_srv and -proxy options"); - goto err; + /* act as CMP client, possibly using internal mock server */ + + if (opt_server != NULL) { + if (opt_rspin != NULL) { + CMP_warn("ignoring -server option since -rspin is given"); + opt_server = NULL; } - opt_server = mock_server; - opt_proxy = "API"; -#endif } +#endif if (!setup_client_ctx(cmp_ctx, engine)) { CMP_err("cannot set up CMP context"); diff -Nru openssl-3.0.1/apps/include/engine_loader.h openssl-3.0.2/apps/include/engine_loader.h --- openssl-3.0.1/apps/include/engine_loader.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/include/engine_loader.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/apps/lib/apps.c openssl-3.0.2/apps/lib/apps.c --- openssl-3.0.1/apps/lib/apps.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/lib/apps.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -291,7 +291,7 @@ i = atoi(arg + 3); if (i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE); - if ((i < 0) || !pwdbio) { + if ((i < 0) || pwdbio == NULL) { BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3); return NULL; } @@ -299,6 +299,12 @@ * Can't do BIO_gets on an fd BIO so add a buffering BIO */ btmp = BIO_new(BIO_f_buffer()); + if (btmp == NULL) { + BIO_free_all(pwdbio); + pwdbio = NULL; + BIO_printf(bio_err, "Out of memory\n"); + return NULL; + } pwdbio = BIO_push(btmp, pwdbio); #endif } else if (strcmp(arg, "stdin") == 0) { @@ -696,10 +702,13 @@ if (ret) { if (pcert != NULL) warn_cert(uri, *pcert, 0, vpm); - warn_certs(uri, *pcerts, 1, vpm); + if (pcerts != NULL) + warn_certs(uri, *pcerts, 1, vpm); } else { - sk_X509_pop_free(*pcerts, X509_free); - *pcerts = NULL; + if (pcerts != NULL) { + sk_X509_pop_free(*pcerts, X509_free); + *pcerts = NULL; + } } return ret; } @@ -2442,16 +2451,18 @@ } /* HTTP callback function that supports TLS connection also via HTTPS proxy */ -BIO *app_http_tls_cb(BIO *hbio, void *arg, int connect, int detail) +BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail) { + APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg; + SSL_CTX *ssl_ctx = info->ssl_ctx; + if (connect && detail) { /* connecting with TLS */ - APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg; - SSL_CTX *ssl_ctx = info->ssl_ctx; SSL *ssl; BIO *sbio = NULL; + /* adapt after fixing callback design flaw, see #17088 */ if ((info->use_proxy - && !OSSL_HTTP_proxy_connect(hbio, info->server, info->port, + && !OSSL_HTTP_proxy_connect(bio, info->server, info->port, NULL, NULL, /* no proxy credentials */ info->timeout, bio_err, opt_getprog())) || (sbio = BIO_new(BIO_f_ssl())) == NULL) { @@ -2462,23 +2473,33 @@ return NULL; } - SSL_set_tlsext_host_name(ssl, info->server); + /* adapt after fixing callback design flaw, see #17088 */ + SSL_set_tlsext_host_name(ssl, info->server); /* not critical to do */ SSL_set_connect_state(ssl); BIO_set_ssl(sbio, ssl, BIO_CLOSE); - hbio = BIO_push(sbio, hbio); - } else if (!connect && !detail) { /* disconnecting after error */ - const char *hint = tls_error_hint(); - - if (hint != NULL) - ERR_add_error_data(2, " : ", hint); - /* - * If we pop sbio and BIO_free() it this may lead to libssl double free. - * Rely on BIO_free_all() done by OSSL_HTTP_transfer() in http_client.c - */ + bio = BIO_push(sbio, bio); } - return hbio; + if (!connect) { + const char *hint; + BIO *cbio; + + if (!detail) { /* disconnecting after error */ + hint = tls_error_hint(); + if (hint != NULL) + ERR_add_error_data(2, " : ", hint); + } + if (ssl_ctx != NULL) { + (void)ERR_set_mark(); + BIO_ssl_shutdown(bio); + cbio = BIO_pop(bio); /* connect+HTTP BIO */ + BIO_free(bio); /* SSL BIO */ + (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */ + bio = cbio; + } + } + return bio; } void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info) @@ -2518,7 +2539,8 @@ info.server = server; info.port = port; - info.use_proxy = proxy != NULL; + info.use_proxy = /* workaround for callback design flaw, see #17088 */ + OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl) != NULL; info.timeout = timeout; info.ssl_ctx = ssl_ctx; mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL /* bio */, NULL /* rbio */, @@ -2544,18 +2566,21 @@ const char *expected_content_type, long timeout, const ASN1_ITEM *rsp_it) { + int use_ssl = ssl_ctx != NULL; APP_HTTP_TLS_INFO info; BIO *rsp, *req_mem = ASN1_item_i2d_mem_bio(req_it, req); ASN1_VALUE *res; if (req_mem == NULL) return NULL; + info.server = host; info.port = port; - info.use_proxy = proxy != NULL; + info.use_proxy = /* workaround for callback design flaw, see #17088 */ + OSSL_HTTP_adapt_proxy(proxy, no_proxy, host, use_ssl) != NULL; info.timeout = timeout; info.ssl_ctx = ssl_ctx; - rsp = OSSL_HTTP_transfer(NULL, host, port, path, ssl_ctx != NULL, + rsp = OSSL_HTTP_transfer(NULL, host, port, path, use_ssl, proxy, no_proxy, NULL /* bio */, NULL /* rbio */, app_http_tls_cb, &info, 0 /* buf_size */, headers, content_type, req_mem, diff -Nru openssl-3.0.1/apps/lib/engine_loader.c openssl-3.0.2/apps/lib/engine_loader.c --- openssl-3.0.1/apps/lib/engine_loader.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/lib/engine_loader.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/apps/lib/s_socket.c openssl-3.0.2/apps/lib/s_socket.c --- openssl-3.0.1/apps/lib/s_socket.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/lib/s_socket.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -162,7 +162,7 @@ #endif if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), - protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { + BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { BIO_closesocket(*sock); *sock = INVALID_SOCKET; continue; diff -Nru openssl-3.0.1/apps/ocsp.c openssl-3.0.2/apps/ocsp.c --- openssl-3.0.1/apps/ocsp.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/ocsp.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1176,10 +1176,12 @@ bn = ASN1_INTEGER_to_BN(ser, NULL); OPENSSL_assert(bn); /* FIXME: should report an error at this * point and abort */ - if (BN_is_zero(bn)) + if (BN_is_zero(bn)) { itmp = OPENSSL_strdup("00"); - else + OPENSSL_assert(itmp); + } else { itmp = BN_bn2hex(bn); + } row[DB_serial] = itmp; BN_free(bn); rrow = TXT_DB_get_by_index(db->db, DB_serial, row); diff -Nru openssl-3.0.1/apps/passwd.c openssl-3.0.2/apps/passwd.c --- openssl-3.0.1/apps/passwd.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/passwd.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -410,7 +410,7 @@ n >>= 1; } if (!EVP_DigestFinal_ex(md, buf, NULL)) - return NULL; + goto err; for (i = 0; i < 1000; i++) { if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) @@ -636,7 +636,7 @@ n >>= 1; } if (!EVP_DigestFinal_ex(md, buf, NULL)) - return NULL; + goto err; /* P sequence */ if (!EVP_DigestInit_ex(md2, sha, NULL)) @@ -647,7 +647,7 @@ goto err; if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) - return NULL; + goto err; if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL) goto err; @@ -664,7 +664,7 @@ goto err; if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) - return NULL; + goto err; if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL) goto err; diff -Nru openssl-3.0.1/apps/pkeyutl.c openssl-3.0.2/apps/pkeyutl.c --- openssl-3.0.1/apps/pkeyutl.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/pkeyutl.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -464,23 +464,23 @@ } goto end; } - if (kdflen != 0) { - buf_outlen = kdflen; - rv = 1; + if (rawin) { + /* rawin allocates the buffer in do_raw_keyop() */ + rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0, + &buf_out, (size_t *)&buf_outlen); } else { - if (rawin) { - /* rawin allocates the buffer in do_raw_keyop() */ - rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0, - &buf_out, (size_t *)&buf_outlen); + if (kdflen != 0) { + buf_outlen = kdflen; + rv = 1; } else { rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, buf_in, (size_t)buf_inlen); - if (rv > 0 && buf_outlen != 0) { - buf_out = app_malloc(buf_outlen, "buffer output"); - rv = do_keyop(ctx, pkey_op, - buf_out, (size_t *)&buf_outlen, - buf_in, (size_t)buf_inlen); - } + } + if (rv > 0 && buf_outlen != 0) { + buf_out = app_malloc(buf_outlen, "buffer output"); + rv = do_keyop(ctx, pkey_op, + buf_out, (size_t *)&buf_outlen, + buf_in, (size_t)buf_inlen); } } if (rv <= 0) { diff -Nru openssl-3.0.1/apps/progs.pl openssl-3.0.2/apps/progs.pl --- openssl-3.0.1/apps/progs.pl 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/progs.pl 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -21,7 +21,7 @@ my %commands = (); my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; my $apps_openssl = shift @ARGV; -my $YEAR = [localtime()]->[5] + 1900; +my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900; # because the program apps/openssl has object files as sources, and # they then have the corresponding C files as source, we need to chain diff -Nru openssl-3.0.1/apps/rehash.c openssl-3.0.2/apps/rehash.c --- openssl-3.0.1/apps/rehash.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/rehash.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2013-2014 Timo Teräs * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -168,6 +168,12 @@ *ep = nilhentry; ep->old_id = ~0; ep->filename = OPENSSL_strdup(filename); + if (ep->filename == NULL) { + OPENSSL_free(ep); + ep = NULL; + BIO_printf(bio_err, "out of memory\n"); + return 1; + } if (bp->last_entry) bp->last_entry->next = ep; if (bp->first_entry == NULL) diff -Nru openssl-3.0.1/apps/req.c openssl-3.0.2/apps/req.c --- openssl-3.0.1/apps/req.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/req.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -775,8 +775,9 @@ } } if (newreq || gen_x509) { - if (pkey == NULL /* can happen only if !newreq */) { - BIO_printf(bio_err, "Must provide a signature key using -key\n"); + if (CAcert == NULL && pkey == NULL) { + BIO_printf(bio_err, "Must provide a signature key using -key or" + " provide -CA / -CAkey\n"); goto end; } @@ -1594,6 +1595,13 @@ *pkeytype = OPENSSL_strndup(keytype, keytypelen); else *pkeytype = OPENSSL_strdup(keytype); + + if (*pkeytype == NULL) { + BIO_printf(bio_err, "Out of memory\n"); + EVP_PKEY_free(param); + return NULL; + } + if (keylen >= 0) *pkeylen = keylen; diff -Nru openssl-3.0.1/apps/s_client.c openssl-3.0.2/apps/s_client.c --- openssl-3.0.1/apps/s_client.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/s_client.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -805,7 +805,7 @@ char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; char *chCApath = NULL, *chCAfile = NULL, *chCAstore = NULL, *host = NULL; char *thost = NULL, *tport = NULL; - char *port = OPENSSL_strdup(PORT); + char *port = NULL; char *bindhost = NULL, *bindport = NULL; char *passarg = NULL, *pass = NULL; char *vfyCApath = NULL, *vfyCAfile = NULL, *vfyCAstore = NULL; @@ -843,6 +843,7 @@ struct timeval tv; #endif const char *servername = NULL; + char *sname_alloc = NULL; int noservername = 0; const char *alpn_in = NULL; tlsextctx tlsextcbp = { NULL, 0 }; @@ -903,10 +904,11 @@ c_debug = 0; c_showcerts = 0; c_nbio = 0; + port = OPENSSL_strdup(PORT); vpm = X509_VERIFY_PARAM_new(); cctx = SSL_CONF_CTX_new(); - if (vpm == NULL || cctx == NULL) { + if (port == NULL || vpm == NULL || cctx == NULL) { BIO_printf(bio_err, "%s: out of memory\n", opt_getprog()); goto end; } @@ -1131,6 +1133,10 @@ break; case OPT_MSGFILE: bio_c_msg = BIO_new_file(opt_arg(), "w"); + if (bio_c_msg == NULL) { + BIO_printf(bio_err, "Error writing file %s\n", opt_arg()); + goto end; + } break; case OPT_TRACE: #ifndef OPENSSL_NO_SSL_TRACE @@ -1530,6 +1536,14 @@ goto opthelp; } + if (servername == NULL && !noservername) { + servername = sname_alloc = OPENSSL_strdup(host); + if (sname_alloc == NULL) { + BIO_printf(bio_err, "%s: out of memory\n", prog); + goto end; + } + } + /* Retain the original target host:port for use in the HTTP proxy connect string */ thost = OPENSSL_strdup(host); tport = OPENSSL_strdup(port); @@ -1651,10 +1665,21 @@ if (bio_c_out == NULL) { if (c_quiet && !c_debug) { bio_c_out = BIO_new(BIO_s_null()); - if (c_msg && bio_c_msg == NULL) + if (c_msg && bio_c_msg == NULL) { bio_c_msg = dup_bio_out(FORMAT_TEXT); - } else if (bio_c_out == NULL) + if (bio_c_msg == NULL) { + BIO_printf(bio_err, "Out of memory\n"); + goto end; + } + } + } else { bio_c_out = dup_bio_out(FORMAT_TEXT); + } + + if (bio_c_out == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto end; + } } #ifndef OPENSSL_NO_SRP if (!app_passwd(srppass, NULL, &srp_arg.srppassin, NULL)) { @@ -2017,14 +2042,16 @@ #endif sbio = BIO_new_dgram(sock, BIO_NOCLOSE); - if ((peer_info.addr = BIO_ADDR_new()) == NULL) { + if (sbio == NULL || (peer_info.addr = BIO_ADDR_new()) == NULL) { BIO_printf(bio_err, "memory allocation failure\n"); + BIO_free(sbio); BIO_closesocket(sock); goto end; } if (!BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &peer_info)) { BIO_printf(bio_err, "getsockname:errno=%d\n", get_last_socket_error()); + BIO_free(sbio); BIO_ADDR_free(peer_info.addr); BIO_closesocket(sock); goto end; @@ -2065,10 +2092,22 @@ #endif /* OPENSSL_NO_DTLS */ sbio = BIO_new_socket(sock, BIO_NOCLOSE); + if (sbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + ERR_print_errors(bio_err); + BIO_closesocket(sock); + goto end; + } + if (nbio_test) { BIO *test; test = BIO_new(BIO_f_nbio_test()); + if (test == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + BIO_free(sbio); + goto shut; + } sbio = BIO_push(test, sbio); } @@ -2135,6 +2174,10 @@ int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto shut; + } BIO_push(fbio, sbio); /* Wait for multi-line response to end from LMTP or SMTP */ do { @@ -2183,6 +2226,10 @@ int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto shut; + } BIO_push(fbio, sbio); BIO_gets(fbio, mbuf, BUFSIZZ); /* STARTTLS command requires CAPABILITY... */ @@ -2210,6 +2257,10 @@ { BIO *fbio = BIO_new(BIO_f_buffer()); + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto shut; + } BIO_push(fbio, sbio); /* wait for multi-line response to end from FTP */ do { @@ -2304,6 +2355,10 @@ int numeric; BIO *fbio = BIO_new(BIO_f_buffer()); + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto end; + } BIO_push(fbio, sbio); BIO_printf(fbio, "STARTTLS\r\n"); (void)BIO_flush(fbio); @@ -2464,6 +2519,10 @@ int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto end; + } BIO_push(fbio, sbio); BIO_gets(fbio, mbuf, BUFSIZZ); /* STARTTLS command requires CAPABILITIES... */ @@ -2504,6 +2563,10 @@ int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); + if (fbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + goto end; + } BIO_push(fbio, sbio); /* wait for multi-line response to end from Sieve */ do { @@ -2563,8 +2626,9 @@ BIO *ldapbio = BIO_new(BIO_s_mem()); CONF *cnf = NCONF_new(NULL); - if (cnf == NULL) { + if (ldapbio == NULL || cnf == NULL) { BIO_free(ldapbio); + NCONF_free(cnf); goto end; } BIO_puts(ldapbio, ldap_tls_genconf); @@ -3038,6 +3102,7 @@ #ifndef OPENSSL_NO_SRP OPENSSL_free(srp_arg.srppassin); #endif + OPENSSL_free(sname_alloc); OPENSSL_free(connectstr); OPENSSL_free(bindstr); OPENSSL_free(bindhost); diff -Nru openssl-3.0.1/apps/speed.c openssl-3.0.2/apps/speed.c --- openssl-3.0.1/apps/speed.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/speed.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -29,6 +29,7 @@ #include #include "apps.h" #include "progs.h" +#include "internal/numbers.h" #include #include #include @@ -451,7 +452,7 @@ static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */ #endif /* OPENSSL_NO_SM2 */ -#define COND(unused_cond) (run && count < 0x7fffffff) +#define COND(unused_cond) (run && count < INT_MAX) #define COUNT(d) (count) typedef struct loopargs_st { @@ -1774,6 +1775,10 @@ buflen = lengths[size_num - 1]; if (buflen < 36) /* size of random vector in RSA benchmark */ buflen = 36; + if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) { + BIO_printf(bio_err, "Error: buffer size too large\n"); + goto end; + } buflen += MAX_MISALIGNMENT + 1; loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer"); @@ -3617,7 +3622,7 @@ for (j = 0; j < num; j++) { print_message(alg_name, 0, mblengths[j], seconds->sym); Time_F(START); - for (count = 0; run && count < 0x7fffffff; count++) { + for (count = 0; run && count < INT_MAX; count++) { unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; size_t len = mblengths[j]; diff -Nru openssl-3.0.1/apps/s_server.c openssl-3.0.2/apps/s_server.c --- openssl-3.0.1/apps/s_server.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/s_server.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1006,7 +1006,7 @@ int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0; int state = 0, crl_format = FORMAT_UNDEF, crl_download = 0; char *host = NULL; - char *port = OPENSSL_strdup(PORT); + char *port = NULL; unsigned char *context = NULL; OPTION_CHOICE o; EVP_PKEY *s_key2 = NULL; @@ -1069,9 +1069,10 @@ async = 0; use_sendfile = 0; + port = OPENSSL_strdup(PORT); cctx = SSL_CONF_CTX_new(); vpm = X509_VERIFY_PARAM_new(); - if (cctx == NULL || vpm == NULL) + if (port == NULL || cctx == NULL || vpm == NULL) goto end; SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); @@ -1389,6 +1390,10 @@ break; case OPT_MSGFILE: bio_s_msg = BIO_new_file(opt_arg(), "w"); + if (bio_s_msg == NULL) { + BIO_printf(bio_err, "Error writing file %s\n", opt_arg()); + goto end; + } break; case OPT_TRACE: #ifndef OPENSSL_NO_SSL_TRACE @@ -1800,13 +1805,21 @@ if (bio_s_out == NULL) { if (s_quiet && !s_debug) { bio_s_out = BIO_new(BIO_s_null()); - if (s_msg && bio_s_msg == NULL) + if (s_msg && bio_s_msg == NULL) { bio_s_msg = dup_bio_out(FORMAT_TEXT); + if (bio_s_msg == NULL) { + BIO_printf(bio_err, "Out of memory\n"); + goto end; + } + } } else { - if (bio_s_out == NULL) - bio_s_out = dup_bio_out(FORMAT_TEXT); + bio_s_out = dup_bio_out(FORMAT_TEXT); } } + + if (bio_s_out == NULL) + goto end; + if (nocert) { s_cert_file = NULL; s_key_file = NULL; @@ -2344,6 +2357,11 @@ else # endif sbio = BIO_new_dgram(s, BIO_NOCLOSE); + if (sbio == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + ERR_print_errors(bio_err); + goto err; + } if (enable_timeouts) { timeout.tv_sec = 0; @@ -2393,6 +2411,13 @@ BIO *test; test = BIO_new(BIO_f_nbio_test()); + if (test == NULL) { + BIO_printf(bio_err, "Unable to create BIO\n"); + ret = -1; + BIO_free(sbio); + goto err; + } + sbio = BIO_push(test, sbio); } @@ -2976,13 +3001,21 @@ int total_bytes = 0; #endif int width; +#ifndef OPENSSL_NO_KTLS + int use_sendfile_for_req = use_sendfile; +#endif fd_set readfds; const char *opmode; +#ifdef CHARSET_EBCDIC + BIO *filter; +#endif /* Set width for a select call if needed */ width = s + 1; - buf = app_malloc(bufsize, "server www buffer"); + /* as we use BIO_gets(), and it always null terminates data, we need + * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ + buf = app_malloc(bufsize + 1, "server www buffer"); io = BIO_new(BIO_f_buffer()); ssl_bio = BIO_new(BIO_f_ssl()); if ((io == NULL) || (ssl_bio == NULL)) @@ -3015,10 +3048,21 @@ } sbio = BIO_new_socket(s, BIO_NOCLOSE); + if (sbio == NULL) { + SSL_free(con); + goto err; + } + if (s_nbio_test) { BIO *test; test = BIO_new(BIO_f_nbio_test()); + if (test == NULL) { + SSL_free(con); + BIO_free(sbio); + goto err; + } + sbio = BIO_push(test, sbio); } SSL_set_bio(con, sbio, sbio); @@ -3029,7 +3073,11 @@ BIO_push(io, ssl_bio); ssl_bio = NULL; #ifdef CHARSET_EBCDIC - io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io); + filter = BIO_new(BIO_f_ebcdic_filter()); + if (filter == NULL) + goto err; + + io = BIO_push(filter, io); #endif if (s_debug) { @@ -3047,7 +3095,7 @@ } for (;;) { - i = BIO_gets(io, buf, bufsize - 1); + i = BIO_gets(io, buf, bufsize + 1); if (i < 0) { /* error */ if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { if (!s_quiet) @@ -3112,7 +3160,7 @@ * we're expecting to come from the client. If they haven't * sent one there's not much we can do. */ - BIO_gets(io, buf, bufsize - 1); + BIO_gets(io, buf, bufsize + 1); } BIO_puts(io, @@ -3293,7 +3341,11 @@ } /* send the file */ #ifndef OPENSSL_NO_KTLS - if (use_sendfile) { + if (use_sendfile_for_req && !BIO_get_ktls_send(SSL_get_wbio(con))) { + BIO_printf(bio_err, "Warning: sendfile requested but KTLS is not available\n"); + use_sendfile_for_req = 0; + } + if (use_sendfile_for_req) { FILE *fp = NULL; int fd; struct stat st; @@ -3400,8 +3452,13 @@ int ret = 1; SSL *con; BIO *io, *ssl_bio, *sbio; +#ifdef CHARSET_EBCDIC + BIO *filter; +#endif - buf = app_malloc(bufsize, "server rev buffer"); + /* as we use BIO_gets(), and it always null terminates data, we need + * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ + buf = app_malloc(bufsize + 1, "server rev buffer"); io = BIO_new(BIO_f_buffer()); ssl_bio = BIO_new(BIO_f_ssl()); if ((io == NULL) || (ssl_bio == NULL)) @@ -3427,6 +3484,12 @@ } sbio = BIO_new_socket(s, BIO_NOCLOSE); + if (sbio == NULL) { + SSL_free(con); + ERR_print_errors(bio_err); + goto err; + } + SSL_set_bio(con, sbio, sbio); SSL_set_accept_state(con); @@ -3435,7 +3498,11 @@ BIO_push(io, ssl_bio); ssl_bio = NULL; #ifdef CHARSET_EBCDIC - io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io); + filter = BIO_new(BIO_f_ebcdic_filter()); + if (filter == NULL) + goto err; + + io = BIO_push(filter, io); #endif if (s_debug) { @@ -3476,7 +3543,7 @@ print_ssl_summary(con); for (;;) { - i = BIO_gets(io, buf, bufsize - 1); + i = BIO_gets(io, buf, bufsize + 1); if (i < 0) { /* error */ if (!BIO_should_retry(io)) { if (!s_quiet) diff -Nru openssl-3.0.1/apps/verify.c openssl-3.0.2/apps/verify.c --- openssl-3.0.1/apps/verify.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/verify.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -263,6 +263,7 @@ if (x509_ctrl_string(x, opt) <= 0) { BIO_printf(bio_err, "parameter error \"%s\"\n", opt); ERR_print_errors(bio_err); + X509_free(x); return 0; } } diff -Nru openssl-3.0.1/apps/x509.c openssl-3.0.2/apps/x509.c --- openssl-3.0.1/apps/x509.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/apps/x509.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -706,9 +706,9 @@ : "Certificate request self-signature did not match the contents\n"); goto end; } - BIO_printf(out, "Certificate request self-signature ok\n"); + BIO_printf(bio_err, "Certificate request self-signature ok\n"); - print_name(out, "subject=", X509_REQ_get_subject_name(req)); + print_name(bio_err, "subject=", X509_REQ_get_subject_name(req)); } else if (!x509toreq && ext_copy != EXT_COPY_UNSET) { BIO_printf(bio_err, "Warning: ignoring -copy_extensions since neither -x509toreq nor -req is given\n"); } diff -Nru openssl-3.0.1/CHANGES.md openssl-3.0.2/CHANGES.md --- openssl-3.0.1/CHANGES.md 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/CHANGES.md 2022-03-15 14:30:24.000000000 +0000 @@ -28,6 +28,62 @@ [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.1 and 3.0.2 [15 Mar 2022] + + * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever + for non-prime moduli. + + Internally this function is used when parsing certificates that contain + elliptic curve public keys in compressed form or explicit elliptic curve + parameters with a base point encoded in compressed form. + + It is possible to trigger the infinite loop by crafting a certificate that + has invalid explicit curve parameters. + + Since certificate parsing happens prior to verification of the certificate + signature, any process that parses an externally supplied certificate may thus + be subject to a denial of service attack. The infinite loop can also be + reached when parsing crafted private keys as they can contain explicit + elliptic curve parameters. + + Thus vulnerable situations include: + + - TLS clients consuming server certificates + - TLS servers consuming client certificates + - Hosting providers taking certificates or private keys from customers + - Certificate authorities parsing certification requests from subscribers + - Anything else which parses ASN.1 elliptic curve parameters + + Also any other applications that use the BN_mod_sqrt() where the attacker + can control the parameter values are vulnerable to this DoS issue. + ([CVE-2022-0778]) + + *Tomáš Mráz* + + * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) + to the list of ciphersuites providing Perfect Forward Secrecy as + required by SECLEVEL >= 3. + + *Dmitry Belyavskiy, Nicola Tuveri* + + * Made the AES constant time code for no-asm configurations + optional due to the resulting 95% performance degradation. + The AES constant time code can be enabled, for no assembly + builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME + + *Paul Dale* + + * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty + passphrase strings. + + *Darshan Sen* + + * The negative return value handling of the certificate verification callback + was reverted. The replacement is to set the verification retry state with + the SSL_set_retry_verify() function. + + *Tomáš Mráz* + ### Changes between 3.0.0 and 3.0.1 [14 Dec 2021] * Fixed invalid handling of X509_verify_cert() internal errors in libssl diff -Nru openssl-3.0.1/Configurations/10-main.conf openssl-3.0.2/Configurations/10-main.conf --- openssl-3.0.1/Configurations/10-main.conf 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/Configurations/10-main.conf 2022-03-15 14:30:24.000000000 +0000 @@ -1062,6 +1062,13 @@ perlasm_scheme => "elf", }, + # riscv64 below refers to contemporary RISCV Architecture + # specifications, + "BSD-riscv64" => { + inherit_from => [ "BSD-generic64"], + perlasm_scheme => "linux64", + }, + "bsdi-elf-gcc" => { inherit_from => [ "BASE_unix" ], CC => "gcc", diff -Nru openssl-3.0.1/Configurations/15-android.conf openssl-3.0.2/Configurations/15-android.conf --- openssl-3.0.1/Configurations/15-android.conf 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/Configurations/15-android.conf 2022-03-15 14:30:24.000000000 +0000 @@ -261,6 +261,7 @@ bn_ops => add("RC4_INT"), asm_arch => 'x86', perlasm_scheme => "android", + ex_libs => add(threads("-latomic")), }, "android-x86_64" => { inherit_from => [ "android" ], diff -Nru openssl-3.0.1/Configurations/descrip.mms.tmpl openssl-3.0.2/Configurations/descrip.mms.tmpl --- openssl-3.0.1/Configurations/descrip.mms.tmpl 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/Configurations/descrip.mms.tmpl 2022-03-15 14:30:24.000000000 +0000 @@ -553,7 +553,6 @@ - DELETE descrip.mms;* depend : descrip.mms -descrip.mms : FORCE @ ! {- output_off() if $disabled{makedepend}; "" -} @ $(PERL) {- sourcefile("util", "add-depends.pl") -} "{- $config{makedep_scheme} -}" @ ! {- output_on() if $disabled{makedepend}; "" -} @@ -755,7 +754,16 @@ # Building targets ################################################### -configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} +descrip.mms : configdata.pm {- join(" ", @{$config{build_file_templates}}) -} + perl configdata.pm + @ WRITE SYS$OUTPUT "*************************************************" + @ WRITE SYS$OUTPUT "*** ***" + @ WRITE SYS$OUTPUT "*** Please run the same mms command again ***" + @ WRITE SYS$OUTPUT "*** ***" + @ WRITE SYS$OUTPUT "*************************************************" + @ PIPE ( EXIT %X10000000 ) + +configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_infos}}, @{$config{conf_files}}) -} perl configdata.pm -r @ WRITE SYS$OUTPUT "*************************************************" @ WRITE SYS$OUTPUT "*** ***" @@ -871,6 +879,59 @@ return ($filename, $scripture); } + # On VMS, (some) header file directories include the files + # __DECC_INCLUDE_EPILOGUE.H and __DECC_INCLUDE_PROLOGUE.H. + # When header files are generated, and the build directory + # isn't the same as the source directory, these files must + # be copied alongside the generated header file, or their + # effect will be lost. + # We use the same include file cache as make_includefile + # to check if the scripture to copy these files has already + # been generated. + sub make_decc_include_files { + my $outd = shift; + my $ind = shift; + + # If the build directory and the source directory are the + # same, there's no need to copy the prologue and epilogue + # files. + return ('') if $outd eq $ind; + + my $outprologue = catfile($outd, '__DECC_INCLUDE_PROLOGUE.H'); + my $outepilogue = catfile($outd, '__DECC_INCLUDE_EPILOGUE.H'); + my $inprologue = catfile($ind, '__DECC_INCLUDE_PROLOGUE.H'); + my $inepilogue = catfile($ind, '__DECC_INCLUDE_EPILOGUE.H'); + my @filenames = (); + my $scripture = ''; + + if ($includefile_cache{$outprologue}) { + push @filenames, $outprologue; + } elsif (-f $inprologue) { + my $local_scripture .= <<"EOF"; +$outprologue : $inprologue + COPY $inprologue $outprologue +EOF + $includefile_cache{$outprologue} = $local_scripture; + + push @filenames, $outprologue; + $scripture .= $local_scripture; + } + if ($includefile_cache{$outepilogue}) { + push @filenames, $outepilogue; + } elsif (-f $inepilogue) { + my $local_scripture .= <<"EOF"; +$outepilogue : $inepilogue + COPY $inepilogue $outepilogue +EOF + $includefile_cache{$outepilogue} = $local_scripture; + + push @filenames, $outepilogue; + $scripture .= $local_scripture; + } + + return (@filenames, $scripture); + } + sub generatetarget { my %args = @_; my $deps = join(" ", compute_platform_depends(@{$args{deps}})); @@ -984,12 +1045,18 @@ my @perlmodules = ( 'configdata.pm', grep { $_ =~ m|\.pm$| } @{$args{deps}} ); my %perlmoduleincs = map { '"-I'.dirname($_).'"' => 1 } @perlmodules; - $deps = join(' ', $deps, compute_platform_depends(@perlmodules)); + my @decc_include_data + = make_decc_include_files(dirname($args{src}), dirname($gen0)); + my $decc_include_scripture = pop @decc_include_data; + $deps = join(' ', $deps, @decc_include_data, + compute_platform_depends(@perlmodules)); @perlmodules = map { '"-M'.basename($_, '.pm').'"' } @perlmodules; my $perlmodules = join(' ', '', sort keys %perlmoduleincs, @perlmodules); + return <<"EOF"; $args{src} : $gen0 $deps \$(PERL)$perlmodules $dofile "-o$target{build_file}" $gen0$gen_args > \$\@ +$decc_include_scripture EOF } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { # diff -Nru openssl-3.0.1/Configurations/unix-Makefile.tmpl openssl-3.0.2/Configurations/unix-Makefile.tmpl --- openssl-3.0.1/Configurations/unix-Makefile.tmpl 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/Configurations/unix-Makefile.tmpl 2022-03-15 14:30:24.000000000 +0000 @@ -582,7 +582,7 @@ $(RM) $(MANDOCS3) $(RM) $(MANDOCS5) $(RM) $(MANDOCS7) - $(RM) $(PROGRAMS) $(TESTPROGS) $(MODULES) $(SCRIPTS) + $(RM) $(PROGRAMS) $(TESTPROGS) $(MODULES) $(FIPSMODULE) $(SCRIPTS) $(RM) $(GENERATED_MANDATORY) $(GENERATED) -find . -name '*{- platform->depext() -}' \! -name '.*' \! -type d -exec $(RM) {} \; -find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \; @@ -599,7 +599,7 @@ # We check if any depfile is newer than Makefile and decide to # concatenate only if that is true. -depend: +depend: Makefile @: {- output_off() if $disabled{makedepend}; "" -} @$(PERL) $(SRCDIR)/util/add-depends.pl "{- $makedep_scheme -}" @: {- output_on() if $disabled{makedepend}; "" -} @@ -1153,7 +1153,7 @@ crypto/objects/obj_mac.num \ crypto/objects/obj_xref.txt \ > crypto/objects/obj_xref.h ) - ( cd $(SRCDIR); cat crypto/objects/obj_compat.h >> include/openssl/obj_mac.h ) + ( cd $(SRCDIR); sed -e '1,8d' crypto/objects/obj_compat.h >> include/openssl/obj_mac.h ) generate_crypto_conf: ( cd $(SRCDIR); $(PERL) crypto/conf/keysets.pl \ @@ -1371,13 +1371,13 @@ link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/apps/openssl.cnf -$(BLDDIR)/util/opensslwrap.sh: configdata.pm +$(BLDDIR)/util/opensslwrap.sh: Makefile @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \ mkdir -p "$(BLDDIR)/util"; \ ln -sf "../$(SRCDIR)/util/`basename "$@"`" "$(BLDDIR)/util"; \ fi -$(BLDDIR)/apps/openssl.cnf: configdata.pm +$(BLDDIR)/apps/openssl.cnf: Makefile @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \ mkdir -p "$(BLDDIR)/apps"; \ ln -sf "../$(SRCDIR)/apps/`basename "$@"`" "$(BLDDIR)/apps"; \ @@ -1387,7 +1387,8 @@ # Building targets ################################################### -libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // platform->sharedlib($_) // () } @{$unified_info{libraries}}) -} +libcrypto.pc libssl.pc openssl.pc: Makefile $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // platform->sharedlib($_) // () } @{$unified_info{libraries}}) -} + libcrypto.pc: @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ @@ -1438,10 +1439,22 @@ echo 'Version: '$(VERSION); \ echo 'Requires: libssl libcrypto' ) > openssl.pc +Makefile: configdata.pm \ + {- join(" \\\n" . ' ' x 10, + fill_lines(" ", $COLUMNS - 10, + @{$config{build_file_templates}})) -} + @echo "Detected changed: $?" + $(PERL) configdata.pm + @echo "**************************************************" + @echo "*** ***" + @echo "*** Please run the same make command again ***" + @echo "*** ***" + @echo "**************************************************" + @false + configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config \ {- join(" \\\n" . ' ' x 15, fill_lines(" ", $COLUMNS - 15, - @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}})) -} @echo "Detected changed: $?" diff -Nru openssl-3.0.1/Configurations/windows-makefile.tmpl openssl-3.0.2/Configurations/windows-makefile.tmpl --- openssl-3.0.1/Configurations/windows-makefile.tmpl 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/Configurations/windows-makefile.tmpl 2022-03-15 14:30:24.000000000 +0000 @@ -481,7 +481,7 @@ -del /Q /F configdata.pm -del /Q /F makefile -depend: +depend: makefile @ {- output_off() if $disabled{makedepend}; "\@rem" -} @ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "{- $target{makedep_scheme} -}" @ {- output_on() if $disabled{makedepend}; "\@rem" -} @@ -643,13 +643,23 @@ copy-utils: $(BLDDIR)\apps\openssl.cnf -$(BLDDIR)\apps\openssl.cnf: configdata.pm +$(BLDDIR)\apps\openssl.cnf: makefile @if NOT EXIST "$(BLDDIR)\apps" mkdir "$(BLDDIR)\apps" @if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\apps\$(@F)" "$(BLDDIR)\apps" # Building targets ################################################### -configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} +makefile: configdata.pm {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}) -} + @$(ECHO) "Detected changed: $?" + "$(PERL)" configdata.pm + @$(ECHO) "**************************************************" + @$(ECHO) "*** ***" + @$(ECHO) "*** Please run the same make command again ***" + @$(ECHO) "*** ***" + @$(ECHO) "**************************************************" + @exit 1 + +configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_infos}}, @{$config{conf_files}}) -} @$(ECHO) "Detected changed: $?" "$(PERL)" configdata.pm -r @$(ECHO) "**************************************************" diff -Nru openssl-3.0.1/Configure openssl-3.0.2/Configure --- openssl-3.0.1/Configure 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/Configure 2022-03-15 14:30:24.000000000 +0000 @@ -3169,25 +3169,25 @@ } } - foreach (sort keys %all_keys) { - my $previous = $combined_inheritance{$_}; + foreach my $key (sort keys %all_keys) { + my $previous = $combined_inheritance{$key}; # Current target doesn't have a value for the current key? # Assign it the default combiner, the rest of this loop body # will handle it just like any other coderef. - if (!exists $table{$target}->{$_}) { - $table{$target}->{$_} = $default_combiner; + if (!exists $table{$target}->{$key}) { + $table{$target}->{$key} = $default_combiner; } - $table{$target}->{$_} = process_values($table{$target}->{$_}, - $combined_inheritance{$_}, - $target, $_); - unless(defined($table{$target}->{$_})) { - delete $table{$target}->{$_}; + $table{$target}->{$key} = process_values($table{$target}->{$key}, + $combined_inheritance{$key}, + $target, $key); + unless(defined($table{$target}->{$key})) { + delete $table{$target}->{$key}; } # if ($extra_checks && -# $previous && !($add_called || $previous ~~ $table{$target}->{$_})) { -# warn "$_ got replaced in $target\n"; +# $previous && !($add_called || $previous ~~ $table{$target}->{$key})) { +# warn "$key got replaced in $target\n"; # } } diff -Nru openssl-3.0.1/crypto/aes/aes_core.c openssl-3.0.2/crypto/aes/aes_core.c --- openssl-3.0.1/crypto/aes/aes_core.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/aes/aes_core.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,7 +50,7 @@ #include #include "aes_local.h" -#if !defined(OPENSSL_NO_AES_CONST_TIME) && !defined(AES_ASM) +#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM) # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) # define U64(C) C##UI64 diff -Nru openssl-3.0.1/crypto/asn1/d2i_pu.c openssl-3.0.2/crypto/asn1/d2i_pu.c --- openssl-3.0.1/crypto/asn1/d2i_pu.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/asn1/d2i_pu.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -54,7 +54,7 @@ goto err; } - switch (EVP_PKEY_get_id(ret)) { + switch (EVP_PKEY_get_base_id(ret)) { case EVP_PKEY_RSA: if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) { ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); diff -Nru openssl-3.0.1/crypto/asn1/i2d_evp.c openssl-3.0.2/crypto/asn1/i2d_evp.c --- openssl-3.0.1/crypto/asn1/i2d_evp.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/asn1/i2d_evp.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -131,7 +131,7 @@ return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_info, pp); } - switch (EVP_PKEY_get_id(a)) { + switch (EVP_PKEY_get_base_id(a)) { case EVP_PKEY_RSA: return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp); #ifndef OPENSSL_NO_DSA diff -Nru openssl-3.0.1/crypto/async/arch/async_posix.h openssl-3.0.2/crypto/async/arch/async_posix.h --- openssl-3.0.1/crypto/async/arch/async_posix.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/async/arch/async_posix.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,12 +25,26 @@ # define ASYNC_POSIX # define ASYNC_ARCH -# ifdef __CET__ +# if defined(__CET__) || defined(__ia64__) /* * When Intel CET is enabled, makecontext will create a different * shadow stack for each context. async_fibre_swapcontext cannot * use _longjmp. It must call swapcontext to swap shadow stack as * well as normal stack. + * On IA64 the register stack engine is not saved across setjmp/longjmp. Here + * swapcontext() performs correctly. + */ +# define USE_SWAPCONTEXT +# endif +# if defined(__aarch64__) && defined(__clang__) \ + && defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1 +/* + * setjmp/longjmp don't currently work with BTI on all libc implementations + * when compiled by clang. This is because clang doesn't put a BTI after the + * call to setjmp where it returns the second time. This then fails on libc + * implementations - notably glibc - which use an indirect jump to there. + * So use the swapcontext implementation, which does work. + * See https://github.com/llvm/llvm-project/issues/48888. */ # define USE_SWAPCONTEXT # endif diff -Nru openssl-3.0.1/crypto/bio/bio_addr.c openssl-3.0.2/crypto/bio/bio_addr.c --- openssl-3.0.1/crypto/bio/bio_addr.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/bio/bio_addr.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -752,7 +752,7 @@ # pragma pointer_size 32 #endif /* Windows doesn't seem to have in_addr_t */ -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) static uint32_t he_fallback_address; static const char *he_fallback_addresses[] = { (char *)&he_fallback_address, NULL }; diff -Nru openssl-3.0.1/crypto/bio/bio_print.c openssl-3.0.2/crypto/bio/bio_print.c --- openssl-3.0.1/crypto/bio/bio_print.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/bio/bio_print.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ #include "crypto/ctype.h" #include "internal/numbers.h" #include +#include /* * Copyright Patrick Powell 1995 @@ -31,8 +32,10 @@ const char *, int, int, int); static int fmtint(char **, char **, size_t *, size_t *, int64_t, int, int, int, int); +#ifndef OPENSSL_SYS_UEFI static int fmtfp(char **, char **, size_t *, size_t *, LDOUBLE, int, int, int, int); +#endif static int doapr_outch(char **, char **, size_t *, size_t *, int); static int _dopr(char **sbuffer, char **buffer, size_t *maxlen, size_t *retlen, int *truncated, @@ -88,7 +91,9 @@ { char ch; int64_t value; +#ifndef OPENSSL_SYS_UEFI LDOUBLE fvalue; +#endif char *strvalue; int min; int max; @@ -259,6 +264,7 @@ min, max, flags)) return 0; break; +#ifndef OPENSSL_SYS_UEFI case 'f': if (cflags == DP_C_LDOUBLE) fvalue = va_arg(args, LDOUBLE); @@ -292,6 +298,16 @@ flags, G_FORMAT)) return 0; break; +#else + case 'f': + case 'E': + case 'e': + case 'G': + case 'g': + /* not implemented for UEFI */ + ERR_raise(ERR_LIB_BIO, ERR_R_UNSUPPORTED); + return 0; +#endif case 'c': if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, va_arg(args, int))) @@ -512,6 +528,8 @@ return 1; } +#ifndef OPENSSL_SYS_UEFI + static LDOUBLE abs_val(LDOUBLE value) { LDOUBLE result = value; @@ -807,6 +825,8 @@ return 1; } +#endif /* OPENSSL_SYS_UEFI */ + #define BUFFER_INC 1024 static int diff -Nru openssl-3.0.1/crypto/bio/bss_core.c openssl-3.0.2/crypto/bio/bss_core.c --- openssl-3.0.1/crypto/bio/bss_core.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/bio/bss_core.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -48,7 +48,7 @@ { BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - if (bcgbl->c_bio_read_ex == NULL) + if (bcgbl == NULL || bcgbl->c_bio_read_ex == NULL) return 0; return bcgbl->c_bio_read_ex(BIO_get_data(bio), data, data_len, bytes_read); } @@ -58,7 +58,7 @@ { BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - if (bcgbl->c_bio_write_ex == NULL) + if (bcgbl == NULL || bcgbl->c_bio_write_ex == NULL) return 0; return bcgbl->c_bio_write_ex(BIO_get_data(bio), data, data_len, written); } @@ -67,7 +67,7 @@ { BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - if (bcgbl->c_bio_ctrl == NULL) + if (bcgbl == NULL || bcgbl->c_bio_ctrl == NULL) return -1; return bcgbl->c_bio_ctrl(BIO_get_data(bio), cmd, num, ptr); } @@ -76,7 +76,7 @@ { BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - if (bcgbl->c_bio_gets == NULL) + if (bcgbl == NULL || bcgbl->c_bio_gets == NULL) return -1; return bcgbl->c_bio_gets(BIO_get_data(bio), buf, size); } @@ -85,7 +85,7 @@ { BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - if (bcgbl->c_bio_puts == NULL) + if (bcgbl == NULL || bcgbl->c_bio_puts == NULL) return -1; return bcgbl->c_bio_puts(BIO_get_data(bio), str); } @@ -101,6 +101,9 @@ { BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); + if (bcgbl == NULL) + return 0; + BIO_set_init(bio, 0); bcgbl->c_bio_free(BIO_get_data(bio)); @@ -133,7 +136,7 @@ BIO_CORE_GLOBALS *bcgbl = get_globals(libctx); /* Check the library context has been initialised with the callbacks */ - if (bcgbl->c_bio_write_ex == NULL && bcgbl->c_bio_read_ex == NULL) + if (bcgbl == NULL || (bcgbl->c_bio_write_ex == NULL && bcgbl->c_bio_read_ex == NULL)) return NULL; if ((outbio = BIO_new_ex(libctx, BIO_s_core())) == NULL) @@ -151,6 +154,9 @@ { BIO_CORE_GLOBALS *bcgbl = get_globals(libctx); + if (bcgbl == NULL) + return 0; + for (; fns->function_id != 0; fns++) { switch (fns->function_id) { case OSSL_FUNC_BIO_READ_EX: diff -Nru openssl-3.0.1/crypto/bn/bn_conv.c openssl-3.0.2/crypto/bn/bn_conv.c --- openssl-3.0.1/crypto/bn/bn_conv.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/bn/bn_conv.c 2022-03-15 14:30:24.000000000 +0000 @@ -142,7 +142,7 @@ continue; if (i == 0 || i > INT_MAX / 4) - goto err; + return 0; num = i + neg; if (bn == NULL) @@ -154,6 +154,10 @@ return 0; } else { ret = *bn; + if (BN_get_flags(ret, BN_FLG_STATIC_DATA)) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } BN_zero(ret); } diff -Nru openssl-3.0.1/crypto/bn/bn_exp2.c openssl-3.0.2/crypto/bn/bn_exp2.c --- openssl-3.0.1/crypto/bn/bn_exp2.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/bn/bn_exp2.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ bn_check_top(p2); bn_check_top(m); - if (!(m->d[0] & 1)) { + if (!BN_is_odd(m)) { ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } diff -Nru openssl-3.0.1/crypto/bn/bn_ppc.c openssl-3.0.2/crypto/bn/bn_ppc.c --- openssl-3.0.1/crypto/bn/bn_ppc.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/bn/bn_ppc.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,7 +40,7 @@ * no opportunity to figure it out... */ -#if defined(_ARCH_PPC64) +#if defined(_ARCH_PPC64) && !defined(__ILP32__) if (num == 6) { if (OPENSSL_ppccap_P & PPC_MADD300) return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num); diff -Nru openssl-3.0.1/crypto/bn/bn_sqrt.c openssl-3.0.2/crypto/bn/bn_sqrt.c --- openssl-3.0.1/crypto/bn/bn_sqrt.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/bn/bn_sqrt.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,8 @@ /* * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number - * Theory", algorithm 1.5.1). 'p' must be prime! + * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or + * an incorrect "result" will be returned. */ { BIGNUM *ret = in; @@ -303,18 +304,23 @@ goto vrfy; } - /* find smallest i such that b^(2^i) = 1 */ - i = 1; - if (!BN_mod_sqr(t, b, p, ctx)) - goto end; - while (!BN_is_one(t)) { - i++; - if (i == e) { - ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); - goto end; + /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ + for (i = 1; i < e; i++) { + if (i == 1) { + if (!BN_mod_sqr(t, b, p, ctx)) + goto end; + + } else { + if (!BN_mod_mul(t, t, t, p, ctx)) + goto end; } - if (!BN_mod_mul(t, t, t, p, ctx)) - goto end; + if (BN_is_one(t)) + break; + } + /* If not found, a is not a square or p is not prime. */ + if (i >= e) { + ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); + goto end; } /* t := y^2^(e - i - 1) */ diff -Nru openssl-3.0.1/crypto/bn/rsaz_exp_x2.c openssl-3.0.2/crypto/bn/rsaz_exp_x2.c --- openssl-3.0.1/crypto/bn/rsaz_exp_x2.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/bn/rsaz_exp_x2.c 2022-03-15 14:30:24.000000000 +0000 @@ -318,6 +318,8 @@ int exp_chunk_no = exp_bit_no / 64; int exp_chunk_shift = exp_bit_no % 64; + BN_ULONG red_table_idx_0, red_table_idx_1; + /* * If rem == 0, then * exp_bit_no = modulus_bitsize - exp_win_size @@ -329,8 +331,8 @@ OPENSSL_assert(rem != 0); /* Process 1-st exp window - just init result */ - BN_ULONG red_table_idx_0 = expz[0][exp_chunk_no]; - BN_ULONG red_table_idx_1 = expz[1][exp_chunk_no]; + red_table_idx_0 = expz[0][exp_chunk_no]; + red_table_idx_1 = expz[1][exp_chunk_no]; /* * The function operates with fixed moduli sizes divisible by 64, * thus table index here is always in supported range [0, EXP_WIN_SIZE). diff -Nru openssl-3.0.1/crypto/cmp/cmp_msg.c openssl-3.0.2/crypto/cmp/cmp_msg.c --- openssl-3.0.1/crypto/cmp/cmp_msg.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/cmp/cmp_msg.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -260,7 +260,7 @@ if (ctx->subjectName != NULL) return IS_NULL_DN(ctx->subjectName) ? NULL : ctx->subjectName; - if (ref_subj != NULL && (for_KUR || !HAS_SAN(ctx))) + if (ref_subj != NULL && (ctx->p10CSR != NULL || for_KUR || !HAS_SAN(ctx))) /* * For KUR, copy subject from the reference. * For IR or CR, do the same only if there is no subjectAltName. @@ -289,6 +289,8 @@ if (rkey == NULL && ctx->p10CSR != NULL) rkey = X509_REQ_get0_pubkey(ctx->p10CSR); + if (rkey == NULL && refcert != NULL) + rkey = X509_get0_pubkey(refcert); if (rkey == NULL) rkey = ctx->pkey; /* default is independent of ctx->oldCert */ if (rkey == NULL) { @@ -327,12 +329,15 @@ } /* extensions */ - if (refcert != NULL && !ctx->SubjectAltName_nodefault) - default_sans = X509V3_get_d2i(X509_get0_extensions(refcert), - NID_subject_alt_name, NULL, NULL); if (ctx->p10CSR != NULL && (exts = X509_REQ_get_extensions(ctx->p10CSR)) == NULL) goto err; + if (!ctx->SubjectAltName_nodefault && !HAS_SAN(ctx) && refcert != NULL + && (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert), + NID_subject_alt_name, NULL, NULL)) + != NULL + && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) + goto err; if (ctx->reqExtensions != NULL /* augment/override existing ones */ && !add_extensions(&exts, ctx->reqExtensions)) goto err; @@ -340,9 +345,6 @@ && !add1_extension(&exts, NID_subject_alt_name, crit, ctx->subjectAltNames)) goto err; - if (!HAS_SAN(ctx) && default_sans != NULL - && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) - goto err; if (ctx->policies != NULL && !add1_extension(&exts, NID_certificate_policies, ctx->setPoliciesCritical, ctx->policies)) @@ -566,6 +568,7 @@ if (!sk_OSSL_CMP_REVDETAILS_push(msg->body->value.rr, rd)) goto err; rd = NULL; + /* Revocation Passphrase according to section 5.3.19.9 could be set here */ if (!ossl_cmp_msg_protect(ctx, msg)) goto err; diff -Nru openssl-3.0.1/crypto/context.c openssl-3.0.2/crypto/context.c --- openssl-3.0.1/crypto/context.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/context.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -93,10 +93,8 @@ exdata_done = 1; if (!ossl_crypto_new_ex_data_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, NULL, - &ctx->data)) { - ossl_crypto_cleanup_all_ex_data_int(ctx); + &ctx->data)) goto err; - } /* Everything depends on properties, so we also pre-initialise that */ if (!ossl_property_parse_init(ctx)) @@ -106,9 +104,11 @@ err: if (exdata_done) ossl_crypto_cleanup_all_ex_data_int(ctx); + for (i = 0; i < OSSL_LIB_CTX_MAX_INDEXES; i++) + CRYPTO_THREAD_lock_free(ctx->index_locks[i]); CRYPTO_THREAD_lock_free(ctx->oncelock); CRYPTO_THREAD_lock_free(ctx->lock); - ctx->lock = NULL; + memset(ctx, '\0', sizeof(*ctx)); return 0; } @@ -156,6 +156,7 @@ void ossl_lib_ctx_default_deinit(void) { context_deinit(&default_context_int); + CRYPTO_THREAD_cleanup_local(&default_context_thread_local); } static OSSL_LIB_CTX *get_thread_default_context(void) @@ -189,7 +190,7 @@ OSSL_LIB_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL && !context_init(ctx)) { - OSSL_LIB_CTX_free(ctx); + OPENSSL_free(ctx); ctx = NULL; } return ctx; diff -Nru openssl-3.0.1/crypto/core_namemap.c openssl-3.0.2/crypto/core_namemap.c --- openssl-3.0.1/crypto/core_namemap.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/core_namemap.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,11 +37,7 @@ CRYPTO_RWLOCK *lock; LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */ -#ifdef tsan_ld_acq - TSAN_QUALIFIER int max_number; /* Current max number TSAN version */ -#else - int max_number; /* Current max number plain version */ -#endif + TSAN_QUALIFIER int max_number; /* Current max number */ }; /* LHASH callbacks */ @@ -99,10 +95,7 @@ int ossl_namemap_empty(OSSL_NAMEMAP *namemap) { -#ifdef tsan_ld_acq - /* Have TSAN support */ - return namemap == NULL || tsan_load(&namemap->max_number) == 0; -#else +#ifdef TSAN_REQUIRES_LOCKING /* No TSAN support */ int rv; @@ -114,6 +107,9 @@ rv = namemap->max_number == 0; CRYPTO_THREAD_unlock(namemap->lock); return rv; +#else + /* Have TSAN support */ + return namemap == NULL || tsan_load(&namemap->max_number) == 0; #endif } @@ -260,6 +256,7 @@ || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL) goto err; + /* The tsan_counter use here is safe since we're under lock */ namenum->number = number != 0 ? number : 1 + tsan_counter(&namemap->max_number); (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum); @@ -409,14 +406,16 @@ { const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type); - get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); + if (cipher != NULL) + get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); } static void get_legacy_md_names(const OBJ_NAME *on, void *arg) { const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type); - get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); + if (md != NULL) + get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); } static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, diff -Nru openssl-3.0.1/crypto/dh/dh_ameth.c openssl-3.0.2/crypto/dh/dh_ameth.c --- openssl-3.0.1/crypto/dh/dh_ameth.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/dh/dh_ameth.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -511,7 +511,7 @@ DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX); if (!ossl_dh_params_fromdata(dh, params) - || !ossl_dh_key_fromdata(dh, params) + || !ossl_dh_key_fromdata(dh, params, 1) || !EVP_PKEY_assign(pkey, type, dh)) { DH_free(dh); return 0; diff -Nru openssl-3.0.1/crypto/dh/dh_backend.c openssl-3.0.2/crypto/dh/dh_backend.c --- openssl-3.0.1/crypto/dh/dh_backend.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/dh/dh_backend.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -63,7 +63,7 @@ return 1; } -int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]) +int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[], int include_private) { const OSSL_PARAM *param_priv_key, *param_pub_key; BIGNUM *priv_key = NULL, *pub_key = NULL; @@ -74,10 +74,13 @@ param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - if ((param_priv_key != NULL - && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) - || (param_pub_key != NULL - && !OSSL_PARAM_get_BN(param_pub_key, &pub_key))) + if (include_private + && param_priv_key != NULL + && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + goto err; + + if (param_pub_key != NULL + && !OSSL_PARAM_get_BN(param_pub_key, &pub_key)) goto err; if (!DH_set0_key(dh, pub_key, priv_key)) @@ -103,7 +106,8 @@ return 1; } -int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], + int include_private) { const BIGNUM *priv = NULL, *pub = NULL; @@ -112,6 +116,7 @@ DH_get0_key(dh, &pub, &priv); if (priv != NULL + && include_private && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv)) return 0; if (pub != NULL diff -Nru openssl-3.0.1/crypto/dh/dh_key.c openssl-3.0.2/crypto/dh/dh_key.c --- openssl-3.0.1/crypto/dh/dh_key.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/dh/dh_key.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -375,20 +375,17 @@ int err_reason = DH_R_BN_ERROR; BIGNUM *pubkey = NULL; const BIGNUM *p; - size_t p_size; + int ret; if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL) goto err; DH_get0_pqg(dh, &p, NULL, NULL); - if (p == NULL || (p_size = BN_num_bytes(p)) == 0) { + if (p == NULL || BN_num_bytes(p) == 0) { err_reason = DH_R_NO_PARAMETERS_SET; goto err; } - /* - * As per Section 4.2.8.1 of RFC 8446 fail if DHE's - * public key is of size not equal to size of p - */ - if (BN_is_zero(pubkey) || p_size != len) { + /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */ + if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) { err_reason = DH_R_INVALID_PUBKEY; goto err; } diff -Nru openssl-3.0.1/crypto/dsa/dsa_ameth.c openssl-3.0.2/crypto/dsa/dsa_ameth.c --- openssl-3.0.1/crypto/dsa/dsa_ameth.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/dsa/dsa_ameth.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -485,7 +485,7 @@ } if (!ossl_dsa_ffc_params_fromdata(dsa, params) - || !ossl_dsa_key_fromdata(dsa, params) + || !ossl_dsa_key_fromdata(dsa, params, 1) || !EVP_PKEY_assign_DSA(pkey, dsa)) { DSA_free(dsa); return 0; diff -Nru openssl-3.0.1/crypto/dsa/dsa_backend.c openssl-3.0.2/crypto/dsa/dsa_backend.c --- openssl-3.0.1/crypto/dsa/dsa_backend.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/dsa/dsa_backend.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,16 +27,19 @@ * implementations alike. */ -int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]) +int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[], + int include_private) { - const OSSL_PARAM *param_priv_key, *param_pub_key; + const OSSL_PARAM *param_priv_key = NULL, *param_pub_key; BIGNUM *priv_key = NULL, *pub_key = NULL; if (dsa == NULL) return 0; - param_priv_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + if (include_private) { + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + } param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); diff -Nru openssl-3.0.1/crypto/ec/asm/ecp_nistp521-ppc64.pl openssl-3.0.2/crypto/ec/asm/ecp_nistp521-ppc64.pl --- openssl-3.0.1/crypto/ec/asm/ecp_nistp521-ppc64.pl 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ec/asm/ecp_nistp521-ppc64.pl 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ #! /usr/bin/env perl -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. # -# Licensed under the OpenSSL license (the "License"). You may not use +# Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/crypto/ec/curve448/arch_64/arch_intrinsics.h openssl-3.0.2/crypto/ec/curve448/arch_64/arch_intrinsics.h --- openssl-3.0.1/crypto/ec/curve448/arch_64/arch_intrinsics.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ec/curve448/arch_64/arch_intrinsics.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,8 +1,8 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2016 Cryptography Research, Inc. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/crypto/ec/curve448/arch_64/f_impl64.c openssl-3.0.2/crypto/ec/curve448/arch_64/f_impl64.c --- openssl-3.0.1/crypto/ec/curve448/arch_64/f_impl64.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ec/curve448/arch_64/f_impl64.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,8 +1,8 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2014 Cryptography Research, Inc. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/crypto/ec/curve448/arch_64/f_impl.h openssl-3.0.2/crypto/ec/curve448/arch_64/f_impl.h --- openssl-3.0.1/crypto/ec/curve448/arch_64/f_impl.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ec/curve448/arch_64/f_impl.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,8 +1,8 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2014-2016 Cryptography Research, Inc. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/crypto/ec/ec_lib.c openssl-3.0.2/crypto/ec/ec_lib.c --- openssl-3.0.1/crypto/ec/ec_lib.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ec/ec_lib.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -1710,8 +1710,8 @@ ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING); if (ptmp != NULL && !ossl_ec_encoding_param2id(ptmp, &encoding_flag)) { - ECerr(0, EC_R_INVALID_ENCODING); - return 0; + ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); + goto err; } if (encoding_flag == OPENSSL_EC_NAMED_CURVE) { ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); diff -Nru openssl-3.0.1/crypto/ec/ec_print.c openssl-3.0.2/crypto/ec/ec_print.c --- openssl-3.0.1/crypto/ec/ec_print.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ec/ec_print.c 2022-03-15 14:30:24.000000000 +0000 @@ -68,7 +68,7 @@ len = strlen(hex) / 2; oct_buf = OPENSSL_malloc(len); if (oct_buf == NULL) - return NULL; + goto err; if (!OPENSSL_hexstr2buf_ex(oct_buf, len, &oct_buf_len, hex, '\0') || !EC_POINT_oct2point(group, pt, oct_buf, oct_buf_len, ctx)) diff -Nru openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c openssl-3.0.2/crypto/ec/ecp_s390x_nistp.c --- openssl-3.0.1/crypto/ec/ecp_s390x_nistp.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ec/ecp_s390x_nistp.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,7 +116,7 @@ /* Otherwise use default. */ if (rc == -1) rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - OPENSSL_cleanse(param + S390X_OFF_SCALAR(len), len); + OPENSSL_cleanse(param, sizeof(param)); BN_CTX_end(ctx); BN_CTX_free(new_ctx); return rc; @@ -212,7 +212,7 @@ ok = 1; ret: - OPENSSL_cleanse(param + S390X_OFF_K(len), 2 * len); + OPENSSL_cleanse(param, sizeof(param)); if (ok != 1) { ECDSA_SIG_free(sig); sig = NULL; diff -Nru openssl-3.0.1/crypto/encode_decode/decoder_meth.c openssl-3.0.2/crypto/encode_decode/decoder_meth.c --- openssl-3.0.1/crypto/encode_decode/decoder_meth.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/encode_decode/decoder_meth.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -339,6 +339,7 @@ { OSSL_METHOD_STORE *store = get_decoder_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); + const char *const propq = properties != NULL ? properties : ""; void *method = NULL; int unsupported = 0; @@ -367,7 +368,7 @@ unsupported = 1; if (id == 0 - || !ossl_method_store_cache_get(store, NULL, id, properties, &method)) { + || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { get_tmp_decoder_store, get_decoder_from_store, @@ -375,13 +376,14 @@ construct_decoder, destruct_decoder }; + OSSL_PROVIDER *prov = NULL; methdata->id = id; methdata->names = name; - methdata->propquery = properties; + methdata->propquery = propq; methdata->flag_construct_error_occurred = 0; if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_DECODER, - NULL, 0 /* !force_cache */, + &prov, 0 /* !force_cache */, &mcm, methdata)) != NULL) { /* * If construction did create a method for us, we know that @@ -392,7 +394,7 @@ if (id == 0 && name != NULL) id = ossl_namemap_name2num(namemap, name); if (id != 0) - ossl_method_store_cache_set(store, NULL, id, properties, method, + ossl_method_store_cache_set(store, prov, id, propq, method, up_ref_decoder, free_decoder); } diff -Nru openssl-3.0.1/crypto/encode_decode/encoder_meth.c openssl-3.0.2/crypto/encode_decode/encoder_meth.c --- openssl-3.0.1/crypto/encode_decode/encoder_meth.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/encode_decode/encoder_meth.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -349,6 +349,7 @@ { OSSL_METHOD_STORE *store = get_encoder_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); + const char *const propq = properties != NULL ? properties : ""; void *method = NULL; int unsupported = 0; @@ -377,7 +378,7 @@ unsupported = 1; if (id == 0 - || !ossl_method_store_cache_get(store, NULL, id, properties, &method)) { + || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { get_tmp_encoder_store, get_encoder_from_store, @@ -385,13 +386,14 @@ construct_encoder, destruct_encoder }; + OSSL_PROVIDER *prov = NULL; methdata->id = id; methdata->names = name; - methdata->propquery = properties; + methdata->propquery = propq; methdata->flag_construct_error_occurred = 0; if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_ENCODER, - NULL, 0 /* !force_cache */, + &prov, 0 /* !force_cache */, &mcm, methdata)) != NULL) { /* * If construction did create a method for us, we know that @@ -401,7 +403,7 @@ */ if (id == 0) id = ossl_namemap_name2num(namemap, name); - ossl_method_store_cache_set(store, NULL, id, properties, method, + ossl_method_store_cache_set(store, prov, id, propq, method, up_ref_encoder, free_encoder); } diff -Nru openssl-3.0.1/crypto/encode_decode/encoder_pkey.c openssl-3.0.2/crypto/encode_decode/encoder_pkey.c --- openssl-3.0.1/crypto/encode_decode/encoder_pkey.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/encode_decode/encoder_pkey.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -254,6 +254,11 @@ * First, collect the keymgmt names, then the encoders that match. */ keymgmt_data.names = sk_OPENSSL_CSTRING_new_null(); + if (keymgmt_data.names == NULL) { + ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); + goto err; + } + keymgmt_data.error_occurred = 0; EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data); if (keymgmt_data.error_occurred) { diff -Nru openssl-3.0.1/crypto/engine/eng_dyn.c openssl-3.0.2/crypto/engine/eng_dyn.c --- openssl-3.0.1/crypto/engine/eng_dyn.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/engine/eng_dyn.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -451,8 +451,17 @@ * We fail if the version checker veto'd the load *or* if it is * deferring to us (by returning its version) and we think it is too * old. + * Unfortunately the version checker does not distinguish between + * engines built for openssl 1.1.x and openssl 3.x, but loading + * an engine that is built for openssl 1.1.x will cause a fatal + * error. Detect such engines, since EVP_PKEY_base_id is exported + * as a function in openssl 1.1.x, while it is a macro in openssl 3.x, + * and therefore only the symbol EVP_PKEY_get_base_id is available + * in openssl 3.x. */ - if (vcheck_res < OSSL_DYNAMIC_OLDEST) { + if (vcheck_res < OSSL_DYNAMIC_OLDEST + || DSO_bind_func(ctx->dynamic_dso, + "EVP_PKEY_base_id") != NULL) { /* Fail */ ctx->bind_engine = NULL; ctx->v_check = NULL; diff -Nru openssl-3.0.1/crypto/evp/ctrl_params_translate.c openssl-3.0.2/crypto/evp/ctrl_params_translate.c --- openssl-3.0.1/crypto/evp/ctrl_params_translate.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/evp/ctrl_params_translate.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1004,8 +1004,11 @@ return 0; if (state == PRE_CTRL_TO_PARAMS) { - ctx->p2 = (char *)ossl_ffc_named_group_get_name - (ossl_ffc_uid_to_dh_named_group(ctx->p1)); + if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name + (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); + return 0; + } ctx->p1 = 0; } @@ -1028,16 +1031,24 @@ switch (state) { case PRE_CTRL_TO_PARAMS: - ctx->p2 = (char *)ossl_ffc_named_group_get_name - (ossl_ffc_uid_to_dh_named_group(ctx->p1)); + if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name + (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); + return 0; + } + ctx->p1 = 0; break; case PRE_CTRL_STR_TO_PARAMS: if (ctx->p2 == NULL) return 0; - ctx->p2 = (char *)ossl_ffc_named_group_get_name - (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2))); + if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name + (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)))) == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); + return 0; + } + ctx->p1 = 0; break; diff -Nru openssl-3.0.1/crypto/evp/digest.c openssl-3.0.2/crypto/evp/digest.c --- openssl-3.0.1/crypto/evp/digest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/evp/digest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,8 +25,22 @@ #include "crypto/evp.h" #include "evp_local.h" +static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force) +{ + if (ctx->digest != NULL) { + if (ctx->digest->cleanup != NULL + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->md_data != NULL && ctx->digest->ctx_size > 0 + && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) + || force)) { + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + ctx->md_data = NULL; + } + } +} -void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force) +void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_fetched) { if (ctx->algctx != NULL) { if (ctx->digest != NULL && ctx->digest->freectx != NULL) @@ -41,12 +55,7 @@ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because * sometimes only copies of the context are ever finalised. */ - if (ctx->digest && ctx->digest->cleanup - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) - ctx->digest->cleanup(ctx); - if (ctx->digest && ctx->digest->ctx_size && ctx->md_data - && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) || force)) - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + cleanup_old_md_data(ctx, force); if (force) ctx->digest = NULL; @@ -56,13 +65,14 @@ #endif /* Non legacy code, this has to be later than the ctx->digest cleaning */ - EVP_MD_free(ctx->fetched_digest); - ctx->fetched_digest = NULL; - ctx->reqdigest = NULL; + if (!keep_fetched) { + EVP_MD_free(ctx->fetched_digest); + ctx->fetched_digest = NULL; + ctx->reqdigest = NULL; + } } -/* This call frees resources associated with the context */ -int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +static int evp_md_ctx_reset_ex(EVP_MD_CTX *ctx, int keep_fetched) { if (ctx == NULL) return 1; @@ -78,12 +88,19 @@ } #endif - evp_md_ctx_clear_digest(ctx, 0); - OPENSSL_cleanse(ctx, sizeof(*ctx)); + evp_md_ctx_clear_digest(ctx, 0, keep_fetched); + if (!keep_fetched) + OPENSSL_cleanse(ctx, sizeof(*ctx)); return 1; } +/* This call frees resources associated with the context */ +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +{ + return evp_md_ctx_reset_ex(ctx, 0); +} + #ifndef FIPS_MODULE EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, OSSL_LIB_CTX *libctx, const char *propq) @@ -207,7 +224,8 @@ #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) || tmpimpl != NULL #endif - || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) { + || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0 + || type->origin == EVP_ORIG_METH) { if (ctx->digest == ctx->fetched_digest) ctx->digest = NULL; EVP_MD_free(ctx->fetched_digest); @@ -215,10 +233,7 @@ goto legacy; } - if (ctx->digest != NULL && ctx->digest->ctx_size > 0) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - ctx->md_data = NULL; - } + cleanup_old_md_data(ctx, 1); /* Start of non-legacy code below */ @@ -307,10 +322,8 @@ } #endif if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - ctx->md_data = NULL; - } + cleanup_old_md_data(ctx, 1); + ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update; @@ -507,6 +520,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) { + int digest_change = 0; unsigned char *tmp_buf; if (in == NULL) { @@ -520,7 +534,7 @@ if (out->fetched_digest != NULL) EVP_MD_free(out->fetched_digest); *out = *in; - return 1; + goto clone_pkey; } if (in->digest->prov == NULL @@ -532,15 +546,16 @@ return 0; } - EVP_MD_CTX_reset(out); - if (out->fetched_digest != NULL) + evp_md_ctx_reset_ex(out, 1); + digest_change = (out->fetched_digest != in->fetched_digest); + if (digest_change && out->fetched_digest != NULL) EVP_MD_free(out->fetched_digest); *out = *in; /* NULL out pointers in case of error */ out->pctx = NULL; out->algctx = NULL; - if (in->fetched_digest != NULL) + if (digest_change && in->fetched_digest != NULL) EVP_MD_up_ref(in->fetched_digest); if (in->algctx != NULL) { @@ -551,6 +566,7 @@ } } + clone_pkey: /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); #ifndef FIPS_MODULE diff -Nru openssl-3.0.1/crypto/evp/evp_enc.c openssl-3.0.2/crypto/evp/evp_enc.c --- openssl-3.0.1/crypto/evp/evp_enc.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/evp/evp_enc.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -595,7 +595,7 @@ const unsigned char *in, int inl) { int ret; - size_t soutl; + size_t soutl, inl_ = (size_t)inl; int blocksize; if (outl != NULL) { @@ -625,9 +625,10 @@ ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); return 0; } + ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl, - inl + (blocksize == 1 ? 0 : blocksize), in, - (size_t)inl); + inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), + in, inl_); if (ret) { if (soutl > INT_MAX) { @@ -743,7 +744,7 @@ { int fix_len, cmpl = inl, ret; unsigned int b; - size_t soutl; + size_t soutl, inl_ = (size_t)inl; int blocksize; if (outl != NULL) { @@ -773,8 +774,8 @@ return 0; } ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl, - inl + (blocksize == 1 ? 0 : blocksize), in, - (size_t)inl); + inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), + in, inl_); if (ret) { if (soutl > INT_MAX) { diff -Nru openssl-3.0.1/crypto/evp/evp_fetch.c openssl-3.0.2/crypto/evp/evp_fetch.c --- openssl-3.0.1/crypto/evp/evp_fetch.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/evp/evp_fetch.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -247,6 +247,7 @@ { OSSL_METHOD_STORE *store = get_evp_method_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); + const char *const propq = properties != NULL ? properties : ""; uint32_t meth_id = 0; void *method = NULL; int unsupported = 0; @@ -299,8 +300,7 @@ unsupported = 1; if (meth_id == 0 - || !ossl_method_store_cache_get(store, prov, meth_id, properties, - &method)) { + || !ossl_method_store_cache_get(store, prov, meth_id, propq, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { get_tmp_evp_method_store, get_evp_method_from_store, @@ -312,7 +312,7 @@ methdata->operation_id = operation_id; methdata->name_id = name_id; methdata->names = name; - methdata->propquery = properties; + methdata->propquery = propq; methdata->method_from_algorithm = new_method; methdata->refcnt_up_method = up_ref_method; methdata->destruct_method = free_method; @@ -330,7 +330,7 @@ name_id = ossl_namemap_name2num(namemap, name); meth_id = evp_method_id(name_id, operation_id); if (name_id != 0) - ossl_method_store_cache_set(store, prov, meth_id, properties, + ossl_method_store_cache_set(store, prov, meth_id, propq, method, up_ref_method, free_method); } @@ -349,7 +349,7 @@ ERR_raise_data(ERR_LIB_EVP, code, "%s, Algorithm (%s : %d), Properties (%s)", ossl_lib_ctx_get_descriptor(methdata->libctx), - name = NULL ? "" : name, name_id, + name == NULL ? "" : name, name_id, properties == NULL ? "" : properties); } diff -Nru openssl-3.0.1/crypto/evp/exchange.c openssl-3.0.2/crypto/evp/exchange.c --- openssl-3.0.1/crypto/evp/exchange.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/evp/exchange.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -306,7 +306,7 @@ /* * Ensure that the key is provided, either natively, or as a cached * export. We start by fetching the keymgmt with the same name as - * |ctx->pkey|, but from the provider of the exchange method, using + * |ctx->keymgmt|, but from the provider of the exchange method, using * the same property query as when fetching the exchange method. * With the keymgmt we found (if we did), we try to export |ctx->pkey| * to it (evp_pkey_export_to_provider() is smart enough to only actually @@ -380,6 +380,7 @@ int ret = 0, check; void *provkey = NULL; EVP_PKEY_CTX *check_ctx = NULL; + EVP_KEYMGMT *tmp_keymgmt = NULL, *tmp_keymgmt_tofree = NULL; if (ctx == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); @@ -404,8 +405,25 @@ return -1; } - provkey = evp_pkey_export_to_provider(peer, ctx->libctx, &ctx->keymgmt, - ctx->propquery); + /* + * Ensure that the |peer| is provided, either natively, or as a cached + * export. We start by fetching the keymgmt with the same name as + * |ctx->keymgmt|, but from the provider of the exchange method, using + * the same property query as when fetching the exchange method. + * With the keymgmt we found (if we did), we try to export |peer| + * to it (evp_pkey_export_to_provider() is smart enough to only actually + * export it if |tmp_keymgmt| is different from |peer|'s keymgmt) + */ + tmp_keymgmt_tofree = tmp_keymgmt = + evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *) + EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange), + EVP_KEYMGMT_get0_name(ctx->keymgmt), + ctx->propquery); + if (tmp_keymgmt != NULL) + provkey = evp_pkey_export_to_provider(peer, ctx->libctx, + &tmp_keymgmt, ctx->propquery); + EVP_KEYMGMT_free(tmp_keymgmt_tofree); + /* * If making the key provided wasn't possible, legacy may be able to pick * it up diff -Nru openssl-3.0.1/crypto/evp/keymgmt_lib.c openssl-3.0.2/crypto/evp/keymgmt_lib.c --- openssl-3.0.1/crypto/evp/keymgmt_lib.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/evp/keymgmt_lib.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -370,7 +370,7 @@ * but also to determine if we should attempt a cross export * the other way. There's no point doing it both ways. */ - int ok = 1; + int ok = 0; /* Complex case, where the keymgmt differ */ if (keymgmt1 != NULL diff -Nru openssl-3.0.1/crypto/evp/mac_meth.c openssl-3.0.2/crypto/evp/mac_meth.c --- openssl-3.0.1/crypto/evp/mac_meth.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/evp/mac_meth.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,12 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + #include #include #include diff -Nru openssl-3.0.1/crypto/evp/m_sigver.c openssl-3.0.2/crypto/evp/m_sigver.c --- openssl-3.0.1/crypto/evp/m_sigver.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/evp/m_sigver.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -231,7 +231,7 @@ * We're about to get a new digest so clear anything associated with * an old digest. */ - evp_md_ctx_clear_digest(ctx, 1); + evp_md_ctx_clear_digest(ctx, 1, 0); /* legacy code support for engines */ ERR_set_mark(); @@ -480,14 +480,14 @@ if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + sigret == NULL ? 0 : *siglen); dctx = EVP_PKEY_CTX_dup(pctx); if (dctx == NULL) return 0; r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx, sigret, siglen, - (siglen == NULL) ? 0 : *siglen); + *siglen); EVP_PKEY_CTX_free(dctx); return r; diff -Nru openssl-3.0.1/crypto/evp/pmeth_gn.c openssl-3.0.2/crypto/evp/pmeth_gn.c --- openssl-3.0.1/crypto/evp/pmeth_gn.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/evp/pmeth_gn.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -128,7 +128,6 @@ int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { int ret = 0; - OSSL_CALLBACK cb; EVP_PKEY *allocated_pkey = NULL; /* Legacy compatible keygen callback info, only used with provider impls */ int gentmp[2]; @@ -365,6 +364,7 @@ OSSL_PARAM params[]) { void *keydata = NULL; + EVP_PKEY *allocated_pkey = NULL; if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); @@ -375,7 +375,7 @@ return -1; if (*ppkey == NULL) - *ppkey = EVP_PKEY_new(); + allocated_pkey = *ppkey = EVP_PKEY_new(); if (*ppkey == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); @@ -383,8 +383,13 @@ } keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, params); - if (keydata == NULL) + if (keydata == NULL) { + if (allocated_pkey != NULL) { + *ppkey = NULL; + EVP_PKEY_free(allocated_pkey); + } return 0; + } /* keydata is cached in *ppkey, so we need not bother with it further */ return 1; } diff -Nru openssl-3.0.1/crypto/ffc/ffc_backend.c openssl-3.0.2/crypto/ffc/ffc_backend.c --- openssl-3.0.1/crypto/ffc/ffc_backend.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ffc/ffc_backend.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,7 @@ const DH_NAMED_GROUP *group = NULL; if (prm->data_type != OSSL_PARAM_UTF8_STRING + || prm->data == NULL || (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL || !ossl_ffc_named_group_set_pqg(ffc, group)) #endif diff -Nru openssl-3.0.1/crypto/http/http_client.c openssl-3.0.2/crypto/http/http_client.c --- openssl-3.0.1/crypto/http/http_client.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/http/http_client.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -947,6 +947,7 @@ } /* now overall_timeout is guaranteed to be >= 0 */ + /* adapt in order to fix callback design flaw, see #17088 */ /* callback can be used to wrap or prepend TLS session */ if (bio_update_fn != NULL) { BIO *orig_bio = cbio; @@ -1197,11 +1198,17 @@ int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok) { + BIO *wbio; int ret = 1; - /* callback can be used to clean up TLS session on disconnect */ - if (rctx != NULL && rctx->upd_fn != NULL) - ret = (*rctx->upd_fn)(rctx->wbio, rctx->upd_arg, 0, ok) != NULL; + /* callback can be used to finish TLS session and free its BIO */ + if (rctx != NULL && rctx->upd_fn != NULL) { + wbio = (*rctx->upd_fn)(rctx->wbio, rctx->upd_arg, + 0 /* disconnect */, ok); + ret = wbio != NULL; + if (ret) + rctx->wbio = wbio; + } OSSL_HTTP_REQ_CTX_free(rctx); return ret; } diff -Nru openssl-3.0.1/crypto/lhash/lhash.c openssl-3.0.2/crypto/lhash/lhash.c --- openssl-3.0.1/crypto/lhash/lhash.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/lhash/lhash.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,6 +44,22 @@ static void contract(OPENSSL_LHASH *lh); static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash); +static ossl_inline int tsan_lock(const OPENSSL_LHASH *lh) +{ +#ifdef TSAN_REQUIRES_LOCKING + if (!CRYPTO_THREAD_write_lock(lh->tsan_lock)) + return 0; +#endif + return 1; +} + +static ossl_inline void tsan_unlock(const OPENSSL_LHASH *lh) +{ +#ifdef TSAN_REQUIRES_LOCKING + CRYPTO_THREAD_unlock(lh->tsan_lock); +#endif +} + OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) { OPENSSL_LHASH *ret; @@ -58,6 +74,10 @@ } if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL) goto err; +#ifdef TSAN_REQUIRES_LOCKING + if ((ret->tsan_lock = CRYPTO_THREAD_lock_new()) == NULL) + goto err; +#endif ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c); ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h); ret->num_nodes = MIN_NODES / 2; @@ -79,6 +99,9 @@ return; OPENSSL_LH_flush(lh); +#ifdef TSAN_REQUIRES_LOCKING + CRYPTO_THREAD_lock_free(lh->tsan_lock); +#endif OPENSSL_free(lh->b); OPENSSL_free(lh); } @@ -166,21 +189,20 @@ { unsigned long hash; OPENSSL_LH_NODE **rn; - void *ret; + /*- + * This should be atomic without tsan. + * It's not clear why it was done this way and not elsewhere. + */ tsan_store((TSAN_QUALIFIER int *)&lh->error, 0); rn = getrn(lh, data, &hash); - if (*rn == NULL) { - tsan_counter(&lh->num_retrieve_miss); - return NULL; - } else { - ret = (*rn)->data; - tsan_counter(&lh->num_retrieve); + if (tsan_lock(lh)) { + tsan_counter(*rn == NULL ? &lh->num_retrieve_miss : &lh->num_retrieve); + tsan_unlock(lh); } - - return ret; + return *rn == NULL ? NULL : (*rn)->data; } static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, @@ -307,9 +329,14 @@ OPENSSL_LH_NODE **ret, *n1; unsigned long hash, nn; OPENSSL_LH_COMPFUNC cf; + int do_tsan = 1; +#ifdef TSAN_REQUIRES_LOCKING + do_tsan = tsan_lock(lh); +#endif hash = (*(lh->hash)) (data); - tsan_counter(&lh->num_hash_calls); + if (do_tsan) + tsan_counter(&lh->num_hash_calls); *rhash = hash; nn = hash % lh->pmax; @@ -319,16 +346,20 @@ cf = lh->comp; ret = &(lh->b[(int)nn]); for (n1 = *ret; n1 != NULL; n1 = n1->next) { - tsan_counter(&lh->num_hash_comps); + if (do_tsan) + tsan_counter(&lh->num_hash_comps); if (n1->hash != hash) { ret = &(n1->next); continue; } - tsan_counter(&lh->num_comp_calls); + if (do_tsan) + tsan_counter(&lh->num_comp_calls); if (cf(n1->data, data) == 0) break; ret = &(n1->next); } + if (do_tsan) + tsan_unlock(lh); return ret; } @@ -352,7 +383,8 @@ v = n | (*c); n += 0x100; r = (int)((v >> 2) ^ v) & 0x0f; - ret = (ret << r) | (ret >> (32 - r)); + /* cast to uint64_t to avoid 32 bit shift of 32 bit value */ + ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r)); ret &= 0xFFFFFFFFL; ret ^= v * v; c++; @@ -373,7 +405,8 @@ for (n = 0x100; *c != '\0'; n += 0x100) { v = n | ossl_tolower(*c); r = (int)((v >> 2) ^ v) & 0x0f; - ret = (ret << r) | (ret >> (32 - r)); + /* cast to uint64_t to avoid 32 bit shift of 32 bit value */ + ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r)); ret &= 0xFFFFFFFFL; ret ^= v * v; c++; diff -Nru openssl-3.0.1/crypto/lhash/lhash_local.h openssl-3.0.2/crypto/lhash/lhash_local.h --- openssl-3.0.1/crypto/lhash/lhash_local.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/lhash/lhash_local.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,4 +41,7 @@ TSAN_QUALIFIER unsigned long num_retrieve_miss; TSAN_QUALIFIER unsigned long num_hash_comps; int error; +#ifdef TSAN_REQUIRES_LOCKING + CRYPTO_RWLOCK *tsan_lock; +#endif }; diff -Nru openssl-3.0.1/crypto/lhash/lh_stats.c openssl-3.0.2/crypto/lhash/lh_stats.c --- openssl-3.0.1/crypto/lhash/lh_stats.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/lhash/lh_stats.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -61,6 +61,14 @@ void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) { + int omit_tsan = 0; + +#ifdef TSAN_REQUIRES_LOCKING + if (!CRYPTO_THREAD_read_lock(lh->tsan_lock)) { + BIO_printf(out, "unable to lock table, omitting TSAN counters\n"); + omit_tsan = 1; + } +#endif BIO_printf(out, "num_items = %lu\n", lh->num_items); BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); @@ -68,15 +76,22 @@ BIO_printf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts); BIO_printf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs); - BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); - BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); + if (!omit_tsan) { + BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); + BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); + } BIO_printf(out, "num_insert = %lu\n", lh->num_insert); BIO_printf(out, "num_replace = %lu\n", lh->num_replace); BIO_printf(out, "num_delete = %lu\n", lh->num_delete); BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete); - BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); - BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); - BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); + if (!omit_tsan) { + BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); + BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); + BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); +#ifdef TSAN_REQUIRES_LOCKING + CRYPTO_THREAD_unlock(lh->tsan_lock); +#endif + } } void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out) diff -Nru openssl-3.0.1/crypto/mem.c openssl-3.0.2/crypto/mem.c --- openssl-3.0.1/crypto/mem.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/mem.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,11 +26,17 @@ #if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE) # include "internal/tsan_assist.h" +# ifdef TSAN_REQUIRES_LOCKING +# define INCREMENT(x) /* empty */ +# define LOAD(x) 0 +# else /* TSAN_REQUIRES_LOCKING */ static TSAN_QUALIFIER int malloc_count; static TSAN_QUALIFIER int realloc_count; static TSAN_QUALIFIER int free_count; -# define INCREMENT(x) tsan_counter(&(x)) +# define INCREMENT(x) tsan_counter(&(x)) +# define LOAD(x) tsan_load(&x) +# endif /* TSAN_REQUIRES_LOCKING */ static char *md_failstring; static long md_count; @@ -79,11 +85,11 @@ void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount) { if (mcount != NULL) - *mcount = tsan_load(&malloc_count); + *mcount = LOAD(malloc_count); if (rcount != NULL) - *rcount = tsan_load(&realloc_count); + *rcount = LOAD(realloc_count); if (fcount != NULL) - *fcount = tsan_load(&free_count); + *fcount = LOAD(free_count); } /* diff -Nru openssl-3.0.1/crypto/objects/obj_compat.h openssl-3.0.2/crypto/objects/obj_compat.h --- openssl-3.0.1/crypto/objects/obj_compat.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/objects/obj_compat.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,11 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ #ifndef OPENSSL_NO_DEPRECATED_3_0 diff -Nru openssl-3.0.1/crypto/objects/obj_dat.h openssl-3.0.2/crypto/objects/obj_dat.h --- openssl-3.0.1/crypto/objects/obj_dat.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/objects/obj_dat.h 2022-03-15 14:30:24.000000000 +0000 @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff -Nru openssl-3.0.1/crypto/o_str.c openssl-3.0.2/crypto/o_str.c --- openssl-3.0.1/crypto/o_str.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/o_str.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -215,7 +215,7 @@ return ossl_hexstr2buf_sep(str, buflen, DEFAULT_SEPARATOR); } -static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlen, +static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength, const unsigned char *buf, size_t buflen, const char sep) { @@ -226,8 +226,8 @@ int has_sep = (sep != CH_ZERO); size_t len = has_sep ? buflen * 3 : 1 + buflen * 2; - if (strlen != NULL) - *strlen = len; + if (strlength != NULL) + *strlength = len; if (str == NULL) return 1; @@ -253,11 +253,11 @@ return 1; } -int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, +int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, const unsigned char *buf, size_t buflen, const char sep) { - return buf2hexstr_sep(str, str_n, strlen, buf, buflen, sep); + return buf2hexstr_sep(str, str_n, strlength, buf, buflen, sep); } char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep) diff -Nru openssl-3.0.1/crypto/passphrase.c openssl-3.0.2/crypto/passphrase.c --- openssl-3.0.1/crypto/passphrase.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/passphrase.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,8 @@ ossl_pw_clear_passphrase_data(data); data->type = is_expl_passphrase; data->_.expl_passphrase.passphrase_copy = - OPENSSL_memdup(passphrase, passphrase_len); + passphrase_len != 0 ? OPENSSL_memdup(passphrase, passphrase_len) + : OPENSSL_malloc(1); if (data->_.expl_passphrase.passphrase_copy == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; @@ -109,7 +110,8 @@ * UI_METHOD processor. It differs from UI_UTIL_read_pw() like this: * * 1. It constructs a prompt on its own, based on |prompt_info|. - * 2. It allocates a buffer for verification on its own. + * 2. It allocates a buffer for password and verification on its own + * to compensate for NUL terminator in UI password strings. * 3. It raises errors. * 4. It reports back the length of the prompted pass phrase. */ @@ -117,8 +119,8 @@ const char *prompt_info, int verify, const UI_METHOD *ui_method, void *ui_data) { - char *prompt = NULL, *vpass = NULL; - int prompt_idx = -1, verify_idx = -1; + char *prompt = NULL, *ipass = NULL, *vpass = NULL; + int prompt_idx = -1, verify_idx = -1, res; UI *ui = NULL; int ret = 0; @@ -145,9 +147,16 @@ goto end; } + /* Get a buffer for verification prompt */ + ipass = OPENSSL_zalloc(pass_size + 1); + if (ipass == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); + goto end; + } + prompt_idx = UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, - pass, 0, pass_size - 1) - 1; + ipass, 0, pass_size) - 1; if (prompt_idx < 0) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); goto end; @@ -155,15 +164,15 @@ if (verify) { /* Get a buffer for verification prompt */ - vpass = OPENSSL_zalloc(pass_size); + vpass = OPENSSL_zalloc(pass_size + 1); if (vpass == NULL) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); goto end; } verify_idx = UI_add_verify_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, - vpass, 0, pass_size - 1, - pass) - 1; + vpass, 0, pass_size, + ipass) - 1; if (verify_idx < 0) { ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); goto end; @@ -178,13 +187,20 @@ ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); break; default: - *pass_len = (size_t)UI_get_result_length(ui, prompt_idx); + res = UI_get_result_length(ui, prompt_idx); + if (res < 0) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); + break; + } + *pass_len = (size_t)res; + memcpy(pass, ipass, *pass_len); ret = 1; break; } end: - OPENSSL_free(vpass); + OPENSSL_clear_free(vpass, pass_size + 1); + OPENSSL_clear_free(ipass, pass_size + 1); OPENSSL_free(prompt); UI_free(ui); return ret; diff -Nru openssl-3.0.1/crypto/pem/pem_lib.c openssl-3.0.2/crypto/pem/pem_lib.c --- openssl-3.0.1/crypto/pem/pem_lib.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/pem/pem_lib.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -974,19 +974,22 @@ headerlen = BIO_get_mem_data(headerB, NULL); *header = pem_malloc(headerlen + 1, flags); *data = pem_malloc(len, flags); - if (*header == NULL || *data == NULL) { - pem_free(*header, flags, 0); - pem_free(*data, flags, 0); - goto end; - } - BIO_read(headerB, *header, headerlen); + if (*header == NULL || *data == NULL) + goto out_free; + if (headerlen != 0 && BIO_read(headerB, *header, headerlen) != headerlen) + goto out_free; (*header)[headerlen] = '\0'; - BIO_read(dataB, *data, len); + if (BIO_read(dataB, *data, len) != len) + goto out_free; *len_out = len; *name_out = name; name = NULL; ret = 1; + goto end; +out_free: + pem_free(*header, flags, 0); + pem_free(*data, flags, 0); end: EVP_ENCODE_CTX_free(ctx); pem_free(name, flags, 0); diff -Nru openssl-3.0.1/crypto/pem/pem_pk8.c openssl-3.0.2/crypto/pem/pem_pk8.c --- openssl-3.0.1/crypto/pem/pem_pk8.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/pem/pem_pk8.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -136,7 +136,7 @@ if (enc || (nid != -1)) { if (kstr == NULL) { klen = cb(buf, PEM_BUFSIZE, 1, u); - if (klen <= 0) { + if (klen < 0) { ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY); goto legacy_end; } diff -Nru openssl-3.0.1/crypto/property/property.c openssl-3.0.2/crypto/property/property.c --- openssl-3.0.1/crypto/property/property.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/property/property.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -596,7 +596,7 @@ QUERY elem, *r; int res = 0; - if (nid <= 0 || store == NULL) + if (nid <= 0 || store == NULL || prop_query == NULL) return 0; if (!ossl_property_read_lock(store)) @@ -605,7 +605,7 @@ if (alg == NULL) goto err; - elem.query = prop_query != NULL ? prop_query : ""; + elem.query = prop_query; elem.provider = prov; r = lh_QUERY_retrieve(alg->cache, &elem); if (r == NULL) @@ -629,10 +629,8 @@ size_t len; int res = 1; - if (nid <= 0 || store == NULL) + if (nid <= 0 || store == NULL || prop_query == NULL) return 0; - if (prop_query == NULL) - return 1; if (!ossl_assert(prov != NULL)) return 0; diff -Nru openssl-3.0.1/crypto/property/property_string.c openssl-3.0.2/crypto/property/property_string.c --- openssl-3.0.1/crypto/property/property_string.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/property/property_string.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff -Nru openssl-3.0.1/crypto/provider_core.c openssl-3.0.2/crypto/provider_core.c --- openssl-3.0.1/crypto/provider_core.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/provider_core.c 2022-03-15 14:30:24.000000000 +0000 @@ -603,6 +603,9 @@ OSSL_PROVIDER tmpl = { 0, }; OSSL_PROVIDER *actualtmp = NULL; + if (actualprov != NULL) + *actualprov = NULL; + if ((store = get_provider_store(prov->libctx)) == NULL) return 0; @@ -659,7 +662,7 @@ err: CRYPTO_THREAD_unlock(store->lock); if (actualprov != NULL) - ossl_provider_free(actualtmp); + ossl_provider_free(*actualprov); return 0; } @@ -1945,9 +1948,13 @@ const char *pkey_name) { int sign_nid = OBJ_txt2nid(sign_name); - int digest_nid = OBJ_txt2nid(digest_name); + int digest_nid = NID_undef; int pkey_nid = OBJ_txt2nid(pkey_name); + if (digest_name != NULL && digest_name[0] != '\0' + && (digest_nid = OBJ_txt2nid(digest_name)) == NID_undef) + return 0; + if (sign_nid == NID_undef) return 0; @@ -1958,8 +1965,7 @@ if (OBJ_find_sigid_algs(sign_nid, NULL, NULL)) return 1; - if (digest_nid == NID_undef - || pkey_nid == NID_undef) + if (pkey_nid == NID_undef) return 0; return OBJ_add_sigid(sign_nid, digest_nid, pkey_nid); diff -Nru openssl-3.0.1/crypto/rand/rand_egd.c openssl-3.0.2/crypto/rand/rand_egd.c --- openssl-3.0.1/crypto/rand/rand_egd.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/rand/rand_egd.c 2022-03-15 14:30:24.000000000 +0000 @@ -80,7 +80,7 @@ # define AF_UNIX_PORTABILITY "$ZAFN2" # define AF_UNIX_COMPATIBILITY "$ZPLS" - if (!_arg_present(transport) || transport != NULL || transport[0] == '\0') + if (!_arg_present(transport) || transport == NULL || transport[0] == '\0') return socket(family, type, protocol); socket_transport_name_get(AF_UNIX, current_transport, 20); diff -Nru openssl-3.0.1/crypto/rand/rand_lib.c openssl-3.0.2/crypto/rand/rand_lib.c --- openssl-3.0.1/crypto/rand/rand_lib.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/rand/rand_lib.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -529,6 +529,8 @@ EVP_RAND_CTX *ctx; char *name; + if (dgbl == NULL) + return NULL; name = dgbl->seed_name != NULL ? dgbl->seed_name : "SEED-SRC"; rand = EVP_RAND_fetch(libctx, name, dgbl->seed_propq); if (rand == NULL) { @@ -560,6 +562,8 @@ OSSL_PARAM params[7], *p = params; char *name, *cipher; + if (dgbl == NULL) + return NULL; name = dgbl->rng_name != NULL ? dgbl->rng_name : "CTR-DRBG"; rand = EVP_RAND_fetch(libctx, name, dgbl->rng_propq); if (rand == NULL) { @@ -759,6 +763,9 @@ return 0; } + if (dgbl == NULL) + return 0; + for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { cval = sk_CONF_VALUE_value(elist, i); if (strcasecmp(cval->name, "random") == 0) { diff -Nru openssl-3.0.1/crypto/rsa/rsa_ameth.c openssl-3.0.2/crypto/rsa/rsa_ameth.c --- openssl-3.0.1/crypto/rsa/rsa_ameth.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/rsa/rsa_ameth.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -742,7 +742,7 @@ if (RSA_get0_n(rsa) == NULL || RSA_get0_e(rsa) == NULL) goto err; - if (!ossl_rsa_todata(rsa, tmpl, NULL)) + if (!ossl_rsa_todata(rsa, tmpl, NULL, 1)) goto err; selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; @@ -835,7 +835,7 @@ goto err; } - if (!ossl_rsa_fromdata(rsa, params)) + if (!ossl_rsa_fromdata(rsa, params, 1)) goto err; switch (rsa_type) { diff -Nru openssl-3.0.1/crypto/rsa/rsa_backend.c openssl-3.0.2/crypto/rsa/rsa_backend.c --- openssl-3.0.1/crypto/rsa/rsa_backend.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/rsa/rsa_backend.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -60,9 +60,9 @@ return 1; } -int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]) +int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private) { - const OSSL_PARAM *param_n, *param_e, *param_d; + const OSSL_PARAM *param_n, *param_e, *param_d = NULL; BIGNUM *n = NULL, *e = NULL, *d = NULL; STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL; int is_private = 0; @@ -72,7 +72,8 @@ param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N); param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E); - param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D); + if (include_private) + param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D); if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n)) || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e)) @@ -118,7 +119,8 @@ DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) -int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], + int include_private) { int ret = 0; const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; @@ -137,7 +139,7 @@ goto err; /* Check private key data integrity */ - if (rsa_d != NULL) { + if (include_private && rsa_d != NULL) { int numprimes = sk_BIGNUM_const_num(factors); int numexps = sk_BIGNUM_const_num(exps); int numcoeffs = sk_BIGNUM_const_num(coeffs); diff -Nru openssl-3.0.1/crypto/rsa/rsa_ossl.c openssl-3.0.2/crypto/rsa/rsa_ossl.c --- openssl-3.0.1/crypto/rsa/rsa_ossl.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/rsa/rsa_ossl.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -213,7 +213,9 @@ */ int ret; - BN_BLINDING_lock(b); + if (!BN_BLINDING_lock(b)) + return 0; + ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); BN_BLINDING_unlock(b); diff -Nru openssl-3.0.1/crypto/store/store_meth.c openssl-3.0.2/crypto/store/store_meth.c --- openssl-3.0.1/crypto/store/store_meth.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/store/store_meth.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -280,6 +280,7 @@ { OSSL_METHOD_STORE *store = get_loader_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); + const char *const propq = properties != NULL ? properties : ""; void *method = NULL; int unsupported = 0; @@ -309,7 +310,7 @@ unsupported = 1; if (id == 0 - || !ossl_method_store_cache_get(store, NULL, id, properties, &method)) { + || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { get_tmp_loader_store, get_loader_from_store, @@ -317,13 +318,14 @@ construct_loader, destruct_loader }; + OSSL_PROVIDER *prov = NULL; methdata->scheme_id = id; methdata->scheme = scheme; - methdata->propquery = properties; + methdata->propquery = propq; methdata->flag_construct_error_occurred = 0; if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_STORE, - NULL, 0 /* !force_cache */, + &prov, 0 /* !force_cache */, &mcm, methdata)) != NULL) { /* * If construction did create a method for us, we know that there @@ -332,7 +334,7 @@ */ if (id == 0) id = ossl_namemap_name2num(namemap, scheme); - ossl_method_store_cache_set(store, NULL, id, properties, method, + ossl_method_store_cache_set(store, prov, id, propq, method, up_ref_loader, free_loader); } diff -Nru openssl-3.0.1/crypto/store/store_result.c openssl-3.0.2/crypto/store/store_result.c --- openssl-3.0.1/crypto/store/store_result.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/store/store_result.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -525,7 +525,7 @@ if (p12 != NULL) { char *pass = NULL; - char tpass[PEM_BUFSIZE]; + char tpass[PEM_BUFSIZE + 1]; size_t tpass_len; EVP_PKEY *pkey = NULL; X509 *cert = NULL; @@ -547,17 +547,23 @@ OSSL_PARAM_END }; - if (!ossl_pw_get_passphrase(tpass, sizeof(tpass), &tpass_len, + if (!ossl_pw_get_passphrase(tpass, sizeof(tpass) - 1, + &tpass_len, pw_params, 0, &ctx->pwdata)) { ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); goto p12_end; } pass = tpass; - if (!PKCS12_verify_mac(p12, pass, strlen(pass))) { + /* + * ossl_pw_get_passphrase() does not NUL terminate but + * we must do it for PKCS12_parse() + */ + pass[tpass_len] = '\0'; + if (!PKCS12_verify_mac(p12, pass, tpass_len)) { ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC, - strlen(pass) == 0 ? "empty password" : + tpass_len == 0 ? "empty password" : "maybe wrong password"); goto p12_end; } @@ -613,9 +619,10 @@ } ctx->cached_info = infos; } + p12_end: + OPENSSL_cleanse(tpass, sizeof(tpass)); + PKCS12_free(p12); } - p12_end: - PKCS12_free(p12); *v = sk_OSSL_STORE_INFO_shift(ctx->cached_info); } diff -Nru openssl-3.0.1/crypto/threads_pthread.c openssl-3.0.2/crypto/threads_pthread.c --- openssl-3.0.1/crypto/threads_pthread.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/threads_pthread.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -261,26 +261,9 @@ return 1; } # ifndef FIPS_MODULE -# ifdef OPENSSL_SYS_UNIX - -static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT; - -static void fork_once_func(void) -{ -# ifndef OPENSSL_NO_DEPRECATED_3_0 - pthread_atfork(OPENSSL_fork_prepare, - OPENSSL_fork_parent, OPENSSL_fork_child); -# endif -} -# endif - int openssl_init_fork_handlers(void) { -# ifdef OPENSSL_SYS_UNIX - if (pthread_once(&fork_once_control, fork_once_func) == 0) - return 1; -# endif - return 0; + return 1; } # endif /* FIPS_MODULE */ diff -Nru openssl-3.0.1/crypto/trace.c openssl-3.0.2/crypto/trace.c --- openssl-3.0.1/crypto/trace.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/trace.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -136,6 +136,7 @@ TRACE_CATEGORY_(PKCS12_DECRYPT), TRACE_CATEGORY_(X509V3_POLICY), TRACE_CATEGORY_(BN_CTX), + TRACE_CATEGORY_(CMP), TRACE_CATEGORY_(STORE), TRACE_CATEGORY_(DECODER), TRACE_CATEGORY_(ENCODER), @@ -496,6 +497,8 @@ char *suffix = NULL; category = ossl_trace_get_category(category); + if (category < 0) + return; suffix = trace_channels[category].suffix; if (channel != NULL && ossl_assert(channel == current_channel)) { diff -Nru openssl-3.0.1/crypto/ui/ui_openssl.c openssl-3.0.2/crypto/ui/ui_openssl.c --- openssl-3.0.1/crypto/ui/ui_openssl.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ui/ui_openssl.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -551,6 +551,8 @@ static int close_console(UI *ui) { + int ret = 1; + if (tty_in != stdin) fclose(tty_in); if (tty_out != stderr) @@ -560,12 +562,12 @@ if (status != SS$_NORMAL) { ERR_raise_data(ERR_LIB_UI, UI_R_SYSDASSGN_ERROR, "status=%%X%08X", status); - return 0; + ret = 0; } # endif CRYPTO_THREAD_unlock(ui->lock); - return 1; + return ret; } # if !defined(OPENSSL_SYS_WINCE) diff -Nru openssl-3.0.1/crypto/ui/ui_util.c openssl-3.0.2/crypto/ui/ui_util.c --- openssl-3.0.1/crypto/ui/ui_util.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/ui/ui_util.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -73,9 +73,12 @@ static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, void **pptr, int idx, long argl, void *argp) { - if (*pptr != NULL) + if (*pptr != NULL) { *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data)); - return 1; + if (*pptr != NULL) + return 1; + } + return 0; } static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad, @@ -114,7 +117,7 @@ if (len >= 0) result[len] = '\0'; - if (len <= 0) + if (len < 0) return len; if (UI_set_result_ex(ui, uis, result, len) >= 0) return 1; diff -Nru openssl-3.0.1/crypto/x509/v3_crld.c openssl-3.0.2/crypto/x509/v3_crld.c --- openssl-3.0.1/crypto/x509/v3_crld.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/x509/v3_crld.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -83,6 +83,7 @@ return -1; dnsect = X509V3_get_section(ctx, cnf->value); if (!dnsect) { + X509_NAME_free(nm); ERR_raise(ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND); return -1; } diff -Nru openssl-3.0.1/crypto/x509/v3_sxnet.c openssl-3.0.2/crypto/x509/v3_sxnet.c --- openssl-3.0.1/crypto/x509/v3_sxnet.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/x509/v3_sxnet.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -167,11 +167,12 @@ goto err; if (!ASN1_INTEGER_set(sx->version, 0)) goto err; - *psx = sx; } else sx = *psx; if (SXNET_get_id_INTEGER(sx, zone)) { ERR_raise(ERR_LIB_X509V3, X509V3_R_DUPLICATE_ZONE_ID); + if (*psx == NULL) + SXNET_free(sx); return 0; } @@ -185,13 +186,14 @@ if (!sk_SXNETID_push(sx->ids, id)) goto err; id->zone = zone; + *psx = sx; return 1; err: ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); SXNETID_free(id); - SXNET_free(sx); - *psx = NULL; + if (*psx == NULL) + SXNET_free(sx); return 0; } diff -Nru openssl-3.0.1/crypto/x509/v3_utl.c openssl-3.0.2/crypto/x509/v3_utl.c --- openssl-3.0.1/crypto/x509/v3_utl.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/x509/v3_utl.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -539,8 +539,11 @@ return 0; emtmp = OPENSSL_strndup((char *)email->data, email->length); - if (emtmp == NULL) + if (emtmp == NULL) { + X509_email_free(*sk); + *sk = NULL; return 0; + } /* Don't add duplicates */ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { @@ -833,8 +836,11 @@ rv = equal(a->data, a->length, (unsigned char *)b, blen, flags); else if (a->length == (int)blen && !memcmp(a->data, b, blen)) rv = 1; - if (rv > 0 && peername) + if (rv > 0 && peername != NULL) { *peername = OPENSSL_strndup((char *)a->data, a->length); + if (*peername == NULL) + return -1; + } } else { int astrlen; unsigned char *astr; @@ -847,8 +853,13 @@ return -1; } rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); - if (rv > 0 && peername) + if (rv > 0 && peername != NULL) { *peername = OPENSSL_strndup((char *)astr, astrlen); + if (*peername == NULL) { + OPENSSL_free(astr); + return -1; + } + } OPENSSL_free(astr); } return rv; diff -Nru openssl-3.0.1/crypto/x509/x509_lu.c openssl-3.0.2/crypto/x509/x509_lu.c --- openssl-3.0.1/crypto/x509/x509_lu.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/x509/x509_lu.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -321,7 +321,9 @@ stmp.type = X509_LU_NONE; stmp.data.ptr = NULL; - X509_STORE_lock(store); + if (!X509_STORE_lock(store)) + return 0; + tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name); X509_STORE_unlock(store); @@ -371,7 +373,12 @@ return 0; } - X509_STORE_lock(store); + if (!X509_STORE_lock(store)) { + obj->type = X509_LU_NONE; + X509_OBJECT_free(obj); + return 0; + } + if (X509_OBJECT_retrieve_match(store->objs, obj)) { ret = 1; } else { @@ -553,7 +560,9 @@ } if ((sk = sk_X509_new_null()) == NULL) return NULL; - X509_STORE_lock(store); + if (!X509_STORE_lock(store)) + goto out_free; + objs = X509_STORE_get0_objects(store); for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { X509 *cert = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i)); @@ -567,6 +576,7 @@ err: X509_STORE_unlock(store); + out_free: sk_X509_pop_free(sk, X509_free); return NULL; } @@ -583,7 +593,9 @@ if (store == NULL) return NULL; - X509_STORE_lock(store); + if (!X509_STORE_lock(store)) + return NULL; + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { /* @@ -601,7 +613,8 @@ return NULL; } X509_OBJECT_free(xobj); - X509_STORE_lock(store); + if (!X509_STORE_lock(store)) + return NULL; idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); if (idx < 0) { X509_STORE_unlock(store); @@ -642,7 +655,10 @@ return NULL; } X509_OBJECT_free(xobj); - X509_STORE_lock(store); + if (!X509_STORE_lock(store)) { + sk_X509_CRL_free(sk); + return NULL; + } idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, nm, &cnt); if (idx < 0) { X509_STORE_unlock(store); @@ -744,7 +760,9 @@ /* Find index of first currently valid cert accepted by 'check_issued' */ ret = 0; - X509_STORE_lock(store); + if (!X509_STORE_lock(store)) + return 0; + idx = x509_object_idx_cnt(store->objs, X509_LU_X509, xn, &nmatch); if (idx != -1) { /* should be true as we've had at least one match */ /* Look through all matching certs for suitable issuer */ diff -Nru openssl-3.0.1/crypto/x509/x509_trust.c openssl-3.0.2/crypto/x509/x509_trust.c --- openssl-3.0.1/crypto/x509/x509_trust.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/x509/x509_trust.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,7 +72,7 @@ return obj_trust(NID_anyExtendedKeyUsage, x, flags | X509_TRUST_DO_SS_COMPAT); idx = X509_TRUST_get_by_id(id); - if (idx == -1) + if (idx < 0) return default_trust(id, x, flags); pt = X509_TRUST_get0(idx); return pt->check_trust(pt, x, flags); @@ -112,7 +112,7 @@ int X509_TRUST_set(int *t, int trust) { - if (X509_TRUST_get_by_id(trust) == -1) { + if (X509_TRUST_get_by_id(trust) < 0) { ERR_raise(ERR_LIB_X509, X509_R_INVALID_TRUST); return 0; } @@ -134,7 +134,7 @@ /* Get existing entry if any */ idx = X509_TRUST_get_by_id(id); /* Need a new entry */ - if (idx == -1) { + if (idx < 0) { if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); return 0; @@ -162,7 +162,7 @@ trtmp->arg2 = arg2; /* If its a new entry manage the dynamic table */ - if (idx == -1) { + if (idx < 0) { if (trtable == NULL && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); @@ -175,7 +175,7 @@ } return 1; err: - if (idx == -1) { + if (idx < 0) { OPENSSL_free(trtmp->name); OPENSSL_free(trtmp); } diff -Nru openssl-3.0.1/crypto/x509/x509_vfy.c openssl-3.0.2/crypto/x509/x509_vfy.c --- openssl-3.0.1/crypto/x509/x509_vfy.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/crypto/x509/x509_vfy.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2230,6 +2230,12 @@ /* If purpose not set use default */ if (purpose == 0) purpose = def_purpose; + /* + * If purpose is set but we don't have a default then set the default to + * the current purpose + */ + else if (def_purpose == 0) + def_purpose = purpose; /* If we have a purpose then check it is valid */ if (purpose != 0) { X509_PURPOSE *ptmp; @@ -2242,11 +2248,6 @@ ptmp = X509_PURPOSE_get0(idx); if (ptmp->trust == X509_TRUST_DEFAULT) { idx = X509_PURPOSE_get_by_id(def_purpose); - /* - * XXX: In the two callers above def_purpose is always 0, which is - * not a known value, so idx will always be -1. How is the - * X509_TRUST_DEFAULT case actually supposed to be handled? - */ if (idx == -1) { ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_PURPOSE_ID); return 0; diff -Nru openssl-3.0.1/debian/changelog openssl-3.0.2/debian/changelog --- openssl-3.0.1/debian/changelog 2021-12-16 08:10:48.000000000 +0000 +++ openssl-3.0.2/debian/changelog 2022-03-16 08:35:51.000000000 +0000 @@ -1,3 +1,11 @@ +openssl (3.0.2-0ubuntu1) jammy; urgency=medium + + * New upstream bugfix release (LP: #1965141) + * d/p/skip_tls1.1_seclevel3_tests.patch: new Ubuntu-specific patch for the + testsuite + + -- Simon Chopin Wed, 16 Mar 2022 09:35:51 +0100 + openssl (3.0.1-0ubuntu1) jammy; urgency=medium * New upstream release (LP: #1955026). diff -Nru openssl-3.0.1/debian/patches/series openssl-3.0.2/debian/patches/series --- openssl-3.0.1/debian/patches/series 2021-12-16 08:10:48.000000000 +0000 +++ openssl-3.0.2/debian/patches/series 2022-03-16 08:35:51.000000000 +0000 @@ -10,3 +10,4 @@ # Ubuntu patches tests-use-seclevel-1.patch tls1.2-min-seclevel2.patch +skip_tls1.1_seclevel3_tests.patch diff -Nru openssl-3.0.1/debian/patches/skip_tls1.1_seclevel3_tests.patch openssl-3.0.2/debian/patches/skip_tls1.1_seclevel3_tests.patch --- openssl-3.0.1/debian/patches/skip_tls1.1_seclevel3_tests.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/debian/patches/skip_tls1.1_seclevel3_tests.patch 2022-03-16 08:35:51.000000000 +0000 @@ -0,0 +1,51 @@ +Description: Skip TLS 1.1 tests on seclevel 3 + In the Ubuntu package, we changed the semantics of seclevel 2 (and above) to + also disable TLS <= 1.2. This makes those tests fail. +Author: Simon Chopin +Forwarded: not-needed +Last-Update: 2022-03-21 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/test/recipes/80-test_ssl_old.t ++++ b/test/recipes/80-test_ssl_old.t +@@ -583,32 +583,32 @@ + if $no_tls1_1; + + SKIP: { +- skip "skipping auto DHE PSK test at SECLEVEL 3", 1 +- if ($no_dh || $no_psk); ++ skip "skipping auto DHE PSK test at SECLEVEL 3", 1; ++ # if ($no_dh || $no_psk); + + ok(run(test(['ssl_old_test', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), + 'test auto DHE PSK meets security strength'); + } + + SKIP: { +- skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1 +- if ($no_ec || $no_psk); ++ skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1; ++ # if ($no_ec || $no_psk); + + ok(run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), + 'test auto ECDHE PSK meets security strength'); + } + + SKIP: { +- skip "skipping no RSA PSK at SECLEVEL 3 test", 1 +- if ($no_rsa || $no_psk); ++ skip "skipping no RSA PSK at SECLEVEL 3 test", 1; ++ # if ($no_rsa || $no_psk); + + ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), + 'test auto RSA PSK does not meet security level 3 requirements (PFS)'); + } + + SKIP: { +- skip "skipping no PSK at SECLEVEL 3 test", 1 +- if ($no_psk); ++ skip "skipping no PSK at SECLEVEL 3 test", 1; ++ # if ($no_psk); + + ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), + 'test auto PSK does not meet security level 3 requirements (PFS)'); diff -Nru openssl-3.0.1/demos/cipher/ariacbc.c openssl-3.0.2/demos/cipher/ariacbc.c --- openssl-3.0.1/demos/cipher/ariacbc.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/cipher/ariacbc.c 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,178 @@ +/* + * Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Simple ARIA CBC encryption demonstration program. + */ + +#include +#include +#include +#include +#include +#include + +/* ARIA key */ +static const unsigned char cbc_key[] = { + 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, + 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, + 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f +}; + +/* Unique initialisation vector */ +static const unsigned char cbc_iv[] = { + 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84, + 0x99, 0xaa, 0x3e, 0x68, +}; + +/* Example plaintext to encrypt */ +static const unsigned char cbc_pt[] = { + 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea, + 0xcc, 0x2b, 0xf2, 0xa5 +}; + +/* Expected ciphertext value */ +static const unsigned char cbc_ct[] = { + 0x9a, 0x44, 0xe6, 0x85, 0x94, 0x26, 0xff, 0x30, 0x03, 0xd3, 0x7e, 0xc6, + 0xb5, 0x4a, 0x09, 0x66, 0x39, 0x28, 0xf3, 0x67, 0x14, 0xbc, 0xe8, 0xe2, + 0xcf, 0x31, 0xb8, 0x60, 0x42, 0x72, 0x6d, 0xc8 +}; + +/* + * A library context and property query can be used to select & filter + * algorithm implementations. If they are NULL then the default library + * context and properties are used. + */ +OSSL_LIB_CTX *libctx = NULL; +const char *propq = NULL; + +int aria_cbc_encrypt(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen, tmplen; + size_t cbc_ivlen = sizeof(cbc_iv); + unsigned char outbuf[1024]; + unsigned char outtag[16]; + + printf("ARIA CBC Encrypt:\n"); + printf("Plaintext:\n"); + BIO_dump_fp(stdout, cbc_pt, sizeof(cbc_pt)); + + /* Create a context for the encrypt operation */ + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + + /* Fetch the cipher implementation */ + if ((cipher = EVP_CIPHER_fetch(libctx, "ARIA-256-CBC", propq)) == NULL) + goto err; + + /* + * Initialise an encrypt operation with the cipher/mode, key and IV. + * We are not setting any custom params so let params be just NULL. + */ + if (!EVP_EncryptInit_ex2(ctx, cipher, cbc_key, cbc_iv, /* params */ NULL)) + goto err; + + /* Encrypt plaintext */ + if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, cbc_pt, sizeof(cbc_pt))) + goto err; + + /* Finalise: there can be some additional output from padding */ + if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) + goto err; + outlen += tmplen; + + /* Output encrypted block */ + printf("Ciphertext (outlen:%d):\n", outlen); + BIO_dump_fp(stdout, outbuf, outlen); + + if (sizeof(cbc_ct) == outlen && !CRYPTO_memcmp(outbuf, cbc_ct, outlen)) + printf("Final ciphertext matches expected ciphertext\n"); + else + printf("Final ciphertext differs from expected ciphertext\n"); + + ret = 1; +err: + if (!ret) + ERR_print_errors_fp(stderr); + + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +int aria_cbc_decrypt(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen, tmplen, rv; + size_t cbc_ivlen = sizeof(cbc_iv); + unsigned char outbuf[1024]; + + printf("ARIA CBC Decrypt:\n"); + printf("Ciphertext:\n"); + BIO_dump_fp(stdout, cbc_ct, sizeof(cbc_ct)); + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + + /* Fetch the cipher implementation */ + if ((cipher = EVP_CIPHER_fetch(libctx, "ARIA-256-CBC", propq)) == NULL) + goto err; + + /* + * Initialise an encrypt operation with the cipher/mode, key and IV. + * We are not setting any custom params so let params be just NULL. + */ + if (!EVP_DecryptInit_ex2(ctx, cipher, cbc_key, cbc_iv, /* params */ NULL)) + goto err; + + /* Decrypt plaintext */ + if (!EVP_DecryptUpdate(ctx, outbuf, &outlen, cbc_ct, sizeof(cbc_ct))) + goto err; + + /* Finalise: there can be some additional output from padding */ + if (!EVP_DecryptFinal_ex(ctx, outbuf + outlen, &tmplen)) + goto err; + outlen += tmplen; + + /* Output decrypted block */ + printf("Plaintext (outlen:%d):\n", outlen); + BIO_dump_fp(stdout, outbuf, outlen); + + if (sizeof(cbc_pt) == outlen && !CRYPTO_memcmp(outbuf, cbc_pt, outlen)) + printf("Final plaintext matches original plaintext\n"); + else + printf("Final plaintext differs from original plaintext\n"); + + ret = 1; +err: + if (!ret) + ERR_print_errors_fp(stderr); + + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +int main(int argc, char **argv) +{ + if (!aria_cbc_encrypt()) + return 1; + + if (!aria_cbc_decrypt()) + return 1; + + return 0; +} diff -Nru openssl-3.0.1/demos/cipher/Makefile openssl-3.0.2/demos/cipher/Makefile --- openssl-3.0.1/demos/cipher/Makefile 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/demos/cipher/Makefile 2022-03-15 14:30:24.000000000 +0000 @@ -11,13 +11,14 @@ CFLAGS = $(OPENSSL_INCS_LOCATION) LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto -all: aesccm aesgcm +all: aesccm aesgcm ariacbc aesccm: aesccm.o aesgcm: aesgcm.o +ariacbc: ariacbc.o -aesccm aesgcm: +aesccm aesgcm ariacbc: $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) clean: - $(RM) aesccm aesgcm *.o + $(RM) aesccm aesgcm ariacbc *.o diff -Nru openssl-3.0.1/demos/cms/cms_ver.c openssl-3.0.2/demos/cms/cms_ver.c --- openssl-3.0.1/demos/cms/cms_ver.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/demos/cms/cms_ver.c 2022-03-15 14:30:24.000000000 +0000 @@ -27,16 +27,18 @@ /* Set up trusted CA certificate store */ st = X509_STORE_new(); + if (st == NULL) + goto err; /* Read in CA certificate */ tbio = BIO_new_file("cacert.pem", "r"); - if (!tbio) + if (tbio == NULL) goto err; cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - if (!cacert) + if (cacert == NULL) goto err; if (!X509_STORE_add_cert(st, cacert)) @@ -46,18 +48,18 @@ in = BIO_new_file("smout.txt", "r"); - if (!in) + if (in == NULL) goto err; /* parse message */ cms = SMIME_read_CMS(in, &cont); - if (!cms) + if (cms == NULL) goto err; /* File to output verified content to */ out = BIO_new_file("smver.txt", "w"); - if (!out) + if (out == NULL) goto err; if (!CMS_verify(cms, NULL, st, cont, out, 0)) { @@ -76,6 +78,7 @@ ERR_print_errors_fp(stderr); } + X509_STORE_free(st); CMS_ContentInfo_free(cms); X509_free(cacert); BIO_free(in); diff -Nru openssl-3.0.1/demos/digest/EVP_MD_xof.c openssl-3.0.2/demos/digest/EVP_MD_xof.c --- openssl-3.0.1/demos/digest/EVP_MD_xof.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/digest/EVP_MD_xof.c 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,132 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include + +/* + * Example of using an extendable-output hash function (XOF). A XOF is a hash + * function with configurable output length and which can generate an + * arbitrarily large output. + * + * This example uses SHAKE256, an extendable output variant of SHA3 (Keccak). + * + * To generate different output lengths, you can pass a single integer argument + * on the command line, which is the output size in bytes. By default, a 20-byte + * output is generated and (for this length only) a known answer test is + * performed. + */ + +/* Our input to the XOF hash function. */ +const char message[] = "This is a test message."; + +/* Expected output when an output length of 20 bytes is used. */ +static const char known_answer[] = { + 0x52, 0x97, 0x93, 0x78, 0x27, 0x58, 0x7d, 0x62, + 0x8b, 0x00, 0x25, 0xb5, 0xec, 0x39, 0x5e, 0x2d, + 0x7f, 0x3e, 0xd4, 0x19 +}; + +/* + * A property query used for selecting the SHAKE256 implementation. + */ +static const char *propq = NULL; + +int main(int argc, char **argv) +{ + int rv = 1; + OSSL_LIB_CTX *libctx = NULL; + EVP_MD *md = NULL; + EVP_MD_CTX *ctx = NULL; + unsigned int digest_len = 20; + int digest_len_i; + unsigned char *digest = NULL; + + /* Allow digest length to be changed for demonstration purposes. */ + if (argc > 1) { + digest_len_i = atoi(argv[1]); + if (digest_len_i <= 0) { + fprintf(stderr, "Specify a non-negative digest length\n"); + goto end; + } + + digest_len = (unsigned int)digest_len_i; + } + + /* + * Retrieve desired algorithm. This must be a hash algorithm which supports + * XOF. + */ + md = EVP_MD_fetch(libctx, "SHAKE256", propq); + if (md == NULL) { + fprintf(stderr, "Failed to retrieve SHAKE256 algorithm\n"); + goto end; + } + + /* Create context. */ + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + fprintf(stderr, "Failed to create digest context\n"); + goto end; + } + + /* Initialize digest context. */ + if (EVP_DigestInit(ctx, md) == 0) { + fprintf(stderr, "Failed to initialize digest\n"); + goto end; + } + + /* + * Feed our message into the digest function. + * This may be called multiple times. + */ + if (EVP_DigestUpdate(ctx, message, sizeof(message)) == 0) { + fprintf(stderr, "Failed to hash input message\n"); + goto end; + } + + /* Allocate enough memory for our digest length. */ + digest = OPENSSL_malloc(digest_len); + if (digest == NULL) { + fprintf(stderr, "Failed to allocate memory for digest\n"); + goto end; + } + + /* Get computed digest. The digest will be of whatever length we specify. */ + if (EVP_DigestFinalXOF(ctx, digest, digest_len) == 0) { + fprintf(stderr, "Failed to finalize hash\n"); + goto end; + } + + printf("Output digest:\n"); + BIO_dump_indent_fp(stdout, digest, digest_len, 2); + + /* If digest length is 20 bytes, check it matches our known answer. */ + if (digest_len == 20) { + /* + * Always use a constant-time function such as CRYPTO_memcmp + * when comparing cryptographic values. Do not use memcmp(3). + */ + if (CRYPTO_memcmp(digest, known_answer, sizeof(known_answer)) != 0) { + fprintf(stderr, "Output does not match expected result\n"); + goto end; + } + } + + rv = 0; +end: + OPENSSL_free(digest); + EVP_MD_CTX_free(ctx); + EVP_MD_free(md); + OSSL_LIB_CTX_free(libctx); + return rv; +} diff -Nru openssl-3.0.1/demos/digest/Makefile openssl-3.0.2/demos/digest/Makefile --- openssl-3.0.1/demos/digest/Makefile 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/demos/digest/Makefile 2022-03-15 14:30:24.000000000 +0000 @@ -3,20 +3,21 @@ # # LD_LIBRARY_PATH=../.. ./EVP_MD_demo -CFLAGS = -I../../include -g +CFLAGS = -I../../include -g -Wall LDFLAGS = -L../.. LDLIBS = -lcrypto -all: EVP_MD_demo EVP_MD_stdin BIO_f_md +all: EVP_MD_demo EVP_MD_stdin EVP_MD_xof BIO_f_md %.o: %.c $(CC) $(CFLAGS) -c $< EVP_MD_demo: EVP_MD_demo.o EVP_MD_stdin: EVP_MD_stdin.o +EVP_MD_xof: EVP_MD_xof.o BIO_f_md: BIO_f_md.o test: ; clean: - $(RM) *.o EVP_MD_demo EVP_MD_stdin BIO_f_md + $(RM) *.o EVP_MD_demo EVP_MD_stdin EVP_MD_xof BIO_f_md diff -Nru openssl-3.0.1/demos/keyexch/x25519.c openssl-3.0.2/demos/keyexch/x25519.c --- openssl-3.0.1/demos/keyexch/x25519.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/keyexch/x25519.c 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,278 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include + +/* + * This is a demonstration of key exchange using X25519. + * + * The variables beginning `peer1_` / `peer2_` are data which would normally be + * accessible to that peer. + * + * Ordinarily you would use random keys, which are demonstrated + * below when use_kat=0. A known answer test is demonstrated + * when use_kat=1. + */ + +/* A property query used for selecting the X25519 implementation. */ +static const char *propq = NULL; + +static const unsigned char peer1_privk_data[32] = { + 0x80, 0x5b, 0x30, 0x20, 0x25, 0x4a, 0x70, 0x2c, + 0xad, 0xa9, 0x8d, 0x7d, 0x47, 0xf8, 0x1b, 0x20, + 0x89, 0xd2, 0xf9, 0x14, 0xac, 0x92, 0x27, 0xf2, + 0x10, 0x7e, 0xdb, 0x21, 0xbd, 0x73, 0x73, 0x5d +}; + +static const unsigned char peer2_privk_data[32] = { + 0xf8, 0x84, 0x19, 0x69, 0x79, 0x13, 0x0d, 0xbd, + 0xb1, 0x76, 0xd7, 0x0e, 0x7e, 0x0f, 0xb6, 0xf4, + 0x8c, 0x4a, 0x8c, 0x5f, 0xd8, 0x15, 0x09, 0x0a, + 0x71, 0x78, 0x74, 0x92, 0x0f, 0x85, 0xc8, 0x43 +}; + +static const unsigned char expected_result[32] = { + 0x19, 0x71, 0x26, 0x12, 0x74, 0xb5, 0xb1, 0xce, + 0x77, 0xd0, 0x79, 0x24, 0xb6, 0x0a, 0x5c, 0x72, + 0x0c, 0xa6, 0x56, 0xc0, 0x11, 0xeb, 0x43, 0x11, + 0x94, 0x3b, 0x01, 0x45, 0xca, 0x19, 0xfe, 0x09 +}; + +typedef struct peer_data_st { + const char *name; /* name of peer */ + EVP_PKEY *privk; /* privk generated for peer */ + unsigned char pubk_data[32]; /* generated pubk to send to other peer */ + + unsigned char *secret; /* allocated shared secret buffer */ + size_t secret_len; +} PEER_DATA; + +/* + * Prepare for X25519 key exchange. The public key to be sent to the remote peer + * is put in pubk_data, which should be a 32-byte buffer. Returns 1 on success. + */ +static int keyexch_x25519_before( + OSSL_LIB_CTX *libctx, + const unsigned char *kat_privk_data, + PEER_DATA *local_peer) +{ + int rv = 0; + size_t pubk_data_len = 0; + + /* Generate or load X25519 key for the peer */ + if (kat_privk_data != NULL) + local_peer->privk = + EVP_PKEY_new_raw_private_key_ex(libctx, "X25519", propq, + kat_privk_data, + sizeof(peer1_privk_data)); + else + local_peer->privk = EVP_PKEY_Q_keygen(libctx, propq, "X25519"); + + if (local_peer->privk == NULL) { + fprintf(stderr, "Could not load or generate private key\n"); + goto end; + } + + /* Get public key corresponding to the private key */ + if (EVP_PKEY_get_octet_string_param(local_peer->privk, + OSSL_PKEY_PARAM_PUB_KEY, + local_peer->pubk_data, + sizeof(local_peer->pubk_data), + &pubk_data_len) == 0) { + fprintf(stderr, "EVP_PKEY_get_octet_string_param() failed\n"); + goto end; + } + + /* X25519 public keys are always 32 bytes */ + if (pubk_data_len != 32) { + fprintf(stderr, "EVP_PKEY_get_octet_string_param() " + "yielded wrong length\n"); + goto end; + } + + rv = 1; +end: + if (rv == 0) { + EVP_PKEY_free(local_peer->privk); + local_peer->privk = NULL; + } + + return rv; +} + +/* + * Complete X25519 key exchange. remote_peer_pubk_data should be the 32 byte + * public key value received from the remote peer. On success, returns 1 and the + * secret is pointed to by *secret. The caller must free it. + */ +static int keyexch_x25519_after( + OSSL_LIB_CTX *libctx, + int use_kat, + PEER_DATA *local_peer, + const unsigned char *remote_peer_pubk_data) +{ + int rv = 0; + EVP_PKEY *remote_peer_pubk = NULL; + EVP_PKEY_CTX *ctx = NULL; + + local_peer->secret = NULL; + + /* Load public key for remote peer. */ + remote_peer_pubk = + EVP_PKEY_new_raw_public_key_ex(libctx, "X25519", propq, + remote_peer_pubk_data, 32); + if (remote_peer_pubk == NULL) { + fprintf(stderr, "EVP_PKEY_new_raw_public_key_ex() failed\n"); + goto end; + } + + /* Create key exchange context. */ + ctx = EVP_PKEY_CTX_new_from_pkey(libctx, local_peer->privk, propq); + if (ctx == NULL) { + fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed\n"); + goto end; + } + + /* Initialize derivation process. */ + if (EVP_PKEY_derive_init(ctx) == 0) { + fprintf(stderr, "EVP_PKEY_derive_init() failed\n"); + goto end; + } + + /* Configure each peer with the other peer's public key. */ + if (EVP_PKEY_derive_set_peer(ctx, remote_peer_pubk) == 0) { + fprintf(stderr, "EVP_PKEY_derive_set_peer() failed\n"); + goto end; + } + + /* Determine the secret length. */ + if (EVP_PKEY_derive(ctx, NULL, &local_peer->secret_len) == 0) { + fprintf(stderr, "EVP_PKEY_derive() failed\n"); + goto end; + } + + /* + * We are using X25519, so the secret generated will always be 32 bytes. + * However for exposition, the code below demonstrates a generic + * implementation for arbitrary lengths. + */ + if (local_peer->secret_len != 32) { /* unreachable */ + fprintf(stderr, "Secret is always 32 bytes for X25519\n"); + goto end; + } + + /* Allocate memory for shared secrets. */ + local_peer->secret = OPENSSL_malloc(local_peer->secret_len); + if (local_peer->secret == NULL) { + fprintf(stderr, "Could not allocate memory for secret\n"); + goto end; + } + + /* Derive the shared secret. */ + if (EVP_PKEY_derive(ctx, local_peer->secret, + &local_peer->secret_len) == 0) { + fprintf(stderr, "EVP_PKEY_derive() failed\n"); + goto end; + } + + printf("Shared secret (%s):\n", local_peer->name); + BIO_dump_indent_fp(stdout, local_peer->secret, local_peer->secret_len, 2); + putchar('\n'); + + rv = 1; +end: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(remote_peer_pubk); + if (rv == 0) { + OPENSSL_clear_free(local_peer->secret, local_peer->secret_len); + local_peer->secret = NULL; + } + + return rv; +} + +static int keyexch_x25519(int use_kat) +{ + int rv = 0; + OSSL_LIB_CTX *libctx = NULL; + PEER_DATA peer1 = {"peer 1"}, peer2 = {"peer 2"}; + + /* + * Each peer generates its private key and sends its public key + * to the other peer. The private key is stored locally for + * later use. + */ + if (keyexch_x25519_before(libctx, use_kat ? peer1_privk_data : NULL, + &peer1) == 0) + return 0; + + if (keyexch_x25519_before(libctx, use_kat ? peer2_privk_data : NULL, + &peer2) == 0) + return 0; + + /* + * Each peer uses the other peer's public key to perform key exchange. + * After this succeeds, each peer has the same secret in its + * PEER_DATA. + */ + if (keyexch_x25519_after(libctx, use_kat, &peer1, peer2.pubk_data) == 0) + return 0; + + if (keyexch_x25519_after(libctx, use_kat, &peer2, peer1.pubk_data) == 0) + return 0; + + /* + * Here we demonstrate the secrets are equal for exposition purposes. + * + * Although in practice you will generally not need to compare secrets + * produced through key exchange, if you do compare cryptographic secrets, + * always do so using a constant-time function such as CRYPTO_memcmp, never + * using memcmp(3). + */ + if (CRYPTO_memcmp(peer1.secret, peer2.secret, peer1.secret_len) != 0) { + fprintf(stderr, "Negotiated secrets do not match\n"); + goto end; + } + + /* If we are doing the KAT, the secret should equal our reference result. */ + if (use_kat && CRYPTO_memcmp(peer1.secret, expected_result, + peer1.secret_len) != 0) { + fprintf(stderr, "Did not get expected result\n"); + goto end; + } + + rv = 1; +end: + /* The secrets are sensitive, so ensure they are erased before freeing. */ + OPENSSL_clear_free(peer1.secret, peer1.secret_len); + OPENSSL_clear_free(peer2.secret, peer2.secret_len); + + EVP_PKEY_free(peer1.privk); + EVP_PKEY_free(peer2.privk); + OSSL_LIB_CTX_free(libctx); + return rv; +} + +int main(int argc, char **argv) +{ + /* Test X25519 key exchange with known result. */ + printf("Key exchange using known answer (deterministic):\n"); + if (keyexch_x25519(1) == 0) + return 1; + + /* Test X25519 key exchange with random keys. */ + printf("Key exchange using random keys:\n"); + if (keyexch_x25519(0) == 0) + return 1; + + return 0; +} diff -Nru openssl-3.0.1/demos/mac/Makefile openssl-3.0.2/demos/mac/Makefile --- openssl-3.0.1/demos/mac/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/mac/Makefile 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,23 @@ +# Quick instruction: +# To build against an OpenSSL built in the source tree, do this: +# +# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../.. +# +# To run the demos when linked with a shared library (default): +# +# LD_LIBRARY_PATH=../.. ./gmac +# LD_LIBRARY_PATH=../.. ./poly1305 + +CFLAGS = $(OPENSSL_INCS_LOCATION) -Wall +LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto + +all: gmac poly1305 + +gmac: gmac.o +poly1305: poly1305.o + +gmac poly1305: + $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) + +clean: + $(RM) gmac poly1305 *.o diff -Nru openssl-3.0.1/demos/mac/poly1305.c openssl-3.0.2/demos/mac/poly1305.c --- openssl-3.0.1/demos/mac/poly1305.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/mac/poly1305.c 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,209 @@ +/* + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include + +/* + * This is a demonstration of how to compute Poly1305-AES using the OpenSSL + * Poly1305 and AES providers and the EVP API. + * + * Please note that: + * + * - Poly1305 must never be used alone and must be used in conjunction with + * another primitive which processes the input nonce to be secure; + * + * - you must never pass a nonce to the Poly1305 primitive directly; + * + * - Poly1305 exhibits catastrophic failure (that is, can be broken) if a + * nonce is ever reused for a given key. + * + * If you are looking for a general purpose MAC, you should consider using a + * different MAC and looking at one of the other examples, unless you have a + * good familiarity with the details and caveats of Poly1305. + * + * This example uses AES, as described in the original paper, "The Poly1305-AES + * message authentication code": + * https://cr.yp.to/mac/poly1305-20050329.pdf + * + * The test vectors below are from that paper. + */ + +/* + * Hard coding the key into an application is very bad. + * It is done here solely for educational purposes. + * These are the "r" and "k" inputs to Poly1305-AES. + */ +static const unsigned char test_r[] = { + 0x85, 0x1f, 0xc4, 0x0c, 0x34, 0x67, 0xac, 0x0b, + 0xe0, 0x5c, 0xc2, 0x04, 0x04, 0xf3, 0xf7, 0x00 +}; + +static const unsigned char test_k[] = { + 0xec, 0x07, 0x4c, 0x83, 0x55, 0x80, 0x74, 0x17, + 0x01, 0x42, 0x5b, 0x62, 0x32, 0x35, 0xad, 0xd6 +}; + +/* + * Hard coding a nonce must not be done under any circumstances and is done here + * purely for demonstration purposes. Please note that Poly1305 exhibits + * catastrophic failure (that is, can be broken) if a nonce is ever reused for a + * given key. + */ +static const unsigned char test_n[] = { + 0xfb, 0x44, 0x73, 0x50, 0xc4, 0xe8, 0x68, 0xc5, + 0x2a, 0xc3, 0x27, 0x5c, 0xf9, 0xd4, 0x32, 0x7e +}; + +/* Input message. */ +static const unsigned char test_m[] = { + 0xf3, 0xf6 +}; + +static const unsigned char expected_output[] = { + 0xf4, 0xc6, 0x33, 0xc3, 0x04, 0x4f, 0xc1, 0x45, + 0xf8, 0x4f, 0x33, 0x5c, 0xb8, 0x19, 0x53, 0xde +}; + +/* + * A property query used for selecting the POLY1305 implementation. + */ +static char *propq = NULL; + +int main(int argc, char **argv) +{ + int rv = EXIT_FAILURE; + EVP_CIPHER *aes = NULL; + EVP_CIPHER_CTX *aesctx = NULL; + EVP_MAC *mac = NULL; + EVP_MAC_CTX *mctx = NULL; + unsigned char composite_key[32]; + unsigned char out[16]; + OSSL_LIB_CTX *library_context = NULL; + size_t out_len = 0; + int aes_len = 0; + + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto end; + } + + /* Fetch the Poly1305 implementation */ + mac = EVP_MAC_fetch(library_context, "POLY1305", propq); + if (mac == NULL) { + fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); + goto end; + } + + /* Create a context for the Poly1305 operation */ + mctx = EVP_MAC_CTX_new(mac); + if (mctx == NULL) { + fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); + goto end; + } + + /* Fetch the AES implementation */ + aes = EVP_CIPHER_fetch(library_context, "AES-128-ECB", propq); + if (aes == NULL) { + fprintf(stderr, "EVP_CIPHER_fetch() returned NULL\n"); + goto end; + } + + /* Create a context for AES */ + aesctx = EVP_CIPHER_CTX_new(); + if (aesctx == NULL) { + fprintf(stderr, "EVP_CIPHER_CTX_new() returned NULL\n"); + goto end; + } + + /* Initialize the AES cipher with the 128-bit key k */ + if (!EVP_EncryptInit_ex(aesctx, aes, NULL, test_k, NULL)) { + fprintf(stderr, "EVP_EncryptInit_ex() failed\n"); + goto end; + } + + /* + * Disable padding for the AES cipher. We do not strictly need to do this as + * we are encrypting a single block and thus there are no alignment or + * padding concerns, but this ensures that the operation below fails if + * padding would be required for some reason, which in this circumstance + * would indicate an implementation bug. + */ + if (!EVP_CIPHER_CTX_set_padding(aesctx, 0)) { + fprintf(stderr, "EVP_CIPHER_CTX_set_padding() failed\n"); + goto end; + } + + /* + * Computes the value AES_k(n) which we need for our Poly1305-AES + * computation below. + */ + if (!EVP_EncryptUpdate(aesctx, composite_key + 16, &aes_len, + test_n, sizeof(test_n))) { + fprintf(stderr, "EVP_EncryptUpdate() failed\n"); + goto end; + } + + /* + * The Poly1305 provider expects the key r to be passed as the first 16 + * bytes of the "key" and the processed nonce (that is, AES_k(n)) to be + * passed as the second 16 bytes of the "key". We already put the processed + * nonce in the correct place above, so copy r into place. + */ + memcpy(composite_key, test_r, 16); + + /* Initialise the Poly1305 operation */ + if (!EVP_MAC_init(mctx, composite_key, sizeof(composite_key), NULL)) { + fprintf(stderr, "EVP_MAC_init() failed\n"); + goto end; + } + + /* Make one or more calls to process the data to be authenticated */ + if (!EVP_MAC_update(mctx, test_m, sizeof(test_m))) { + fprintf(stderr, "EVP_MAC_update() failed\n"); + goto end; + } + + /* Make one call to the final to get the MAC */ + if (!EVP_MAC_final(mctx, out, &out_len, sizeof(out))) { + fprintf(stderr, "EVP_MAC_final() failed\n"); + goto end; + } + + printf("Generated MAC:\n"); + BIO_dump_indent_fp(stdout, out, out_len, 2); + putchar('\n'); + + if (out_len != sizeof(expected_output)) { + fprintf(stderr, "Generated MAC has an unexpected length\n"); + goto end; + } + + if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { + fprintf(stderr, "Generated MAC does not match expected value\n"); + goto end; + } + + rv = EXIT_SUCCESS; +end: + EVP_CIPHER_CTX_free(aesctx); + EVP_CIPHER_free(aes); + EVP_MAC_CTX_free(mctx); + EVP_MAC_free(mac); + OSSL_LIB_CTX_free(library_context); + if (rv != EXIT_SUCCESS) + ERR_print_errors_fp(stderr); + return rv; +} diff -Nru openssl-3.0.1/demos/mac/siphash.c openssl-3.0.2/demos/mac/siphash.c --- openssl-3.0.1/demos/mac/siphash.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/mac/siphash.c 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,129 @@ +/* + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include + +/* + * Taken from the test vector from the paper "SipHash: a fast short-input PRF". + * https://www.aumasson.jp/siphash/siphash.pdf + */ + +/* + * Hard coding the key into an application is very bad. + * It is done here solely for educational purposes. + */ +static unsigned char key[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +}; + +static unsigned char data[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e +}; + +static const unsigned char expected_output[] = { + 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1 +}; + +/* + * A property query used for selecting the SIPHASH implementation. + */ +static char *propq = NULL; + +int main(int argc, char **argv) +{ + int rv = EXIT_FAILURE; + EVP_MAC *mac = NULL; + EVP_MAC_CTX *mctx = NULL; + unsigned char out[8]; + OSSL_PARAM params[4], *p = params; + OSSL_LIB_CTX *library_context = NULL; + unsigned int digest_len = 8, c_rounds = 2, d_rounds = 4; + size_t out_len = 0; + + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto end; + } + + /* Fetch the SipHash implementation */ + mac = EVP_MAC_fetch(library_context, "SIPHASH", propq); + if (mac == NULL) { + fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); + goto end; + } + + /* Create a context for the SipHash operation */ + mctx = EVP_MAC_CTX_new(mac); + if (mctx == NULL) { + fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); + goto end; + } + + /* SipHash can support either 8 or 16-byte digests. */ + *p++ = OSSL_PARAM_construct_uint(OSSL_MAC_PARAM_SIZE, &digest_len); + + /* + * The number of C-rounds and D-rounds is configurable. Standard SipHash + * uses values of 2 and 4 respectively. The following lines are unnecessary + * as they set the default, but demonstrate how to change these values. + */ + *p++ = OSSL_PARAM_construct_uint(OSSL_MAC_PARAM_C_ROUNDS, &c_rounds); + *p++ = OSSL_PARAM_construct_uint(OSSL_MAC_PARAM_D_ROUNDS, &d_rounds); + + *p = OSSL_PARAM_construct_end(); + + /* Initialise the SIPHASH operation */ + if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { + fprintf(stderr, "EVP_MAC_init() failed\n"); + goto end; + } + + /* Make one or more calls to process the data to be authenticated */ + if (!EVP_MAC_update(mctx, data, sizeof(data))) { + fprintf(stderr, "EVP_MAC_update() failed\n"); + goto end; + } + + /* Make one call to the final to get the MAC */ + if (!EVP_MAC_final(mctx, out, &out_len, sizeof(out))) { + fprintf(stderr, "EVP_MAC_final() failed\n"); + goto end; + } + + printf("Generated MAC:\n"); + BIO_dump_indent_fp(stdout, out, out_len, 2); + putchar('\n'); + + if (out_len != sizeof(expected_output)) { + fprintf(stderr, "Generated MAC has an unexpected length\n"); + goto end; + } + + if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { + fprintf(stderr, "Generated MAC does not match expected value\n"); + goto end; + } + + rv = EXIT_SUCCESS; +end: + EVP_MAC_CTX_free(mctx); + EVP_MAC_free(mac); + OSSL_LIB_CTX_free(library_context); + if (rv != EXIT_SUCCESS) + ERR_print_errors_fp(stderr); + return rv; +} diff -Nru openssl-3.0.1/demos/pkey/EVP_PKEY_EC_keygen.c openssl-3.0.2/demos/pkey/EVP_PKEY_EC_keygen.c --- openssl-3.0.1/demos/pkey/EVP_PKEY_EC_keygen.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/demos/pkey/EVP_PKEY_EC_keygen.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /*- - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,7 +89,7 @@ unsigned char out_pubkey[80]; unsigned char out_privkey[80]; BIGNUM *out_priv = NULL; - size_t i, out_pubkey_len, out_privkey_len = 0; + size_t out_pubkey_len, out_privkey_len = 0; if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, out_curvename, sizeof(out_curvename), diff -Nru openssl-3.0.1/demos/pkey/EVP_PKEY_RSA_keygen.c openssl-3.0.2/demos/pkey/EVP_PKEY_RSA_keygen.c --- openssl-3.0.1/demos/pkey/EVP_PKEY_RSA_keygen.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/pkey/EVP_PKEY_RSA_keygen.c 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,289 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Example showing how to generate an RSA key pair. + * + * When generating an RSA key, you must specify the number of bits in the key. A + * reasonable value would be 4096. Avoid using values below 2048. These values + * are reasonable as of 2022. + */ + +#include +#include +#include +#include +#include +#include +#include + +/* A property query used for selecting algorithm implementations. */ +static const char *propq = NULL; + +/* + * Generates an RSA public-private key pair and returns it. + * The number of bits is specified by the bits argument. + * + * This uses the long way of generating an RSA key. + */ +static EVP_PKEY *generate_rsa_key_long(OSSL_LIB_CTX *libctx, unsigned int bits) +{ + EVP_PKEY_CTX *genctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned int primes = 2; + + /* Create context using RSA algorithm. "RSA-PSS" could also be used here. */ + genctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", propq); + if (genctx == NULL) { + fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n"); + goto cleanup; + } + + /* Initialize context for key generation purposes. */ + if (EVP_PKEY_keygen_init(genctx) <= 0) { + fprintf(stderr, "EVP_PKEY_keygen_init() failed\n"); + goto cleanup; + } + + /* + * Here we set the number of bits to use in the RSA key. + * See comment at top of file for information on appropriate values. + */ + if (EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, bits) <= 0) { + fprintf(stderr, "EVP_PKEY_CTX_set_rsa_keygen_bits() failed\n"); + goto cleanup; + } + + /* + * It is possible to create an RSA key using more than two primes. + * Do not do this unless you know why you need this. + * You ordinarily do not need to specify this, as the default is two. + * + * Both of these parameters can also be set via EVP_PKEY_CTX_set_params, but + * these functions provide a more concise way to do so. + */ + if (EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) <= 0) { + fprintf(stderr, "EVP_PKEY_CTX_set_rsa_keygen_primes() failed\n"); + goto cleanup; + } + + /* + * Generating an RSA key with a number of bits large enough to be secure for + * modern applications can take a fairly substantial amount of time (e.g. + * one second). If you require fast key generation, consider using an EC key + * instead. + * + * If you require progress information during the key generation process, + * you can set a progress callback using EVP_PKEY_set_cb; see the example in + * EVP_PKEY_generate(3). + */ + fprintf(stderr, "Generating RSA key, this may take some time...\n"); + if (EVP_PKEY_generate(genctx, &pkey) <= 0) { + fprintf(stderr, "EVP_PKEY_generate() failed\n"); + goto cleanup; + } + + /* pkey is now set to an object representing the generated key pair. */ + +cleanup: + EVP_PKEY_CTX_free(genctx); + return pkey; +} + +/* + * Generates an RSA public-private key pair and returns it. + * The number of bits is specified by the bits argument. + * + * This uses a more concise way of generating an RSA key, which is suitable for + * simple cases. It is used if -s is passed on the command line, otherwise the + * long method above is used. The ability to choose between these two methods is + * shown here only for demonstration; the results are equivalent. + */ +static EVP_PKEY *generate_rsa_key_short(OSSL_LIB_CTX *libctx, unsigned int bits) +{ + EVP_PKEY *pkey = NULL; + + fprintf(stderr, "Generating RSA key, this may take some time...\n"); + pkey = EVP_PKEY_Q_keygen(libctx, propq, "RSA", (size_t)bits); + + if (pkey == NULL) + fprintf(stderr, "EVP_PKEY_Q_keygen() failed\n"); + + return pkey; +} + +/* + * Prints information on an EVP_PKEY object representing an RSA key pair. + */ +static int dump_key(const EVP_PKEY *pkey) +{ + int rv = 0; + int bits = 0; + BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL; + + /* + * Retrieve value of n. This value is not secret and forms part of the + * public key. + * + * Calling EVP_PKEY_get_bn_param with a NULL BIGNUM pointer causes + * a new BIGNUM to be allocated, so these must be freed subsequently. + */ + if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n) == 0) { + fprintf(stderr, "Failed to retrieve n\n"); + goto cleanup; + } + + /* + * Retrieve value of e. This value is not secret and forms part of the + * public key. It is typically 65537 and need not be changed. + */ + if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e) == 0) { + fprintf(stderr, "Failed to retrieve e\n"); + goto cleanup; + } + + /* + * Retrieve value of d. This value is secret and forms part of the private + * key. It must not be published. + */ + if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &d) == 0) { + fprintf(stderr, "Failed to retrieve d\n"); + goto cleanup; + } + + /* + * Retrieve value of the first prime factor, commonly known as p. This value + * is secret and forms part of the private key. It must not be published. + */ + if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &p) == 0) { + fprintf(stderr, "Failed to retrieve p\n"); + goto cleanup; + } + + /* + * Retrieve value of the second prime factor, commonly known as q. This value + * is secret and forms part of the private key. It must not be published. + * + * If you are creating an RSA key with more than two primes for special + * applications, you can retrieve these primes with + * OSSL_PKEY_PARAM_RSA_FACTOR3, etc. + */ + if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &q) == 0) { + fprintf(stderr, "Failed to retrieve q\n"); + goto cleanup; + } + + /* + * We can also retrieve the key size in bits for informational purposes. + */ + if (EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_BITS, &bits) == 0) { + fprintf(stderr, "Failed to retrieve bits\n"); + goto cleanup; + } + + /* Output hexadecimal representations of the BIGNUM objects. */ + fprintf(stdout, "\nNumber of bits: %d\n\n", bits); + fprintf(stderr, "Public values:\n"); + fprintf(stdout, " n = 0x"); + BN_print_fp(stdout, n); + fprintf(stdout, "\n"); + + fprintf(stdout, " e = 0x"); + BN_print_fp(stdout, e); + fprintf(stdout, "\n\n"); + + fprintf(stdout, "Private values:\n"); + fprintf(stdout, " d = 0x"); + BN_print_fp(stdout, d); + fprintf(stdout, "\n"); + + fprintf(stdout, " p = 0x"); + BN_print_fp(stdout, p); + fprintf(stdout, "\n"); + + fprintf(stdout, " q = 0x"); + BN_print_fp(stdout, q); + fprintf(stdout, "\n\n"); + + /* Output a PEM encoding of the public key. */ + if (PEM_write_PUBKEY(stdout, pkey) == 0) { + fprintf(stderr, "Failed to output PEM-encoded public key\n"); + goto cleanup; + } + + /* + * Output a PEM encoding of the private key. Please note that this output is + * not encrypted. You may wish to use the arguments to specify encryption of + * the key if you are storing it on disk. See PEM_write_PrivateKey(3). + */ + if (PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL) == 0) { + fprintf(stderr, "Failed to output PEM-encoded private key\n"); + goto cleanup; + } + + rv = 1; +cleanup: + BN_free(n); /* not secret */ + BN_free(e); /* not secret */ + BN_clear_free(d); /* secret - scrub before freeing */ + BN_clear_free(p); /* secret - scrub before freeing */ + BN_clear_free(q); /* secret - scrub before freeing */ + return rv; +} + +int main(int argc, char **argv) +{ + int rv = 1; + OSSL_LIB_CTX *libctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned int bits = 4096; + int bits_i, use_short = 0; + + /* usage: [-s] [] */ + if (argc > 1 && strcmp(argv[1], "-s") == 0) { + --argc; + ++argv; + use_short = 1; + } + + if (argc > 1) { + bits_i = atoi(argv[1]); + if (bits < 512) { + fprintf(stderr, "Invalid RSA key size\n"); + return 1; + } + + bits = (unsigned int)bits_i; + } + + /* Avoid using key sizes less than 2048 bits; see comment at top of file. */ + if (bits < 2048) + fprintf(stderr, "Warning: very weak key size\n\n"); + + /* Generate RSA key. */ + if (use_short) + pkey = generate_rsa_key_short(libctx, bits); + else + pkey = generate_rsa_key_long(libctx, bits); + + if (pkey == NULL) + goto cleanup; + + /* Dump the integers comprising the key. */ + if (dump_key(pkey) == 0) { + fprintf(stderr, "Failed to dump key\n"); + goto cleanup; + } + + rv = 0; +cleanup: + EVP_PKEY_free(pkey); + OSSL_LIB_CTX_free(libctx); + return rv; +} diff -Nru openssl-3.0.1/demos/pkey/Makefile openssl-3.0.2/demos/pkey/Makefile --- openssl-3.0.1/demos/pkey/Makefile 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/demos/pkey/Makefile 2022-03-15 14:30:24.000000000 +0000 @@ -2,19 +2,22 @@ # To run the demos when linked with a shared library (default): # # LD_LIBRARY_PATH=../.. ./EVP_PKEY_EC_keygen +# LD_LIBRARY_PATH=../.. ./EVP_PKEY_RSA_keygen -CFLAGS = -I../../include -g +CFLAGS = -I../../include -g -Wall LDFLAGS = -L../.. LDLIBS = -lcrypto -all: EVP_PKEY_EC_keygen +all: EVP_PKEY_EC_keygen EVP_PKEY_RSA_keygen %.o: %.c $(CC) $(CFLAGS) -c $< EVP_PKEY_EC_keygen: EVP_PKEY_EC_keygen.o +EVP_PKEY_RSA_keygen: EVP_PKEY_RSA_keygen.o + test: ; clean: - $(RM) *.o EVP_PKEY_EC_keygen + $(RM) *.o EVP_PKEY_EC_keygen EVP_PKEY_RSA_keygen diff -Nru openssl-3.0.1/demos/README.txt openssl-3.0.2/demos/README.txt --- openssl-3.0.1/demos/README.txt 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/demos/README.txt 2022-03-15 14:30:24.000000000 +0000 @@ -10,12 +10,14 @@ cipher: aesgcm.c Demonstration of symmetric cipher GCM mode encrypt/decrypt aesccm.c Demonstration of symmetric cipher CCM mode encrypt/decrypt +ariacbc.c Demonstration of symmetric cipher CBC mode encrypt/decrypt cms: digest: EVP_MD_demo.c Compute a digest from multiple buffers EVP_MD_stdin.c Compute a digest with data read from stdin +EVP_MD_xof.c Compute a digest using the SHAKE256 XOF EVP_f_md.c Compute a digest using BIO and EVP_f_md kdf: @@ -25,9 +27,12 @@ mac: gmac.c Demonstration of GMAC message authentication +poly1305.c Demonstration of Poly1305-AES message authentication +siphash.c Demonstration of SIPHASH message authentication pkey: EVP_PKEY_EC_keygen.c Generate an EC key. +EVP_PKEY_RSA_keygen.c Generate an RSA key. smime: @@ -37,3 +42,5 @@ signature: EVP_Signature_demo.c Compute and verify a signature from multiple buffers +rsa_pss_direct.c Compute and verify an RSA-PSS signature from a hash +rsa_pss_hash.c Compute and verify an RSA-PSS signature over a buffer diff -Nru openssl-3.0.1/demos/signature/Makefile openssl-3.0.2/demos/signature/Makefile --- openssl-3.0.1/demos/signature/Makefile 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/demos/signature/Makefile 2022-03-15 14:30:24.000000000 +0000 @@ -3,18 +3,20 @@ # # LD_LIBRARY_PATH=../.. ./EVP_Signature_demo -CFLAGS = -I../../include -g +CFLAGS = -I../../include -g -Wall LDFLAGS = -L../.. LDLIBS = -lcrypto -all: EVP_Signature_demo +all: EVP_Signature_demo rsa_pss_direct rsa_pss_hash %.o: %.c $(CC) $(CFLAGS) -c $< EVP_Signature_demo: EVP_Signature_demo.o +rsa_pss_direct: rsa_pss_direct.o +rsa_pss_hash: rsa_pss_hash.o test: ; clean: - $(RM) *.o EVP_Signature_demo + $(RM) *.o EVP_Signature_demo rsa_pss_direct rsa_pss_hash diff -Nru openssl-3.0.1/demos/signature/rsa_pss_direct.c openssl-3.0.2/demos/signature/rsa_pss_direct.c --- openssl-3.0.1/demos/signature/rsa_pss_direct.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/signature/rsa_pss_direct.c 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,204 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "rsa_pss.h" + +/* + * The digest to be signed. This should be the output of a hash function. + * Here we sign an all-zeroes digest for demonstration purposes. + */ +static const unsigned char test_digest[32] = {0}; + +/* A property query used for selecting algorithm implementations. */ +static const char *propq = NULL; + +/* + * This function demonstrates RSA signing of a SHA-256 digest using the PSS + * padding scheme. You must already have hashed the data you want to sign. + * For a higher-level demonstration which does the hashing for you, see + * rsa_pss_hash.c. + * + * For more information, see RFC 8017 section 9.1. The digest passed in + * (test_digest above) corresponds to the 'mHash' value. + */ +static int sign(OSSL_LIB_CTX *libctx, unsigned char **sig, size_t *sig_len) +{ + int rv = 0; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_MD *md = NULL; + const unsigned char *ppriv_key = NULL; + + *sig = NULL; + + /* Load DER-encoded RSA private key. */ + ppriv_key = rsa_priv_key; + pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key, + sizeof(rsa_priv_key), libctx, propq); + if (pkey == NULL) { + fprintf(stderr, "Failed to load private key\n"); + goto end; + } + + /* Fetch hash algorithm we want to use. */ + md = EVP_MD_fetch(libctx, "SHA256", propq); + if (md == NULL) { + fprintf(stderr, "Failed to fetch hash algorithm\n"); + goto end; + } + + /* Create signing context. */ + ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); + if (ctx == NULL) { + fprintf(stderr, "Failed to create signing context\n"); + goto end; + } + + /* Initialize context for signing and set options. */ + if (EVP_PKEY_sign_init(ctx) == 0) { + fprintf(stderr, "Failed to initialize signing context\n"); + goto end; + } + + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) { + fprintf(stderr, "Failed to configure padding\n"); + goto end; + } + + if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) { + fprintf(stderr, "Failed to configure digest type\n"); + goto end; + } + + /* Determine length of signature. */ + if (EVP_PKEY_sign(ctx, NULL, sig_len, + test_digest, sizeof(test_digest)) == 0) { + fprintf(stderr, "Failed to get signature length\n"); + goto end; + } + + /* Allocate memory for signature. */ + *sig = OPENSSL_malloc(*sig_len); + if (*sig == NULL) { + fprintf(stderr, "Failed to allocate memory for signature\n"); + goto end; + } + + /* Generate signature. */ + if (EVP_PKEY_sign(ctx, *sig, sig_len, + test_digest, sizeof(test_digest)) != 1) { + fprintf(stderr, "Failed to sign\n"); + goto end; + } + + rv = 1; +end: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + EVP_MD_free(md); + + if (rv == 0) + OPENSSL_free(*sig); + + return rv; +} + +/* + * This function demonstrates verification of an RSA signature over a SHA-256 + * digest using the PSS signature scheme. + */ +static int verify(OSSL_LIB_CTX *libctx, const unsigned char *sig, size_t sig_len) +{ + int rv = 0; + const unsigned char *ppub_key = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_MD *md = NULL; + + /* Load DER-encoded RSA public key. */ + ppub_key = rsa_pub_key; + pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ppub_key, sizeof(rsa_pub_key)); + if (pkey == NULL) { + fprintf(stderr, "Failed to load public key\n"); + goto end; + } + + /* Fetch hash algorithm we want to use. */ + md = EVP_MD_fetch(libctx, "SHA256", propq); + if (md == NULL) { + fprintf(stderr, "Failed to fetch hash algorithm\n"); + goto end; + } + + /* Create verification context. */ + ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); + if (ctx == NULL) { + fprintf(stderr, "Failed to create verification context\n"); + goto end; + } + + /* Initialize context for verification and set options. */ + if (EVP_PKEY_verify_init(ctx) == 0) { + fprintf(stderr, "Failed to initialize verification context\n"); + goto end; + } + + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) { + fprintf(stderr, "Failed to configure padding\n"); + goto end; + } + + if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) { + fprintf(stderr, "Failed to configure digest type\n"); + goto end; + } + + /* Verify signature. */ + if (EVP_PKEY_verify(ctx, sig, sig_len, + test_digest, sizeof(test_digest)) == 0) { + fprintf(stderr, "Failed to verify signature; " + "signature may be invalid\n"); + goto end; + } + + rv = 1; +end: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + EVP_MD_free(md); + return rv; +} + +int main(int argc, char **argv) +{ + int rv = 1; + OSSL_LIB_CTX *libctx = NULL; + unsigned char *sig = NULL; + size_t sig_len = 0; + + if (sign(libctx, &sig, &sig_len) == 0) + goto end; + + if (verify(libctx, sig, sig_len) == 0) + goto end; + + rv = 0; +end: + OPENSSL_free(sig); + OSSL_LIB_CTX_free(libctx); + return rv; +} diff -Nru openssl-3.0.1/demos/signature/rsa_pss.h openssl-3.0.2/demos/signature/rsa_pss.h --- openssl-3.0.1/demos/signature/rsa_pss.h 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/signature/rsa_pss.h 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,256 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* 4096-bit RSA private key, DER. */ +static const unsigned char rsa_priv_key[] = { + 0x30, 0x82, 0x09, 0x28, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, + 0xa3, 0x14, 0xe4, 0xb8, 0xd8, 0x58, 0x0d, 0xab, 0xd7, 0x87, 0xa4, 0xf6, + 0x84, 0x51, 0x74, 0x60, 0x4c, 0xe3, 0x60, 0x28, 0x89, 0x49, 0x65, 0x18, + 0x5c, 0x8f, 0x1a, 0x1b, 0xe9, 0xdb, 0xc1, 0xc1, 0xf7, 0x08, 0x27, 0x44, + 0xe5, 0x9d, 0x9a, 0x33, 0xc3, 0xac, 0x5a, 0xca, 0xba, 0x20, 0x5a, 0x9e, + 0x3a, 0x18, 0xb5, 0x3d, 0xe3, 0x9d, 0x94, 0x58, 0xa7, 0xa9, 0x5a, 0x0b, + 0x4f, 0xb8, 0xe5, 0xa3, 0x7b, 0x01, 0x11, 0x0f, 0x16, 0x11, 0xb8, 0x65, + 0x2f, 0xa8, 0x95, 0xf7, 0x58, 0x2c, 0xec, 0x1d, 0x41, 0xad, 0xd1, 0x12, + 0xca, 0x4a, 0x80, 0x35, 0x35, 0x43, 0x7e, 0xe0, 0x97, 0xfc, 0x86, 0x8f, + 0xcf, 0x4b, 0xdc, 0xbc, 0x15, 0x2c, 0x8e, 0x90, 0x84, 0x26, 0x83, 0xc1, + 0x96, 0x97, 0xf4, 0xd7, 0x90, 0xce, 0xfe, 0xd4, 0xf3, 0x70, 0x22, 0xa8, + 0xb0, 0x1f, 0xed, 0x08, 0xd7, 0xc5, 0xc0, 0xd6, 0x41, 0x6b, 0x24, 0x68, + 0x5c, 0x07, 0x1f, 0x44, 0x97, 0xd8, 0x6e, 0x18, 0x93, 0x67, 0xc3, 0xba, + 0x3a, 0xaf, 0xfd, 0xc2, 0x65, 0x00, 0x21, 0x63, 0xdf, 0xb7, 0x28, 0x68, + 0xd6, 0xc0, 0x20, 0x86, 0x92, 0xed, 0x68, 0x6a, 0x27, 0x3a, 0x07, 0xec, + 0x66, 0x00, 0xfe, 0x51, 0x51, 0x86, 0x41, 0x6f, 0x83, 0x69, 0xd2, 0xf0, + 0xe6, 0xf7, 0x61, 0xda, 0x12, 0x45, 0x53, 0x09, 0xdf, 0xf8, 0x42, 0xc7, + 0x30, 0x6a, 0xe5, 0xd8, 0x2b, 0xa2, 0x49, 0x7a, 0x05, 0x10, 0xee, 0xb2, + 0x59, 0x0a, 0xe5, 0xbe, 0xf8, 0x4d, 0x0f, 0xa8, 0x9e, 0x63, 0x81, 0x39, + 0x32, 0xaa, 0xfd, 0xa8, 0x03, 0xf6, 0xd8, 0xc6, 0xaa, 0x02, 0x93, 0x03, + 0xeb, 0x15, 0xd3, 0x38, 0xc8, 0x1a, 0x78, 0xcf, 0xf3, 0xa7, 0x9f, 0x98, + 0x4b, 0x91, 0x5b, 0x79, 0xf8, 0x4e, 0x53, 0xaf, 0x0c, 0x65, 0xe9, 0xb0, + 0x93, 0xc2, 0xcb, 0x5d, 0x3c, 0x5f, 0x6e, 0x39, 0xd2, 0x58, 0x23, 0x50, + 0xe5, 0x2e, 0xef, 0x12, 0x00, 0xa4, 0x59, 0x13, 0x2b, 0x2f, 0x2c, 0x0a, + 0x7b, 0x36, 0x89, 0xc5, 0xe5, 0x8f, 0x95, 0x5e, 0x14, 0x0f, 0x0f, 0x94, + 0x5a, 0xe9, 0xdc, 0x0b, 0x49, 0x14, 0xbe, 0x0a, 0x70, 0x45, 0xc1, 0x7c, + 0xbf, 0x83, 0x70, 0xfd, 0x3d, 0x99, 0xe6, 0x8a, 0xf5, 0x9c, 0x09, 0x71, + 0x84, 0x9a, 0x18, 0xa0, 0xe0, 0x6c, 0x43, 0x5c, 0x7e, 0x48, 0x33, 0xc8, + 0xbe, 0x5d, 0xdd, 0xd8, 0x77, 0xe3, 0xe7, 0x6b, 0x34, 0x4b, 0xa2, 0xb7, + 0x54, 0x07, 0x72, 0x2e, 0xab, 0xa9, 0x91, 0x1e, 0x4b, 0xe3, 0xb5, 0xd8, + 0xfa, 0x35, 0x64, 0x8a, 0xe9, 0x03, 0xa1, 0xa8, 0x26, 0xbd, 0x72, 0x58, + 0x10, 0x6a, 0xec, 0x1a, 0xf6, 0x1e, 0xb8, 0xc0, 0x46, 0x19, 0x31, 0x2c, + 0xca, 0xf9, 0x6a, 0xd7, 0x2e, 0xd0, 0xa7, 0x2c, 0x60, 0x58, 0xc4, 0x8f, + 0x46, 0x63, 0x61, 0x8d, 0x29, 0x6f, 0xe2, 0x5f, 0xe2, 0x43, 0x90, 0x9c, + 0xe6, 0xfc, 0x08, 0x41, 0xc8, 0xb5, 0x23, 0x56, 0x24, 0x3e, 0x3a, 0x2c, + 0x41, 0x22, 0x43, 0xda, 0x22, 0x15, 0x2b, 0xad, 0xd0, 0xfa, 0xc8, 0x47, + 0x44, 0xe6, 0x2a, 0xf9, 0x38, 0x90, 0x13, 0x62, 0x22, 0xea, 0x06, 0x8c, + 0x44, 0x9c, 0xd6, 0xca, 0x50, 0x93, 0xe9, 0xd4, 0x03, 0xd8, 0x3e, 0x71, + 0x36, 0x4b, 0xaa, 0xab, 0xbb, 0xe2, 0x48, 0x66, 0x26, 0x53, 0xb1, 0x6d, + 0x3b, 0x82, 0x2c, 0x8c, 0x25, 0x05, 0xf0, 0xf8, 0xcf, 0x55, 0xbf, 0x8e, + 0x29, 0xf7, 0x54, 0x5b, 0x6f, 0x30, 0x54, 0xa6, 0xad, 0x46, 0xff, 0x22, + 0x95, 0xb1, 0x87, 0x98, 0x00, 0x51, 0x69, 0x15, 0x07, 0xbd, 0x3d, 0x9c, + 0x6e, 0xaa, 0xaa, 0x3b, 0x0b, 0x74, 0x65, 0x4c, 0x04, 0xe0, 0x80, 0x3e, + 0xaf, 0x5e, 0x10, 0xd6, 0x9b, 0x28, 0x37, 0x6f, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x02, 0x00, 0x09, 0x6e, 0xf8, 0xf8, 0x14, 0x53, 0xab, + 0x9e, 0xc8, 0x1d, 0xe9, 0x95, 0xf4, 0xfb, 0x7d, 0x3e, 0xe0, 0xd3, 0xba, + 0x49, 0x3d, 0xff, 0xc7, 0xe0, 0x4b, 0xe2, 0x5f, 0x41, 0x44, 0x1a, 0xd9, + 0x2f, 0x6e, 0x29, 0xc3, 0x93, 0xc1, 0xb0, 0x87, 0x2d, 0xfd, 0x60, 0xa7, + 0xf3, 0xd8, 0x26, 0x6c, 0xf7, 0x80, 0x26, 0xd3, 0xbd, 0x1b, 0xc0, 0x8e, + 0xc7, 0x3e, 0x13, 0x96, 0xc8, 0xd6, 0xb8, 0xbc, 0x57, 0xe3, 0x92, 0xa1, + 0x38, 0xfd, 0x2e, 0xd3, 0x3a, 0xcf, 0x31, 0xf2, 0x52, 0xd7, 0x7f, 0xe9, + 0xbc, 0x9b, 0x83, 0x01, 0x78, 0x13, 0xc9, 0x91, 0x77, 0x02, 0x78, 0xc0, + 0x0b, 0x1f, 0xdf, 0x94, 0xad, 0x16, 0xf1, 0xad, 0x78, 0x17, 0xc5, 0x77, + 0x0d, 0xb7, 0x07, 0x3f, 0x51, 0xe0, 0x73, 0x33, 0xcf, 0x90, 0x69, 0xd8, + 0xe5, 0xda, 0x9b, 0x1e, 0xf6, 0x21, 0x12, 0x07, 0xb5, 0x1e, 0x3e, 0x2b, + 0x34, 0x79, 0x9e, 0x48, 0x01, 0xdd, 0x68, 0xf0, 0x0f, 0x18, 0xb5, 0x85, + 0x50, 0xd8, 0x9e, 0x04, 0xfd, 0x6d, 0xcd, 0xa6, 0x61, 0x2b, 0x54, 0x81, + 0x99, 0xf4, 0x63, 0xf4, 0xeb, 0x73, 0x98, 0xb3, 0x88, 0xf5, 0x50, 0xd4, + 0x5c, 0x67, 0x9e, 0x7c, 0xbc, 0xd8, 0xfd, 0xaf, 0xb8, 0x66, 0x7d, 0xdc, + 0xa5, 0x25, 0xb5, 0xe6, 0x64, 0xd7, 0x07, 0x72, 0x5a, 0x99, 0xf9, 0xf6, + 0x9e, 0xb8, 0x9c, 0xf4, 0xc7, 0xee, 0xee, 0x10, 0x13, 0x9c, 0x1a, 0x8c, + 0x23, 0x89, 0xcd, 0x7b, 0xf1, 0x47, 0x23, 0x51, 0x3c, 0xe5, 0xc2, 0x17, + 0x68, 0xca, 0x98, 0xb8, 0xed, 0xe5, 0x17, 0x6d, 0x0a, 0xde, 0x07, 0xd6, + 0x6c, 0x4f, 0x83, 0x4c, 0x9b, 0xca, 0x6a, 0x7d, 0xc8, 0x68, 0x12, 0xd7, + 0xf0, 0x37, 0x88, 0xf7, 0xbb, 0x68, 0x8b, 0xa4, 0xfd, 0xfe, 0x36, 0x11, + 0xb3, 0x2b, 0x85, 0x6d, 0xaa, 0x30, 0x31, 0xf1, 0x6f, 0x80, 0x72, 0x42, + 0x23, 0xfe, 0x93, 0x88, 0xcc, 0x1e, 0x4b, 0x53, 0x4f, 0x8e, 0x24, 0x67, + 0x4a, 0x72, 0xb6, 0x3c, 0x13, 0x00, 0x11, 0x4f, 0xe1, 0x30, 0xd6, 0xe7, + 0x45, 0x8f, 0xaf, 0xdd, 0xe5, 0xaa, 0xb7, 0x02, 0x17, 0x04, 0xf8, 0xd2, + 0xc1, 0x7b, 0x6c, 0x92, 0xec, 0x76, 0x94, 0x1b, 0xb0, 0xe4, 0xc3, 0x0c, + 0x9e, 0xee, 0xb5, 0xdc, 0x97, 0xca, 0x10, 0x1d, 0x17, 0x96, 0x45, 0xd4, + 0x04, 0x0c, 0xea, 0xca, 0x45, 0xfc, 0x52, 0x54, 0x82, 0x9b, 0xdf, 0x64, + 0xd6, 0x59, 0x6c, 0x12, 0x70, 0xf0, 0x19, 0xd8, 0x46, 0xbb, 0x08, 0x43, + 0x81, 0xa1, 0x73, 0xa8, 0x00, 0xc9, 0x4e, 0xb9, 0xd5, 0xfd, 0x42, 0x5f, + 0xcf, 0x94, 0x14, 0x18, 0xab, 0x9d, 0x11, 0xd0, 0xbd, 0x44, 0x88, 0x2c, + 0xd8, 0x29, 0xec, 0x94, 0x70, 0xf9, 0x42, 0x14, 0xf4, 0xb0, 0x3f, 0xfe, + 0x27, 0x16, 0x43, 0x59, 0x90, 0x14, 0x48, 0x61, 0x8c, 0x91, 0xd9, 0x37, + 0x41, 0xef, 0xf1, 0xe9, 0x15, 0x4a, 0x4f, 0x5e, 0x1f, 0x50, 0x25, 0x20, + 0x2d, 0xa6, 0xf8, 0x79, 0x0d, 0x92, 0xb0, 0x00, 0x0b, 0xa2, 0xfb, 0xc3, + 0x7b, 0x0f, 0xa6, 0xff, 0x75, 0x5d, 0x70, 0xaa, 0xcf, 0x0a, 0xdf, 0xe1, + 0xfc, 0x32, 0x53, 0x1e, 0xf6, 0xe6, 0x69, 0x9f, 0x09, 0xd0, 0xc8, 0xab, + 0xaf, 0xec, 0xb0, 0x04, 0xfa, 0x83, 0xe2, 0x29, 0x23, 0x54, 0x37, 0x87, + 0x63, 0x47, 0x75, 0x9b, 0xdb, 0x1f, 0x4f, 0x1b, 0x6b, 0xa6, 0xe2, 0x67, + 0x1c, 0xb4, 0x74, 0x9e, 0x48, 0x77, 0x61, 0xc2, 0x9a, 0x3e, 0x6b, 0x89, + 0xa9, 0x68, 0x74, 0x27, 0x01, 0x29, 0xd6, 0x46, 0xe8, 0x0f, 0xd0, 0x33, + 0x22, 0x00, 0x45, 0x6c, 0xde, 0x32, 0x28, 0x42, 0x57, 0xaf, 0x70, 0x28, + 0xa0, 0xd5, 0x99, 0xbb, 0x1f, 0xd7, 0x3c, 0x84, 0x20, 0x70, 0x1f, 0xe3, + 0xa9, 0x02, 0x82, 0x01, 0x01, 0x00, 0xe6, 0x68, 0xfe, 0x5f, 0x75, 0x71, + 0x2a, 0xd8, 0xcf, 0x0d, 0x1d, 0xf4, 0xa1, 0x06, 0x8b, 0xa5, 0x70, 0x6f, + 0x29, 0x03, 0xf3, 0x50, 0xd3, 0x83, 0x39, 0xf9, 0xf6, 0xe5, 0x79, 0x7a, + 0x29, 0x75, 0xde, 0xda, 0x6a, 0x98, 0x7c, 0x33, 0xf8, 0x64, 0xca, 0x86, + 0x5a, 0xda, 0x55, 0x5b, 0x4d, 0x7b, 0x1a, 0xe5, 0x5d, 0x19, 0x7d, 0xf3, + 0x57, 0x49, 0x3d, 0x7a, 0xe8, 0x3f, 0x5a, 0x40, 0x8c, 0x15, 0xc7, 0xb0, + 0x53, 0xf8, 0x63, 0x42, 0x17, 0x7c, 0x20, 0xb9, 0xfc, 0xff, 0x27, 0xd0, + 0xc2, 0x0c, 0x45, 0x52, 0x1b, 0x75, 0x1f, 0x89, 0x87, 0xc4, 0xa8, 0x07, + 0x3b, 0x73, 0x16, 0xc7, 0xd7, 0x77, 0x2e, 0x47, 0xa2, 0x7d, 0x12, 0xb4, + 0x25, 0x24, 0x5e, 0xa5, 0xb2, 0x12, 0x76, 0x65, 0xd1, 0xcd, 0xa4, 0x66, + 0x33, 0x2d, 0xed, 0xb2, 0x85, 0xb0, 0xb3, 0x33, 0x56, 0x18, 0x5a, 0xb3, + 0x75, 0x43, 0x4d, 0x40, 0x14, 0x22, 0x55, 0xf6, 0x5a, 0x0c, 0x6a, 0xb3, + 0xc3, 0x8a, 0x9b, 0x76, 0x1e, 0x23, 0x8d, 0x4a, 0x8f, 0x38, 0x21, 0x25, + 0x43, 0x45, 0xf6, 0x25, 0x46, 0xdb, 0xae, 0x42, 0x43, 0x74, 0x69, 0x15, + 0x46, 0xf0, 0x3a, 0x41, 0x4f, 0x9f, 0xfe, 0xda, 0x07, 0x0b, 0x38, 0xbe, + 0x6b, 0xad, 0xc2, 0xef, 0x5b, 0x97, 0x18, 0x42, 0x13, 0xac, 0x13, 0x15, + 0x70, 0x7b, 0xe2, 0x00, 0xbb, 0x41, 0x22, 0x99, 0xe5, 0xd3, 0x67, 0xfe, + 0xfd, 0xbd, 0x8e, 0xc3, 0xca, 0x60, 0x59, 0x3d, 0x8f, 0x85, 0x76, 0x41, + 0xf0, 0xb8, 0x09, 0x1a, 0x48, 0x50, 0xe4, 0x9c, 0x4a, 0x56, 0x02, 0x60, + 0x76, 0xff, 0xde, 0xd4, 0x8e, 0x76, 0xa3, 0x9c, 0x30, 0xb4, 0xa4, 0x73, + 0xe6, 0xb0, 0x70, 0xac, 0x67, 0x5f, 0x25, 0xd2, 0x94, 0xc5, 0x25, 0xb6, + 0xbf, 0xf6, 0x0b, 0xd8, 0x9f, 0x35, 0x8c, 0x20, 0xb6, 0xdd, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xb5, 0x31, 0x9e, 0xa2, 0x10, 0x38, 0xca, 0x2b, 0x07, + 0xc9, 0x3f, 0x0f, 0x18, 0x2c, 0x98, 0x7f, 0x15, 0x87, 0x92, 0x93, 0x2e, + 0xce, 0x6b, 0x11, 0x42, 0x2a, 0x94, 0x3e, 0x31, 0xd0, 0xf5, 0xae, 0x9d, + 0xc7, 0x67, 0x51, 0x3c, 0x0a, 0x52, 0x04, 0x94, 0x86, 0x2e, 0x50, 0x32, + 0xe1, 0x48, 0x83, 0x85, 0xe8, 0x82, 0x04, 0x2f, 0x25, 0xbc, 0xea, 0xfc, + 0x3d, 0x4b, 0xd1, 0x53, 0x90, 0x61, 0x97, 0x47, 0x73, 0xcd, 0x1f, 0xa9, + 0x5a, 0x3f, 0xfb, 0xbf, 0xc3, 0xd5, 0x19, 0xb6, 0xd3, 0x59, 0x57, 0x37, + 0xd9, 0x09, 0x29, 0xd3, 0x80, 0xc4, 0xae, 0x52, 0xce, 0xce, 0x82, 0x29, + 0x6b, 0x95, 0x44, 0x69, 0x33, 0xfd, 0x6a, 0x6d, 0x65, 0xf7, 0xa9, 0xc0, + 0x65, 0x25, 0x91, 0x05, 0xdf, 0x07, 0xbe, 0x61, 0x5c, 0xaa, 0x8f, 0x87, + 0xc8, 0x43, 0xd7, 0x30, 0xd0, 0x8b, 0x25, 0xaf, 0xb8, 0x5d, 0x50, 0x4e, + 0x31, 0x4a, 0xc9, 0x79, 0x56, 0xbf, 0x8d, 0xcc, 0x40, 0xa7, 0xea, 0xd4, + 0xf7, 0x66, 0x86, 0xe2, 0x0b, 0xf3, 0x13, 0xbc, 0xdc, 0x0d, 0x62, 0x28, + 0x4e, 0xb7, 0x31, 0xb4, 0x5a, 0x9b, 0x97, 0x65, 0x76, 0x24, 0xbb, 0xef, + 0x90, 0x1b, 0xdb, 0x93, 0x98, 0xae, 0xce, 0xb0, 0x69, 0x82, 0x49, 0x94, + 0xc0, 0xc3, 0x8f, 0x9c, 0x5d, 0x26, 0x45, 0xa0, 0xad, 0x15, 0x3b, 0x6e, + 0xda, 0x6e, 0x78, 0xc1, 0x78, 0xc3, 0x15, 0x8e, 0x64, 0xaf, 0x50, 0xa6, + 0xb7, 0xd9, 0xfb, 0x8f, 0x68, 0xa0, 0x2d, 0x59, 0xa9, 0xce, 0x5b, 0xa7, + 0x91, 0x36, 0xb8, 0x05, 0x28, 0x31, 0x25, 0xc7, 0x7e, 0xa4, 0x68, 0x9d, + 0xea, 0x5c, 0x71, 0x10, 0x84, 0xab, 0xc4, 0xd7, 0xbe, 0x7d, 0xe9, 0x4a, + 0x11, 0x22, 0xa6, 0xd5, 0xa3, 0x6e, 0x46, 0x07, 0x70, 0x78, 0xcc, 0xd5, + 0xbc, 0xfe, 0xc4, 0x39, 0x58, 0xf4, 0xbb, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xaa, 0x0c, 0x73, 0x30, 0x20, 0x8d, 0x15, 0x02, 0x4e, 0x4d, 0x6f, 0xfe, + 0x4b, 0x99, 0x79, 0x16, 0xf0, 0x94, 0x19, 0xc1, 0x40, 0xa2, 0x36, 0x78, + 0x73, 0x21, 0x78, 0x86, 0x83, 0xd1, 0x15, 0x28, 0x59, 0x00, 0xfa, 0x0a, + 0xf0, 0x1f, 0xab, 0x03, 0x38, 0x35, 0x50, 0x78, 0x32, 0xe6, 0xdf, 0x98, + 0x2b, 0x91, 0x7b, 0xd4, 0x84, 0x90, 0x43, 0xab, 0x5a, 0x24, 0x8b, 0xa3, + 0xb6, 0x08, 0x4d, 0x5b, 0x05, 0xb5, 0xad, 0x43, 0x74, 0x7e, 0x22, 0xb7, + 0x09, 0xb0, 0x3a, 0x78, 0x55, 0xfa, 0x4c, 0x3c, 0xa2, 0x2c, 0xa6, 0xf7, + 0x19, 0xff, 0x76, 0xa4, 0x3d, 0x1e, 0x99, 0x51, 0xa7, 0x4e, 0x76, 0x47, + 0x0f, 0x70, 0xef, 0x0b, 0x3f, 0xf2, 0x94, 0x36, 0xf3, 0x63, 0x76, 0xb9, + 0x09, 0x88, 0xbb, 0xfe, 0xf9, 0x86, 0x33, 0xdf, 0x81, 0xbe, 0x6f, 0xcc, + 0xa9, 0x75, 0x09, 0xe5, 0x8f, 0x8b, 0x42, 0xd0, 0x19, 0x03, 0x61, 0xd8, + 0xb5, 0x78, 0xcb, 0x9c, 0xbe, 0x63, 0x4d, 0xbd, 0xce, 0x5e, 0xae, 0x7f, + 0xae, 0x97, 0x88, 0x7b, 0xf4, 0x7a, 0x7b, 0xdb, 0xf6, 0x7e, 0x2c, 0x7d, + 0x95, 0x6e, 0x72, 0x3a, 0x48, 0x13, 0xdb, 0xf7, 0x10, 0x07, 0x83, 0xac, + 0xa1, 0x7a, 0x68, 0x18, 0x70, 0x18, 0x99, 0x7f, 0xf4, 0x8e, 0x93, 0x1a, + 0x40, 0x5d, 0x04, 0x07, 0xcb, 0x4d, 0xd7, 0x66, 0x96, 0xb5, 0xd3, 0x7d, + 0x8e, 0xfb, 0xe6, 0x12, 0xd0, 0x7d, 0xf0, 0xe7, 0x25, 0xa6, 0x7a, 0x86, + 0x01, 0x56, 0xdd, 0xc5, 0xb2, 0x31, 0x98, 0x67, 0x3a, 0xd0, 0x9a, 0xee, + 0x98, 0xca, 0x80, 0x52, 0x5a, 0x0e, 0xb7, 0xc4, 0xbf, 0xc0, 0x40, 0x24, + 0x6f, 0x3b, 0xa6, 0xf6, 0xab, 0x28, 0x9e, 0xe9, 0x39, 0x3f, 0x04, 0x4b, + 0xc4, 0xae, 0x55, 0xfd, 0xea, 0x87, 0xa5, 0xc5, 0x01, 0x99, 0x2e, 0x67, + 0x66, 0xb3, 0xfe, 0x41, 0x02, 0x82, 0x01, 0x00, 0x05, 0x26, 0x96, 0xf2, + 0xd6, 0x71, 0x36, 0xd6, 0x08, 0x4f, 0xa1, 0x3a, 0x45, 0x9e, 0xa6, 0xeb, + 0x1d, 0xea, 0x8f, 0xb1, 0x1d, 0x68, 0x82, 0xc4, 0xa7, 0xd3, 0xdc, 0x08, + 0xf4, 0x93, 0x93, 0x18, 0x56, 0xa5, 0xdf, 0x7b, 0x00, 0xb0, 0xee, 0x69, + 0xf0, 0xea, 0xeb, 0x90, 0x1e, 0x12, 0x27, 0x64, 0x8d, 0xbe, 0xf1, 0x4b, + 0x3b, 0x27, 0xe0, 0x79, 0xf1, 0x97, 0xb0, 0x7b, 0x0f, 0xdc, 0x0f, 0xda, + 0x24, 0x0e, 0xd7, 0xaa, 0xe9, 0xbe, 0x86, 0x09, 0x1b, 0x07, 0x6f, 0x1c, + 0x5f, 0x05, 0x1d, 0x0a, 0x0c, 0xad, 0x5f, 0xc4, 0x4f, 0x9d, 0xde, 0x79, + 0x72, 0x23, 0x2c, 0xdd, 0xa8, 0x5d, 0xc5, 0x8d, 0x7f, 0x4c, 0x1a, 0x0d, + 0x17, 0x75, 0x09, 0x98, 0x4a, 0xbe, 0xd5, 0x55, 0x8d, 0x0c, 0x2d, 0x05, + 0x2d, 0x71, 0x5b, 0xeb, 0xde, 0x99, 0x43, 0xcc, 0x6f, 0x37, 0xce, 0x6c, + 0xd0, 0xd4, 0xf5, 0xda, 0x1d, 0x8e, 0xeb, 0x28, 0x55, 0x09, 0xb1, 0x42, + 0x4f, 0xa7, 0x1a, 0xde, 0xe3, 0x14, 0xf1, 0x56, 0x2e, 0x40, 0xd6, 0xb5, + 0x1d, 0xee, 0x47, 0x77, 0x1d, 0xdc, 0x36, 0xfa, 0xf3, 0xbc, 0x8b, 0xa5, + 0xbf, 0x1d, 0x9f, 0xa7, 0xb4, 0x04, 0xad, 0xb6, 0x0d, 0x39, 0x0e, 0xe7, + 0x13, 0x3e, 0xbc, 0x94, 0x68, 0xe5, 0x1d, 0xea, 0x0c, 0x30, 0xdd, 0xb0, + 0xa7, 0x03, 0xa4, 0x91, 0xde, 0xf1, 0xd8, 0xa8, 0x18, 0x1f, 0xdd, 0xb3, + 0xd4, 0x2b, 0x6a, 0x8c, 0x69, 0x60, 0xda, 0x92, 0x7b, 0x1e, 0x27, 0x47, + 0x82, 0xbf, 0xff, 0xfc, 0xbd, 0x03, 0xb4, 0xc1, 0x80, 0x6c, 0x07, 0x11, + 0xa2, 0xdd, 0x27, 0xc1, 0x4d, 0x93, 0xe6, 0xf2, 0xd3, 0xdc, 0x61, 0xa1, + 0xa3, 0xdc, 0x67, 0x69, 0xe5, 0x50, 0x1d, 0x63, 0x0e, 0xb9, 0xa9, 0x9d, + 0xd6, 0x02, 0x4d, 0x7c, 0xcd, 0x2a, 0xa5, 0x37, 0x60, 0xc5, 0xf5, 0x97, + 0x02, 0x82, 0x01, 0x00, 0x14, 0x8b, 0x04, 0xdb, 0x4e, 0x41, 0x4a, 0xcd, + 0x86, 0x2e, 0x5f, 0x13, 0xb3, 0x48, 0x1e, 0x00, 0xdf, 0x8d, 0x0b, 0x35, + 0x51, 0x51, 0x1b, 0x16, 0x3d, 0x49, 0x4e, 0xe1, 0xee, 0x4d, 0xc7, 0x03, + 0xc0, 0xf6, 0x5c, 0x6c, 0x36, 0xe8, 0x22, 0xa5, 0x79, 0xb4, 0x4c, 0xce, + 0xa8, 0x45, 0x12, 0x2c, 0xf3, 0x6a, 0xcd, 0x33, 0xbd, 0xd0, 0x84, 0x4d, + 0xf7, 0x8f, 0xb5, 0x80, 0x1f, 0x18, 0x52, 0xad, 0xad, 0xce, 0xcd, 0x94, + 0xc9, 0xc6, 0xb4, 0xd2, 0x14, 0x29, 0xe4, 0xc7, 0x40, 0xf1, 0x0b, 0x85, + 0x43, 0xaf, 0x11, 0xd3, 0x46, 0x0a, 0xb1, 0x15, 0x87, 0x1f, 0x4e, 0x2e, + 0xc1, 0x11, 0xe9, 0x24, 0x70, 0x40, 0xba, 0x0b, 0x0e, 0x4a, 0xac, 0x45, + 0x21, 0xcc, 0x6d, 0xa4, 0x1d, 0x55, 0x33, 0x89, 0x4c, 0x65, 0x21, 0x23, + 0xab, 0x61, 0x31, 0xcb, 0x11, 0x65, 0xb3, 0x80, 0xa4, 0x5a, 0x2b, 0xf1, + 0x65, 0xdb, 0x4c, 0x58, 0x5a, 0xbe, 0xf3, 0x15, 0xcd, 0x94, 0xa1, 0xe4, + 0xcb, 0x30, 0xfa, 0xe1, 0x28, 0x51, 0x52, 0xd2, 0xb8, 0xb4, 0x8c, 0xfc, + 0x3a, 0xcc, 0xd1, 0x19, 0xa2, 0x27, 0x36, 0xfa, 0xc4, 0x23, 0x96, 0xb9, + 0xc7, 0x74, 0xca, 0xf1, 0x45, 0x1f, 0x4b, 0xc2, 0x77, 0x4d, 0x32, 0x3f, + 0xab, 0x7a, 0xd9, 0x2b, 0x22, 0x1d, 0xcb, 0x24, 0x58, 0x29, 0xa3, 0xb8, + 0x92, 0xdb, 0x1c, 0xda, 0x84, 0x01, 0xca, 0x6d, 0x4a, 0x50, 0xd4, 0x2b, + 0x79, 0xfa, 0xc5, 0x4c, 0x9d, 0x79, 0x49, 0xf1, 0xde, 0xbd, 0x3f, 0x50, + 0xa7, 0xa6, 0xc6, 0xc7, 0x99, 0x61, 0x9b, 0xda, 0x38, 0xdc, 0xbe, 0x85, + 0x75, 0x81, 0xb9, 0x0f, 0x33, 0xd0, 0xd4, 0xd0, 0xaa, 0xbd, 0x32, 0xc9, + 0x62, 0xe8, 0x21, 0x24, 0xeb, 0x03, 0x73, 0x46, 0xb3, 0x84, 0x65, 0xf2, + 0x40, 0x7d, 0x1b, 0x1b, 0x8f, 0x86, 0x7c, 0xe7 +}; + +/* The corresponding public key, DER. */ +static const unsigned char rsa_pub_key[] = { + 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xa3, 0x14, 0xe4, + 0xb8, 0xd8, 0x58, 0x0d, 0xab, 0xd7, 0x87, 0xa4, 0xf6, 0x84, 0x51, 0x74, + 0x60, 0x4c, 0xe3, 0x60, 0x28, 0x89, 0x49, 0x65, 0x18, 0x5c, 0x8f, 0x1a, + 0x1b, 0xe9, 0xdb, 0xc1, 0xc1, 0xf7, 0x08, 0x27, 0x44, 0xe5, 0x9d, 0x9a, + 0x33, 0xc3, 0xac, 0x5a, 0xca, 0xba, 0x20, 0x5a, 0x9e, 0x3a, 0x18, 0xb5, + 0x3d, 0xe3, 0x9d, 0x94, 0x58, 0xa7, 0xa9, 0x5a, 0x0b, 0x4f, 0xb8, 0xe5, + 0xa3, 0x7b, 0x01, 0x11, 0x0f, 0x16, 0x11, 0xb8, 0x65, 0x2f, 0xa8, 0x95, + 0xf7, 0x58, 0x2c, 0xec, 0x1d, 0x41, 0xad, 0xd1, 0x12, 0xca, 0x4a, 0x80, + 0x35, 0x35, 0x43, 0x7e, 0xe0, 0x97, 0xfc, 0x86, 0x8f, 0xcf, 0x4b, 0xdc, + 0xbc, 0x15, 0x2c, 0x8e, 0x90, 0x84, 0x26, 0x83, 0xc1, 0x96, 0x97, 0xf4, + 0xd7, 0x90, 0xce, 0xfe, 0xd4, 0xf3, 0x70, 0x22, 0xa8, 0xb0, 0x1f, 0xed, + 0x08, 0xd7, 0xc5, 0xc0, 0xd6, 0x41, 0x6b, 0x24, 0x68, 0x5c, 0x07, 0x1f, + 0x44, 0x97, 0xd8, 0x6e, 0x18, 0x93, 0x67, 0xc3, 0xba, 0x3a, 0xaf, 0xfd, + 0xc2, 0x65, 0x00, 0x21, 0x63, 0xdf, 0xb7, 0x28, 0x68, 0xd6, 0xc0, 0x20, + 0x86, 0x92, 0xed, 0x68, 0x6a, 0x27, 0x3a, 0x07, 0xec, 0x66, 0x00, 0xfe, + 0x51, 0x51, 0x86, 0x41, 0x6f, 0x83, 0x69, 0xd2, 0xf0, 0xe6, 0xf7, 0x61, + 0xda, 0x12, 0x45, 0x53, 0x09, 0xdf, 0xf8, 0x42, 0xc7, 0x30, 0x6a, 0xe5, + 0xd8, 0x2b, 0xa2, 0x49, 0x7a, 0x05, 0x10, 0xee, 0xb2, 0x59, 0x0a, 0xe5, + 0xbe, 0xf8, 0x4d, 0x0f, 0xa8, 0x9e, 0x63, 0x81, 0x39, 0x32, 0xaa, 0xfd, + 0xa8, 0x03, 0xf6, 0xd8, 0xc6, 0xaa, 0x02, 0x93, 0x03, 0xeb, 0x15, 0xd3, + 0x38, 0xc8, 0x1a, 0x78, 0xcf, 0xf3, 0xa7, 0x9f, 0x98, 0x4b, 0x91, 0x5b, + 0x79, 0xf8, 0x4e, 0x53, 0xaf, 0x0c, 0x65, 0xe9, 0xb0, 0x93, 0xc2, 0xcb, + 0x5d, 0x3c, 0x5f, 0x6e, 0x39, 0xd2, 0x58, 0x23, 0x50, 0xe5, 0x2e, 0xef, + 0x12, 0x00, 0xa4, 0x59, 0x13, 0x2b, 0x2f, 0x2c, 0x0a, 0x7b, 0x36, 0x89, + 0xc5, 0xe5, 0x8f, 0x95, 0x5e, 0x14, 0x0f, 0x0f, 0x94, 0x5a, 0xe9, 0xdc, + 0x0b, 0x49, 0x14, 0xbe, 0x0a, 0x70, 0x45, 0xc1, 0x7c, 0xbf, 0x83, 0x70, + 0xfd, 0x3d, 0x99, 0xe6, 0x8a, 0xf5, 0x9c, 0x09, 0x71, 0x84, 0x9a, 0x18, + 0xa0, 0xe0, 0x6c, 0x43, 0x5c, 0x7e, 0x48, 0x33, 0xc8, 0xbe, 0x5d, 0xdd, + 0xd8, 0x77, 0xe3, 0xe7, 0x6b, 0x34, 0x4b, 0xa2, 0xb7, 0x54, 0x07, 0x72, + 0x2e, 0xab, 0xa9, 0x91, 0x1e, 0x4b, 0xe3, 0xb5, 0xd8, 0xfa, 0x35, 0x64, + 0x8a, 0xe9, 0x03, 0xa1, 0xa8, 0x26, 0xbd, 0x72, 0x58, 0x10, 0x6a, 0xec, + 0x1a, 0xf6, 0x1e, 0xb8, 0xc0, 0x46, 0x19, 0x31, 0x2c, 0xca, 0xf9, 0x6a, + 0xd7, 0x2e, 0xd0, 0xa7, 0x2c, 0x60, 0x58, 0xc4, 0x8f, 0x46, 0x63, 0x61, + 0x8d, 0x29, 0x6f, 0xe2, 0x5f, 0xe2, 0x43, 0x90, 0x9c, 0xe6, 0xfc, 0x08, + 0x41, 0xc8, 0xb5, 0x23, 0x56, 0x24, 0x3e, 0x3a, 0x2c, 0x41, 0x22, 0x43, + 0xda, 0x22, 0x15, 0x2b, 0xad, 0xd0, 0xfa, 0xc8, 0x47, 0x44, 0xe6, 0x2a, + 0xf9, 0x38, 0x90, 0x13, 0x62, 0x22, 0xea, 0x06, 0x8c, 0x44, 0x9c, 0xd6, + 0xca, 0x50, 0x93, 0xe9, 0xd4, 0x03, 0xd8, 0x3e, 0x71, 0x36, 0x4b, 0xaa, + 0xab, 0xbb, 0xe2, 0x48, 0x66, 0x26, 0x53, 0xb1, 0x6d, 0x3b, 0x82, 0x2c, + 0x8c, 0x25, 0x05, 0xf0, 0xf8, 0xcf, 0x55, 0xbf, 0x8e, 0x29, 0xf7, 0x54, + 0x5b, 0x6f, 0x30, 0x54, 0xa6, 0xad, 0x46, 0xff, 0x22, 0x95, 0xb1, 0x87, + 0x98, 0x00, 0x51, 0x69, 0x15, 0x07, 0xbd, 0x3d, 0x9c, 0x6e, 0xaa, 0xaa, + 0x3b, 0x0b, 0x74, 0x65, 0x4c, 0x04, 0xe0, 0x80, 0x3e, 0xaf, 0x5e, 0x10, + 0xd6, 0x9b, 0x28, 0x37, 0x6f, 0x02, 0x03, 0x01, 0x00, 0x01 +}; diff -Nru openssl-3.0.1/demos/signature/rsa_pss_hash.c openssl-3.0.2/demos/signature/rsa_pss_hash.c --- openssl-3.0.1/demos/signature/rsa_pss_hash.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/demos/signature/rsa_pss_hash.c 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,189 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "rsa_pss.h" + +/* The data to be signed. This will be hashed. */ +static const char test_message[] = + "This is an example message to be signed."; + +/* A property query used for selecting algorithm implementations. */ +static const char *propq = NULL; + +/* + * This function demonstrates RSA signing of an arbitrary-length message. + * Hashing is performed automatically. In this example, SHA-256 is used. If you + * have already hashed your message and simply want to sign the hash directly, + * see rsa_pss_direct.c. + */ +static int sign(OSSL_LIB_CTX *libctx, unsigned char **sig, size_t *sig_len) +{ + int rv = 0; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *mctx = NULL; + OSSL_PARAM params[2], *p = params; + const unsigned char *ppriv_key = NULL; + + *sig = NULL; + + /* Load DER-encoded RSA private key. */ + ppriv_key = rsa_priv_key; + pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key, + sizeof(rsa_priv_key), libctx, propq); + if (pkey == NULL) { + fprintf(stderr, "Failed to load private key\n"); + goto end; + } + + /* Create MD context used for signing. */ + mctx = EVP_MD_CTX_new(); + if (mctx == NULL) { + fprintf(stderr, "Failed to create MD context\n"); + goto end; + } + + /* Initialize MD context for signing. */ + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, + OSSL_PKEY_RSA_PAD_MODE_PSS, 0); + *p = OSSL_PARAM_construct_end(); + + if (EVP_DigestSignInit_ex(mctx, NULL, "SHA256", libctx, propq, + pkey, params) == 0) { + fprintf(stderr, "Failed to initialize signing context\n"); + goto end; + } + + /* + * Feed data to be signed into the algorithm. This may + * be called multiple times. + */ + if (EVP_DigestSignUpdate(mctx, test_message, sizeof(test_message)) == 0) { + fprintf(stderr, "Failed to hash message into signing context\n"); + goto end; + } + + /* Determine signature length. */ + if (EVP_DigestSignFinal(mctx, NULL, sig_len) == 0) { + fprintf(stderr, "Failed to get signature length\n"); + goto end; + } + + /* Allocate memory for signature. */ + *sig = OPENSSL_malloc(*sig_len); + if (*sig == NULL) { + fprintf(stderr, "Failed to allocate memory for signature\n"); + goto end; + } + + /* Generate signature. */ + if (EVP_DigestSignFinal(mctx, *sig, sig_len) == 0) { + fprintf(stderr, "Failed to sign\n"); + goto end; + } + + rv = 1; +end: + EVP_MD_CTX_free(mctx); + EVP_PKEY_free(pkey); + + if (rv == 0) + OPENSSL_free(*sig); + + return rv; +} + +/* + * This function demonstrates verification of an RSA signature over an + * arbitrary-length message using the PSS signature scheme. Hashing is performed + * automatically. + */ +static int verify(OSSL_LIB_CTX *libctx, const unsigned char *sig, size_t sig_len) +{ + int rv = 0; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *mctx = NULL; + OSSL_PARAM params[2], *p = params; + const unsigned char *ppub_key = NULL; + + /* Load DER-encoded RSA public key. */ + ppub_key = rsa_pub_key; + pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ppub_key, sizeof(rsa_pub_key)); + if (pkey == NULL) { + fprintf(stderr, "Failed to load public key\n"); + goto end; + } + + /* Create MD context used for verification. */ + mctx = EVP_MD_CTX_new(); + if (mctx == NULL) { + fprintf(stderr, "Failed to create MD context\n"); + goto end; + } + + /* Initialize MD context for verification. */ + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, + OSSL_PKEY_RSA_PAD_MODE_PSS, 0); + *p = OSSL_PARAM_construct_end(); + + if (EVP_DigestVerifyInit_ex(mctx, NULL, "SHA256", libctx, propq, + pkey, params) == 0) { + fprintf(stderr, "Failed to initialize signing context\n"); + goto end; + } + + /* + * Feed data to be signed into the algorithm. This may + * be called multiple times. + */ + if (EVP_DigestVerifyUpdate(mctx, test_message, sizeof(test_message)) == 0) { + fprintf(stderr, "Failed to hash message into signing context\n"); + goto end; + } + + /* Verify signature. */ + if (EVP_DigestVerifyFinal(mctx, sig, sig_len) == 0) { + fprintf(stderr, "Failed to verify signature; " + "signature may be invalid\n"); + goto end; + } + + rv = 1; +end: + EVP_MD_CTX_free(mctx); + EVP_PKEY_free(pkey); + return rv; +} + +int main(int argc, char **argv) +{ + int rv = 1; + OSSL_LIB_CTX *libctx = NULL; + unsigned char *sig = NULL; + size_t sig_len = 0; + + if (sign(libctx, &sig, &sig_len) == 0) + goto end; + + if (verify(libctx, sig, sig_len) == 0) + goto end; + + rv = 0; +end: + OPENSSL_free(sig); + OSSL_LIB_CTX_free(libctx); + return rv; +} diff -Nru openssl-3.0.1/demos/smime/smver.c openssl-3.0.2/demos/smime/smver.c --- openssl-3.0.1/demos/smime/smver.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/demos/smime/smver.c 2022-03-15 14:30:24.000000000 +0000 @@ -27,16 +27,18 @@ /* Set up trusted CA certificate store */ st = X509_STORE_new(); + if (st == NULL) + goto err; /* Read in signer certificate and private key */ tbio = BIO_new_file("cacert.pem", "r"); - if (!tbio) + if (tbio == NULL) goto err; cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - if (!cacert) + if (cacert == NULL) goto err; if (!X509_STORE_add_cert(st, cacert)) @@ -46,18 +48,18 @@ in = BIO_new_file("smout.txt", "r"); - if (!in) + if (in == NULL) goto err; /* Sign content */ p7 = SMIME_read_PKCS7(in, &cont); - if (!p7) + if (p7 == NULL) goto err; /* File to output verified content to */ out = BIO_new_file("smver.txt", "w"); - if (!out) + if (out == NULL) goto err; if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) { @@ -74,6 +76,8 @@ fprintf(stderr, "Error Verifying Data\n"); ERR_print_errors_fp(stderr); } + + X509_STORE_free(st); PKCS7_free(p7); X509_free(cacert); BIO_free(in); diff -Nru openssl-3.0.1/doc/build.info openssl-3.0.2/doc/build.info --- openssl-3.0.1/doc/build.info 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/build.info 2022-03-15 14:30:24.000000000 +0000 @@ -2415,6 +2415,10 @@ GENERATE[html/man3/SSL_get_all_async_fds.html]=man3/SSL_get_all_async_fds.pod DEPEND[man/man3/SSL_get_all_async_fds.3]=man3/SSL_get_all_async_fds.pod GENERATE[man/man3/SSL_get_all_async_fds.3]=man3/SSL_get_all_async_fds.pod +DEPEND[html/man3/SSL_get_certificate.html]=man3/SSL_get_certificate.pod +GENERATE[html/man3/SSL_get_certificate.html]=man3/SSL_get_certificate.pod +DEPEND[man/man3/SSL_get_certificate.3]=man3/SSL_get_certificate.pod +GENERATE[man/man3/SSL_get_certificate.3]=man3/SSL_get_certificate.pod DEPEND[html/man3/SSL_get_ciphers.html]=man3/SSL_get_ciphers.pod GENERATE[html/man3/SSL_get_ciphers.html]=man3/SSL_get_ciphers.pod DEPEND[man/man3/SSL_get_ciphers.3]=man3/SSL_get_ciphers.pod @@ -2547,6 +2551,10 @@ GENERATE[html/man3/SSL_set_fd.html]=man3/SSL_set_fd.pod DEPEND[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod GENERATE[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod +DEPEND[html/man3/SSL_set_retry_verify.html]=man3/SSL_set_retry_verify.pod +GENERATE[html/man3/SSL_set_retry_verify.html]=man3/SSL_set_retry_verify.pod +DEPEND[man/man3/SSL_set_retry_verify.3]=man3/SSL_set_retry_verify.pod +GENERATE[man/man3/SSL_set_retry_verify.3]=man3/SSL_set_retry_verify.pod DEPEND[html/man3/SSL_set_session.html]=man3/SSL_set_session.pod GENERATE[html/man3/SSL_set_session.html]=man3/SSL_set_session.pod DEPEND[man/man3/SSL_set_session.3]=man3/SSL_set_session.pod @@ -3323,6 +3331,7 @@ html/man3/SSL_get0_peer_scts.html \ html/man3/SSL_get_SSL_CTX.html \ html/man3/SSL_get_all_async_fds.html \ +html/man3/SSL_get_certificate.html \ html/man3/SSL_get_ciphers.html \ html/man3/SSL_get_client_random.html \ html/man3/SSL_get_current_cipher.html \ @@ -3356,6 +3365,7 @@ html/man3/SSL_set_bio.html \ html/man3/SSL_set_connect_state.html \ html/man3/SSL_set_fd.html \ +html/man3/SSL_set_retry_verify.html \ html/man3/SSL_set_session.html \ html/man3/SSL_set_shutdown.html \ html/man3/SSL_set_verify_result.html \ @@ -3915,6 +3925,7 @@ man/man3/SSL_get0_peer_scts.3 \ man/man3/SSL_get_SSL_CTX.3 \ man/man3/SSL_get_all_async_fds.3 \ +man/man3/SSL_get_certificate.3 \ man/man3/SSL_get_ciphers.3 \ man/man3/SSL_get_client_random.3 \ man/man3/SSL_get_current_cipher.3 \ @@ -3948,6 +3959,7 @@ man/man3/SSL_set_bio.3 \ man/man3/SSL_set_connect_state.3 \ man/man3/SSL_set_fd.3 \ +man/man3/SSL_set_retry_verify.3 \ man/man3/SSL_set_session.3 \ man/man3/SSL_set_shutdown.3 \ man/man3/SSL_set_verify_result.3 \ diff -Nru openssl-3.0.1/doc/internal/man3/OSSL_METHOD_STORE.pod openssl-3.0.2/doc/internal/man3/OSSL_METHOD_STORE.pod --- openssl-3.0.1/doc/internal/man3/OSSL_METHOD_STORE.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/internal/man3/OSSL_METHOD_STORE.pod 2022-03-15 14:30:24.000000000 +0000 @@ -102,6 +102,12 @@ reference count of the method and the I function is called to decrement it. +=head1 NOTES + +The I argument to ossl_method_store_cache_get() and +ossl_method_store_cache_set() is not allowed to be NULL. Use "" for an +empty property definition or query. + =head1 RETURN VALUES ossl_method_store_new() returns a new method store object or NULL on failure. @@ -119,7 +125,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this diff -Nru openssl-3.0.1/doc/man1/openssl-cmp.pod.in openssl-3.0.2/doc/man1/openssl-cmp.pod.in --- openssl-3.0.1/doc/man1/openssl-cmp.pod.in 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man1/openssl-cmp.pod.in 2022-03-15 14:30:24.000000000 +0000 @@ -251,8 +251,8 @@ The source of the private or public key for the certificate requested in Initialization Request (IR), Certification Request(CR), or Key Update Request (KUR). -Default is the public key in the PKCS#10 CSR given with the B<-csr> option, -if any, or else the current client key, if given. +Defaults to the public key in the PKCS#10 CSR given with the B<-csr> option, +the public key of the reference certificate, or the current client key. =item B<-newkeypass> I @@ -440,8 +440,10 @@ =item B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]> -The IP address or DNS hostname and optionally port -of the CMP server to connect to using HTTP(S) transport. +The DNS hostname or IP address and optionally port +of the CMP server to connect to using HTTP(S). +This excludes I<-port> and I<-use_mock_srv> and is ignored with I<-rspin>. + The scheme C may be given only if the B<-tls_used> option is used. In this case the default port is 443, else 80. The optional userinfo and fragment components are ignored. @@ -458,6 +460,7 @@ components. Defaults to the environment variable C if set, else C in case no TLS is used, otherwise C if set, else C. +This option is ignored if I<-server> is not given. =item B<-no_proxy> I @@ -465,6 +468,7 @@ not to use an HTTP(S) proxy for, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). Default is from the environment variable C if set, else C. +This option is ignored if I<-server> is not given. =item B<-recipient> I @@ -795,7 +799,10 @@ =item B<-tls_used> Enable using TLS (even when other TLS_related options are not set) -when connecting to CMP server. +when connecting to CMP server via HTTP. +This option is not supported with the I<-port> option +and is ignored with the I<-use_mock_srv> and I<-rspin> options +or if the I<-server> option is not given. =item B<-tls_cert> I|I @@ -880,6 +887,7 @@ =item B<-rspin> I Process sequence of CMP responses provided in file(s), skipping server. +This excludes I<-server>, I<-port>, and I<-use_mock_srv>. Multiple filenames may be given, separated by commas and/or whitespace. As many files are read as needed for the complete transaction. @@ -893,8 +901,9 @@ =item B<-use_mock_srv> -Use the internal mock server for testing the client. -This works at API level, bypassing HTTP transport. +Test the client using the internal CMP server mock-up at API level, +bypassing socket-based transfer via HTTP. +This excludes I<-server>, I<-port>, and I<-rspin>. =back @@ -904,7 +913,8 @@ =item B<-port> I -Act as CMP HTTP server mock-up listening on the given port. +Act as HTTP-based CMP server mock-up listening on the given port. +This excludes I<-server>, I<-rspin>, and I<-use_mock_srv>. =item B<-max_msgs> I @@ -1221,9 +1231,9 @@ =head1 COPYRIGHT -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. -Licensed under the OpenSSL license (the "License"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L. diff -Nru openssl-3.0.1/doc/man1/openssl-dgst.pod.in openssl-3.0.2/doc/man1/openssl-dgst.pod.in --- openssl-3.0.1/doc/man1/openssl-dgst.pod.in 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man1/openssl-dgst.pod.in 2022-03-15 14:30:24.000000000 +0000 @@ -9,11 +9,11 @@ B B|I [B<-I>] +[B<-list>] [B<-help>] [B<-c>] [B<-d>] [B<-debug>] -[B<-list>] [B<-hex>] [B<-binary>] [B<-xoflen> I] @@ -47,7 +47,7 @@ algorithm to be used. The default digest is B. A supported I name may also be used as the sub-command name. -To see the list of supported algorithms, use C +To see the list of supported algorithms, use C =head1 OPTIONS @@ -59,8 +59,11 @@ =item B<-I> -Specifies name of a supported digest to be used. To see the list of -supported digests, use the command C. +Specifies name of a supported digest to be used. See option B<-list> below : + +=item B<-list> + +Prints out a list of supported message digests. =item B<-c> @@ -71,10 +74,6 @@ Print out BIO debugging information. -=item B<-list> - -Prints out a list of supported message digests. - =item B<-hex> Digest is to be output as a hex dump. This is the default case for a "normal" @@ -206,12 +205,19 @@ =head1 EXAMPLES To create a hex-encoded message digest of a file: + openssl dgst -md5 -hex file.txt + or + openssl md5 file.txt To sign a file using SHA-256 with binary file output: + openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt + or + openssl sha256 -sign privatekey.pem -out signature.sign file.txt To verify a signature: + openssl dgst -sha256 -verify publickey.pem \ -signature signature.sign \ file.txt @@ -221,7 +227,7 @@ The digest mechanisms that are available will depend on the options used when building OpenSSL. -The C command can be used to list them. +The C command can be used to list them. New or agile applications should use probably use SHA-256. Other digests, particularly SHA-1 and MD5, are still widely used for interoperating @@ -259,7 +265,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man1/openssl-kdf.pod.in openssl-3.0.2/doc/man1/openssl-kdf.pod.in --- openssl-3.0.1/doc/man1/openssl-kdf.pod.in 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man1/openssl-kdf.pod.in 2022-03-15 14:30:24.000000000 +0000 @@ -166,7 +166,7 @@ Use scrypt to create a hex-encoded derived key from a password and salt: openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \ - -kdfopt N:1024 -kdfopt r:8 -kdfopt p:16 \ + -kdfopt n:1024 -kdfopt r:8 -kdfopt p:16 \ -kdfopt maxmem_bytes:10485760 SCRYPT =head1 NOTES @@ -195,7 +195,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man1/openssl-speed.pod.in openssl-3.0.2/doc/man1/openssl-speed.pod.in --- openssl-3.0.1/doc/man1/openssl-speed.pod.in 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man1/openssl-speed.pod.in 2022-03-15 14:30:24.000000000 +0000 @@ -101,6 +101,8 @@ =item B<-bytes> I Run benchmarks on I-byte buffers. Affects ciphers, digests and the CSPRNG. +The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit +int would be 2147483583 bytes. =item B<-mr> @@ -134,7 +136,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/BIO_ctrl.pod openssl-3.0.2/doc/man3/BIO_ctrl.pod --- openssl-3.0.1/doc/man3/BIO_ctrl.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/BIO_ctrl.pod 2022-03-15 14:30:24.000000000 +0000 @@ -17,7 +17,7 @@ long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); - char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); + void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); int BIO_reset(BIO *b); @@ -146,7 +146,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/BIO_f_base64.pod openssl-3.0.2/doc/man3/BIO_f_base64.pod --- openssl-3.0.1/doc/man3/BIO_f_base64.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/BIO_f_base64.pod 2022-03-15 14:30:24.000000000 +0000 @@ -21,13 +21,26 @@ Base64 BIOs do not support BIO_gets() or BIO_puts(). +For writing, output is by default divided to lines of length 64 +characters and there is always a newline at the end of output. + +For reading, first line should be at most 1024 +characters long. If it is longer then it is ignored completely. +Other input lines can be of any length. There must be a newline +at the end of input. + +This behavior can be changed with BIO_FLAGS_BASE64_NO_NL flag. + BIO_flush() on a base64 BIO that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the BIO. -The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags() -to encode the data all on one line or expect the data to be all -on one line. +The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags(). +For writing, it causes all data to be written on one line without +newline at the end. +For reading, it forces the decoder to process the data regardless +of newlines. All newlines are ignored and the input does not need +to contain any newline at all. =head1 NOTES @@ -81,7 +94,7 @@ =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/BN_add.pod openssl-3.0.2/doc/man3/BN_add.pod --- openssl-3.0.1/doc/man3/BN_add.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/BN_add.pod 2022-03-15 14:30:24.000000000 +0000 @@ -3,7 +3,7 @@ =head1 NAME BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, -BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs =head1 SYNOPSIS @@ -36,6 +36,8 @@ int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, @@ -87,6 +89,12 @@ BN_mod_sqr() takes the square of I modulo B and places the result in I. +BN_mod_sqrt() returns the modular square root of I such that +C. The modulus I

must be a +prime, otherwise an error or an incorrect "result" will be returned. +The result is stored into I which can be NULL. The result will be +newly allocated in that case. + BN_exp() raises I to the I

-th power and places the result in I (C). This function is faster than repeated applications of BN_mul(). @@ -108,7 +116,10 @@ =head1 RETURN VALUES -For all functions, 1 is returned for success, 0 on error. The return +The BN_mod_sqrt() returns the result (possibly incorrect if I

is +not a prime), or NULL. + +For all remaining functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., C). The error codes can be obtained by L. @@ -119,7 +130,7 @@ =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/DEFINE_STACK_OF.pod openssl-3.0.2/doc/man3/DEFINE_STACK_OF.pod --- openssl-3.0.1/doc/man3/DEFINE_STACK_OF.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/DEFINE_STACK_OF.pod 2022-03-15 14:30:24.000000000 +0000 @@ -266,6 +266,7 @@ B_insert>(), B_push>() and B_unshift>() return the total number of elements in the stack and 0 if an error occurred. +B_push>() further returns -1 if I is NULL. B_set>() returns a pointer to the replacement element or NULL on error. diff -Nru openssl-3.0.1/doc/man3/ERR_get_error.pod openssl-3.0.2/doc/man3/ERR_get_error.pod --- openssl-3.0.1/doc/man3/ERR_get_error.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/ERR_get_error.pod 2022-03-15 14:30:24.000000000 +0000 @@ -31,7 +31,7 @@ const char **func, const char **data, int *flags); unsigned long ERR_peek_error_all(const char **file, int *line, - const char *func, + const char **func, const char **data, int *flags); unsigned long ERR_peek_last_error_all(const char **file, int *line, const char *func, @@ -132,7 +132,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/EVP_PKEY_gettable_params.pod openssl-3.0.2/doc/man3/EVP_PKEY_gettable_params.pod --- openssl-3.0.1/doc/man3/EVP_PKEY_gettable_params.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/EVP_PKEY_gettable_params.pod 2022-03-15 14:30:24.000000000 +0000 @@ -37,11 +37,22 @@ the names and types of key parameters that can be retrieved. See L for information about parameters. +An B of type B or +B is of arbitrary length. Such a parameter can be +obtained using any of the functions EVP_PKEY_get_int_param(), +EVP_PKEY_get_size_t_param() or EVP_PKEY_get_bn_param(). Attempting to +obtain an integer value that does not fit into a native C B type will cause +EVP_PKEY_get_int_param() to fail. Similarly attempting to obtain an integer +value that is negative or does not fit into a native C B type using +EVP_PKEY_get_size_t_param() will also fail. + EVP_PKEY_get_int_param() retrieves a key I integer value I<*out> -associated with a name of I. +associated with a name of I if it fits into C type. For +parameters that do not fit into C use EVP_PKEY_get_bn_param(). EVP_PKEY_get_size_t_param() retrieves a key I size_t value I<*out> -associated with a name of I. +associated with a name of I if it fits into C type. For +parameters that do not fit into C use EVP_PKEY_get_bn_param(). EVP_PKEY_get_bn_param() retrieves a key I BIGNUM value I<**bn> associated with a name of I. If I<*bn> is NULL then the BIGNUM @@ -115,7 +126,7 @@ =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/OBJ_nid2obj.pod openssl-3.0.2/doc/man3/OBJ_nid2obj.pod --- openssl-3.0.1/doc/man3/OBJ_nid2obj.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/OBJ_nid2obj.pod 2022-03-15 14:30:24.000000000 +0000 @@ -101,7 +101,8 @@ algorithm and the other representing a digest algorithm to be used in conjunction with it. I represents the NID for the composite "Signature Algorithm", I is the NID for the digest algorithm and I is the -NID for the underlying signature algorithm. +NID for the underlying signature algorithm. As there are signature algorithms +that do not require a digest, NID_undef is a valid I. OBJ_cleanup() releases any resources allocated by creating new objects. diff -Nru openssl-3.0.1/doc/man3/OPENSSL_hexchar2int.pod openssl-3.0.2/doc/man3/OPENSSL_hexchar2int.pod --- openssl-3.0.1/doc/man3/OPENSSL_hexchar2int.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/OPENSSL_hexchar2int.pod 2022-03-15 14:30:24.000000000 +0000 @@ -15,8 +15,9 @@ int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, long *buflen, const char *str, const char sep); unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); - int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, - const unsigned char *buf, long buflen, const char sep); + int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, + const unsigned char *buf, long buflen, + const char sep); char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); =head1 DESCRIPTION @@ -47,7 +48,7 @@ The character I is the separator between the bytes, setting this to '\0' means that there is no separator. I gives the size of the of the string buffer. -If I is not NULL, it is filled in with the result length. +If I is not NULL, it is filled in with the result length. To find out how large the result will be, call this function with NULL for I. @@ -70,7 +71,7 @@ =head1 COPYRIGHT -Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/OpenSSL_version.pod openssl-3.0.2/doc/man3/OpenSSL_version.pod --- openssl-3.0.1/doc/man3/OpenSSL_version.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/OpenSSL_version.pod 2022-03-15 14:30:24.000000000 +0000 @@ -38,8 +38,6 @@ const char *OPENSSL_info(int t); -Deprecated: - /* from openssl/opensslv.h */ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnL @@ -81,6 +79,25 @@ header version number (B.B) is greater than or equal to B.B. +B is a combination of the major, minor and +patch version into a single integer 0xMNN00PP0L, where: + +=over 4 + +=item M + +is the number from B, in hexadecimal notation + +=item NN + +is the number from B, in hexadecimal notation + +=item PP + +is the number from B, in hexadecimal notation + +=back + =head2 Functions OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(), @@ -198,35 +215,6 @@ For an unknown I, NULL is returned. -=head1 BACKWARD COMPATIBILITY - -For compatibility, some older macros and functions are retained or -synthesised. -They are all considered deprecated. - -=head2 Macros - -B is a combination of the major, minor and -patch version into a single integer 0xMNN00PP0L, where: - -=over 4 - -=item M - -is the number from B, in hexadecimal notation - -=item NN - -is the number from B, in hexadecimal notation - -=item PP - -is the number from B, in hexadecimal notation - -=back - -=head2 Functions - OpenSSL_version_num() returns the value of B. =head1 RETURN VALUES @@ -248,11 +236,11 @@ =head1 HISTORY The macros and functions described here were added in OpenSSL 3.0, -with the exception of the L ones. +except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num(). =head1 COPYRIGHT -Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/OSSL_CMP_CTX_new.pod openssl-3.0.2/doc/man3/OSSL_CMP_CTX_new.pod --- openssl-3.0.1/doc/man3/OSSL_CMP_CTX_new.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/OSSL_CMP_CTX_new.pod 2022-03-15 14:30:24.000000000 +0000 @@ -538,7 +538,7 @@ alternate names on the certificate template request. This cannot be used if any Subject Alternative Name extension is set via OSSL_CMP_CTX_set0_reqExtensions(). -By default, unless OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT has been set, +By default, unless B has been set, the Subject Alternative Names are copied from the reference certificate, see OSSL_CMP_CTX_set1_oldCert(). If set and the subject DN is not set with OSSL_CMP_CTX_set1_subjectName() then @@ -559,14 +559,16 @@ OSSL_CMP_CTX_set1_oldCert() sets the old certificate to be updated in Key Update Requests (KUR) or to be revoked in Revocation Requests (RR). It must be given for RR, else it defaults to the CMP signer certificate. -The reference certificate determined in this way, if any, is also used for -deriving default subject DN and Subject Alternative Names and the +The I determined in this way, if any, is also used for +deriving default subject DN, public key, Subject Alternative Names, and the default issuer entry in the requested certificate template of IR/CR/KUR. The subject of the reference certificate is used as the sender field value in CMP message headers. Its issuer is used as default recipient in CMP message headers. -OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to be used in P10CR. +OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to use in P10CR messages. +If such a CSR is provided, its subject, public key, and extension fields are +also used as fallback values for the certificate template of IR/CR/KUR messages. OSSL_CMP_CTX_push0_genm_ITAV() adds I to the stack in the I which will be the body of a General Message sent with this context. @@ -756,7 +758,7 @@ =head1 COPYRIGHT -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/OSSL_CMP_MSG_get0_header.pod openssl-3.0.2/doc/man3/OSSL_CMP_MSG_get0_header.pod --- openssl-3.0.1/doc/man3/OSSL_CMP_MSG_get0_header.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/OSSL_CMP_MSG_get0_header.pod 2022-03-15 14:30:24.000000000 +0000 @@ -36,12 +36,40 @@ This requires re-protecting the message (if it was protected). OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message +from various information provided in the CMP context argument I for inclusion in a CMP request message based on details contained in I. -If the CMP context does not include a subject name set via -L but includes a reference certificate -then it copies the subject DN from there -if I is set or the I does not include a subjectAltName. -The I defines the request identifier to use, which typically is 0. +The I argument defines the request identifier to use, which typically is 0. + +The subject DN to include in the certificate template is determined as follows. +If I includes a subject name set via L, +this name is used. +Otherwise, if a PKCS#10 CSR is given in I, its subject is used. +Otherwise, if a reference certificate is given in I +(see L), its subject is used if I +is nonzero or the I does not include a Subject Alternative Name. + +The public key to include is taken from any value set via +L, +otherwise the public key of any PKCS#10 CSR is given in I, +otherwise the public key of any reference certificate given in I, +otherwise it is derived from the client private key if given in I. + +The set of X.509 extensions to include is computed as follows. +If a PKCS#10 CSR is present in I, default extensions are taken from there, +otherwise the empty set is taken as the initial value. +If there is a reference certificate in I and contains Subject Alternative +Names (SANs) and B is not set, +these override any SANs from the PKCS#10 CSR. +The extensions are further augmented or overridden by any extensions with the +same OIDs included in the I via L. +The SANs are further overridden by any SANs included in I via +L. +Finally, policies are overridden by any policies included in I via +L. + +OSSL_CMP_CTX_setup_CRM() also sets the sets the regToken control B +for KUR messages using the issuer name and serial number of the reference +certificate, if present. OSSL_CMP_MSG_read() loads a DER-encoded OSSL_CMP_MSG from I. @@ -83,7 +111,7 @@ =head1 COPYRIGHT -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod openssl-3.0.2/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod --- openssl-3.0.1/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod 2022-03-15 14:30:24.000000000 +0000 @@ -89,8 +89,8 @@ OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey() sets the protocolEncrKey control in the given I copying the given I as value. See RFC 4211 section 6.6. -OSSL_CRMF_MSG_set1_regCtrl_oldCertID() sets the oldCertID control in the given -I copying the given I as value. See RFC 4211, section 6.5. +OSSL_CRMF_MSG_set1_regCtrl_oldCertID() sets the B regToken control in +the given I copying the given I as value. See RFC 4211, section 6.5. OSSL_CRMF_CERTID_gen produces an OSSL_CRMF_CERTID_gen structure copying the given I name and I number. @@ -121,7 +121,7 @@ =head1 COPYRIGHT -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/OSSL_HTTP_transfer.pod openssl-3.0.2/doc/man3/OSSL_HTTP_transfer.pod --- openssl-3.0.1/doc/man3/OSSL_HTTP_transfer.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/OSSL_HTTP_transfer.pod 2022-03-15 14:30:24.000000000 +0000 @@ -113,17 +113,25 @@ Here is a simple example that supports TLS connections (but not via a proxy): - BIO *http_tls_cb(BIO *hbio, void *arg, int connect, int detail) + BIO *http_tls_cb(BIO *bio, void *arg, int connect, int detail) { if (connect && detail) { /* connecting with TLS */ SSL_CTX *ctx = (SSL_CTX *)arg; BIO *sbio = BIO_new_ssl(ctx, 1); - hbio = sbio != NULL ? BIO_push(sbio, hbio) : NULL; - } else if (!connect && !detail) { /* disconnecting after error */ - /* optionally add diagnostics here */ + bio = sbio != NULL ? BIO_push(sbio, bio) : NULL; + } else if (!connect) { /* disconnecting */ + BIO *hbio; + + if (!detail) { /* an error has occurred */ + /* optionally add diagnostics here */ + } + BIO_ssl_shutdown(bio); + hbio = BIO_pop(bio); + BIO_free(bio); /* SSL BIO */ + bio = hbio; } - return hbio; + return bio; } After disconnect the modified BIO will be deallocated using BIO_free_all(). diff -Nru openssl-3.0.1/doc/man3/PEM_read_bio_PrivateKey.pod openssl-3.0.2/doc/man3/PEM_read_bio_PrivateKey.pod --- openssl-3.0.1/doc/man3/PEM_read_bio_PrivateKey.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/PEM_read_bio_PrivateKey.pod 2022-03-15 14:30:24.000000000 +0000 @@ -335,7 +335,7 @@ ignored. If the I parameters is set to NULL and the I parameter is not -NULL then the I parameter is interpreted as a null terminated string +NULL then the I parameter is interpreted as a NUL terminated string to use as the passphrase. If both I and I are NULL then the default callback routine is used which will typically prompt for the passphrase on the current terminal with echoing turned off. @@ -355,7 +355,8 @@ arbitrary data to be passed to the callback by the application (for example a window handle in a GUI application). The callback I return the number of characters in the passphrase or -1 if -an error occurred. +an error occurred. The passphrase can be arbitrary data; in the case where it +is a string, it is not NUL terminated. See the L section below. Some implementations may need to use cryptographic algorithms during their operation. If this is the case and I and I parameters have been @@ -573,7 +574,7 @@ =head1 COPYRIGHT -Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/SSL_CONF_cmd.pod openssl-3.0.2/doc/man3/SSL_CONF_cmd.pod --- openssl-3.0.1/doc/man3/SSL_CONF_cmd.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/SSL_CONF_cmd.pod 2022-03-15 14:30:24.000000000 +0000 @@ -460,7 +460,7 @@ B: that is B<-SessionTicket> is the same as setting B. -B: SSL/TLS compression support, enabled by default. Inverse +B: SSL/TLS compression support, disabled by default. Inverse of B. B: use empty fragments as a countermeasure against a @@ -496,7 +496,6 @@ B: permits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to B. -Set by default. B: use encrypt-then-mac extension, enabled by default. Inverse of B: that is, @@ -731,9 +730,12 @@ B and B were added in OpenSSL 1.1.1. +The B option is no longer set by default from +OpenSSL 3.0. + =head1 COPYRIGHT -Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/SSL_CTX_set_cert_verify_callback.pod openssl-3.0.2/doc/man3/SSL_CTX_set_cert_verify_callback.pod --- openssl-3.0.1/doc/man3/SSL_CTX_set_cert_verify_callback.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/SSL_CTX_set_cert_verify_callback.pod 2022-03-15 14:30:24.000000000 +0000 @@ -36,16 +36,18 @@ In client mode, the behaviour is as follows. All values, including 0, are ignored if the verification mode is B. -Otherwise, when the return value is 0, the handshake will fail. +Otherwise, when the return value is less than or equal to 0, the handshake will +fail. -In client mode I may also return -1, -typically on failure verifying the server certificate. -This makes the handshake suspend and return control to the calling application -with B. -The app can for instance fetch further certificates or cert status information -needed for the verification. -Calling L again resumes the connection attempt -by retrying the server certificate verification step. +In client mode I may also call the L +function on the B object set in the I ex data (see +L) and return 1. This would be +typically done in case the certificate verification was not yet able +to succeed. This makes the handshake suspend and return control to the +calling application with B. The app can for +instance fetch further certificates or cert status information needed for +the verification. Calling L again resumes the connection +attempt by retrying the server certificate verification step. This process may even be repeated if need be. In any case a viable verification result value must be reflected @@ -89,11 +91,12 @@ L, L, L, L, +L, L =head1 COPYRIGHT -Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/SSL_CTX_set_tmp_dh_callback.pod openssl-3.0.2/doc/man3/SSL_CTX_set_tmp_dh_callback.pod --- openssl-3.0.1/doc/man3/SSL_CTX_set_tmp_dh_callback.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/SSL_CTX_set_tmp_dh_callback.pod 2022-03-15 14:30:24.000000000 +0000 @@ -11,7 +11,7 @@ #include - long SSL_CTX_set_dh_auto(SSL *s, int onoff); + long SSL_CTX_set_dh_auto(SSL_CTX *ctx, int onoff); long SSL_set_dh_auto(SSL *s, int onoff); int SSL_CTX_set0_tmp_dh_pkey(SSL_CTX *ctx, EVP_PKEY *dhpkey); int SSL_set0_tmp_dh_pkey(SSL *s, EVP_PKEY *dhpkey); @@ -112,7 +112,7 @@ =head1 COPYRIGHT -Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/SSL_CTX_set_verify.pod openssl-3.0.2/doc/man3/SSL_CTX_set_verify.pod --- openssl-3.0.1/doc/man3/SSL_CTX_set_verify.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/SSL_CTX_set_verify.pod 2022-03-15 14:30:24.000000000 +0000 @@ -44,6 +44,21 @@ B can be called to get the data index of the current SSL object that is doing the verification. +In client mode B may also call the L +function on the B object set in the I ex data (see +L) and return 1. +This would be typically done in case the certificate verification was not yet +able to succeed. +This makes the handshake suspend and return control to the calling application +with B. +The application can for instance fetch further certificates or cert status +information needed for the verification. +Note that the handshake may still be aborted if a subsequent invocation of the +callback (e.g. at a lower depth, or for a separate error condition) returns 0. +Calling L again resumes the connection attempt by retrying the +server certificate verification step. +This process may even be repeated if need be. + SSL_CTX_set_verify_depth() sets the maximum B for the certificate chain verification that shall be allowed for B. @@ -348,7 +363,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/SSL_get_certificate.pod openssl-3.0.2/doc/man3/SSL_get_certificate.pod --- openssl-3.0.1/doc/man3/SSL_get_certificate.pod 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/doc/man3/SSL_get_certificate.pod 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,73 @@ +=pod + +=head1 NAME + +SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and +private key + +=head1 SYNOPSIS + + #include + + X509 *SSL_get_certificate(const SSL *s); + EVP_PKEY *SSL_get_privatekey(const SSL *s); + +=head1 DESCRIPTION + +SSL_get_certificate() returns a pointer to an B object representing a +certificate used as the local peer's identity. + +Multiple certificates can be configured; for example, a server might have both +RSA and ECDSA certificates. The certificate which is returned by +SSL_get_certificate() is determined as follows: + +=over 4 + +=item + +If it is called before certificate selection has occurred, it returns the most +recently added certificate, or NULL if no certificate has been added. + +=item + +After certificate selection has occurred, it returns the certificate which was +selected during the handshake, or NULL if no certificate was selected (for +example, on a client where no client certificate is in use). + +=back + +Certificate selection occurs during the handshake; therefore, the value returned +by SSL_get_certificate() during any callback made during the handshake process +will depend on whether that callback is made before or after certificate +selection occurs. + +A specific use for SSL_get_certificate() is inside a callback set via a call to +L. This callback occurs after certificate +selection, where it can be used to examine a server's chosen certificate, for +example for the purpose of identifying a certificate's OCSP responder URL so +that an OCSP response can be obtained. + +SSL_get_privatekey() returns a pointer to the B object corresponding +to the certificate returned by SSL_get_certificate(), if any. + +=head1 RETURN VALUES + +These functions return pointers to their respective objects, or NULL if no such +object is available. Returned objects are owned by the SSL object and should not +be freed by users of these functions. + +=head1 SEE ALSO + +L, L + +=head1 COPYRIGHT + +Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut + diff -Nru openssl-3.0.1/doc/man3/SSL_set_retry_verify.pod openssl-3.0.2/doc/man3/SSL_set_retry_verify.pod --- openssl-3.0.1/doc/man3/SSL_set_retry_verify.pod 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/doc/man3/SSL_set_retry_verify.pod 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,70 @@ +=pod + +=head1 NAME + +SSL_set_retry_verify - indicate that certificate verification should be retried + +=head1 SYNOPSIS + + #include + + int SSL_set_retry_verify(SSL *ssl); + +=head1 DESCRIPTION + +SSL_set_retry_verify() should be called from the certificate verification +callback on a client when the application wants to indicate that the handshake +should be suspended and the control should be returned to the application. +L will return 1 as a consequence until the handshake +is resumed again by the application, retrying the verification step. + +Please refer to L for further details. + +=head1 NOTES + +The effect of calling SSL_set_retry_verify() outside of the certificate +verification callback on the client side is undefined. + +=head1 RETURN VALUES + +SSL_set_retry verify() returns 1 on success, 0 otherwise. + +=head1 EXAMPLES + +The following code snippet shows how to obtain the B object associated +with the B to call the SSL_set_retry_verify() function: + + int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + SSL *ssl; + + /* this should not happen but check anyway */ + if (idx < 0 + || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) + return 0; + + if (/* we need to retry verification callback */) + return SSL_set_retry_verify(ssl); + + /* do normal processing of the verification callback */ + +=head1 SEE ALSO + +L, L, L, +L + +=head1 HISTORY + +SSL_set_retry_verify() was added in OpenSSL 3.0.2 to replace backwards +incompatible handling of a negative return value from the verification +callback. + +=head1 COPYRIGHT + +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.1/doc/man3/SSL_want.pod openssl-3.0.2/doc/man3/SSL_want.pod --- openssl-3.0.1/doc/man3/SSL_want.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/SSL_want.pod 2022-03-15 14:30:24.000000000 +0000 @@ -70,8 +70,8 @@ =item SSL_RETRY_VERIFY -The operation did not complete because an application callback set by -SSL_CTX_set_cert_verify_callback() has asked to be called again. +The operation did not complete because a certificate verification callback +has asked to be called again via L. A call to L should return B. =item SSL_ASYNC_PAUSED @@ -110,7 +110,7 @@ =head1 COPYRIGHT -Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/X509_check_host.pod openssl-3.0.2/doc/man3/X509_check_host.pod --- openssl-3.0.1/doc/man3/X509_check_host.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/X509_check_host.pod 2022-03-15 14:30:24.000000000 +0000 @@ -62,7 +62,8 @@ IPv6 address. The B

array is in binary format, in network byte order. The length is either 4 (IPv4) or 16 (IPv6). Only explicitly marked addresses in the certificates are considered; IP -addresses stored in DNS names and Common Names are ignored. +addresses stored in DNS names and Common Names are ignored. There are +currently no B that would affect the behavior of this call. X509_check_ip_asc() is similar, except that the NUL-terminated string B
is first converted to the internal representation. @@ -153,7 +154,7 @@ =head1 COPYRIGHT -Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/X509_STORE_CTX_new.pod openssl-3.0.2/doc/man3/X509_STORE_CTX_new.pod --- openssl-3.0.1/doc/man3/X509_STORE_CTX_new.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/X509_STORE_CTX_new.pod 2022-03-15 14:30:24.000000000 +0000 @@ -11,7 +11,10 @@ X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, -X509_STORE_CTX_verify_fn +X509_STORE_CTX_verify_fn, +X509_STORE_CTX_set_purpose, +X509_STORE_CTX_set_trust, +X509_STORE_CTX_purpose_inherit - X509_STORE_CTX initialisation =head1 SYNOPSIS @@ -45,6 +48,11 @@ typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); + int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); + int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); + int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); + =head1 DESCRIPTION These functions initialise an B structure for subsequent use @@ -155,6 +163,65 @@ This function should receive the current X509_STORE_CTX as a parameter and return 1 on success or 0 on failure. +X509 certificates may contain information about what purposes keys contained +within them can be used for. For example "TLS WWW Server Authentication" or +"Email Protection". This "key usage" information is held internally to the +certificate itself. In addition the trust store containing trusted certificates +can declare what purposes we trust different certificates for. This "trust" +information is not held within the certificate itself but is "meta" information +held alongside it. This "meta" information is associated with the certificate +after it is issued and could be determined by a system administrator. For +example a certificate might declare that it is suitable for use for both +"TLS WWW Server Authentication" and "TLS Client Authentication", but a system +administrator might only trust it for the former. An X.509 certificate extension +exists that can record extended key usage information to supplement the purpose +information described above. This extended mechanism is arbitrarily extensible +and not well suited for a generic library API; applications that need to +validate extended key usage information in certifiates will need to define a +custom "purpose" (see below) or supply a nondefault verification callback +(L). + +X509_STORE_CTX_set_purpose() sets the purpose for the target certificate being +verified in the I. Built-in available values for the I argument +are B, B, +B, B, +B, B, B, +B and B. It is also +possible to create a custom purpose value. Setting a purpose will ensure that +the key usage declared within certificates in the chain being verified is +consistent with that purpose as well as, potentially, other checks. Every +purpose also has an associated default trust value which will also be set at the +same time. During verification this trust setting will be verified to check it +is consistent with the trust set by the system administrator for certificates in +the chain. + +X509_STORE_CTX_set_trust() sets the trust value for the target certificate +being verified in the I. Built-in available values for the I +argument are B, B, +B, B, B, +B, B and B. It is +also possible to create a custom trust value. Since X509_STORE_CTX_set_purpose() +also sets the trust value it is normally sufficient to only call that function. +If both are called then X509_STORE_CTX_set_trust() should be called after +X509_STORE_CTX_set_purpose() since the trust setting of the last call will be +used. + +It should not normally be necessary for end user applications to call +X509_STORE_CTX_purpose_inherit() directly. Typically applications should call +X509_STORE_CTX_set_purpose() or X509_STORE_CTX_set_trust() instead. Using this +function it is possible to set the purpose and trust values for the I at +the same time. The I and I arguments can have the same +purpose values as described for X509_STORE_CTX_set_purpose() above. The I +argument can have the same trust values as described in +X509_STORE_CTX_set_trust() above. Any of the I, I or +I values may also have the value 0 to indicate that the supplied +parameter should be ignored. After calling this function the purpose to be used +for verification is set from the I argument, and the trust is set from +the I argument. If I is 0 then the trust value will be set from +the default trust value for I. If the default trust value for the +purpose is I and I is 0 then the default trust value +associated with the I value is used for the trust setting instead. + =head1 NOTES The certificates and CRLs in a store are used internally and should B @@ -202,7 +269,7 @@ =head1 COPYRIGHT -Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/X509V3_get_d2i.pod openssl-3.0.2/doc/man3/X509V3_get_d2i.pod --- openssl-3.0.1/doc/man3/X509V3_get_d2i.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/X509V3_get_d2i.pod 2022-03-15 14:30:24.000000000 +0000 @@ -2,11 +2,12 @@ =head1 NAME -X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, -X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, -X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, -X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions +X509_get_ext_d2i, X509_add1_ext_i2d, +X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, +X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d, +X509_get0_extensions, X509_CRL_get0_extensions, +X509_REVOKED_get0_extensions - X509 extension decode and encode functions =head1 SYNOPSIS @@ -38,37 +39,37 @@ =head1 DESCRIPTION -X509V3_get_ext_d2i() looks for an extension with OID B in the extensions -B and, if found, decodes it. If B is B then only one +X509V3_get_d2i() looks for an extension with OID I in the extensions +I and, if found, decodes it. If I is NULL then only one occurrence of an extension is permissible otherwise the first extension after -index B<*idx> is returned and B<*idx> updated to the location of the extension. -If B is not B then B<*crit> is set to a status value: -2 if the -extension occurs multiple times (this is only returned if B is B), +index I<*idx> is returned and I<*idx> updated to the location of the extension. +If I is not NULL then I<*crit> is set to a status value: -2 if the +extension occurs multiple times (this is only returned if I is NULL), -1 if the extension could not be found, 0 if the extension is found and is not critical and 1 if critical. A pointer to an extension specific structure -or B is returned. +or NULL is returned. -X509V3_add1_i2d() adds extension B to STACK B<*x> (allocating a new -STACK if necessary) using OID B and criticality B according -to B. +X509V3_add1_i2d() adds extension I to STACK I<*x> (allocating a new +STACK if necessary) using OID I and criticality I according +to I. X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension -B and returns a pointer to an extension specific structure or B +I and returns a pointer to an extension specific structure or NULL if the extension could not be decoded (invalid syntax or not supported). -X509V3_EXT_i2d() encodes the extension specific structure B -with OID B and criticality B. +X509V3_EXT_i2d() encodes the extension specific structure I +with OID I and criticality I. X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of -certificate B, they are otherwise identical to X509V3_get_d2i() and +certificate I, they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d(). X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions -of CRL B, they are otherwise identical to X509V3_get_d2i() and +of CRL I, they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d(). X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the -extensions of B structure B (i.e for CRL entry extensions), +extensions of B structure I (i.e for CRL entry extensions), they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d(). X509_get0_extensions(), X509_CRL_get0_extensions() and @@ -78,9 +79,9 @@ =head1 NOTES In almost all cases an extension can occur at most once and multiple -occurrences is an error. Therefore, the B parameter is usually B. +occurrences is an error. Therefore, the I parameter is usually NULL. -The B parameter may be one of the following values. +The I parameter may be one of the following values. B appends a new extension only if the extension does not already exist. An error is returned if the extension does already @@ -99,14 +100,15 @@ not already exist. An error B returned if the extension does already exist. -B extension B is deleted: no new extension is added. +B extension I is deleted: no new extension is added. -If B is ored with B: any error returned will not +If B is ored with I: any error returned will not be added to the error queue. -The function X509V3_get_d2i() will return B if the extension is not +The function X509V3_get_d2i() and its variants +will return NULL if the extension is not found, occurs multiple times or cannot be decoded. It is possible to -determine the precise reason by checking the value of B<*crit>. +determine the precise reason by checking the value of I<*crit>. =head1 SUPPORTED EXTENSIONS @@ -195,17 +197,17 @@ =head1 RETURN VALUES -X509V3_EXT_d2i() and *X509V3_get_d2i() return a pointer to an extension -specific structure or B if an error occurs. +X509V3_get_d2i(), its variants, and X509V3_EXT_d2i() return +a pointer to an extension specific structure or NULL if an error occurs. -X509V3_EXT_i2d() returns a pointer to an B structure -or B if an error occurs. - -X509V3_add1_i2d() returns 1 if the operation is successful and 0 if it -fails due to a non-fatal error (extension not found, already exists, +X509V3_add1_i2d() and its variants return 1 if the operation is successful +and 0 if it fails due to a non-fatal error (extension not found, already exists, cannot be encoded) or -1 due to a fatal error such as a memory allocation failure. +X509V3_EXT_i2d() returns a pointer to an B structure +or NULL if an error occurs. + X509_get0_extensions(), X509_CRL_get0_extensions() and X509_REVOKED_get0_extensions() return a stack of extensions. They return NULL if no extensions are present. @@ -231,7 +233,7 @@ =head1 COPYRIGHT -Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/X509_verify_cert.pod openssl-3.0.2/doc/man3/X509_verify_cert.pod --- openssl-3.0.1/doc/man3/X509_verify_cert.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/X509_verify_cert.pod 2022-03-15 14:30:24.000000000 +0000 @@ -52,9 +52,7 @@ incorrectly, such as with no certificate set in I, or when it is called twice in succession without reinitialising I for the second call. A negative return value can also happen due to internal resource problems -or because an internal inconsistency has been detected -or if a retry operation is requested during internal lookups -(which never happens with standard lookup methods). +or because an internal inconsistency has been detected. Applications must interpret any return value <= 0 as an error. The X509_STORE_CTX_verify() behaves like X509_verify_cert() except that its @@ -91,7 +89,7 @@ =head1 COPYRIGHT -Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man3/X509_VERIFY_PARAM_set_flags.pod openssl-3.0.2/doc/man3/X509_VERIFY_PARAM_set_flags.pod --- openssl-3.0.1/doc/man3/X509_VERIFY_PARAM_set_flags.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man3/X509_VERIFY_PARAM_set_flags.pod 2022-03-15 14:30:24.000000000 +0000 @@ -249,8 +249,8 @@ B enables CRL checking for the entire certificate chain. -B disabled critical extension checking. By default -any unhandled critical extensions in certificates or (if checked) CRLs results +B disables critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs result in a fatal error. If this flag is set unhandled critical extensions are ignored. B setting this option for anything other than debugging purposes can be a security risk. Finer control over which extensions are @@ -401,7 +401,7 @@ =head1 COPYRIGHT -Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man7/crypto.pod openssl-3.0.2/doc/man7/crypto.pod --- openssl-3.0.1/doc/man7/crypto.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man7/crypto.pod 2022-03-15 14:30:24.000000000 +0000 @@ -380,6 +380,7 @@ #include #include #include + #include int main(void) { @@ -390,6 +391,7 @@ }; unsigned int len = 0; unsigned char *outdigest = NULL; + int ret = 1; /* Create a context for the digest operation */ ctx = EVP_MD_CTX_new(); @@ -430,11 +432,16 @@ /* Print out the digest result */ BIO_dump_fp(stdout, outdigest, len); + ret = 0; + err: /* Clean up all the resources we allocated */ OPENSSL_free(outdigest); EVP_MD_free(sha256); EVP_MD_CTX_free(ctx); + if (ret != 0) + ERR_print_errors_fp(stderr); + return ret; } =head1 CONFIGURATION @@ -497,7 +504,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man7/EVP_KEYEXCH-DH.pod openssl-3.0.2/doc/man7/EVP_KEYEXCH-DH.pod --- openssl-3.0.1/doc/man7/EVP_KEYEXCH-DH.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man7/EVP_KEYEXCH-DH.pod 2022-03-15 14:30:24.000000000 +0000 @@ -15,20 +15,40 @@ =item "pad" (B) +Sets the padding mode for the associated key exchange ctx. +Setting a value of 1 will turn padding on. +Setting a value of 0 will turn padding off. +If padding is off then the derived shared secret may be smaller than the +largest possible secret size. +If padding is on then the derived shared secret will have its first bytes +filled with zeros where necessary to make the shared secret the same size as +the largest possible secret size. +The padding mode parameter is ignored (and padding implicitly enabled) when +the KDF type is set to "X942KDF-ASN1" (B). + +=item "kdf-type" (B) + +See L. + +=item "kdf-digest" (B) + +See L. + +=item "kdf-digest-props" (B) + +See L. + +=item "kdf-outlen" (B) + See L. =item "kdf-ukm" (B) -Sets the User Key Material to be used as part of the selected Key Derivation -Function associated with the given key exchange ctx. +See L. -=item "kdf-ukm" (B) +=item "cekalg" (B) -Gets a pointer to the User Key Material to be used as part of the selected -Key Derivation Function associated with the given key exchange ctx. Providers -usually do not need to support this gettable parameter as its sole purpose -is to support functionality of the deprecated EVP_PKEY_CTX_get0_dh_kdf_ukm() -function. +See L. =back @@ -58,6 +78,7 @@ To derive a shared secret on the host using the host's key and the peer's public key: + /* It is assumed that the host_key and peer_pub_key are set up */ void derive_secret(EVP_KEY *host_key, EVP_PKEY *peer_pub_key) { @@ -101,7 +122,7 @@ =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man7/EVP_KEYEXCH-ECDH.pod openssl-3.0.2/doc/man7/EVP_KEYEXCH-ECDH.pod --- openssl-3.0.1/doc/man7/EVP_KEYEXCH-ECDH.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man7/EVP_KEYEXCH-ECDH.pod 2022-03-15 14:30:24.000000000 +0000 @@ -33,38 +33,23 @@ =item "kdf-type" (B) -Sets or gets the Key Derivation Function type to apply within the associated key -exchange ctx. +See L. =item "kdf-digest" (B) -Sets or gets the Digest algorithm to be used as part of the Key Derivation Function -associated with the given key exchange ctx. +See L. =item "kdf-digest-props" (B) -Sets properties to be used upon look up of the implementation for the selected -Digest algorithm for the Key Derivation Function associated with the given key -exchange ctx. +See L. =item "kdf-outlen" (B) -Sets or gets the desired size for the output of the chosen Key Derivation Function -associated with the given key exchange ctx. -The length of the "kdf-outlen" parameter should not exceed that of a B. +See L. =item "kdf-ukm" (B) -Sets the User Key Material to be used as part of the selected Key Derivation -Function associated with the given key exchange ctx. - -=item "kdf-ukm" (B) - -Gets a pointer to the User Key Material to be used as part of the selected -Key Derivation Function associated with the given key exchange ctx. Providers -usually do not need to support this gettable parameter as its sole purpose -is to support functionality of the deprecated EVP_PKEY_CTX_get0_ecdh_kdf_ukm() -function. +See L. =back @@ -88,7 +73,7 @@ size_t secret_len = out_len; unsigned int pad = 1; OSSL_PARAM params[6]; - EVP_PKET_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL); + EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_new_from_pkey(NULL, host_key, NULL); EVP_PKEY_derive_init(dctx); @@ -122,7 +107,7 @@ =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man7/EVP_MD-BLAKE2.pod openssl-3.0.2/doc/man7/EVP_MD-BLAKE2.pod --- openssl-3.0.1/doc/man7/EVP_MD-BLAKE2.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man7/EVP_MD-BLAKE2.pod 2022-03-15 14:30:24.000000000 +0000 @@ -6,7 +6,7 @@ =head1 DESCRIPTION -Support for computing SHA2 digests through the B API. +Support for computing BLAKE2 digests through the B API. =head2 Identities @@ -36,7 +36,7 @@ =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/doc/man7/provider-base.pod openssl-3.0.2/doc/man7/provider-base.pod --- openssl-3.0.1/doc/man7/provider-base.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man7/provider-base.pod 2022-03-15 14:30:24.000000000 +0000 @@ -277,8 +277,9 @@ rather than a numeric NID. Any name (OID, short name or long name) can be used to identify the object. It will treat as success the case where the composite signature algorithm already exists (even if registered against a different -underlying signature or digest algorithm). It returns 1 on success or 0 on -failure. +underlying signature or digest algorithm). For I, NULL or an +empty string is permissible for signature algorithms that do not need a digest +to operate correctly. The function returns 1 on success or 0 on failure. This function is not thread safe. CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_free(), CRYPTO_clear_free(), diff -Nru openssl-3.0.1/doc/man7/provider-keyexch.pod openssl-3.0.2/doc/man7/provider-keyexch.pod --- openssl-3.0.1/doc/man7/provider-keyexch.pod 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/doc/man7/provider-keyexch.pod 2022-03-15 14:30:24.000000000 +0000 @@ -170,16 +170,40 @@ =over 4 -=item "pad" (B) +=item "kdf-type" (B) -Sets the padding mode for the associated key exchange ctx. -Setting a value of 1 will turn padding on. -Setting a value of 0 will turn padding off. -If padding is off then the derived shared secret may be smaller than the largest -possible secret size. -If padding is on then the derived shared secret will have its first bytes filled -with 0s where necessary to make the shared secret the same size as the largest -possible secret size. +Sets or gets the Key Derivation Function type to apply within the associated key +exchange ctx. + +=item "kdf-digest" (B) + +Sets or gets the Digest algorithm to be used as part of the Key Derivation Function +associated with the given key exchange ctx. + +=item "kdf-digest-props" (B) + +Sets properties to be used upon look up of the implementation for the selected +Digest algorithm for the Key Derivation Function associated with the given key +exchange ctx. + +=item "kdf-outlen" (B) + +Sets or gets the desired size for the output of the chosen Key Derivation Function +associated with the given key exchange ctx. +The length of the "kdf-outlen" parameter should not exceed that of a B. + +=item "kdf-ukm" (B) + +Sets the User Key Material to be used as part of the selected Key Derivation +Function associated with the given key exchange ctx. + +=item "kdf-ukm" (B) + +Gets a pointer to the User Key Material to be used as part of the selected +Key Derivation Function associated with the given key exchange ctx. Providers +usually do not need to support this gettable parameter as its sole purpose +is to support functionality of the deprecated EVP_PKEY_CTX_get0_ecdh_kdf_ukm() +and EVP_PKEY_CTX_get0_dh_kdf_ukm() functions. =back @@ -205,7 +229,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/fuzz/asn1.c openssl-3.0.2/fuzz/asn1.c --- openssl-3.0.1/fuzz/asn1.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/fuzz/asn1.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -218,8 +218,10 @@ int len2; \ BIO *bio = BIO_new(BIO_s_null()); \ \ - PRINT(bio, type); \ - BIO_free(bio); \ + if (bio != NULL) { \ + PRINT(bio, type); \ + BIO_free(bio); \ + } \ len2 = I2D(type, &der); \ if (len2 != 0) {} \ OPENSSL_free(der); \ @@ -235,8 +237,10 @@ if (type != NULL) { \ BIO *bio = BIO_new(BIO_s_null()); \ \ - PRINT(bio, type, 0); \ - BIO_free(bio); \ + if (bio != NULL) { \ + PRINT(bio, type, 0); \ + BIO_free(bio); \ + } \ I2D(type, &der); \ OPENSSL_free(der); \ TYPE ## _free(type); \ @@ -251,8 +255,10 @@ if (type != NULL) { \ BIO *bio = BIO_new(BIO_s_null()); \ \ - PRINT(bio, type, 0, pctx); \ - BIO_free(bio); \ + if (bio != NULL) { \ + PRINT(bio, type, 0, pctx); \ + BIO_free(bio); \ + } \ I2D(type, &der); \ OPENSSL_free(der); \ TYPE ## _free(type); \ @@ -307,9 +313,10 @@ if (o != NULL) { BIO *bio = BIO_new(BIO_s_null()); - - ASN1_item_print(bio, o, 4, i, pctx); - BIO_free(bio); + if (bio != NULL) { + ASN1_item_print(bio, o, 4, i, pctx); + BIO_free(bio); + } ASN1_item_i2d(o, &der, i); OPENSSL_free(der); ASN1_item_free(o, i); diff -Nru openssl-3.0.1/fuzz/fuzz_rand.c openssl-3.0.2/fuzz/fuzz_rand.c --- openssl-3.0.1/fuzz/fuzz_rand.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/fuzz/fuzz_rand.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -146,6 +146,8 @@ const OSSL_DISPATCH **out, void **provctx) { *provctx = OSSL_LIB_CTX_new(); + if (*provctx == NULL) + return 0; *out = fuzz_rand_method; return 1; } diff -Nru openssl-3.0.1/fuzz/oids.txt openssl-3.0.2/fuzz/oids.txt --- openssl-3.0.1/fuzz/oids.txt 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/fuzz/oids.txt 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ # WARNING: do not edit! # Generated by fuzz/mkfuzzoids.pl # -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.1/include/crypto/dh.h openssl-3.0.2/include/crypto/dh.h --- openssl-3.0.1/include/crypto/dh.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/crypto/dh.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,9 +32,10 @@ FFC_PARAMS *ossl_dh_get0_params(DH *dh); int ossl_dh_get0_nid(const DH *dh); int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]); -int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[]); +int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[], int include_private); int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); -int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); +int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], + int include_private); DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq); int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff -Nru openssl-3.0.1/include/crypto/dsa.h openssl-3.0.2/include/crypto/dsa.h --- openssl-3.0.1/include/crypto/dsa.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/crypto/dsa.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,8 +7,8 @@ * https://www.openssl.org/source/license.html */ -#ifndef OSSL_CRYPTO_DSAERR_H -# define OSSL_CRYPTO_DSAERR_H +#ifndef OSSL_CRYPTO_DSA_H +# define OSSL_CRYPTO_DSA_H # pragma once # include @@ -30,7 +30,8 @@ FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa); int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]); -int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]); +int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[], + int include_private); DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, OSSL_LIB_CTX *libctx, const char *propq); diff -Nru openssl-3.0.1/include/crypto/evp.h openssl-3.0.2/include/crypto/evp.h --- openssl-3.0.1/include/crypto/evp.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/crypto/evp.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -900,7 +900,7 @@ int loadconfig, int mirrored); char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig); -void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force); +void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest); /* Three possible states: */ # define EVP_PKEY_STATE_UNKNOWN 0 diff -Nru openssl-3.0.1/include/crypto/pem.h openssl-3.0.2/include/crypto/pem.h --- openssl-3.0.1/include/crypto/pem.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/crypto/pem.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/include/crypto/rsa.h openssl-3.0.2/include/crypto/rsa.h --- openssl-3.0.1/include/crypto/rsa.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/crypto/rsa.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,8 +65,9 @@ int ossl_rsa_is_foreign(const RSA *rsa); RSA *ossl_rsa_dup(const RSA *rsa, int selection); -int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); -int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]); +int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], + int include_private); +int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private); int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]); int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, diff -Nru openssl-3.0.1/include/internal/bio.h openssl-3.0.2/include/internal/bio.h --- openssl-3.0.1/include/internal/bio.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/internal/bio.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -48,9 +48,9 @@ * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next. * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving. */ -# define BIO_FLAGS_KTLS_TX 0x800 # define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000 # define BIO_FLAGS_KTLS_RX 0x2000 +# define BIO_FLAGS_KTLS_TX 0x4000 /* KTLS related controls and flags */ # define BIO_set_ktls_flag(b, is_tx) \ diff -Nru openssl-3.0.1/include/internal/sockets.h openssl-3.0.2/include/internal/sockets.h --- openssl-3.0.1/include/internal/sockets.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/internal/sockets.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,6 +32,8 @@ # include # include # include +# include +# include # elif defined(_WIN32_WCE) && _WIN32_WCE<410 # define getservbyname _masked_declaration_getservbyname # endif diff -Nru openssl-3.0.1/include/internal/tsan_assist.h openssl-3.0.2/include/internal/tsan_assist.h --- openssl-3.0.1/include/internal/tsan_assist.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/internal/tsan_assist.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -130,7 +130,13 @@ #ifndef TSAN_QUALIFIER -# define TSAN_QUALIFIER volatile +# ifdef OPENSSL_THREADS +# define TSAN_QUALIFIER volatile +# define TSAN_REQUIRES_LOCKING +# else /* OPENSSL_THREADS */ +# define TSAN_QUALIFIER +# endif /* OPENSSL_THREADS */ + # define tsan_load(ptr) (*(ptr)) # define tsan_store(ptr, val) (*(ptr) = (val)) # define tsan_counter(ptr) ((*(ptr))++) diff -Nru openssl-3.0.1/include/openssl/bio.h.in openssl-3.0.2/include/openssl/bio.h.in --- openssl-3.0.1/include/openssl/bio.h.in 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/openssl/bio.h.in 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -209,6 +209,8 @@ # define BIO_FLAGS_NONCLEAR_RST 0x400 # define BIO_FLAGS_IN_EOF 0x800 +/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */ + typedef union bio_addr_st BIO_ADDR; typedef struct bio_addrinfo_st BIO_ADDRINFO; diff -Nru openssl-3.0.1/include/openssl/crypto.h.in openssl-3.0.2/include/openssl/crypto.h.in --- openssl-3.0.1/include/openssl/crypto.h.in 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/openssl/crypto.h.in 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -125,7 +125,7 @@ size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); size_t OPENSSL_strnlen(const char *str, size_t maxlen); -int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlen, +int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, const unsigned char *buf, size_t buflen, const char sep); char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen); diff -Nru openssl-3.0.1/include/openssl/ec.h openssl-3.0.2/include/openssl/ec.h --- openssl-3.0.1/include/openssl/ec.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/openssl/ec.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -20,6 +20,8 @@ # include # include +# include + # ifdef __cplusplus extern "C" { # endif @@ -1548,6 +1550,7 @@ # define EVP_EC_gen(curve) \ EVP_PKEY_Q_keygen(NULL, NULL, "EC", (char *)(strstr(curve, ""))) + /* strstr is used to enable type checking for the variadic string arg */ # define ECParameters_dup(x) ASN1_dup_of(EC_KEY, i2d_ECParameters, \ d2i_ECParameters, x) diff -Nru openssl-3.0.1/include/openssl/engine.h openssl-3.0.2/include/openssl/engine.h --- openssl-3.0.1/include/openssl/engine.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/openssl/engine.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -801,6 +801,7 @@ CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ fns->mem_fns.realloc_fn, \ fns->mem_fns.free_fn); \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ skip_cbs: \ if (!fn(e, id)) return 0; \ return 1; } diff -Nru openssl-3.0.1/include/openssl/evp.h openssl-3.0.2/include/openssl/evp.h --- openssl-3.0.1/include/openssl/evp.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/openssl/evp.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -205,8 +205,8 @@ * don't accidentally reuse the values for other purposes. */ -# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS - * digest in FIPS mode */ +/* This flag has no effect from openssl-3.0 onwards */ +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* * The following PAD options are also currently ignored in 1.0.0, digest diff -Nru openssl-3.0.1/include/openssl/self_test.h openssl-3.0.2/include/openssl/self_test.h --- openssl-3.0.1/include/openssl/self_test.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/openssl/self_test.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -73,10 +73,6 @@ # define OSSL_SELF_TEST_DESC_KDF_TLS13_EXPAND "TLS13_KDF_EXPAND" # define OSSL_SELF_TEST_DESC_RNG "RNG" -# ifdef __cplusplus -} -# endif - void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK *cb, void *cbarg); void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, @@ -90,4 +86,7 @@ int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes); void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret); +# ifdef __cplusplus +} +# endif #endif /* OPENSSL_SELF_TEST_H */ diff -Nru openssl-3.0.1/include/openssl/ssl.h.in openssl-3.0.2/include/openssl/ssl.h.in --- openssl-3.0.1/include/openssl/ssl.h.in 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/include/openssl/ssl.h.in 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1308,6 +1308,7 @@ # define SSL_CTRL_GET_SIGNATURE_NID 132 # define SSL_CTRL_GET_TMP_KEY 133 # define SSL_CTRL_GET_NEGOTIATED_GROUP 134 +# define SSL_CTRL_SET_RETRY_VERIFY 136 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -2130,6 +2131,8 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) # define SSL_set_max_pipelines(ssl,m) \ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +# define SSL_set_retry_verify(ssl) \ + (SSL_ctrl(ssl,SSL_CTRL_SET_RETRY_VERIFY,0,NULL) > 0) void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); void SSL_set_default_read_buffer_len(SSL *s, size_t len); diff -Nru openssl-3.0.1/NEWS.md openssl-3.0.2/NEWS.md --- openssl-3.0.1/NEWS.md 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/NEWS.md 2022-03-15 14:30:24.000000000 +0000 @@ -18,6 +18,11 @@ OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022] + + * Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever + for non-prime moduli ([CVE-2022-0778]) + ### Major changes between OpenSSL 3.0.0 and OpenSSL 3.0.1 [14 Dec 2021] * Fixed invalid handling of X509_verify_cert() internal errors in libssl diff -Nru openssl-3.0.1/os-dep/haiku.h openssl-3.0.2/os-dep/haiku.h --- openssl-3.0.1/os-dep/haiku.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/os-dep/haiku.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,2 +1,11 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + #include #include diff -Nru openssl-3.0.1/providers/common/der/DIGESTS.asn1 openssl-3.0.2/providers/common/der/DIGESTS.asn1 --- openssl-3.0.1/providers/common/der/DIGESTS.asn1 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/common/der/DIGESTS.asn1 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,10 @@ +-- Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +-- +-- Licensed under the Apache License 2.0 (the "License"). You may not use +-- this file except in compliance with the License. You can obtain a copy +-- in the file LICENSE in the source distribution or at +-- https://www.openssl.org/source/license.html + -- ------------------------------------------------------------------- -- From https://tools.ietf.org/html/rfc4055#section-2.1 diff -Nru openssl-3.0.1/providers/common/der/DSA.asn1 openssl-3.0.2/providers/common/der/DSA.asn1 --- openssl-3.0.1/providers/common/der/DSA.asn1 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/common/der/DSA.asn1 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,10 @@ +-- Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +-- +-- Licensed under the Apache License 2.0 (the "License"). You may not use +-- this file except in compliance with the License. You can obtain a copy +-- in the file LICENSE in the source distribution or at +-- https://www.openssl.org/source/license.html + -- ------------------------------------------------------------------- -- Taken from RFC 3279, 3 ASN.1 Module -- (https://www.rfc-editor.org/rfc/rfc3279.html#section-3) diff -Nru openssl-3.0.1/providers/common/der/EC.asn1 openssl-3.0.2/providers/common/der/EC.asn1 --- openssl-3.0.1/providers/common/der/EC.asn1 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/common/der/EC.asn1 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,10 @@ +-- Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +-- +-- Licensed under the Apache License 2.0 (the "License"). You may not use +-- this file except in compliance with the License. You can obtain a copy +-- in the file LICENSE in the source distribution or at +-- https://www.openssl.org/source/license.html + -- ------------------------------------------------------------------- -- Taken from RFC 3279, 3 ASN.1 Module -- (https://www.rfc-editor.org/rfc/rfc3279.html#section-3) diff -Nru openssl-3.0.1/providers/common/der/ECX.asn1 openssl-3.0.2/providers/common/der/ECX.asn1 --- openssl-3.0.1/providers/common/der/ECX.asn1 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/common/der/ECX.asn1 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,9 @@ +-- Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +-- +-- Licensed under the Apache License 2.0 (the "License"). You may not use +-- this file except in compliance with the License. You can obtain a copy +-- in the file LICENSE in the source distribution or at +-- https://www.openssl.org/source/license.html -- ------------------------------------------------------------------- -- Taken from RFC 8410, 9 ASN.1 Module diff -Nru openssl-3.0.1/providers/common/der/NIST.asn1 openssl-3.0.2/providers/common/der/NIST.asn1 --- openssl-3.0.1/providers/common/der/NIST.asn1 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/common/der/NIST.asn1 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,10 @@ +-- Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +-- +-- Licensed under the Apache License 2.0 (the "License"). You may not use +-- this file except in compliance with the License. You can obtain a copy +-- in the file LICENSE in the source distribution or at +-- https://www.openssl.org/source/license.html + -- ------------------------------------------------------------------- -- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration diff -Nru openssl-3.0.1/providers/common/der/RSA.asn1 openssl-3.0.2/providers/common/der/RSA.asn1 --- openssl-3.0.1/providers/common/der/RSA.asn1 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/common/der/RSA.asn1 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,10 @@ +-- Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +-- +-- Licensed under the Apache License 2.0 (the "License"). You may not use +-- this file except in compliance with the License. You can obtain a copy +-- in the file LICENSE in the source distribution or at +-- https://www.openssl.org/source/license.html + -- ------------------------------------------------------------------- -- Taken from RFC 8017, Appendix C -- (https://www.rfc-editor.org/rfc/rfc8017.html#appendix-C) diff -Nru openssl-3.0.1/providers/common/der/SM2.asn1 openssl-3.0.2/providers/common/der/SM2.asn1 --- openssl-3.0.1/providers/common/der/SM2.asn1 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/common/der/SM2.asn1 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,10 @@ +-- Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +-- +-- Licensed under the Apache License 2.0 (the "License"). You may not use +-- this file except in compliance with the License. You can obtain a copy +-- in the file LICENSE in the source distribution or at +-- https://www.openssl.org/source/license.html + oscca OBJECT IDENTIFIER ::= { iso(1) member-body(2) cn(156) 10197 } sm-scheme OBJECT IDENTIFIER ::= { oscca 1 } diff -Nru openssl-3.0.1/providers/common/der/wrap.asn1 openssl-3.0.2/providers/common/der/wrap.asn1 --- openssl-3.0.1/providers/common/der/wrap.asn1 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/common/der/wrap.asn1 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,10 @@ +-- Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +-- +-- Licensed under the Apache License 2.0 (the "License"). You may not use +-- this file except in compliance with the License. You can obtain a copy +-- in the file LICENSE in the source distribution or at +-- https://www.openssl.org/source/license.html + -- ------------------------------------------------------------------- -- Taken from RFC 3370, Section 4.3.1 Triple-DES Key Wrap -- (https://tools.ietf.org/html/rfc3370) diff -Nru openssl-3.0.1/providers/fips/self_test_data.inc openssl-3.0.2/providers/fips/self_test_data.inc --- openssl-3.0.1/providers/fips/self_test_data.inc 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/fips/self_test_data.inc 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ { name, OSSL_PARAM_OCTET_STRING, ITM(data) } #define ST_KAT_PARAM_UTF8STRING(name, data) \ { name, OSSL_PARAM_UTF8_STRING, ITM_STR(data) } -#define ST_KAT_PARAM_UTF8CHAR(name, data) \ +#define ST_KAT_PARAM_UTF8CHAR(name, data) \ { name, OSSL_PARAM_UTF8_STRING, ITM(data) } #define ST_KAT_PARAM_INT(name, i) \ { name, OSSL_PARAM_INTEGER, ITM(i) } @@ -1291,9 +1291,15 @@ ST_KAT_PARAM_END() }; +/*- + * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient + * HP/UX PA-RISC compilers. + */ +static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; + static const ST_KAT_PARAM rsa_enc_params[] = { - ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, - OSSL_PKEY_RSA_PAD_MODE_NONE), + ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), ST_KAT_PARAM_END() }; diff -Nru openssl-3.0.1/providers/fips.checksum openssl-3.0.2/providers/fips.checksum --- openssl-3.0.1/providers/fips.checksum 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/fips.checksum 2022-03-15 14:30:24.000000000 +0000 @@ -1 +1 @@ -a59d74b7f6b55bd9d58d55876562fdd00d28dbb3c942ae80ccea859da4624f1d providers/fips-sources.checksums +0223646a9f0ba5ca3bd4dc320fe5a647c8b4d48cc1e273b09acceeabc035c19e providers/fips-sources.checksums diff -Nru openssl-3.0.1/providers/fips-sources.checksums openssl-3.0.2/providers/fips-sources.checksums --- openssl-3.0.1/providers/fips-sources.checksums 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/fips-sources.checksums 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ 0e22ea0cf34ef3871e30df0bc302dc29352d38001d1622ddb78a27a374b6aee8 crypto/aes/aes_cbc.c -cfd71afe1588c2c362b77fa7f6cddf77a517c49856df086b01391bbae3f779c4 crypto/aes/aes_core.c +c049a936d74100fcced225f575d46662792a6a0039777d2d4df0cf61eff90a68 crypto/aes/aes_core.c 3fac41ce96acb9189eac2d5571425c3ff33a34c884ae7e275e1fd3068b5fc662 crypto/aes/aes_ecb.c c1e674d08683a25bc053f6233f73a0d0b3a90aafe591ff57b702c7da1582e4a5 crypto/aes/aes_local.h a2466f18da5847c7d9fbced17524633c10ce024671a72f53f9c9c55b9b9923dd crypto/aes/aes_misc.c @@ -69,12 +69,12 @@ 3962dfaa0142e67115ab84f7809d46d59bd122758be09a081b08b2e0d4743b2e crypto/bn/bn_asm.c 3e86e6e5777499703420afade11dd23a7c6912f8eccd08da47308c7aadd7459d crypto/bn/bn_blind.c 7b761d541e3b7f6a3f2b14a09b2b3836a079a845cf67a54db4853e3fd38277c6 crypto/bn/bn_const.c -69b864ae1f230c6c1cbc8f512031a107fcc43651aeceafcb6647b2b222a6f7f8 crypto/bn/bn_conv.c +58b587e20404efa408b31a88ba9c357059ced709bea78c07deb91df7b687db81 crypto/bn/bn_conv.c 2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a crypto/bn/bn_ctx.c d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c a837ba52750ab30a57b6dd2fd4cf901e18a891a189b089f83add2f5dc8138eb7 crypto/bn/bn_div.c 160ea2c916774d6a7f8130e0a05cad7c0a954b4726c15017b3df67e3285231f3 crypto/bn/bn_exp.c -617d0fd580faf72aa144f9489d6d102e2a1c4953713ac31a2b1feea4fabb2f6c crypto/bn/bn_exp2.c +ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c b32d83cee8c00d837a7e4fb8af3f5cf17cb8d2419302e8f5fbcf62119092e874 crypto/bn/bn_gcd.c 4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c 081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c @@ -93,18 +93,18 @@ 9d8c10645db51c3baedf57d5f0f32b67fc7eba223c192bc1ae7d87af40307e59 crypto/bn/bn_rsa_fips186_4.c 704b0b4723e5c9e9bae5f3e35f9ae8ae8dca3383929e954de9e5169845abfdb2 crypto/bn/bn_shift.c 622e90766b29e0d25f46474429aebda8eba2246835b9e85dc26da7cdbd49334f crypto/bn/bn_sqr.c -8e397a44eefa00ecb85fafc11fe8c883b3bb1572d6ac136373946d472fbe2490 crypto/bn/bn_sqrt.c +42c8ce944c889abcfcf089d0ad2744b7587696d8d7785efa91b3f7ec53dc062a crypto/bn/bn_sqrt.c 24e62baa56e02f2db6454e10168b7c7fa7638db9221b9acda1803d43f38f36e0 crypto/bn/bn_word.c 3a85d20f80c4d96b3704e58b173fc876ec81f19eac805ae2b125c138c91c86c4 crypto/bn/rsaz_exp.c affabb87861653b216e746d6c2fce5c2ac395b0ca570d439508e9f5e102ee340 crypto/bn/rsaz_exp.h -e18b943bfc1623597d6233421c358f3453bb0f026f28ae11cfd3b3c484c0bc4b crypto/bn/rsaz_exp_x2.c +46e6c75a334558586ab3610bbea0e5565273888bf60d891ae7b24251c6688aef crypto/bn/rsaz_exp_x2.c 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c 23d46ae37a8d9452c0c88418d2cb8350153f8c2c6060234130a2e429da2370e0 crypto/cmac/cmac.c -b352903e60908dc7287051983e2068508715b4d9f3f46575540295010908bfa0 crypto/context.c +7f24e4937e0af857e233afbb6a7f25b09b1e5674185242a5cc8f579a45bbf1da crypto/context.c 83b8912fb01bacfe0b5269c7afa69db7e1718530cce1ed27870abef1407951d6 crypto/core_algorithm.c 60321d1af7bf9697d969438f6b319fbcb4fdc1a47a0b056d02b971973a8550ca crypto/core_fetch.c -4982395fa843f62c83b95f81e1f5622d799a2fe17108bde44cdab935b77e8ae1 crypto/core_namemap.c +7d090f71175f28fdc400455fdbc68340a545556d16cb1f6251ac92ebb63a38c1 crypto/core_namemap.c 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c 71f0fff881eb4c5505fb17662f0ea4bbff24c6858c045a013ad8f786b07da5c4 crypto/cryptlib.c a3d146afa1d66cc3bbfdc7c106f262b679bb5aecce54e8dee732ae9b3e3333db crypto/ctype.c @@ -116,15 +116,15 @@ 499513b3ad386fe694c4e04b3c8a9fd4c4e18fc44bb6c4f94d6bf2d9362a3a5a crypto/des/ncbc_enc.c 61926e30dd940616e80936d1c94c5f522daf0d475fb3a40a9e589e78f322901e crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h -0209b1ff430e2c237bf96e2e283c24df4b6708014c5a7005b295c28733d2a8ce crypto/dh/dh_backend.c +816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c 832e5a1caf9cb0dacfd937fc59252aaac7c5c1bf0ae1a9ebf3c3af6e59dcf4c0 crypto/dh/dh_check.c 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c 70f4cf3485a38cd7d22aa3e965bfe950905f8efec1622e832592a6728498fd78 crypto/dh/dh_group_params.c 7809cbfd5570db17dcb4bd8f0cf9c5f94337096d39da453d0624c08f071e809f crypto/dh/dh_kdf.c -c71b8691416a61c306ea0973ca22570a56d3e9e93618a3eb2fd7b9d9a789ca44 crypto/dh/dh_key.c +0afa7dd237f9b21b0cfb0de10505facd57eb07ded905d888d43a1de2356d4002 crypto/dh/dh_key.c b0046b2c4e1d74ff4e93f2486a00f63728909b8a75cbdd29b9100e607f97995c crypto/dh/dh_lib.c 8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h -27d0ea795bb7f571ba37b7460eee63608b9089a95337491c0980b91135563e15 crypto/dsa/dsa_backend.c +bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7 crypto/dsa/dsa_check.c ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c b1de1624e590dbf76f76953802ff162cc8de7c5e2eaba897313c866424d6902b crypto/dsa/dsa_key.c @@ -167,7 +167,7 @@ 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c 28726bc957ea821639b1023e5bff0e77ced61bae31f96c165e33aadfe0bc5c9a crypto/ec/ec_key.c 7e40fc646863e0675bbb90f075b809f61bdf0600d8095c8366858d9533ab7700 crypto/ec/ec_kmeth.c -2db28a620fa62889c816dca25bb1153c99af2e8604beb3b1655495da96f2c965 crypto/ec/ec_lib.c +074a5345ea71ff3fdfb8e0be360391a7640719f1a8a4eae8580c8f02e57af880 crypto/ec/ec_lib.c a8a4690e42b4af60aad822aa8b16196df337906af53ea4db926707f7b596ff27 crypto/ec/ec_local.h fa901b996eb0e460359cd470843bdb03af7a77a2f1136c5e1d30daef70f3e4d2 crypto/ec/ec_mult.c 129c6b42417bfcf582f4a959cfd65433e6f85b158274f4fa38f9c62615ac9166 crypto/ec/ec_oct.c @@ -186,30 +186,30 @@ 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c 28abc295dad8888b5482eb61d31cd78dd80545ecb67dc6f9446a36deb8c40a5e crypto/evp/asymcipher.c 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c -e696c10cc2ed2fc5552e659b343af751b9edc3b4dbce1a2108d21e8b10424657 crypto/evp/digest.c +7fca5ec7c5723b799a7d84d5803071b8f495511e1baf89d430e6800a5228cdad crypto/evp/digest.c 5e2c5d865029ae86855f15e162360d091f28ca0d4c67260700c90aa25faf308b crypto/evp/ec_support.c -37b5e0bdb30a24c925a26f818828fd3b4ab4c1725f84797260556c0f47f2b76d crypto/evp/evp_enc.c -d8162b57e041e83da55efe6f073d156a00b8d7a3b2fb7782b05295f2c0ea3c14 crypto/evp/evp_fetch.c +2724dc804304135bc874bd305e14b811169a9e4a62176220a0d5e83f152c2546 crypto/evp/evp_enc.c +0cd2765bf33d998f96d6e8193b2bf27293bcc6a37b7bef7dfd6ec54952ad3c8f crypto/evp/evp_fetch.c 029df8bb80a2fb45c22765234b9041ffce82735108e0b11580fd3fbd805362dd crypto/evp/evp_lib.c 9ac3d97d756ec008db16dd1952115b551f32b2d0590d9a85e1c87d1c78620257 crypto/evp/evp_local.h e822c16fc4dc30f2c86e8598c721a9ddfe46d318ce78f4e8e883cdcf8b936221 crypto/evp/evp_rand.c 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c -5496cf34a1643923ff434e4ae16ee203a626b36685e98201dec30547857847d8 crypto/evp/exchange.c +06442eff7fd25971d247fa3a769c6df56f5eb8cdedbd764cd2daa7e0c7ab3f2f crypto/evp/exchange.c a3164e3247e2a38f4f9a20db463779b5260e4e6639ac8eec6e960b265fc8cce5 crypto/evp/kdf_lib.c 1d72f5506984df1df8606e8c7045f041cf517223e2e1b50c4da8ba8bf1c6c186 crypto/evp/kdf_meth.c 38715a14f202e7d24602e5cc19d2f78abbd9f5fa3dde8d7b2bfded907690e18f crypto/evp/kem.c -787105780e2aa625bfedfbfd7167be16f743883d02a897969695ad8e637298af crypto/evp/keymgmt_lib.c +724d2ac784d6f22cb0a382abc23ac0f2d76f2f6831fcd09e101f6f27d0c3e4ed crypto/evp/keymgmt_lib.c 3d0a2c5fea0d9bb01a09e1eabc041e3bc76ba4ee90bc0af54ef414e7ca3a531f crypto/evp/keymgmt_meth.c e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c 5b8b0bcd4b720b66ce6bc54090ec333891126bb7f6cce4502daf2333668c3db9 crypto/evp/mac_lib.c e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac_meth.c b976077a1f880768f2f0a1c996a53dfdd363605e4977c56fb37e9c1f84f35aa6 crypto/evp/p_lib.c 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c -bbce11755bcc5ba2ee8e9c1eb95905447136f614fdc2b0f74cf785fe81ead6a5 crypto/evp/pmeth_gn.c +1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c 76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c f3a5cbbccb1078cf1fafd74c4caa9f30827081832fbe6dfa5579b17ef809776c crypto/evp/signature.c b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c -00ca3b72cd56308aabb2826b6a400c675526afa7efca052d39c74b2ac6d137d8 crypto/ffc/ffc_backend.c +324feb067d0f8deb4334f3e6518f570114cb388c85b24f9232bd931a64ff0a9e crypto/ffc/ffc_backend.c ead786b4f5689ab69d6cca5d49e513e0f90cb558b67e6c5898255f2671f1393d crypto/ffc/ffc_dh.c 82abf1f9645336b7dff5e3fa153899280ecaa27b3dad50e6a9ba94d871961888 crypto/ffc/ffc_key_generate.c 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b crypto/ffc/ffc_key_validate.c @@ -219,8 +219,8 @@ 0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c -e82f2213ac9438af20a2b19743c6c790d841acf89429868c9d1770f3f06a597a crypto/lhash/lhash.c -95ceca6a32b1d8a2e3a172121e7b3379267867a8c1d2b5cf2c1fbb16d1f8424c crypto/lhash/lhash_local.h +f0782ee92b6ebf5a0e66b970ecfbd9c9c6fc4a35ccd055967fbb402577c234ab crypto/lhash/lhash.c +73d63f91fbaba47649231636c5afdf76d049a46436fde9fbb2e107cf16bb879e crypto/lhash/lhash_local.h f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c 183bdca6f855182d7d2c78a5c961b34283f85ea69ac828b700605ee82546397d crypto/modes/asm/aes-gcm-armv8_64.pl 1d686af304f94743038f916125effcb51790c025f3165d8d37b526bbeee781f0 crypto/modes/asm/aesni-gcm-x86_64.pl @@ -243,7 +243,7 @@ bdf25257b15eca206be4d950d2dd807ca5f058f91f54edbd7a0d312ed83eef8e crypto/modes/ofb128.c e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/wrap128.c 608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c -ca8f63ee71797f51c2bf5629190897306b3308882feb3d64c982239f18e8b738 crypto/o_str.c +ecb4a6f28a0acdb00cb654612e26cd4c825d9f83b15d42cefc1ccd47b00f8eb0 crypto/o_str.c 7b8d9f5dfe00460df5fbcfd4a5f2f36128020ebd2ced85ff5071b91f98740b2e crypto/packet.c cc4483ec9ba7a30908e3a433a6817e2f211d4c1f69c206e6bae24bbd39a68281 crypto/param_build.c c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c @@ -251,18 +251,18 @@ 4f2a8c9acf5898fdc1e4bf98813049947221cd9a1db04faaa490250591f54cb4 crypto/params_dup.c a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3 crypto/property/defn_cache.c -b09bfc2cdde7ab703b54630a67cc8d01ca92af402be246e5a9f82d176abd9442 crypto/property/property.c +9153343b26e5c2c4f6009d37a12d6af85681ed0c7d3f58de2ace44dfd789a59b crypto/property/property.c a2c69527b60692a8b07cfdfe7e75f654daa092411d5de5e02b446a4ef3752855 crypto/property/property_local.h c3217b73871d93d81ab9f15e9f1fc37ea609bbe4bbc0c1b84ec62a99c91f6756 crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c -c56fb722699e1148dc392bad8069292e6521e7498c8aa9572661af118ff59e16 crypto/provider_core.c +01d2e5be52d94efdff4329281b3609c7fa57162ab6143492c380c96952df1396 crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c -5d16318d3a36b06145af74afa3523109768990a33457c81895c7ab8a830654f8 crypto/rand/rand_lib.c +4e6b7d1d8278067c18bcb5e3ac9b7fe7e9b1d0d03bc5a276275483f541d1a12c crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c -8b93871f1f0392704d29028b8c93281be62cf02d0f79f9831bdabcd7a378df5b crypto/rsa/rsa_backend.c +054f8e32eabb218d219a5fa8cb40f6e76bc5a395d03e4f83c5f2b703a5a476b9 crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c 21794dcb6bfebcf9a14d4f8aa7fab8f745b595433b388b55f46ba6e615d90f98 crypto/rsa/rsa_gen.c @@ -271,7 +271,7 @@ cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c 33de2accc3af530fd0a4758eb83d5e1d994bf49bac4512b01387dbae656e1a7d crypto/rsa/rsa_oaep.c -a2fd2e4e31ec53d01a575ccaf03bad5a270412ff66804cf0b5fa40492b89181d crypto/rsa/rsa_ossl.c +1b58825809bb9c5fc9e876d71e5b787b08f034eaee3c30eb20d30a1d889bdbd5 crypto/rsa/rsa_ossl.c be3f39c1fcb777d6c0122061f9ef735d10a6bee95d67fcc1ca6ae2a664022d2b crypto/rsa/rsa_pk1.c 174a42e156be48927fe6d6bf0d95575619b8e643a99761275bff933bc3449722 crypto/rsa/rsa_pss.c bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170 crypto/rsa/rsa_schemes.c @@ -344,22 +344,22 @@ e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504 include/crypto/cryptlib.h 5ee1ea30382bef9869f29b6610665ca304f3b9cf3653746a2d02c64b1a24f103 include/crypto/ctype.h 89693e0a7528a9574e1d2f80644b29e3b895d3684111dd07c18cc5bed28b45b7 include/crypto/des_platform.h -830da1513661794e979f7cca2bba1792224e3b3d20d4f10f6f5c6566d9b7e723 include/crypto/dh.h -7ddd70f02371c7bd190414369d2bbe7c9c6d2de085dfe1e3eab0c4082f803ca1 include/crypto/dsa.h +daf508bb7ed5783f1c8c622f0c230e179244dd3f584e1223a19ab95930fbcb4f include/crypto/dh.h +20d99c9a740e4d7d67e23fa4ae4c6a39d114e486c66ad41b65d91a8244cd1dea include/crypto/dsa.h 2ea47c059e84ce9d14cc31f4faf45f64d631de9e2937aa1d7a83de5571c63574 include/crypto/ec.h edbfae8720502a4708983b60eac72aa04f031059f197ada31627cb5e72812858 include/crypto/ecx.h -782ea27154525789cd49afd36a8056457dfab4ea662481b502363cc0a55ed34e include/crypto/evp.h +cca363846ac7ef1f6196e5ac858d03bf78545af2de4f83a0150575c037813e4b include/crypto/evp.h bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto/lhash.h 162812058c69f65a824906193057cd3edeabc22f51a4220aea7cb9064379a9b6 include/crypto/md32_common.h f12bfc145290444bcc7bf408874bded348e742443c145b8b5bc70ae558d96c31 include/crypto/modes.h 0e4472433ca4008aa4fc9234761be70f323a22a4519bb9d62728dc001d606f04 include/crypto/rand.h 90930fc8788d6e04e57829346e0405293ac7a678c3cef23d0692c742e9586d09 include/crypto/rand_pool.h -bd5ce686c97a8a3a0e3d7ca1e4f16706fd51df5da9673169303a4428d62da233 include/crypto/rsa.h +306abf9d327a9e63fff2cdef730275abc4d2781254a032b1f370f3428eb5a2ef include/crypto/rsa.h 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h 0f743762f646656b5480648c05632575fe8acc7506460c63e0fcdf42cf20c08a include/crypto/sha.h 7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h 5bfeea62d21b7cb43d9a819c5cd2800f02ea019687a8331abf313d615889ad37 include/crypto/types.h -a1778b610a244f49317a09e1e6c78b5fb68bc6d003ffdea0f6eefe5733ee5b5f include/internal/bio.h +782a83d4e489fd865e2768a20bfa31e78c2071fd0ceeb9eb077276ae2bcc6590 include/internal/bio.h 92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131 include/internal/constant_time.h 71ddae419297069056065ab71f32fe88b09ddbe4db2200a759fedd8ad4349628 include/internal/core.h d7ddeab97434a21cb2cad1935a3cb130f6cd0b3c75322463d431c5eab3ab1ae1 include/internal/cryptlib.h @@ -383,7 +383,7 @@ 24f41a1985fa305833c3f58030c494d2563d15fc922cdf3eeb6a7ea8c135a880 include/internal/symhacks.h 640cc6a2aae208073a7f495c08b4c5006a69e8ac1c2d9aaaafd56b0e74d5f859 include/internal/thread_once.h 415b725d7f949a6191ab7bb30b48931bafc01c7aa93607e529fabbc853a4ddc5 include/internal/tlsgroups.h -b24938409313384024524cbde837690d83119bcb70fb289b38cb7efa8e082852 include/internal/tsan_assist.h +fc0f9199487ef278b9fd317d1572db3e3fb95e182055f0e49c4d8faf78ed7dd2 include/internal/tsan_assist.h 2b38fb6e65d549aca3b2c76907daf67124f395251c0261dec26faa54da8d6d73 include/openssl/aes.h 98aa2fc5eae9ef2a36d3d0053212696d58893baa083fa1fcf720660fb4bc0a9f include/openssl/asn1.h.in d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429 include/openssl/asn1err.h @@ -402,7 +402,7 @@ df5e60af861665675e4a00d40d15e36884f940e3379c7b45c9f717eaf1942697 include/openssl/core.h 00110e80b9b4f621c604ea99f05e7a75d3db4721fc2779224e6fa7e52f06e345 include/openssl/core_dispatch.h cbd9d7855ca3ba4240207fc025c22bbfef7411116446ff63511e336a0559bed0 include/openssl/core_names.h -d165f5c61bfe17ba366a3ba94afb30d3c8ce6b21e9cff59a15f3622f2654ae49 include/openssl/crypto.h.in +8880892256a4d2dd7a9be91f23518f71e5037dbd377cd41bdb4c1f3cb3c7ee2d include/openssl/crypto.h.in 1d1697bd3e35920ff9eaec23c29472d727a7fc4d108150957f41f6f5ecf80f1a include/openssl/cryptoerr.h bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d include/openssl/des.h @@ -412,7 +412,7 @@ 335eb40a33cd1e95e7783bda2d031ec2bcf02cff8aa804ba3484d1354452b7ea include/openssl/dsaerr.h 41bf49e64e1c341a8c17778147ddeba35e88dfd7ff131db6210e801ef25a8fd5 include/openssl/e_os2.h bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openssl/ebcdic.h -0ad64e592528898c84f2a16e2a03749774b908b3a9944a7f9aa54b1f95094dfb include/openssl/ec.h +33b6321d1c6b7b1621198346946401bb81472054aa236b03c6f22f247248d2ad include/openssl/ec.h cbbf74efc7fdb020f06840c856ad7fe97553944f4cc3c197fbb004de38158048 include/openssl/ecerr.h 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h @@ -441,7 +441,7 @@ c1015b77c444a3816d2ea7ad770f1c3b79a1e54887930af6dd662895701f3323 include/openssl/rsa.h 2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in -2702c0c5b8df31f764aa97d44c8a2b00b4b91c3482fd8ca5e1c5c91dfc61dc58 include/openssl/self_test.h +af5cc56fb31161ccd87cf925f3d3f22119dfbca78bc39a2e2d65d78bfcf0f0c6 include/openssl/self_test.h 2964274ab32b1ba8578a06b06663db2eda4317ae806369271d889176bb5a7d04 include/openssl/sha.h c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h @@ -485,7 +485,7 @@ a4dc9bf2d77e34175737b7b8d28fbe90815ac0e2904e3ac2d9e2a271f345ef20 providers/fips/fipsprov.c fdbaf748044ce54f13e673b92db876e32436e4d5644f443cc43d063112a89676 providers/fips/self_test.c f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h -7a23cc81ca7542325634891d1982c70e68a27914b088a51ca60249d54031bfc2 providers/fips/self_test_data.inc +5b3379a3d382c4dad37841dbd58b77ed5ff712b0a37c485771b828fa9b39c351 providers/fips/self_test_data.inc 2f4f23ebc2c7ed5ef71c98ca71f06b639112a1dea04784c46af58083482c150f providers/fips/self_test_kats.c f054b24ea53ad5db41dd7f37f20f42166ed68b832121a94858cb0173b1aaeb1d providers/implementations/asymciphers/rsa_enc.c 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c @@ -515,7 +515,7 @@ f358c4121a8a223e2c6cf009fd28b8a195520279016462890214e8858880f632 providers/implementations/ciphers/cipher_aes_xts_hw.c f2e7404005e0602c4cc90b49b7af7453aa5b8644720ca1028d93e78bc28a7c09 providers/implementations/ciphers/cipher_cts.c 74640ce402acc704af72e055fb7f27e6aa8efd417babc56f710478e571d8631c providers/implementations/ciphers/cipher_cts.h -06d8f86ec724075e7f72dabfb675b5c85a93c01997e4142fbaa8482e617f4ae5 providers/implementations/ciphers/cipher_tdes.c +fcc3bb0637864252402aaa9d543209909df9a39611127f777b168bc888498dc0 providers/implementations/ciphers/cipher_tdes.c 77709f7fc3f7c08986cd4f0ebf2ef6e44bacb975c1483ef444b3cf5e5071f9d6 providers/implementations/ciphers/cipher_tdes.h 9e07260067083c76d26eb0dd8a8bb4a8dac678812644ff88951a0661be70d9fd providers/implementations/ciphers/cipher_tdes_common.c 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25 providers/implementations/ciphers/cipher_tdes_hw.c @@ -530,7 +530,7 @@ 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d providers/implementations/digests/digestcommon.c 80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057 providers/implementations/digests/sha2_prov.c de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173 providers/implementations/digests/sha3_prov.c -007d431b3cdb53374c5f5aaef2fcb557e213c23f26e55ebdd32b53527f3f4826 providers/implementations/exchange/dh_exch.c +b5f94d597df72ca58486c59b2a70b4057d13f09528f861ed41a84b7125b54a82 providers/implementations/exchange/dh_exch.c 9c46dc0d859875fcc0bc3d61a7b610cd3520b1bf63718775c1124f54a1fe5f24 providers/implementations/exchange/ecdh_exch.c 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c 06ba83a8a8235bcdbda56f82b017cb19361469fe47c23cc6218a7e9b88ae6513 providers/implementations/exchange/kdf_exch.c @@ -554,20 +554,20 @@ 3c46ec0e14be09a133d709c3a1c3d5ab05a4f1ed5385c3e7a1afb2f0ee47ef7a providers/implementations/kdfs/tls1_prf.c 27bb6ee5e2d00c545635c0c29402b10e74a1831adbc9800c159cbe04f2bfa2f7 providers/implementations/kdfs/x942kdf.c f419a9f6b17cfba1543a3690326188ac8335db66807c58de211a3d69e18f7d4d providers/implementations/kem/rsa_kem.c -6878218c16d5c9c308a414af67790e11912ced638ba9e64668912ec98ca20d9d providers/implementations/keymgmt/dh_kmgmt.c -4f9e8263d529f619766be73a11223b8a3dfaf46b506c17b44d8a1cd9d2eaee54 providers/implementations/keymgmt/dsa_kmgmt.c +7628cfd7c88f37faa557c671a78ff56266691d64075104a514a28cb6fb9a6816 providers/implementations/keymgmt/dh_kmgmt.c +68d5cad49334ad0ee6948329b3784bb43eede84c3bc59ff22cbbe7aed9292672 providers/implementations/keymgmt/dsa_kmgmt.c 3e2798d299d6571c973fc75468e2ac025b7c893ae2f15f14e057430325622a69 providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc -085e1cf54941fa1c1e423b4a75b820945a1c05d1c347d4910d9a772b8c9d9f3a providers/implementations/keymgmt/ecx_kmgmt.c +8871260c1b05832efa8363e5546210004da1683fee74da6c749ebba802b40f2b providers/implementations/keymgmt/ecx_kmgmt.c 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c 260c560930c5aca61225a40ed49dfbb905f2b1fa50728d1388e946358f9d5e18 providers/implementations/keymgmt/mac_legacy_kmgmt.c -9c16e76419aeb422d189ff7c5bf9a07f37abb54043dd47e48d450d68329de933 providers/implementations/keymgmt/rsa_kmgmt.c +d469be20a6d1a3744c1a2d5c26cb3b8ff6339a2242d4ef6e5ed9531551f717c1 providers/implementations/keymgmt/rsa_kmgmt.c 79da66d4b696388d7eab6b2126bccc88908915813d79c4305b8b4d545a500469 providers/implementations/macs/cmac_prov.c 41464d1e640434bb3ff9998f093829d5e2c1963d68033dca7d31e5ab75365fb1 providers/implementations/macs/gmac_prov.c 282c1065f18c87073529ed1bdc2c0b3a1967701728084de6632ddc72c671d209 providers/implementations/macs/hmac_prov.c aa7ba1d39ea4e3347294eb50b4dfcb895ef1a22bd6117d3b076a74e9ff11c242 providers/implementations/macs/kmac_prov.c bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c -f8d24c882fda71c117a00bf4e6c7ffb6b88946c16a816249a5a7499dbdff712d providers/implementations/rands/drbg.c +c7236e6e2e8adce14f8206da0ceef63c7974d4ba1a7dd71b94fa100cac6b46ba providers/implementations/rands/drbg.c b1e7a0b2610aaab5800af7ede0df13a184f4a321a4084652cdb509357c55783b providers/implementations/rands/drbg_ctr.c a05adc3f6d9d6f948e5ead75f0522ed3164cb5b2d301169242f3cb97c4a7fac3 providers/implementations/rands/drbg_hash.c 0876dfae991028c569631938946e458e6829cacf4cfb673d2b144ae50a3160bb providers/implementations/rands/drbg_hmac.c diff -Nru openssl-3.0.1/providers/implementations/ciphers/cipher_tdes.c openssl-3.0.2/providers/implementations/ciphers/cipher_tdes.c --- openssl-3.0.1/providers/implementations/ciphers/cipher_tdes.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/ciphers/cipher_tdes.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,11 +19,7 @@ #include "cipher_tdes.h" #include "prov/implementations.h" -/* - * NOTE: ECB mode does not use an IV - but existing test code is setting - * an IV. Fixing this could potentially make applications break. - */ /* ossl_tdes_ede3_ecb_functions */ -IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block); +IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 0, block); /* ossl_tdes_ede3_cbc_functions */ IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block); diff -Nru openssl-3.0.1/providers/implementations/ciphers/cipher_tdes_default.c openssl-3.0.2/providers/implementations/ciphers/cipher_tdes_default.c --- openssl-3.0.1/providers/implementations/ciphers/cipher_tdes_default.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/ciphers/cipher_tdes_default.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ IMPLEMENT_tdes_cipher(ede3, EDE3, cfb8, CFB, TDES_FLAGS, 64*3, 8, 64, stream); /* ossl_tdes_ede2_ecb_functions */ -IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 64, block); +IMPLEMENT_tdes_cipher(ede2, EDE2, ecb, ECB, TDES_FLAGS, 64*2, 64, 0, block); /* ossl_tdes_ede2_cbc_functions */ IMPLEMENT_tdes_cipher(ede2, EDE2, cbc, CBC, TDES_FLAGS, 64*2, 64, 64, block); /* ossl_tdes_ede2_ofb_functions */ diff -Nru openssl-3.0.1/providers/implementations/encode_decode/decode_der2key.c openssl-3.0.2/providers/implementations/encode_decode/decode_der2key.c --- openssl-3.0.1/providers/implementations/encode_decode/decode_der2key.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/encode_decode/decode_der2key.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -204,19 +204,24 @@ if (!ok) goto next; - ok = 0; /* Assume that we fail */ + ok = 0; /* Assume that we fail */ + ERR_set_mark(); if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { derp = der; if (ctx->desc->d2i_PKCS8 != NULL) { key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); - if (ctx->flag_fatal) + if (ctx->flag_fatal) { + ERR_clear_last_mark(); goto end; + } } else if (ctx->desc->d2i_private_key != NULL) { key = ctx->desc->d2i_private_key(NULL, &derp, der_len); } - if (key == NULL && ctx->selection != 0) + if (key == NULL && ctx->selection != 0) { + ERR_clear_last_mark(); goto next; + } } if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { derp = der; @@ -224,16 +229,24 @@ key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len); else key = ctx->desc->d2i_public_key(NULL, &derp, der_len); - if (key == NULL && ctx->selection != 0) + if (key == NULL && ctx->selection != 0) { + ERR_clear_last_mark(); goto next; + } } if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { derp = der; if (ctx->desc->d2i_key_params != NULL) key = ctx->desc->d2i_key_params(NULL, &derp, der_len); - if (key == NULL && ctx->selection != 0) + if (key == NULL && ctx->selection != 0) { + ERR_clear_last_mark(); goto next; + } } + if (key == NULL) + ERR_clear_last_mark(); + else + ERR_pop_to_mark(); /* * Last minute check to see if this was the correct type of key. This diff -Nru openssl-3.0.1/providers/implementations/encode_decode/decode_epki2pki.c openssl-3.0.2/providers/implementations/encode_decode/decode_epki2pki.c --- openssl-3.0.1/providers/implementations/encode_decode/decode_epki2pki.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/encode_decode/decode_epki2pki.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -68,8 +68,12 @@ PKCS8_PRIV_KEY_INFO *p8inf = NULL; const X509_ALGOR *alg = NULL; BIO *in = ossl_bio_new_from_core_bio(ctx->provctx, cin); - int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + int ok = 0; + if (in == NULL) + return 0; + + ok = (asn1_d2i_read_bio(in, &mem) >= 0); BIO_free(in); /* We return "empty handed". This is not an error. */ diff -Nru openssl-3.0.1/providers/implementations/encode_decode/decode_msblob2key.c openssl-3.0.2/providers/implementations/encode_decode/decode_msblob2key.c --- openssl-3.0.1/providers/implementations/encode_decode/decode_msblob2key.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/encode_decode/decode_msblob2key.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -93,6 +93,9 @@ void *key = NULL; int ok = 0; + if (in == NULL) + return 0; + if (BIO_read(in, hdr_buf, 16) != 16) { ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT); goto next; diff -Nru openssl-3.0.1/providers/implementations/encode_decode/decode_pem2der.c openssl-3.0.2/providers/implementations/encode_decode/decode_pem2der.c --- openssl-3.0.1/providers/implementations/encode_decode/decode_pem2der.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/encode_decode/decode_pem2der.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,7 +33,11 @@ unsigned char **data, long *len) { BIO *in = ossl_bio_new_from_core_bio(provctx, cin); - int ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0); + int ok; + + if (in == NULL) + return 0; + ok = (PEM_read_bio(in, pem_name, pem_header, data, len) > 0); BIO_free(in); return ok; diff -Nru openssl-3.0.1/providers/implementations/encode_decode/decode_pvk2key.c openssl-3.0.2/providers/implementations/encode_decode/decode_pvk2key.c --- openssl-3.0.1/providers/implementations/encode_decode/decode_pvk2key.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/encode_decode/decode_pvk2key.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -88,6 +88,9 @@ void *key = NULL; int ok = 0; + if (in == NULL) + return 0; + ctx->selection = selection; if ((selection == 0 diff -Nru openssl-3.0.1/providers/implementations/encode_decode/encode_key2blob.c openssl-3.0.2/providers/implementations/encode_decode/encode_key2blob.c --- openssl-3.0.1/providers/implementations/encode_decode/encode_key2blob.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/encode_decode/encode_key2blob.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,11 @@ void *data, int len) { BIO *out = ossl_bio_new_from_core_bio(provctx, cout); - int ret = BIO_write(out, data, len); + int ret; + + if (out == NULL) + return 0; + ret = BIO_write(out, data, len); BIO_free(out); return ret; diff -Nru openssl-3.0.1/providers/implementations/encode_decode/encode_key2ms.c openssl-3.0.2/providers/implementations/encode_decode/encode_key2ms.c --- openssl-3.0.1/providers/implementations/encode_decode/encode_key2ms.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/encode_decode/encode_key2ms.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,8 +39,11 @@ EVP_PKEY *pkey, int ispub) { BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout); - int ret = - ispub ? i2b_PublicKey_bio(out, pkey) : i2b_PrivateKey_bio(out, pkey); + int ret; + + if (out == NULL) + return 0; + ret = ispub ? i2b_PublicKey_bio(out, pkey) : i2b_PrivateKey_bio(out, pkey); BIO_free(out); return ret; @@ -50,14 +53,15 @@ EVP_PKEY *pkey) { BIO *out = NULL; - int ret = 0; + int ret; OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); out = ossl_bio_new_from_core_bio(ctx->provctx, cout); + if (out == NULL) + return 0; ret = i2b_PVK_bio_ex(out, pkey, ctx->pvk_encr_level, ossl_pw_pvk_password, &ctx->pwdata, libctx, NULL); BIO_free(out); - return ret; } diff -Nru openssl-3.0.1/providers/implementations/encode_decode/encode_key2text.c openssl-3.0.2/providers/implementations/encode_decode/encode_key2text.c --- openssl-3.0.1/providers/implementations/encode_decode/encode_key2text.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/encode_decode/encode_key2text.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -80,6 +80,9 @@ } hex_str = BN_bn2hex(bn); + if (hex_str == NULL) + return 0; + p = hex_str; if (*p == '-') { ++p; diff -Nru openssl-3.0.1/providers/implementations/encode_decode/endecoder_common.c openssl-3.0.2/providers/implementations/encode_decode/endecoder_common.c --- openssl-3.0.1/providers/implementations/encode_decode/endecoder_common.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/encode_decode/endecoder_common.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,8 +89,11 @@ { BUF_MEM *mem = NULL; BIO *in = ossl_bio_new_from_core_bio(provctx, cin); - int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + int ok; + if (in == NULL) + return 0; + ok = (asn1_d2i_read_bio(in, &mem) >= 0); if (ok) { *data = (unsigned char *)mem->data; *len = (long)mem->length; diff -Nru openssl-3.0.1/providers/implementations/exchange/dh_exch.c openssl-3.0.2/providers/implementations/exchange/dh_exch.c --- openssl-3.0.1/providers/implementations/exchange/dh_exch.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/exchange/dh_exch.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -141,7 +141,7 @@ static int dh_plain_derive(void *vpdhctx, unsigned char *secret, size_t *secretlen, - size_t outlen) + size_t outlen, unsigned int pad) { PROV_DH_CTX *pdhctx = (PROV_DH_CTX *)vpdhctx; int ret; @@ -164,7 +164,7 @@ } DH_get0_key(pdhctx->dhpeer, &pub_key, NULL); - if (pdhctx->pad) + if (pad) ret = DH_compute_key_padded(secret, pub_key, pdhctx->dh); else ret = DH_compute_key(secret, pub_key, pdhctx->dh); @@ -192,13 +192,13 @@ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } - if (!dh_plain_derive(pdhctx, NULL, &stmplen, 0)) + if (!dh_plain_derive(pdhctx, NULL, &stmplen, 0, 1)) return 0; if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return 0; } - if (!dh_plain_derive(pdhctx, stmp, &stmplen, stmplen)) + if (!dh_plain_derive(pdhctx, stmp, &stmplen, stmplen, 1)) goto err; /* Do KDF stuff */ @@ -229,7 +229,8 @@ switch (pdhctx->kdf_type) { case PROV_DH_KDF_NONE: - return dh_plain_derive(pdhctx, secret, psecretlen, outlen); + return dh_plain_derive(pdhctx, secret, psecretlen, outlen, + pdhctx->pad); case PROV_DH_KDF_X9_42_ASN1: return dh_X9_42_kdf_derive(pdhctx, secret, psecretlen, outlen); default: @@ -292,7 +293,12 @@ if (dstctx->kdf_ukm == NULL) goto err; } - dstctx->kdf_cekalg = OPENSSL_strdup(srcctx->kdf_cekalg); + + if (srcctx->kdf_cekalg != NULL) { + dstctx->kdf_cekalg = OPENSSL_strdup(srcctx->kdf_cekalg); + if (dstctx->kdf_cekalg == NULL) + goto err; + } return dstctx; err: @@ -389,9 +395,16 @@ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG); if (p != NULL) { str = name; - if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name))) - return 0; - pdhctx->kdf_cekalg = OPENSSL_strdup(name); + + OPENSSL_free(pdhctx->kdf_cekalg); + pdhctx->kdf_cekalg = NULL; + if (p->data != NULL && p->data_size != 0) { + if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name))) + return 0; + pdhctx->kdf_cekalg = OPENSSL_strdup(name); + if (pdhctx->kdf_cekalg == NULL) + return 0; + } } return 1; } @@ -414,12 +427,12 @@ } static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, NULL), OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, NULL, 0), OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0), OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL), OSSL_PARAM_DEFN(OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CEK_ALG, NULL, 0), OSSL_PARAM_END }; diff -Nru openssl-3.0.1/providers/implementations/keymgmt/dh_kmgmt.c openssl-3.0.2/providers/implementations/keymgmt/dh_kmgmt.c --- openssl-3.0.1/providers/implementations/keymgmt/dh_kmgmt.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/keymgmt/dh_kmgmt.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -201,8 +201,12 @@ if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) ok = ok && ossl_dh_params_fromdata(dh, params); - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && ossl_dh_key_fromdata(dh, params); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = + selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + + ok = ok && ossl_dh_key_fromdata(dh, params, include_private); + } return ok; } @@ -224,8 +228,13 @@ if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) ok = ok && ossl_dh_params_todata(dh, tmpl, NULL); - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && ossl_dh_key_todata(dh, tmpl, NULL); + + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = + selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + + ok = ok && ossl_dh_key_todata(dh, tmpl, NULL, include_private); + } if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { @@ -323,7 +332,7 @@ } return ossl_dh_params_todata(dh, NULL, params) - && ossl_dh_key_todata(dh, NULL, params); + && ossl_dh_key_todata(dh, NULL, params, 1); } static const OSSL_PARAM dh_params[] = { @@ -532,6 +541,7 @@ const DH_NAMED_GROUP *group = NULL; if (p->data_type != OSSL_PARAM_UTF8_STRING + || p->data == NULL || (group = ossl_ffc_name_to_dh_named_group(p->data)) == NULL || ((gctx->group_nid = ossl_ffc_named_group_get_uid(group)) == NID_undef)) { diff -Nru openssl-3.0.1/providers/implementations/keymgmt/dsa_kmgmt.c openssl-3.0.2/providers/implementations/keymgmt/dsa_kmgmt.c --- openssl-3.0.1/providers/implementations/keymgmt/dsa_kmgmt.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/keymgmt/dsa_kmgmt.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -96,7 +96,8 @@ return -1; } -static int dsa_key_todata(DSA *dsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) +static int dsa_key_todata(DSA *dsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], + int include_private) { const BIGNUM *priv = NULL, *pub = NULL; @@ -104,7 +105,8 @@ return 0; DSA_get0_key(dsa, &pub, &priv); - if (priv != NULL + if (include_private + && priv != NULL && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv)) return 0; if (pub != NULL @@ -200,8 +202,12 @@ if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params); - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && ossl_dsa_key_fromdata(dsa, params); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = + selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + + ok = ok && ossl_dsa_key_fromdata(dsa, params, include_private); + } return ok; } @@ -210,17 +216,25 @@ void *cbarg) { DSA *dsa = keydata; - OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); + OSSL_PARAM_BLD *tmpl; OSSL_PARAM *params = NULL; int ok = 1; if (!ossl_prov_is_running() || dsa == NULL) - goto err; + return 0; + + tmpl = OSSL_PARAM_BLD_new(); + if (tmpl == NULL) + return 0; if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) ok = ok && ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), tmpl, NULL); - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && dsa_key_todata(dsa, tmpl, NULL); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = + selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + + ok = ok && dsa_key_todata(dsa, tmpl, NULL, include_private); + } if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) @@ -309,7 +323,7 @@ && !OSSL_PARAM_set_utf8_string(p, DSA_DEFAULT_MD)) return 0; return ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), NULL, params) - && dsa_key_todata(dsa, NULL, params); + && dsa_key_todata(dsa, NULL, params, 1); } static const OSSL_PARAM dsa_params[] = { diff -Nru openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt_imexport.inc openssl-3.0.2/providers/implementations/keymgmt/ec_kmgmt_imexport.inc --- openssl-3.0.1/providers/implementations/keymgmt/ec_kmgmt_imexport.inc 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/keymgmt/ec_kmgmt_imexport.inc 2022-03-15 14:30:24.000000000 +0000 @@ -1,4 +1,13 @@ /* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html +*/ + +/* * This file is meant to be included from ec_kmgmt.c */ diff -Nru openssl-3.0.1/providers/implementations/keymgmt/ecx_kmgmt.c openssl-3.0.2/providers/implementations/keymgmt/ecx_kmgmt.c --- openssl-3.0.1/providers/implementations/keymgmt/ecx_kmgmt.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/keymgmt/ecx_kmgmt.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -194,7 +194,7 @@ { ECX_KEY *key = keydata; int ok = 1; - int include_private = 0; + int include_private; if (!ossl_prov_is_running() || key == NULL) return 0; @@ -202,14 +202,14 @@ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) return 0; - include_private = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0); + include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; ok = ok && ossl_ecx_key_fromdata(key, params, include_private); return ok; } static int key_to_params(ECX_KEY *key, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[]) + OSSL_PARAM params[], int include_private) { if (key == NULL) return 0; @@ -219,7 +219,8 @@ key->pubkey, key->keylen)) return 0; - if (key->privkey != NULL + if (include_private + && key->privkey != NULL && !ossl_param_build_set_octet_string(tmpl, params, OSSL_PKEY_PARAM_PRIV_KEY, key->privkey, key->keylen)) @@ -243,9 +244,12 @@ if (tmpl == NULL) return 0; - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 - && !key_to_params(key, tmpl, NULL)) - goto err; + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0); + + if (!key_to_params(key, tmpl, NULL, include_private)) + goto err; + } params = OSSL_PARAM_BLD_to_param(tmpl); if (params == NULL) @@ -295,7 +299,7 @@ return 0; } - return key_to_params(ecx, NULL, params); + return key_to_params(ecx, NULL, params, 1); } static int ed_get_params(void *key, OSSL_PARAM params[]) diff -Nru openssl-3.0.1/providers/implementations/keymgmt/rsa_kmgmt.c openssl-3.0.2/providers/implementations/keymgmt/rsa_kmgmt.c --- openssl-3.0.1/providers/implementations/keymgmt/rsa_kmgmt.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/keymgmt/rsa_kmgmt.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -190,8 +190,12 @@ &pss_defaults_set, params, rsa_type, ossl_rsa_get0_libctx(rsa)); - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && ossl_rsa_fromdata(rsa, params); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = + selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + + ok = ok && ossl_rsa_fromdata(rsa, params, include_private); + } return ok; } @@ -218,8 +222,12 @@ if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && ossl_rsa_todata(rsa, tmpl, NULL); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = + selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + + ok = ok && ossl_rsa_todata(rsa, tmpl, NULL, include_private); + } if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) @@ -363,7 +371,7 @@ } return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) - && ossl_rsa_todata(rsa, NULL, params); + && ossl_rsa_todata(rsa, NULL, params, 1); } static const OSSL_PARAM rsa_params[] = { @@ -454,19 +462,24 @@ gctx->libctx = libctx; if ((gctx->pub_exp = BN_new()) == NULL || !BN_set_word(gctx->pub_exp, RSA_F4)) { - BN_free(gctx->pub_exp); - OPENSSL_free(gctx); - return NULL; + goto err; } gctx->nbits = 2048; gctx->primes = RSA_DEFAULT_PRIME_NUM; gctx->rsa_type = rsa_type; + } else { + goto err; } - if (!rsa_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); - return NULL; - } + + if (!rsa_gen_set_params(gctx, params)) + goto err; return gctx; + +err: + if (gctx != NULL) + BN_free(gctx->pub_exp); + OPENSSL_free(gctx); + return NULL; } static void *rsa_gen_init(void *provctx, int selection, diff -Nru openssl-3.0.1/providers/implementations/rands/drbg.c openssl-3.0.2/providers/implementations/rands/drbg.c --- openssl-3.0.1/providers/implementations/rands/drbg.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/rands/drbg.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -837,6 +837,10 @@ goto err; } } +#ifdef TSAN_REQUIRES_LOCKING + if (!ossl_drbg_enable_locking(drbg)) + goto err; +#endif return drbg; err: diff -Nru openssl-3.0.1/providers/implementations/storemgmt/file_store.c openssl-3.0.2/providers/implementations/storemgmt/file_store.c --- openssl-3.0.1/providers/implementations/storemgmt/file_store.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/providers/implementations/storemgmt/file_store.c 2022-03-15 14:30:24.000000000 +0000 @@ -175,7 +175,7 @@ if ((ctx = new_file_ctx(IS_DIR, uri, provctx)) == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - goto err; + return NULL; } ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path); diff -Nru openssl-3.0.1/README-FIPS.md openssl-3.0.2/README-FIPS.md --- openssl-3.0.1/README-FIPS.md 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/README-FIPS.md 2022-03-15 14:30:24.000000000 +0000 @@ -64,4 +64,4 @@ Documentation about using the FIPS module is available on the [fips_module(7)] manual page. - [fips_module(7)]: https://www.openssl.org/docs/manmaster/man7/fips_module.html + [fips_module(7)]: https://www.openssl.org/docs/man3.0/man7/fips_module.html diff -Nru openssl-3.0.1/README.md openssl-3.0.2/README.md --- openssl-3.0.1/README.md 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/README.md 2022-03-15 14:30:24.000000000 +0000 @@ -113,8 +113,8 @@ * [Notes on Perl](NOTES-PERL.md) * [Notes on Valgrind](NOTES-VALGRIND.md) -Specific notes on upgrading to OpenSSL 3.0 from previous versions, as well as -known issues are available on the [OpenSSL 3.0 Wiki] page. +Specific notes on upgrading to OpenSSL 3.0 from previous versions can be found +in the [migration_guide(7ossl)] manual page. Documentation ============= @@ -126,6 +126,7 @@ available online. - [OpenSSL master](https://www.openssl.org/docs/manmaster) +- [OpenSSL 3.0](https://www.openssl.org/docs/man3.0) - [OpenSSL 1.1.1](https://www.openssl.org/docs/man1.1.1) Wiki @@ -165,7 +166,7 @@ Copyright ========= -Copyright (c) 1998-2021 The OpenSSL Project +Copyright (c) 1998-2022 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson @@ -193,9 +194,9 @@ "OpenSSL Wiki" -[OpenSSL 3.0 Wiki]: - - "OpenSSL 3.0 Wiki" +[migration_guide(7ossl)]: + + "OpenSSL Migration Guide" [RFC 8446]: diff -Nru openssl-3.0.1/README-PROVIDERS.md openssl-3.0.2/README-PROVIDERS.md --- openssl-3.0.1/README-PROVIDERS.md 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/README-PROVIDERS.md 2022-03-15 14:30:24.000000000 +0000 @@ -20,7 +20,7 @@ Documentation about writing providers is available on the [provider(7)] manual page. - [provider(7)]: https://www.openssl.org/docs/manmaster/man7/provider.html + [provider(7)]: https://www.openssl.org/docs/man3.0/man7/provider.html The Default Provider -------------------- @@ -88,7 +88,7 @@ See the [config(5)] manual page for information about how to configure providers via the config file, and how to automatically activate them. - [config(5)]: https://www.openssl.org/docs/manmaster/man5/config.html + [config(5)]: https://www.openssl.org/docs/man3.0/man5/config.html The following is a minimal config file example to load and activate both the legacy and the default provider in the default library context. diff -Nru openssl-3.0.1/ssl/record/ssl3_record.c openssl-3.0.2/ssl/record/ssl3_record.c --- openssl-3.0.1/ssl/record/ssl3_record.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/record/ssl3_record.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -191,7 +191,7 @@ rr = RECORD_LAYER_get_rrec(&s->rlayer); rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); - is_ktls_left = (rbuf->left > 0); + is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0); max_recs = s->max_pipelines; if (max_recs == 0) max_recs = 1; @@ -408,7 +408,11 @@ len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif - if (thisrr->length > len && !BIO_get_ktls_recv(s->rbio)) { + /* KTLS may use all of the buffer */ + if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) + len = SSL3_BUFFER_get_left(rbuf); + + if (thisrr->length > len) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); return -1; @@ -711,16 +715,27 @@ goto end; } + /* + * Usually thisrr->length is the length of a single record, but when + * KTLS handles the decryption, thisrr->length may be larger than + * SSL3_RT_MAX_PLAIN_LENGTH because the kernel may have coalesced + * multiple records. + * Therefore we have to rely on KTLS to check the plaintext length + * limit in the kernel. + */ if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH - && !BIO_get_ktls_recv(s->rbio)) { + && (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } - /* If received packet overflows current Max Fragment Length setting */ + /* + * Check if the received packet overflows the current + * Max Fragment Length setting. + * Note: USE_MAX_FRAGMENT_LENGTH_EXT and KTLS are mutually exclusive. + */ if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session) - && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session) - && !BIO_get_ktls_recv(s->rbio)) { + && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) { SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); goto end; } @@ -1392,6 +1407,7 @@ int tlstree_mac = sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_TLSTREE) : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_TLSTREE); int t; + int ret = 0; if (sending) { seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer); @@ -1412,15 +1428,13 @@ } else { hmac = EVP_MD_CTX_new(); if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) { - EVP_MD_CTX_free(hmac); - return 0; + goto end; } mac_ctx = hmac; } if (!SSL_IS_DTLS(ssl) && tlstree_mac && EVP_MD_CTX_ctrl(mac_ctx, EVP_MD_CTRL_TLSTREE, 0, seq) <= 0) { - EVP_MD_CTX_free(hmac); - return 0; + goto end; } if (SSL_IS_DTLS(ssl)) { @@ -1450,19 +1464,17 @@ *p++ = OSSL_PARAM_construct_end(); if (!EVP_PKEY_CTX_set_params(EVP_MD_CTX_get_pkey_ctx(mac_ctx), - tls_hmac_params)) - return 0; + tls_hmac_params)) { + goto end; + } } if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0 || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0 || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) { - EVP_MD_CTX_free(hmac); - return 0; + goto end; } - EVP_MD_CTX_free(hmac); - OSSL_TRACE_BEGIN(TLS) { BIO_printf(trc_out, "seq:\n"); BIO_dump_indent(trc_out, seq, 8, 4); @@ -1481,7 +1493,10 @@ BIO_printf(trc_out, "md:\n"); BIO_dump_indent(trc_out, md, md_size, 4); } OSSL_TRACE_END(TLS); - return 1; + ret = 1; + end: + EVP_MD_CTX_free(hmac); + return ret; } int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap) diff -Nru openssl-3.0.1/ssl/s3_lib.c openssl-3.0.2/ssl/s3_lib.c --- openssl-3.0.1/ssl/s3_lib.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/s3_lib.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2168,7 +2168,7 @@ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA128, SSL_SHA256, @@ -2184,7 +2184,7 @@ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA128, SSL_SHA256, @@ -2200,7 +2200,7 @@ TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA128, SSL_SHA256, @@ -2232,7 +2232,7 @@ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA256, SSL_SHA256, @@ -2248,7 +2248,7 @@ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA256, SSL_SHA256, @@ -2264,7 +2264,7 @@ TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA256, SSL_SHA256, diff -Nru openssl-3.0.1/ssl/ssl_cert.c openssl-3.0.2/ssl/ssl_cert.c --- openssl-3.0.1/ssl/ssl_cert.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/ssl_cert.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -1001,7 +1001,7 @@ int op, int bits, int nid, void *other, void *ex) { - int level, minbits; + int level, minbits, pfs_mask; minbits = ssl_get_security_level_bits(s, ctx, &level); @@ -1036,8 +1036,9 @@ if (level >= 2 && c->algorithm_enc == SSL_RC4) return 0; /* Level 3: forward secure ciphersuites only */ + pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK; if (level >= 3 && c->min_tls != TLS1_3_VERSION && - !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) + !(c->algorithm_mkey & pfs_mask)) return 0; break; } diff -Nru openssl-3.0.1/ssl/ssl_lib.c openssl-3.0.2/ssl/ssl_lib.c --- openssl-3.0.1/ssl/ssl_lib.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/ssl_lib.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2393,6 +2393,9 @@ return 1; case SSL_CTRL_GET_RI_SUPPORT: return s->s3.send_connection_binding; + case SSL_CTRL_SET_RETRY_VERIFY: + s->rwstate = SSL_RETRY_VERIFY; + return 1; case SSL_CTRL_CERT_FLAGS: return (s->cert->cert_flags |= larg); case SSL_CTRL_CLEAR_CERT_FLAGS: @@ -2451,6 +2454,17 @@ return ctx->sessions; } +static int ssl_tsan_load(SSL_CTX *ctx, TSAN_QUALIFIER int *stat) +{ + int res = 0; + + if (ssl_tsan_lock(ctx)) { + res = tsan_load(stat); + ssl_tsan_unlock(ctx); + } + return res; +} + long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { long l; @@ -2506,27 +2520,27 @@ case SSL_CTRL_SESS_NUMBER: return lh_SSL_SESSION_num_items(ctx->sessions); case SSL_CTRL_SESS_CONNECT: - return tsan_load(&ctx->stats.sess_connect); + return ssl_tsan_load(ctx, &ctx->stats.sess_connect); case SSL_CTRL_SESS_CONNECT_GOOD: - return tsan_load(&ctx->stats.sess_connect_good); + return ssl_tsan_load(ctx, &ctx->stats.sess_connect_good); case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: - return tsan_load(&ctx->stats.sess_connect_renegotiate); + return ssl_tsan_load(ctx, &ctx->stats.sess_connect_renegotiate); case SSL_CTRL_SESS_ACCEPT: - return tsan_load(&ctx->stats.sess_accept); + return ssl_tsan_load(ctx, &ctx->stats.sess_accept); case SSL_CTRL_SESS_ACCEPT_GOOD: - return tsan_load(&ctx->stats.sess_accept_good); + return ssl_tsan_load(ctx, &ctx->stats.sess_accept_good); case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: - return tsan_load(&ctx->stats.sess_accept_renegotiate); + return ssl_tsan_load(ctx, &ctx->stats.sess_accept_renegotiate); case SSL_CTRL_SESS_HIT: - return tsan_load(&ctx->stats.sess_hit); + return ssl_tsan_load(ctx, &ctx->stats.sess_hit); case SSL_CTRL_SESS_CB_HIT: - return tsan_load(&ctx->stats.sess_cb_hit); + return ssl_tsan_load(ctx, &ctx->stats.sess_cb_hit); case SSL_CTRL_SESS_MISSES: - return tsan_load(&ctx->stats.sess_miss); + return ssl_tsan_load(ctx, &ctx->stats.sess_miss); case SSL_CTRL_SESS_TIMEOUTS: - return tsan_load(&ctx->stats.sess_timeout); + return ssl_tsan_load(ctx, &ctx->stats.sess_timeout); case SSL_CTRL_SESS_CACHE_FULL: - return tsan_load(&ctx->stats.sess_cache_full); + return ssl_tsan_load(ctx, &ctx->stats.sess_cache_full); case SSL_CTRL_MODE: return (ctx->mode |= larg); case SSL_CTRL_CLEAR_MODE: @@ -3199,6 +3213,14 @@ return NULL; } +#ifdef TSAN_REQUIRES_LOCKING + ret->tsan_lock = CRYPTO_THREAD_lock_new(); + if (ret->tsan_lock == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + goto err; + } +#endif + ret->libctx = libctx; if (propq != NULL) { ret->propq = OPENSSL_strdup(propq); @@ -3465,6 +3487,9 @@ OPENSSL_free(a->sigalg_lookup_cache); CRYPTO_THREAD_lock_free(a->lock); +#ifdef TSAN_REQUIRES_LOCKING + CRYPTO_THREAD_lock_free(a->tsan_lock); +#endif OPENSSL_free(a->propq); @@ -3733,11 +3758,12 @@ /* auto flush every 255 connections */ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) { TSAN_QUALIFIER int *stat; + if (mode & SSL_SESS_CACHE_CLIENT) stat = &s->session_ctx->stats.sess_connect_good; else stat = &s->session_ctx->stats.sess_accept_good; - if ((tsan_load(stat) & 0xff) == 0xff) + if ((ssl_tsan_load(s->session_ctx, stat) & 0xff) == 0xff) SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL)); } } diff -Nru openssl-3.0.1/ssl/ssl_local.h openssl-3.0.2/ssl/ssl_local.h --- openssl-3.0.1/ssl/ssl_local.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/ssl_local.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -811,6 +811,9 @@ size_t ssl_hmac_size(const SSL_HMAC *ctx); int ssl_get_EC_curve_nid(const EVP_PKEY *pkey); +__owur int tls13_set_encoded_pub_key(EVP_PKEY *pkey, + const unsigned char *enckey, + size_t enckeylen); typedef struct tls_group_info_st { char *tlsname; /* Curve Name as in TLS specs */ @@ -898,6 +901,9 @@ * other processes - spooky * :-) */ } stats; +#ifdef TSAN_REQUIRES_LOCKING + CRYPTO_RWLOCK *tsan_lock; +#endif CRYPTO_REF_COUNT references; @@ -2847,4 +2853,31 @@ # define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers # endif + +/* Some helper routines to support TSAN operations safely */ +static ossl_unused ossl_inline int ssl_tsan_lock(const SSL_CTX *ctx) +{ +#ifdef TSAN_REQUIRES_LOCKING + if (!CRYPTO_THREAD_write_lock(ctx->tsan_lock)) + return 0; +#endif + return 1; +} + +static ossl_unused ossl_inline void ssl_tsan_unlock(const SSL_CTX *ctx) +{ +#ifdef TSAN_REQUIRES_LOCKING + CRYPTO_THREAD_unlock(ctx->tsan_lock); +#endif +} + +static ossl_unused ossl_inline void ssl_tsan_counter(const SSL_CTX *ctx, + TSAN_QUALIFIER int *stat) +{ + if (ssl_tsan_lock(ctx)) { + tsan_counter(stat); + ssl_tsan_unlock(ctx); + } +} + #endif diff -Nru openssl-3.0.1/ssl/ssl_sess.c openssl-3.0.2/ssl/ssl_sess.c --- openssl-3.0.1/ssl/ssl_sess.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/ssl_sess.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -502,7 +502,7 @@ } CRYPTO_THREAD_unlock(s->session_ctx->lock); if (ret == NULL) - tsan_counter(&s->session_ctx->stats.sess_miss); + ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss); } if (ret == NULL && s->session_ctx->get_session_cb != NULL) { @@ -511,7 +511,8 @@ ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, ©); if (ret != NULL) { - tsan_counter(&s->session_ctx->stats.sess_cb_hit); + ssl_tsan_counter(s->session_ctx, + &s->session_ctx->stats.sess_cb_hit); /* * Increment reference count now if the session callback asks us @@ -642,7 +643,7 @@ } if (sess_timedout(time(NULL), ret)) { - tsan_counter(&s->session_ctx->stats.sess_timeout); + ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_timeout); if (try_session_cache) { /* session was from the cache, so remove it */ SSL_CTX_remove_session(s->session_ctx, ret); @@ -669,7 +670,7 @@ s->session = ret; } - tsan_counter(&s->session_ctx->stats.sess_hit); + ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_hit); s->verify_result = s->session->verify_result; return 1; @@ -769,7 +770,7 @@ if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) break; else - tsan_counter(&ctx->stats.sess_cache_full); + ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full); } } } diff -Nru openssl-3.0.1/ssl/statem/extensions.c openssl-3.0.2/ssl/statem/extensions.c --- openssl-3.0.1/ssl/statem/extensions.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/statem/extensions.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -897,6 +897,15 @@ return 1; } +static ossl_inline void ssl_tsan_decr(const SSL_CTX *ctx, + TSAN_QUALIFIER int *stat) +{ + if (ssl_tsan_lock(ctx)) { + tsan_decr(stat); + ssl_tsan_unlock(ctx); + } +} + static int init_server_name(SSL *s, unsigned int context) { if (s->server) { @@ -954,8 +963,8 @@ */ if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx && s->hello_retry_request == SSL_HRR_NONE) { - tsan_counter(&s->ctx->stats.sess_accept); - tsan_decr(&s->session_ctx->stats.sess_accept); + ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept); + ssl_tsan_decr(s->session_ctx, &s->session_ctx->stats.sess_accept); } /* diff -Nru openssl-3.0.1/ssl/statem/extensions_clnt.c openssl-3.0.2/ssl/statem/extensions_clnt.c --- openssl-3.0.1/ssl/statem/extensions_clnt.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/statem/extensions_clnt.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1838,8 +1838,8 @@ return 0; } - if (EVP_PKEY_set1_encoded_public_key(skey, PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + if (tls13_set_encoded_pub_key(skey, PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt)) <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); EVP_PKEY_free(skey); return 0; diff -Nru openssl-3.0.1/ssl/statem/extensions_srvr.c openssl-3.0.2/ssl/statem/extensions_srvr.c --- openssl-3.0.1/ssl/statem/extensions_srvr.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/statem/extensions_srvr.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -663,9 +663,9 @@ /* Cache the selected group ID in the SSL_SESSION */ s->session->kex_group = group_id; - if (EVP_PKEY_set1_encoded_public_key(s->s3.peer_tmp, - PACKET_data(&encoded_pt), - PACKET_remaining(&encoded_pt)) <= 0) { + if (tls13_set_encoded_pub_key(s->s3.peer_tmp, + PACKET_data(&encoded_pt), + PACKET_remaining(&encoded_pt)) <= 0) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_ECPOINT); return 0; } diff -Nru openssl-3.0.1/ssl/statem/statem_clnt.c openssl-3.0.2/ssl/statem/statem_clnt.c --- openssl-3.0.1/ssl/statem/statem_clnt.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/statem/statem_clnt.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1569,7 +1569,7 @@ * overwritten if the server refuses resumption. */ if (s->session->session_id_length > 0) { - tsan_counter(&s->session_ctx->stats.sess_miss); + ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_miss); if (!ssl_get_new_session(s, 0)) { /* SSLfatal() already called */ goto err; @@ -1859,9 +1859,10 @@ size_t certidx; int i; + if (s->rwstate == SSL_RETRY_VERIFY) + s->rwstate = SSL_NOTHING; i = ssl_verify_cert_chain(s, s->session->peer_chain); - if (i == -1) { - s->rwstate = SSL_RETRY_VERIFY; + if (i > 0 && s->rwstate == SSL_RETRY_VERIFY) { return WORK_MORE_A; } /* @@ -1878,7 +1879,7 @@ * (less clean) historic behaviour of performing validation if any flag is * set. The *documented* interface remains the same. */ - if (s->verify_mode != SSL_VERIFY_NONE && i == 0) { + if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { SSLfatal(s, ssl_x509err2alert(s->verify_result), SSL_R_CERTIFICATE_VERIFY_FAILED); return WORK_ERROR; @@ -2926,7 +2927,7 @@ encoded_pub_len = EVP_PKEY_get1_encoded_public_key(ckey, &encoded_pub); if (encoded_pub_len == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - EVP_PKEY_free(skey); + EVP_PKEY_free(ckey); return EXT_RETURN_FAIL; } @@ -3074,7 +3075,7 @@ EVP_MD_CTX_free(ukm_hash); ukm_hash = NULL; if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) { + EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } @@ -3187,7 +3188,7 @@ if (peer_cert == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER); - return 0; + goto err; } pkey_ctx = EVP_PKEY_CTX_new_from_pkey(s->ctx->libctx, @@ -3195,7 +3196,7 @@ s->ctx->propq); if (pkey_ctx == NULL) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); - return 0; + goto err; } if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0 ) { @@ -3205,13 +3206,13 @@ /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) < 0) { + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT, - EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) < 0) { + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } diff -Nru openssl-3.0.1/ssl/statem/statem_lib.c openssl-3.0.2/ssl/statem/statem_lib.c --- openssl-3.0.1/ssl/statem/statem_lib.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/statem/statem_lib.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -175,18 +175,19 @@ } if (SSL_IS_FIRST_HANDSHAKE(s)) { /* N.B. s->session_ctx == s->ctx here */ - tsan_counter(&s->session_ctx->stats.sess_accept); + ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_accept); } else { /* N.B. s->ctx may not equal s->session_ctx */ - tsan_counter(&s->ctx->stats.sess_accept_renegotiate); + ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_renegotiate); s->s3.tmp.cert_request = 0; } } else { if (SSL_IS_FIRST_HANDSHAKE(s)) - tsan_counter(&s->session_ctx->stats.sess_connect); + ssl_tsan_counter(s->session_ctx, &s->session_ctx->stats.sess_connect); else - tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate); + ssl_tsan_counter(s->session_ctx, + &s->session_ctx->stats.sess_connect_renegotiate); /* mark client_random uninitialized */ memset(s->s3.client_random, 0, sizeof(s->s3.client_random)); @@ -1096,7 +1097,7 @@ ssl_update_cache(s, SSL_SESS_CACHE_SERVER); /* N.B. s->ctx may not equal s->session_ctx */ - tsan_counter(&s->ctx->stats.sess_accept_good); + ssl_tsan_counter(s->ctx, &s->ctx->stats.sess_accept_good); s->handshake_func = ossl_statem_accept; } else { if (SSL_IS_TLS13(s)) { @@ -1115,10 +1116,12 @@ ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); } if (s->hit) - tsan_counter(&s->session_ctx->stats.sess_hit); + ssl_tsan_counter(s->session_ctx, + &s->session_ctx->stats.sess_hit); s->handshake_func = ossl_statem_connect; - tsan_counter(&s->session_ctx->stats.sess_connect_good); + ssl_tsan_counter(s->session_ctx, + &s->session_ctx->stats.sess_connect_good); } if (SSL_IS_DTLS(s)) { diff -Nru openssl-3.0.1/ssl/statem/statem_srvr.c openssl-3.0.2/ssl/statem/statem_srvr.c --- openssl-3.0.1/ssl/statem/statem_srvr.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/statem/statem_srvr.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -3244,13 +3244,13 @@ /* Reuse EVP_PKEY_CTRL_SET_IV, make choice in engine code depending on size */ if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) < 0) { + EVP_PKEY_CTRL_SET_IV, 32, rnd_dgst) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_DECRYPT, - EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) < 0) { + EVP_PKEY_CTRL_CIPHER, cipher_nid, NULL) <= 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); goto err; } diff -Nru openssl-3.0.1/ssl/t1_enc.c openssl-3.0.2/ssl/t1_enc.c --- openssl-3.0.1/ssl/t1_enc.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/t1_enc.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -122,7 +122,7 @@ return -1; /* Read until next record */ - if (PACKET_get_length_prefixed_2(&pkt, &subpkt)) + if (!PACKET_get_length_prefixed_2(&pkt, &subpkt)) return -1; count += 1; diff -Nru openssl-3.0.1/ssl/t1_lib.c openssl-3.0.2/ssl/t1_lib.c --- openssl-3.0.1/ssl/t1_lib.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/ssl/t1_lib.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -3477,3 +3477,22 @@ return NID_undef; } + +__owur int tls13_set_encoded_pub_key(EVP_PKEY *pkey, + const unsigned char *enckey, + size_t enckeylen) +{ + if (EVP_PKEY_is_a(pkey, "DH")) { + int bits = EVP_PKEY_get_bits(pkey); + + if (bits <= 0 || enckeylen != (size_t)bits / 8) + /* the encoded key must be padded to the length of the p */ + return 0; + } else if (EVP_PKEY_is_a(pkey, "EC")) { + if (enckeylen < 3 /* point format and at least 1 byte for x and y */ + || enckey[0] != 0x04) + return 0; + } + + return EVP_PKEY_set1_encoded_public_key(pkey, enckey, enckeylen); +} diff -Nru openssl-3.0.1/test/acvp_test.c openssl-3.0.2/test/acvp_test.c --- openssl-3.0.1/test/acvp_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/acvp_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -218,7 +218,7 @@ r1 = ECDSA_SIG_get0_r(sign); s1 = ECDSA_SIG_get0_s(sign); if (r1 == NULL || s1 == NULL) - return 0; + goto err; r1_len = BN_num_bytes(r1); s1_len = BN_num_bytes(s1); @@ -560,7 +560,7 @@ return 0; DSA_SIG_get0(sign, &r1, &s1); if (r1 == NULL || s1 == NULL) - return 0; + goto err; r1_len = BN_num_bytes(r1); s1_len = BN_num_bytes(s1); diff -Nru openssl-3.0.1/test/bio_enc_test.c openssl-3.0.2/test/bio_enc_test.c --- openssl-3.0.1/test/bio_enc_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/bio_enc_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -38,7 +38,7 @@ static int do_bio_cipher(const EVP_CIPHER* cipher, const unsigned char* key, const unsigned char* iv) { - BIO *b; + BIO *b, *mem; static unsigned char inp[BUF_SIZE] = { 0 }; unsigned char out[BUF_SIZE], ref[BUF_SIZE]; int i, lref, len; @@ -54,8 +54,11 @@ if (!TEST_ptr(b)) return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) - return 0; - BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); + goto err; + mem = BIO_new_mem_buf(inp, DATA_SIZE); + if (!TEST_ptr(mem)) + goto err; + BIO_push(b, mem); lref = BIO_read(b, ref, sizeof(ref)); BIO_free_all(b); @@ -66,16 +69,19 @@ return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) { TEST_info("Split encrypt failed @ operation %d", i); - return 0; + goto err; } - BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); + mem = BIO_new_mem_buf(inp, DATA_SIZE); + if (!TEST_ptr(mem)) + goto err; + BIO_push(b, mem); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; len = BIO_read(b, out, i); /* check for overstep */ if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { TEST_info("Encrypt overstep check failed @ operation %d", i); - return 0; + goto err; } len += BIO_read(b, out + len, sizeof(out) - len); BIO_free_all(b); @@ -95,9 +101,12 @@ return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, ENCRYPT))) { TEST_info("Small chunk encrypt failed @ operation %d", i); - return 0; + goto err; } - BIO_push(b, BIO_new_mem_buf(inp, DATA_SIZE)); + mem = BIO_new_mem_buf(inp, DATA_SIZE); + if (!TEST_ptr(mem)) + goto err; + BIO_push(b, mem); memset(out, 0, sizeof(out)); for (len = 0; (delta = BIO_read(b, out + len, i)); ) { len += delta; @@ -117,9 +126,12 @@ if (!TEST_ptr(b)) return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) - return 0; + goto err; /* Use original reference output as input */ - BIO_push(b, BIO_new_mem_buf(ref, lref)); + mem = BIO_new_mem_buf(ref, lref); + if (!TEST_ptr(mem)) + goto err; + BIO_push(b, mem); (void)BIO_flush(b); memset(out, 0, sizeof(out)); len = BIO_read(b, out, sizeof(out)); @@ -135,16 +147,19 @@ return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) { TEST_info("Split decrypt failed @ operation %d", i); - return 0; + goto err; } - BIO_push(b, BIO_new_mem_buf(ref, lref)); + mem = BIO_new_mem_buf(ref, lref); + if (!TEST_ptr(mem)) + goto err; + BIO_push(b, mem); memset(out, 0, sizeof(out)); out[i] = ~ref[i]; len = BIO_read(b, out, i); /* check for overstep */ if (!TEST_uchar_eq(out[i], (unsigned char)~ref[i])) { TEST_info("Decrypt overstep check failed @ operation %d", i); - return 0; + goto err; } len += BIO_read(b, out + len, sizeof(out) - len); BIO_free_all(b); @@ -164,9 +179,12 @@ return 0; if (!TEST_true(BIO_set_cipher(b, cipher, key, iv, DECRYPT))) { TEST_info("Small chunk decrypt failed @ operation %d", i); - return 0; + goto err; } - BIO_push(b, BIO_new_mem_buf(ref, lref)); + mem = BIO_new_mem_buf(ref, lref); + if (!TEST_ptr(mem)) + goto err; + BIO_push(b, mem); memset(out, 0, sizeof(out)); for (len = 0; (delta = BIO_read(b, out + len, i)); ) { len += delta; @@ -180,6 +198,10 @@ } return 1; + +err: + BIO_free_all(b); + return 0; } static int do_test_bio_cipher(const EVP_CIPHER* cipher, int idx) diff -Nru openssl-3.0.1/test/bntest.c openssl-3.0.2/test/bntest.c --- openssl-3.0.1/test/bntest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/bntest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1732,8 +1732,17 @@ || !TEST_ptr(ret2 = BN_new())) goto err; + if (BN_is_negative(mod_sqrt)) { + /* A negative testcase */ + if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) + goto err; + + st = 1; + goto err; + } + /* There are two possible answers. */ - if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) + if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) || !TEST_true(BN_sub(ret2, p, ret))) goto err; @@ -2881,6 +2890,50 @@ return res; } +/* + * Regression test to ensure BN_mod_exp2_mont fails safely if argument m is + * zero. + */ +static int test_mod_exp2_mont(void) +{ + int res = 0; + BIGNUM *exp_result = NULL; + BIGNUM *exp_a1 = NULL, *exp_p1 = NULL, *exp_a2 = NULL, *exp_p2 = NULL, + *exp_m = NULL; + + if (!TEST_ptr(exp_result = BN_new()) + || !TEST_ptr(exp_a1 = BN_new()) + || !TEST_ptr(exp_p1 = BN_new()) + || !TEST_ptr(exp_a2 = BN_new()) + || !TEST_ptr(exp_p2 = BN_new()) + || !TEST_ptr(exp_m = BN_new())) + goto err; + + if (!TEST_true(BN_one(exp_a1)) + || !TEST_true(BN_one(exp_p1)) + || !TEST_true(BN_one(exp_a2)) + || !TEST_true(BN_one(exp_p2))) + goto err; + + BN_zero(exp_m); + + /* input of 0 is even, so must fail */ + if (!TEST_int_eq(BN_mod_exp2_mont(exp_result, exp_a1, exp_p1, exp_a2, + exp_p2, exp_m, ctx, NULL), 0)) + goto err; + + res = 1; + +err: + BN_free(exp_result); + BN_free(exp_a1); + BN_free(exp_p1); + BN_free(exp_a2); + BN_free(exp_p2); + BN_free(exp_m); + return res; +} + static int file_test_run(STANZA *s) { static const FILETEST filetests[] = { @@ -3022,6 +3075,7 @@ ADD_TEST(test_gcd_prime); ADD_ALL_TESTS(test_mod_exp, (int)OSSL_NELEM(ModExpTests)); ADD_ALL_TESTS(test_mod_exp_consttime, (int)OSSL_NELEM(ModExpTests)); + ADD_TEST(test_mod_exp2_mont); if (stochastic) ADD_TEST(test_rand_range); } else { diff -Nru openssl-3.0.1/test/certs/leaf-encrypted.key openssl-3.0.2/test/certs/leaf-encrypted.key --- openssl-3.0.1/test/certs/leaf-encrypted.key 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.2/test/certs/leaf-encrypted.key 2022-03-15 14:30:24.000000000 +0000 @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIEBBNanZFjs8CAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAECBBDr8bhquxPf762O3jk0LAtJBIIE +0FQB7c06dpoHn1KBn8jTzsLIdVR0SeKUvq4edZfUPbB/6go97j48BwSzAaXY7BNL +90GRMrNNjKZDLeNf0wwf1+67YX7neGnb+LdxpQdqEjOTGQdwTx9SG6XIqT8x4R67 +rI2DQqI937FSor9292koXQNM9Asoenn6kOCITaa8chsPdKCtFjfVmqZRMaewr5PW +W1rooFuCVAIfgBOOaEeN7OMTJRdAGtWWOJqyLB29gXxwaI1+PnXmkHPgRGXZYz7W +N5lTp1xvFPY+Rp/cK0DfeR5MrMYSVvrXbi6usjteJ2h0Rzcy8SY6Jnvuaoowi+rj +lDUP0K/51tTQBd6bpsvcmc2cBx+7pg4BAkf9SnuKQpYCWPjiwrCiDJIP/o5GYIn2 +m/3K2pLahjOeGZAmhGUi0fZPZhaq37IQKwuzLDuYw1CkR7LhaJcJ9V1vXMPePgCY ++BvjFG5z0mLDwUNvzCHQokav3Z/QT6CfOgTL10qKuBgylT1d5Cw7bfv8Lnc6C/YK +aVXosCaKTJO8r4t7NgJX4PYQP/DZIl5CJIoUzJkrAkShLwcGtXMHVNSWx4LS60QY +lfjz80cWWE6Tx/XjBkae0AQJW8S9nDB8/X80ox8jJ/sdd5XNZqUQhDxBP5/4GiAS +pZlgp/IwssoG5HUnwn/4AUgD7Gdo5QRqFlkXeCFlHgjBrEHBkevHECRHAdWwrK7X +5td662K1B9hm6EfA1R51jiOKBuM0bwYtI+tpmpT5zeDGeaOWuPUYPUFjfo9xt1Lx +cmX3ouBt34uT/cQesPxP8gJwRdo0KqPK+KLjtQazXmHFu+FStZ29gUvhqAw9kcxq +ps9neGAl3DJgYbB1QqqefGqFWBhJzt4toqxcgm6Z0PJSYQlxJEC3yWWs5w5wfLJJ +KGfnpsY1IGYsbw9Caa84XqnzHosGWx724GJeb3YSwwMj311oMi9s8J/d/NpJZHOu +uk/mQWezCfdEFSnkOtIDJWTQUtRtRfIZQp243c25E3/rJySuSoMfn4eolAGurse8 +6r7SEJ6MUjCTd3ZcA+XZAtFxPQnNBYm691hvGE6uclxYy9L6bmws9dosNlpCyvIQ ++OYdB9Mvx9hs0KwAWZ6bnIxa3tc6Ob9mxV7ycMS43d4ShEqzy44DZD02Z0iQIRym +1AoGwgLbc2d9NouUiw2ur5n6ByYCTHwmMSAstVovuBoS2XDF23BzLL7KuCnkHH0y ++M6CRaXW0ceTP4DfEvBphxfj4NNEZpjm8j6ERvnnQvC5tRAaMglhg1WOvUVUtPg5 +cJPIiSn+yVuoFDnLKJ53N9NzDtUKSBQgwNGyVVPTzpfxLmjg00bNQ7eyoRr6uK0l +ezmHemo52JpCaBGV01tnvVKzGouFN/KxP9GxvPQY8UQxVkE+E/p0UjGOpNLIDmzl +/qVKxky9lMBoHc+neeCbOrtgwkyYgpPkKlmTTsi/yUxpbUmobFZJTUbOWrpeRbw3 +Pt9u8NeVmD4Ys/NenHIJwksOqmWxSy7IjJpzQsee1CZXV7McAYsg24tP4Bdj9aGT +hsMyiaiNB+rjkNxhUCm39nJsaN1AoTZ3Br1UYfHrfocif12yNGOEBy2swfjQIGNH +fjGk3px34MZZv3S0bM/ZPi9ankzAZnf8qkHoDVtsP+Gk +-----END ENCRYPTED PRIVATE KEY----- diff -Nru openssl-3.0.1/test/cmp_vfy_test.c openssl-3.0.2/test/cmp_vfy_test.c --- openssl-3.0.1/test/cmp_vfy_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/cmp_vfy_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -51,11 +51,13 @@ static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name) { - X509_STORE *ts = X509_STORE_new(); + X509_STORE *ts; CMP_VFY_TEST_FIXTURE *fixture; if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) return NULL; + + ts = X509_STORE_new(); fixture->test_case_name = test_case_name; if (ts == NULL || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(libctx, NULL)) diff -Nru openssl-3.0.1/test/crltest.c openssl-3.0.2/test/crltest.c --- openssl-3.0.1/test/crltest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/crltest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -200,9 +200,16 @@ */ static X509_CRL *CRL_from_strings(const char **pem) { + X509_CRL *crl; char *p; BIO *b = glue2bio(pem, &p); - X509_CRL *crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL); + + if (b == NULL) { + OPENSSL_free(p); + return NULL; + } + + crl = PEM_read_bio_X509_CRL(b, NULL, NULL, NULL); OPENSSL_free(p); BIO_free(b); @@ -214,9 +221,16 @@ */ static X509 *X509_from_strings(const char **pem) { + X509 *x; char *p; BIO *b = glue2bio(pem, &p); - X509 *x = PEM_read_bio_X509(b, NULL, NULL, NULL); + + if (b == NULL) { + OPENSSL_free(p); + return NULL; + } + + x = PEM_read_bio_X509(b, NULL, NULL, NULL); OPENSSL_free(p); BIO_free(b); @@ -363,6 +377,12 @@ char *p; BIO *b = glue2bio(kRevokedCRL, &p); + if (b == NULL) { + OPENSSL_free(p); + X509_CRL_free(reused_crl); + return 0; + } + reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL); OPENSSL_free(p); diff -Nru openssl-3.0.1/test/ct_test.c openssl-3.0.2/test/ct_test.c --- openssl-3.0.1/test/ct_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/ct_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -449,6 +449,9 @@ SETUP_CT_TEST_FIXTURE(); fixture->sct_list = sk_SCT_new_null(); + if (fixture->sct_list == NULL) + return 0; + if (!TEST_ptr(sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, CT_LOG_ENTRY_TYPE_X509, timestamp, extensions, signature))) diff -Nru openssl-3.0.1/test/dane-cross.in openssl-3.0.2/test/dane-cross.in --- openssl-3.0.1/test/dane-cross.in 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/dane-cross.in 2022-03-15 14:30:24.000000000 +0000 @@ -1,6 +1,6 @@ -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. # -# Licensed under the OpenSSL license (the "License"). You may not use +# Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/test/defltfips_test.c openssl-3.0.2/test/defltfips_test.c --- openssl-3.0.1/test/defltfips_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/defltfips_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,3 +1,12 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + #include #include #include diff -Nru openssl-3.0.1/test/dhtest.c openssl-3.0.2/test/dhtest.c --- openssl-3.0.1/test/dhtest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/dhtest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -744,6 +744,33 @@ /* Tested function is called here */ if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 3), 1)) goto err; + /* Negative test */ + if (!TEST_int_eq(EVP_PKEY_CTX_set_dhx_rfc5114(paramgen_ctx, 99), 0)) + goto err; + /* If we're still running then the test passed. */ + ok = 1; +err: + EVP_PKEY_CTX_free(paramgen_ctx); + return ok; +} + +static int dh_set_dh_nid_test(void) +{ + int ok = 0; + EVP_PKEY_CTX *paramgen_ctx; + + /* Run the test. Success is any time the test does not cause a SIGSEGV interrupt */ + paramgen_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, 0); + if (!TEST_ptr(paramgen_ctx)) + goto err; + if (!TEST_int_eq(EVP_PKEY_paramgen_init(paramgen_ctx), 1)) + goto err; + /* Tested function is called here */ + if (!TEST_int_eq(EVP_PKEY_CTX_set_dh_nid(paramgen_ctx, NID_ffdhe2048), 1)) + goto err; + /* Negative test */ + if (!TEST_int_eq(EVP_PKEY_CTX_set_dh_nid(paramgen_ctx, NID_secp521r1), 0)) + goto err; /* If we're still running then the test passed. */ ok = 1; err: @@ -898,6 +925,7 @@ ADD_TEST(dh_get_nid); ADD_TEST(dh_load_pkcs3_namedgroup_privlen_test); ADD_TEST(dh_rfc5114_fix_nid_test); + ADD_TEST(dh_set_dh_nid_test); #endif return 1; } diff -Nru openssl-3.0.1/test/enginetest.c openssl-3.0.2/test/enginetest.c --- openssl-3.0.1/test/enginetest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/enginetest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,6 +24,7 @@ # include # include # include +# include static void display_engine_list(void) { diff -Nru openssl-3.0.1/test/evp_extra_test2.c openssl-3.0.2/test/evp_extra_test2.c --- openssl-3.0.1/test/evp_extra_test2.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/evp_extra_test2.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -255,6 +255,136 @@ #endif }; +static int pkey_has_private(EVP_PKEY *key, const char *privtag, + int use_octstring) +{ + int ret = 0; + + if (use_octstring) { + unsigned char buf[64]; + + ret = EVP_PKEY_get_octet_string_param(key, privtag, buf, sizeof(buf), + NULL); + } else { + BIGNUM *bn = NULL; + + ret = EVP_PKEY_get_bn_param(key, privtag, &bn); + BN_free(bn); + } + return ret; +} + +static int do_pkey_tofrom_data_select(EVP_PKEY *key, const char *keytype) +{ + int ret = 0; + OSSL_PARAM *pub_params = NULL, *keypair_params = NULL; + EVP_PKEY *fromkey = NULL, *fromkeypair = NULL; + EVP_PKEY_CTX *fromctx = NULL; + const char *privtag = strcmp(keytype, "RSA") == 0 ? "d" : "priv"; + const int use_octstring = strcmp(keytype, "X25519") == 0; + + /* + * Select only the public key component when using EVP_PKEY_todata() and + * check that the resulting param array does not contain a private key. + */ + if (!TEST_int_eq(EVP_PKEY_todata(key, EVP_PKEY_PUBLIC_KEY, &pub_params), 1) + || !TEST_ptr_null(OSSL_PARAM_locate(pub_params, privtag))) + goto end; + /* + * Select the keypair when using EVP_PKEY_todata() and check that + * the param array contains a private key. + */ + if (!TEST_int_eq(EVP_PKEY_todata(key, EVP_PKEY_KEYPAIR, &keypair_params), 1) + || !TEST_ptr(OSSL_PARAM_locate(keypair_params, privtag))) + goto end; + + /* + * Select only the public key when using EVP_PKEY_fromdata() and check that + * the resulting key does not contain a private key. + */ + if (!TEST_ptr(fromctx = EVP_PKEY_CTX_new_from_name(mainctx, keytype, NULL)) + || !TEST_int_eq(EVP_PKEY_fromdata_init(fromctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(fromctx, &fromkey, EVP_PKEY_PUBLIC_KEY, + keypair_params), 1) + || !TEST_false(pkey_has_private(fromkey, privtag, use_octstring))) + goto end; + /* + * Select the keypair when using EVP_PKEY_fromdata() and check that + * the resulting key contains a private key. + */ + if (!TEST_int_eq(EVP_PKEY_fromdata(fromctx, &fromkeypair, + EVP_PKEY_KEYPAIR, keypair_params), 1) + || !TEST_true(pkey_has_private(fromkeypair, privtag, use_octstring))) + goto end; + ret = 1; +end: + EVP_PKEY_free(fromkeypair); + EVP_PKEY_free(fromkey); + EVP_PKEY_CTX_free(fromctx); + OSSL_PARAM_free(keypair_params); + OSSL_PARAM_free(pub_params); + return ret; +} + +#ifndef OPENSSL_NO_DH +static int test_dh_tofrom_data_select(void) +{ + int ret; + OSSL_PARAM params[2]; + EVP_PKEY *key = NULL; + EVP_PKEY_CTX *gctx = NULL; + + params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); + params[1] = OSSL_PARAM_construct_end(); + ret = TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(mainctx, "DHX", NULL)) + && TEST_int_gt(EVP_PKEY_keygen_init(gctx), 0) + && TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) + && TEST_int_gt(EVP_PKEY_generate(gctx, &key), 0) + && TEST_true(do_pkey_tofrom_data_select(key, "DHX")); + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(gctx); + return ret; +} +#endif + +#ifndef OPENSSL_NO_EC +static int test_ec_tofrom_data_select(void) +{ + int ret; + EVP_PKEY *key = NULL; + + ret = TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "EC", "P-256")) + && TEST_true(do_pkey_tofrom_data_select(key, "EC")); + EVP_PKEY_free(key); + return ret; +} + +static int test_ecx_tofrom_data_select(void) +{ + int ret; + EVP_PKEY *key = NULL; + + ret = TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "X25519")) + && TEST_true(do_pkey_tofrom_data_select(key, "X25519")); + EVP_PKEY_free(key); + return ret; +} +#endif + +static int test_rsa_tofrom_data_select(void) +{ + int ret; + EVP_PKEY *key = NULL; + const unsigned char *pdata = kExampleRSAKeyDER; + int pdata_len = sizeof(kExampleRSAKeyDER); + + ret = TEST_ptr(key = d2i_AutoPrivateKey_ex(NULL, &pdata, pdata_len, + mainctx, NULL)) + && TEST_true(do_pkey_tofrom_data_select(key, "RSA")); + EVP_PKEY_free(key); + return ret; +} + /* This is the equivalent of test_d2i_AutoPrivateKey in evp_extra_test */ static int test_d2i_AutoPrivateKey_ex(int i) { @@ -661,6 +791,20 @@ && TEST_int_eq(val, expected); } +static int test_dsa_tofrom_data_select(void) +{ + int ret; + EVP_PKEY *key = NULL; + const unsigned char *pkeydata = dsa_key; + + ret = TEST_ptr(key = d2i_AutoPrivateKey_ex(NULL, &pkeydata, sizeof(dsa_key), + mainctx, NULL)) + && TEST_true(do_pkey_tofrom_data_select(key, "DSA")); + + EVP_PKEY_free(key); + return ret; +} + static int test_dsa_todata(void) { EVP_PKEY *pkey = NULL; @@ -881,12 +1025,20 @@ ADD_ALL_TESTS(test_d2i_AutoPrivateKey_ex, OSSL_NELEM(keydata)); #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_d2i_PrivateKey_ex, 2); + ADD_TEST(test_ec_tofrom_data_select); + ADD_TEST(test_ecx_tofrom_data_select); #else ADD_ALL_TESTS(test_d2i_PrivateKey_ex, 1); #endif #ifndef OPENSSL_NO_DSA ADD_TEST(test_dsa_todata); + ADD_TEST(test_dsa_tofrom_data_select); +#endif +#ifndef OPENSSL_NO_DH + ADD_TEST(test_dh_tofrom_data_select); #endif + ADD_TEST(test_rsa_tofrom_data_select); + ADD_TEST(test_pkey_todata_null); ADD_TEST(test_pkey_export_null); ADD_TEST(test_pkey_export); diff -Nru openssl-3.0.1/test/evp_extra_test.c openssl-3.0.2/test/evp_extra_test.c --- openssl-3.0.1/test/evp_extra_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/evp_extra_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -4179,6 +4179,90 @@ return testresult; } +typedef struct { + int data; +} custom_dgst_ctx; + +static int custom_md_init_called = 0; +static int custom_md_cleanup_called = 0; + +static int custom_md_init(EVP_MD_CTX *ctx) +{ + custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); + + if (p == NULL) + return 0; + + custom_md_init_called++; + return 1; +} + +static int custom_md_cleanup(EVP_MD_CTX *ctx) +{ + custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); + + if (p == NULL) + /* Nothing to do */ + return 1; + + custom_md_cleanup_called++; + return 1; +} + +static int test_custom_md_meth(void) +{ + EVP_MD_CTX *mdctx = NULL; + EVP_MD *tmp = NULL; + char mess[] = "Test Message\n"; + unsigned char md_value[EVP_MAX_MD_SIZE]; + unsigned int md_len; + int testresult = 0; + int nid; + + /* + * We are testing deprecated functions. We don't support a non-default + * library context in this test. + */ + if (testctx != NULL) + return 1; + + custom_md_init_called = custom_md_cleanup_called = 0; + + nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); + if (!TEST_int_ne(nid, NID_undef)) + goto err; + tmp = EVP_MD_meth_new(nid, NID_undef); + if (!TEST_ptr(tmp)) + goto err; + + if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) + || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) + || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, + sizeof(custom_dgst_ctx)))) + goto err; + + mdctx = EVP_MD_CTX_new(); + if (!TEST_ptr(mdctx) + /* + * Initing our custom md and then initing another md should + * result in the init and cleanup functions of the custom md + * from being called. + */ + || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) + || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) + || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) + || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) + || !TEST_int_eq(custom_md_init_called, 1) + || !TEST_int_eq(custom_md_cleanup_called, 1)) + goto err; + + testresult = 1; + err: + EVP_MD_CTX_free(mdctx); + EVP_MD_meth_free(tmp); + return testresult; +} + # ifndef OPENSSL_NO_DYNAMIC_ENGINE /* Test we can create a signature keys with an associated ENGINE */ static int test_signatures_with_engine(int tst) @@ -4473,6 +4557,7 @@ #ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_ALL_TESTS(test_custom_pmeth, 12); ADD_TEST(test_evp_md_cipher_meth); + ADD_TEST(test_custom_md_meth); # ifndef OPENSSL_NO_DYNAMIC_ENGINE /* Tests only support the default libctx */ diff -Nru openssl-3.0.1/test/evp_pkey_dparams_test.c openssl-3.0.2/test/evp_pkey_dparams_test.c --- openssl-3.0.1/test/evp_pkey_dparams_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/evp_pkey_dparams_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,6 +26,13 @@ #endif #ifndef OPENSSL_NO_KEYPARAMS + +struct pubkey { + int bad; + const unsigned char *key_bin; + size_t key_bin_len; +}; + # ifndef OPENSSL_NO_DH static const unsigned char dhparam_bin[] = { 0x30,0x82,0x01,0x08,0x02,0x82,0x01,0x01,0x00,0xc0,0xd1,0x2e,0x14,0x18,0xbd,0x03, @@ -46,6 +53,79 @@ 0x06,0x7f,0x7f,0xd7,0x7b,0x42,0x5b,0xba,0x93,0x7a,0xeb,0x43,0x5f,0xce,0x59,0x26, 0xe8,0x76,0xdc,0xee,0xe2,0xbe,0x36,0x7a,0x83,0x02,0x01,0x02 }; +static const unsigned char dhkey_1[] = { + 0x7a, 0x49, 0xcb, 0xc3, 0x25, 0x67, 0x7a, 0x61, + 0xd0, 0x60, 0x81, 0x0f, 0xf6, 0xbd, 0x38, 0x82, + 0xe7, 0x38, 0x8c, 0xe9, 0xd1, 0x04, 0x33, 0xbf, + 0x8a, 0x03, 0x63, 0xb3, 0x05, 0x04, 0xb5, 0x1f, + 0xba, 0x9f, 0x1a, 0x5f, 0x31, 0x3e, 0x96, 0x79, + 0x88, 0x7d, 0x3f, 0x59, 0x6d, 0x3b, 0xf3, 0x2f, + 0xf2, 0xa6, 0x43, 0x48, 0x64, 0x5a, 0x6a, 0x32, + 0x1f, 0x24, 0x37, 0x62, 0x54, 0x3a, 0x7d, 0xab, + 0x26, 0x77, 0x7c, 0xec, 0x57, 0x3c, 0xa4, 0xbd, + 0x96, 0x9d, 0xaa, 0x3b, 0x0e, 0x9a, 0x55, 0x7e, + 0x1d, 0xb4, 0x47, 0x5b, 0xea, 0x20, 0x3c, 0x6d, + 0xbe, 0xd6, 0x70, 0x7d, 0xa8, 0x9e, 0x84, 0xb4, + 0x03, 0x52, 0xf2, 0x08, 0x4c, 0x98, 0xd3, 0x4f, + 0x58, 0xb3, 0xdf, 0xb4, 0xe6, 0xdc, 0x2c, 0x43, + 0x55, 0xd1, 0xce, 0x2a, 0xb3, 0xfc, 0xe0, 0x29, + 0x97, 0xd8, 0xd8, 0x62, 0xc6, 0x87, 0x0a, 0x1b, + 0xfd, 0x72, 0x74, 0xe0, 0xa9, 0xfb, 0xfa, 0x91, + 0xf2, 0xc1, 0x09, 0x93, 0xea, 0x63, 0xf6, 0x9a, + 0x4b, 0xdf, 0x4e, 0xdf, 0x6b, 0xf9, 0xeb, 0xf6, + 0x66, 0x3c, 0xfd, 0x6f, 0x68, 0xcb, 0xdb, 0x6e, + 0x40, 0x65, 0xf7, 0xf2, 0x46, 0xe5, 0x0d, 0x9a, + 0xd9, 0x6f, 0xcf, 0x28, 0x22, 0x8f, 0xca, 0x0b, + 0x30, 0xa0, 0x9e, 0xa5, 0x13, 0xba, 0x72, 0x7f, + 0x85, 0x3d, 0x02, 0x9c, 0x97, 0x8e, 0x6f, 0xea, + 0x6d, 0x35, 0x4e, 0xd1, 0x78, 0x7d, 0x73, 0x60, + 0x92, 0xa9, 0x12, 0xf4, 0x2a, 0xac, 0x17, 0x97, + 0xf3, 0x7b, 0x79, 0x08, 0x69, 0xd1, 0x9e, 0xb5, + 0xf8, 0x2a, 0x0a, 0x2b, 0x00, 0x7b, 0x16, 0x8d, + 0x41, 0x82, 0x3a, 0x72, 0x58, 0x57, 0x80, 0x65, + 0xae, 0x17, 0xbc, 0x3a, 0x5b, 0x7e, 0x5c, 0x2d, + 0xae, 0xb2, 0xc2, 0x26, 0x20, 0x9a, 0xaa, 0x57, + 0x4b, 0x7d, 0x43, 0x41, 0x96, 0x3f, 0xf0, 0x0d +}; +/* smaller but still valid key */ +static const unsigned char dhkey_2[] = { + 0x73, 0xb2, 0x22, 0x91, 0x27, 0xb9, 0x45, 0xb0, + 0xfd, 0x17, 0x66, 0x79, 0x9b, 0x32, 0x71, 0x92, + 0x97, 0x1d, 0x70, 0x02, 0x37, 0x70, 0x79, 0x63, + 0xed, 0x11, 0x22, 0xe9, 0xe6, 0xf8, 0xeb, 0xd7, + 0x90, 0x00, 0xe6, 0x5c, 0x47, 0x02, 0xfb, 0x13, + 0xca, 0x29, 0x14, 0x1e, 0xf4, 0x61, 0x58, 0xf6, + 0xaa, 0xbb, 0xcf, 0xa7, 0x82, 0x9a, 0x9e, 0x7c, + 0x4a, 0x05, 0x42, 0xed, 0x55, 0xd8, 0x08, 0x37, + 0x06, 0x49, 0x9b, 0xda, 0xb3, 0xb9, 0xc9, 0xc0, + 0x56, 0x26, 0xda, 0x60, 0x1d, 0xbc, 0x06, 0x0b, + 0xb0, 0x94, 0x4b, 0x4e, 0x95, 0xf9, 0xb4, 0x2f, + 0x4e, 0xad, 0xf8, 0xab, 0x2d, 0x19, 0xa2, 0xe6, + 0x6d, 0x11, 0xfd, 0x9b, 0x5a, 0x2a, 0xb0, 0x81, + 0x42, 0x4d, 0x86, 0x76, 0xd5, 0x9e, 0xaf, 0xf9, + 0x6f, 0x79, 0xab, 0x1d, 0xfe, 0xd8, 0xc8, 0xba, + 0xb6, 0xce, 0x03, 0x61, 0x48, 0x53, 0xd8, 0x0b, + 0x83, 0xf0, 0xb0, 0x46, 0xa0, 0xea, 0x46, 0x60, + 0x7a, 0x39, 0x4e, 0x46, 0x6a, 0xbb, 0x07, 0x6c, + 0x8c, 0x7d, 0xb7, 0x7d, 0x5b, 0xe5, 0x24, 0xa5, + 0xab, 0x41, 0x8a, 0xc4, 0x63, 0xf9, 0xce, 0x20, + 0x6f, 0x58, 0x4f, 0x0e, 0x42, 0x82, 0x9e, 0x17, + 0x53, 0xa6, 0xd6, 0x42, 0x3e, 0x80, 0x66, 0x6f, + 0x2a, 0x1c, 0x30, 0x08, 0x01, 0x99, 0x5a, 0x4f, + 0x72, 0x16, 0xed, 0xb0, 0xd6, 0x8c, 0xf0, 0x7a, + 0x33, 0x15, 0xc4, 0x95, 0x65, 0xba, 0x11, 0x37, + 0xa0, 0xcc, 0xe7, 0x45, 0x65, 0x4f, 0x17, 0x0a, + 0x2c, 0x62, 0xc0, 0x65, 0x3b, 0x65, 0x2a, 0x56, + 0xf7, 0x29, 0x8a, 0x9b, 0x1b, 0xbb, 0x0c, 0x40, + 0xcd, 0x66, 0x4b, 0x4f, 0x2f, 0xba, 0xdb, 0x59, + 0x93, 0x6d, 0x34, 0xf3, 0x8d, 0xde, 0x68, 0x99, + 0x78, 0xfc, 0xac, 0x95, 0xd9, 0xa3, 0x74, 0xe6, + 0x24, 0x96, 0x98, 0x6f, 0x64, 0x71, 0x76 +}; +/* 1 is not a valid key */ +static const unsigned char dhkey_3[] = { + 0x01 +}; # endif # ifndef OPENSSL_NO_DSA @@ -92,21 +172,73 @@ static const unsigned char ecparam_bin[] = { 0x06,0x08,0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07 }; +static const unsigned char eckey_1[] = { + 0x04, 0xc8, 0x65, 0x45, 0x63, 0x73, 0xe5, 0x0a, + 0x61, 0x1d, 0xcf, 0x60, 0x76, 0x2c, 0xe7, 0x36, + 0x0b, 0x76, 0xc2, 0x92, 0xfc, 0xa4, 0x56, 0xee, + 0xc2, 0x62, 0x05, 0x00, 0x80, 0xe4, 0x4f, 0x07, + 0x3b, 0xf4, 0x59, 0xb8, 0xc3, 0xb3, 0x1f, 0x77, + 0x36, 0x16, 0x4c, 0x72, 0x2a, 0xc0, 0x89, 0x89, + 0xd6, 0x16, 0x14, 0xee, 0x2f, 0x5a, 0xde, 0x9e, + 0x83, 0xc5, 0x78, 0xd0, 0x0b, 0x69, 0xb4, 0xb9, + 0xf1 +}; +/* a modified key */ +static const unsigned char eckey_2[] = { + 0x04, 0xc8, 0x65, 0x45, 0x63, 0x73, 0xe5, 0x0a, + 0x61, 0x1d, 0xcf, 0x60, 0x76, 0x2c, 0xe7, 0x36, + 0x0b, 0x77, 0xc2, 0x92, 0xfc, 0xa4, 0x56, 0xee, + 0xc2, 0x62, 0x05, 0x00, 0x80, 0xe4, 0x4f, 0x07, + 0x3b, 0xf4, 0x59, 0xb8, 0xc3, 0xb3, 0x1f, 0x77, + 0x36, 0x16, 0x4c, 0x72, 0x2a, 0xc0, 0x89, 0x89, + 0xd6, 0x16, 0x14, 0xee, 0x2f, 0x5a, 0xde, 0x9e, + 0x83, 0xc5, 0x78, 0xd0, 0x0b, 0x69, 0xb4, 0xb9, + 0xf1 +}; +/* an added byte */ +static const unsigned char eckey_3[] = { + 0x04, 0xc8, 0x65, 0x45, 0x63, 0x73, 0xe5, 0x0a, + 0x61, 0x1d, 0xcf, 0x60, 0x76, 0x2c, 0xe7, 0x36, + 0x0b, 0x76, 0xc2, 0x92, 0xfc, 0xa4, 0x56, 0xee, + 0xc2, 0x62, 0x05, 0x00, 0x80, 0xe4, 0x4f, 0x07, + 0x3b, 0xf4, 0x59, 0xb8, 0xc3, 0xb3, 0x1f, 0x77, + 0x36, 0x16, 0x4c, 0x72, 0x2a, 0xc0, 0x89, 0x89, + 0xd6, 0x16, 0x14, 0xee, 0x2f, 0x5a, 0xde, 0x9e, + 0x83, 0xc5, 0x78, 0xd0, 0x0b, 0x69, 0xb4, 0xb9, + 0xf1, 0xaa +}; # endif +#define NUM_KEYS 10 + static const struct { int type; const unsigned char *param_bin; size_t param_bin_len; + struct pubkey keys[NUM_KEYS]; } pkey_params [] = { # ifndef OPENSSL_NO_DH - { EVP_PKEY_DH, dhparam_bin, sizeof(dhparam_bin) }, + { EVP_PKEY_DH, dhparam_bin, sizeof(dhparam_bin), + { { 0, dhkey_1, sizeof(dhkey_1) }, + { 0, dhkey_2, sizeof(dhkey_2) }, + { 1, dhkey_3, sizeof(dhkey_3) }, + { 1, dhkey_1, 0 }, + { 1, dhparam_bin, sizeof(dhparam_bin) } + } + }, # endif # ifndef OPENSSL_NO_DSA { EVP_PKEY_DSA, dsaparam_bin, sizeof(dsaparam_bin) }, # endif # ifndef OPENSSL_NO_EC - { EVP_PKEY_EC, ecparam_bin, sizeof(ecparam_bin) } + { EVP_PKEY_EC, ecparam_bin, sizeof(ecparam_bin), + { { 0, eckey_1, sizeof(eckey_1) }, + { 1, eckey_2, sizeof(eckey_2) }, + { 1, eckey_3, sizeof(eckey_3) }, + { 1, eckey_1, 0 }, + { 1, eckey_1, sizeof(eckey_1) - 1 } + } + } # endif }; @@ -114,13 +246,11 @@ { int ret, out_len; BIO *in = NULL, *out = NULL; - EVP_PKEY_CTX *ctx = NULL; EVP_PKEY *in_key = NULL, *out_key = NULL; unsigned char *out_bin; int type = pkey_params[id].type; - ret = TEST_ptr(ctx = EVP_PKEY_CTX_new_id(type, NULL)) - && TEST_ptr(in = BIO_new_mem_buf(pkey_params[id].param_bin, + ret = TEST_ptr(in = BIO_new_mem_buf(pkey_params[id].param_bin, (int)pkey_params[id].param_bin_len)) /* Load in pkey params from binary */ && TEST_ptr(d2i_KeyParams_bio(type, &in_key, in)) @@ -137,7 +267,47 @@ BIO_free(out); EVP_PKEY_free(in_key); EVP_PKEY_free(out_key); - EVP_PKEY_CTX_free(ctx); + return ret; +} + +static int set_enc_pubkey_test(int id) +{ + int ret, i; + BIO *in = NULL; + EVP_PKEY *in_key = NULL; + int type = pkey_params[id].type; + const struct pubkey *keys = pkey_params[id].keys; + + if (keys[0].key_bin == NULL) + return TEST_skip("Not applicable test"); + + ret = TEST_ptr(in = BIO_new_mem_buf(pkey_params[id].param_bin, + (int)pkey_params[id].param_bin_len)) + /* Load in pkey params from binary */ + && TEST_ptr(d2i_KeyParams_bio(type, &in_key, in)); + + for (i = 0; ret && i < NUM_KEYS && keys[i].key_bin != NULL; i++) { + if (keys[i].bad) { + ERR_set_mark(); + ret = ret + && TEST_int_le(EVP_PKEY_set1_encoded_public_key(in_key, + keys[i].key_bin, + keys[i].key_bin_len), + 0); + ERR_pop_to_mark(); + } else { + ret = ret + && TEST_int_gt(EVP_PKEY_set1_encoded_public_key(in_key, + keys[i].key_bin, + keys[i].key_bin_len), + 0); + } + if (!ret) + TEST_info("Test key index #%d", i); + } + + BIO_free(in); + EVP_PKEY_free(in_key); return ret; } #endif @@ -148,6 +318,7 @@ TEST_note("No DH/DSA/EC support"); #else ADD_ALL_TESTS(params_bio_test, OSSL_NELEM(pkey_params)); + ADD_ALL_TESTS(set_enc_pubkey_test, OSSL_NELEM(pkey_params)); #endif return 1; } diff -Nru openssl-3.0.1/test/evp_pkey_provided_test.c openssl-3.0.2/test/evp_pkey_provided_test.c --- openssl-3.0.1/test/evp_pkey_provided_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/evp_pkey_provided_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -128,6 +128,16 @@ return ret; } +static int pass_cb(char *buf, int size, int rwflag, void *u) +{ + return 0; +} + +static int pass_cb_error(char *buf, int size, int rwflag, void *u) +{ + return -1; +} + static int test_print_key_using_pem(const char *alg, const EVP_PKEY *pk) { BIO *membio = BIO_new(BIO_s_mem()); @@ -140,6 +150,35 @@ !TEST_true(PEM_write_bio_PrivateKey(bio_out, pk, EVP_aes_256_cbc(), (unsigned char *)"pass", 4, NULL, NULL)) + /* Output zero-length passphrase encrypted private key in PEM form */ + || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, + EVP_aes_256_cbc(), + (const char *)~0, 0, + NULL, NULL)) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, + EVP_aes_256_cbc(), + NULL, 0, NULL, "")) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, + EVP_aes_256_cbc(), + NULL, 0, pass_cb, NULL)) + || !TEST_false(PEM_write_bio_PKCS8PrivateKey(bio_out, pk, + EVP_aes_256_cbc(), + NULL, 0, pass_cb_error, + NULL)) +#ifndef OPENSSL_NO_DES + || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + (const char *)~0, 0, NULL, NULL)) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0, + NULL, "")) + || !TEST_true(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0, + pass_cb, NULL)) + || !TEST_false(PEM_write_bio_PKCS8PrivateKey_nid( + bio_out, pk, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NULL, 0, + pass_cb_error, NULL)) +#endif /* Private key in text form */ || !TEST_int_gt(EVP_PKEY_print_private(membio, pk, 0, NULL), 0) || !TEST_true(compare_with_file(alg, PRIV_TEXT, membio)) @@ -1113,8 +1152,6 @@ return ret; } -#define CURVE_NAME 2 - static int test_fromdata_ec(void) { int ret = 0; @@ -1126,6 +1163,11 @@ OSSL_PARAM *fromdata_params = NULL; const char *alg = "EC"; const char *curve = "prime256v1"; + const char bad_curve[] = "nonexistent-curve"; + OSSL_PARAM nokey_params[2] = { + OSSL_PARAM_END, + OSSL_PARAM_END + }; /* UNCOMPRESSED FORMAT */ static const unsigned char ec_pub_keydata[] = { POINT_CONVERSION_UNCOMPRESSED, @@ -1179,6 +1221,16 @@ if (!TEST_ptr(ctx)) goto err; + /* try importing parameters with bad curve first */ + nokey_params[0] = + OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + (char *)bad_curve, sizeof(bad_curve)); + if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) + || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEY_PARAMETERS, + nokey_params), 0) + || !TEST_ptr_null(pk)) + goto err; + if (!TEST_int_eq(EVP_PKEY_fromdata_init(ctx), 1) || !TEST_int_eq(EVP_PKEY_fromdata(ctx, &pk, EVP_PKEY_KEYPAIR, fromdata_params), 1)) diff -Nru openssl-3.0.1/test/evp_test.c openssl-3.0.2/test/evp_test.c --- openssl-3.0.1/test/evp_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/evp_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -574,7 +574,9 @@ } ERR_clear_last_mark(); - cdat = OPENSSL_zalloc(sizeof(*cdat)); + if (!TEST_ptr(cdat = OPENSSL_zalloc(sizeof(*cdat)))) + return 0; + cdat->cipher = cipher; cdat->fetched_cipher = fetched_cipher; cdat->enc = -1; @@ -1175,11 +1177,22 @@ return 0; } - mdat = OPENSSL_zalloc(sizeof(*mdat)); + if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) + return 0; + mdat->type = type; - mdat->mac_name = OPENSSL_strdup(alg); + if (!TEST_ptr(mdat->mac_name = OPENSSL_strdup(alg))) { + OPENSSL_free(mdat); + return 0; + } + mdat->mac = mac; - mdat->controls = sk_OPENSSL_STRING_new_null(); + if (!TEST_ptr(mdat->controls = sk_OPENSSL_STRING_new_null())) { + OPENSSL_free(mdat->mac_name); + OPENSSL_free(mdat); + return 0; + } + mdat->output_size = mdat->block_size = -1; t->data = mdat; return 1; @@ -1843,6 +1856,51 @@ return parse_bin(value, &kdata->output, &kdata->output_len); if (strcmp(keyword, "Ctrl") == 0) return pkey_test_ctrl(t, kdata->ctx, value); + if (strcmp(keyword, "KDFType") == 0) { + OSSL_PARAM params[2]; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, + (char *)value, 0); + params[1] = OSSL_PARAM_construct_end(); + if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) + return -1; + return 1; + } + if (strcmp(keyword, "KDFDigest") == 0) { + OSSL_PARAM params[2]; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, + (char *)value, 0); + params[1] = OSSL_PARAM_construct_end(); + if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) + return -1; + return 1; + } + if (strcmp(keyword, "CEKAlg") == 0) { + OSSL_PARAM params[2]; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, + (char *)value, 0); + params[1] = OSSL_PARAM_construct_end(); + if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) + return -1; + return 1; + } + if (strcmp(keyword, "KDFOutlen") == 0) { + OSSL_PARAM params[2]; + char *endptr; + size_t outlen = (size_t)strtoul(value, &endptr, 0); + + if (endptr[0] != '\0') + return -1; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, + &outlen); + params[1] = OSSL_PARAM_construct_end(); + if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0) + return -1; + return 1; + } return 0; } @@ -1858,7 +1916,8 @@ goto err; } - if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0) { + if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0 + || !TEST_size_t_ne(got_len, 0)) { t->err = "DERIVE_ERROR"; goto err; } @@ -2516,7 +2575,7 @@ item->pr_entropyB_len); params[1] = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_RAND_CTX_set_params(expected->parent, params))) - return 0; + goto err; } if (!TEST_true(EVP_RAND_generate (expected->ctx, got, got_len, diff -Nru openssl-3.0.1/test/helpers/handshake.c openssl-3.0.2/test/helpers/handshake.c --- openssl-3.0.1/test/helpers/handshake.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/helpers/handshake.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -305,10 +305,18 @@ static int n_retries = 0; static int verify_retry_cb(X509_STORE_CTX *ctx, void *arg) { + int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + SSL *ssl; + + /* this should not happen but check anyway */ + if (idx < 0 + || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) + return 0; + if (--n_retries < 0) return 1; - X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); - return -1; + + return SSL_set_retry_verify(ssl); } static int verify_accept_cb(X509_STORE_CTX *ctx, void *arg) { diff -Nru openssl-3.0.1/test/helpers/handshake_srp.c openssl-3.0.2/test/helpers/handshake_srp.c --- openssl-3.0.1/test/helpers/handshake_srp.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/helpers/handshake_srp.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,6 +49,13 @@ SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb); server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user); server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password); + if (server_ctx_data->srp_user == NULL || server_ctx_data->srp_password == NULL) { + OPENSSL_free(server_ctx_data->srp_user); + OPENSSL_free(server_ctx_data->srp_password); + server_ctx_data->srp_user = NULL; + server_ctx_data->srp_password = NULL; + return 0; + } SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data); } if (extra->server2.srp_user != NULL) { @@ -57,6 +64,13 @@ SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb); server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user); server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password); + if (server2_ctx_data->srp_user == NULL || server2_ctx_data->srp_password == NULL) { + OPENSSL_free(server2_ctx_data->srp_user); + OPENSSL_free(server2_ctx_data->srp_password); + server2_ctx_data->srp_user = NULL; + server2_ctx_data->srp_password = NULL; + return 0; + } SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data); } if (extra->client.srp_user != NULL) { @@ -65,6 +79,8 @@ return 0; SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb); client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password); + if (client_ctx_data->srp_password == NULL) + return 0; SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data); } return 1; diff -Nru openssl-3.0.1/test/helpers/predefined_dhparams.c openssl-3.0.2/test/helpers/predefined_dhparams.c --- openssl-3.0.1/test/helpers/predefined_dhparams.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/helpers/predefined_dhparams.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -162,6 +162,27 @@ if (p == NULL) goto err; + dhpkey = get_dh_from_pg_bn(libctx, "DH", p, g, NULL); + + err: + BN_free(p); + BN_free(g); + return dhpkey; +} + +EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx) +{ + BIGNUM *p = NULL, *g = NULL; + EVP_PKEY *dhpkey = NULL; + + g = BN_new(); + if (g == NULL || !BN_set_word(g, 2)) + goto err; + + p = BN_get_rfc3526_prime_4096(NULL); + if (p == NULL) + goto err; + dhpkey = get_dh_from_pg_bn(libctx, "DH", p, g, NULL); err: diff -Nru openssl-3.0.1/test/helpers/predefined_dhparams.h openssl-3.0.2/test/helpers/predefined_dhparams.h --- openssl-3.0.1/test/helpers/predefined_dhparams.h 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/helpers/predefined_dhparams.h 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,4 +14,5 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx); EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct); EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx); +EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx); #endif diff -Nru openssl-3.0.1/test/hmactest.c openssl-3.0.2/test/hmactest.c --- openssl-3.0.1/test/hmactest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/hmactest.c 2022-03-15 14:30:24.000000000 +0000 @@ -245,6 +245,36 @@ return ret; } +static int test_hmac_copy_uninited(void) +{ + const unsigned char key[24] = {0}; + const unsigned char ct[166] = {0}; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *ctx = NULL; + EVP_MD_CTX *ctx_tmp = NULL; + int res = 0; + + if (!TEST_ptr(ctx = EVP_MD_CTX_new()) + || !TEST_ptr(pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, + key, sizeof(key))) + || !TEST_true(EVP_DigestSignInit(ctx, NULL, EVP_sha1(), NULL, pkey)) + || !TEST_ptr(ctx_tmp = EVP_MD_CTX_new()) + || !TEST_true(EVP_MD_CTX_copy(ctx_tmp, ctx))) + goto err; + EVP_MD_CTX_free(ctx); + ctx = ctx_tmp; + ctx_tmp = NULL; + + if (!TEST_true(EVP_DigestSignUpdate(ctx, ct, sizeof(ct)))) + goto err; + res = 1; + err: + EVP_MD_CTX_free(ctx); + EVP_MD_CTX_free(ctx_tmp); + EVP_PKEY_free(pkey); + return res; +} + # ifndef OPENSSL_NO_MD5 static char *pt(unsigned char *md, unsigned int len) { @@ -266,6 +296,7 @@ ADD_TEST(test_hmac_bad); ADD_TEST(test_hmac_run); ADD_TEST(test_hmac_copy); + ADD_TEST(test_hmac_copy_uninited); return 1; } diff -Nru openssl-3.0.1/test/pbetest.c openssl-3.0.2/test/pbetest.c --- openssl-3.0.1/test/pbetest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/pbetest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/test/property_test.c openssl-3.0.2/test/property_test.c --- openssl-3.0.1/test/property_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/property_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff -Nru openssl-3.0.1/test/provfetchtest.c openssl-3.0.2/test/provfetchtest.c --- openssl-3.0.1/test/provfetchtest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/provfetchtest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -225,6 +225,7 @@ * Test 1: Encoder * Test 2: Store loader * Test 3: EVP_RAND + * Test 4-7: As above, but additionally with a query string */ static int fetch_test(int tst) { @@ -236,6 +237,7 @@ OSSL_STORE_LOADER *loader = NULL; int testresult = 0; unsigned char buf[32]; + int query = tst > 3; if (!TEST_ptr(libctx)) goto err; @@ -246,24 +248,29 @@ || !TEST_ptr(dummyprov = OSSL_PROVIDER_load(libctx, "dummy-prov"))) goto err; - switch(tst) { + switch (tst % 4) { case 0: - decoder = OSSL_DECODER_fetch(libctx, "DUMMY", NULL); + decoder = OSSL_DECODER_fetch(libctx, "DUMMY", + query ? "provider=dummy" : NULL); if (!TEST_ptr(decoder)) goto err; break; case 1: - encoder = OSSL_ENCODER_fetch(libctx, "DUMMY", NULL); + encoder = OSSL_ENCODER_fetch(libctx, "DUMMY", + query ? "provider=dummy" : NULL); if (!TEST_ptr(encoder)) goto err; break; case 2: - loader = OSSL_STORE_LOADER_fetch(libctx, "DUMMY", NULL); + loader = OSSL_STORE_LOADER_fetch(libctx, "DUMMY", + query ? "provider=dummy" : NULL); if (!TEST_ptr(loader)) goto err; break; case 3: - if (!TEST_true(RAND_set_DRBG_type(libctx, "DUMMY", NULL, NULL, NULL)) + if (!TEST_true(RAND_set_DRBG_type(libctx, "DUMMY", + query ? "provider=dummy" : NULL, + NULL, NULL)) || !TEST_int_ge(RAND_bytes_ex(libctx, buf, sizeof(buf), 0), 1)) goto err; break; @@ -284,7 +291,7 @@ int setup_tests(void) { - ADD_ALL_TESTS(fetch_test, 4); + ADD_ALL_TESTS(fetch_test, 8); return 1; } diff -Nru openssl-3.0.1/test/recipes/01-test_symbol_presence.t openssl-3.0.2/test/recipes/01-test_symbol_presence.t --- openssl-3.0.1/test/recipes/01-test_symbol_presence.t 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/01-test_symbol_presence.t 2022-03-15 14:30:24.000000000 +0000 @@ -76,7 +76,7 @@ # Drop the first space and everything following it s| .*||; # Drop OpenSSL dynamic version information if there is any - s|\@\@OPENSSL_[0-9._]+[a-z]?$||; + s|\@\@.+$||; # Return the result $_ } diff -Nru openssl-3.0.1/test/recipes/03-test_internal_sm3.t openssl-3.0.2/test/recipes/03-test_internal_sm3.t --- openssl-3.0.1/test/recipes/03-test_internal_sm3.t 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/03-test_internal_sm3.t 2022-03-15 14:30:24.000000000 +0000 @@ -1,8 +1,8 @@ #! /usr/bin/env perl -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2021 [UnionTech](https://www.uniontech.com). All Rights Reserved. # -# Licensed under the OpenSSL license (the "License"). You may not use +# Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/test/recipes/10-test_bn_data/bnmod.txt openssl-3.0.2/test/recipes/10-test_bn_data/bnmod.txt --- openssl-3.0.1/test/recipes/10-test_bn_data/bnmod.txt 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/10-test_bn_data/bnmod.txt 2022-03-15 14:30:24.000000000 +0000 @@ -1,4 +1,4 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2799,3 +2799,15 @@ ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + +# Negative testcases for BN_mod_sqrt() + +# This one triggers an infinite loop with unfixed implementation +# It should just fail. +ModSqrt = -1 +A = 20a7ee +P = 460201 + +ModSqrt = -1 +A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed +P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f diff -Nru openssl-3.0.1/test/recipes/15-test_gendhparam.t openssl-3.0.2/test/recipes/15-test_gendhparam.t --- openssl-3.0.1/test/recipes/15-test_gendhparam.t 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/15-test_gendhparam.t 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -118,12 +118,12 @@ # expect => [ 'BEGIN DH PARAMETERS', 'G: 5' ], # message => 'DH safe prime generator using an alias', # }, - { + { algorithm => 'DHX', pkeyopts => [ 'type:generator', 'safeprime-generator:5'], expect => [ 'ERROR' ], message => 'safe prime generator should fail for DHX', - }, + } ); plan skip_all => "DH isn't supported in this build" if disabled("dh"); @@ -140,9 +140,17 @@ push(@pkeyopts, '-pkeyopt'); push(@pkeyopts, $_); } - my @lines = run(app(['openssl', 'genpkey', '-genparam', + my @lines; + if ($expected[0] eq 'ERROR') { + @lines = run(app(['openssl', 'genpkey', '-genparam', + '-algorithm', $alg, '-text', @pkeyopts], + stderr => undef), + capture => 1); + } else { + @lines = run(app(['openssl', 'genpkey', '-genparam', '-algorithm', $alg, '-text', @pkeyopts]), - capture => 1); + capture => 1); + } ok(compareline(\@lines, \@expected), $msg); } @@ -157,7 +165,7 @@ } print "-----------------\n"; foreach (@lines) { - print $_; + print "# ".$_; } print "-----------------\n"; foreach my $ex (@expected) { diff -Nru openssl-3.0.1/test/recipes/15-test_genrsa.t openssl-3.0.2/test/recipes/15-test_genrsa.t --- openssl-3.0.1/test/recipes/15-test_genrsa.t 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/15-test_genrsa.t 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ plan tests => ($no_fips ? 0 : 3) # Extra FIPS related tests - + 13; + + 15; # We want to know that an absurdly small number of bits isn't support is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem', @@ -103,6 +103,11 @@ "genrsa -f4 $good"); ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), "rsa -check"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', + '-aes256', '-passout', 'pass:x' ])), + "rsa encrypt"); +ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), + "rsa decrypt"); unless ($no_fips) { my $provconf = srctop_file("test", "fips-and-base.cnf"); diff -Nru openssl-3.0.1/test/recipes/20-test_dgst.t openssl-3.0.2/test/recipes/20-test_dgst.t --- openssl-3.0.1/test/recipes/20-test_dgst.t 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/20-test_dgst.t 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ use File::Spec; use File::Basename; -use OpenSSL::Test qw/:DEFAULT with srctop_file bldtop_file/; +use OpenSSL::Test qw/:DEFAULT with srctop_file bldtop_dir/; use OpenSSL::Test::Utils; setup("test_dgst"); @@ -113,8 +113,8 @@ my $testdata = srctop_file('test', 'data.bin'); # intentionally using -engine twice, please do not remove the duplicate line my @macdata = run(app(['openssl', 'dgst', '-sha1', - '-engine', $^O eq 'linux' ? bldtop_file("engines", "ossltest.so") : "ossltest", - '-engine', $^O eq 'linux' ? bldtop_file("engines", "ossltest.so") : "ossltest", + '-engine', "ossltest", + '-engine', "ossltest", $testdata]), capture => 1); chomp(@macdata); my $expected = qr/SHA1\(\Q$testdata\E\)= 000102030405060708090a0b0c0d0e0f10111213/; diff -Nru openssl-3.0.1/test/recipes/25-test_req.t openssl-3.0.2/test/recipes/25-test_req.t --- openssl-3.0.1/test/recipes/25-test_req.t 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/25-test_req.t 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ setup("test_req"); -plan tests => 43; +plan tests => 44; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); @@ -49,6 +49,11 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); +# If a CSR is provided with neither of -key or -CA/-CAkey, this should fail. +ok(!run(app(["openssl", "req", "-x509", + "-in", srctop_file(@certs, "x509-check.csr"), + "-out", "testreq.pem"]))); + subtest "generating alt certificate requests with RSA" => sub { plan tests => 3; @@ -383,7 +388,8 @@ my $ca_key = srctop_file(@certs, "ca-key.pem"); my $key = $is_ca ? $ca_key : srctop_file(@certs, "ee-key.pem"); my @cmd = ("openssl", "req", "-config", "", "-x509", - "-key", $key, "-subj", "/CN=$cn", @_, "-out", $cert); + "-subj", "/CN=$cn", @_, "-out", $cert); + push(@cmd, ("-key", $key)) if $ss; push(@cmd, ("-CA", $ca_cert, "-CAkey", $ca_key)) unless $ss; ok(run(app([@cmd])), "generate $cert"); } @@ -442,12 +448,14 @@ #TODO strict_verify($cert, 1); # should be accepted because RFC 5280 does not apply $cert = "v3_EE_default_KIDs.pem"; -generate_cert($cert, "-addext", "keyUsage = dataEncipherment"); +generate_cert($cert, "-addext", "keyUsage = dataEncipherment", + "-key", srctop_file(@certs, "ee-key.pem")); cert_ext_has_n_different_lines($cert, 4, $SKID_AKID); # SKID != AKID strict_verify($cert, 1, $ca_cert); $cert = "v3_EE_no_AKID.pem"; -generate_cert($cert, "-addext", "authorityKeyIdentifier = none"); +generate_cert($cert, "-addext", "authorityKeyIdentifier = none", + "-key", srctop_file(@certs, "ee-key.pem")); has_SKID($cert, 1); has_AKID($cert, 0); strict_verify($cert, 0, $ca_cert); diff -Nru openssl-3.0.1/test/recipes/30-test_evp_data/evpciph_des3_common.txt openssl-3.0.2/test/recipes/30-test_evp_data/evpciph_des3_common.txt --- openssl-3.0.1/test/recipes/30-test_evp_data/evpciph_des3_common.txt 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/30-test_evp_data/evpciph_des3_common.txt 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,7 +11,7 @@ # PrivPubKeyPair Sign Verify VerifyRecover # and continue until a blank line. Lines starting with a pound sign are ignored. -Title = DES3 Test +Title = DES3 Tests # DES EDE3 CBC tests (from destest) Cipher = DES-EDE3-CBC @@ -20,3 +20,16 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 NextIV = 1c673812cfde9675 + +# DES EDE3 ECB test +Cipher = DES-EDE3-ECB +Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 62c10cc9efbf15aaa5ae2e487b690e56d8b1dfb8f5c5b293855e77dd9024b1b1 + +# DES EDE ECB test +Availablein = default +Cipher = DES-EDE-ECB +Key = 0123456789abcdeffedcba9876543210 +Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 +Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d diff -Nru openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ffdhe.txt openssl-3.0.2/test/recipes/30-test_evp_data/evppkey_ffdhe.txt --- openssl-3.0.1/test/recipes/30-test_evp_data/evppkey_ffdhe.txt 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/30-test_evp_data/evppkey_ffdhe.txt 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -93,6 +93,27 @@ Ctrl = dh_pad:1 SharedSecret=00006620DD85B56EE8540C8040CAC46B7385344A164E4DBDF521F7D99F88FA68EDD295A45E36E0BBD5FF5DE84598824E2CA52ED82ACA918CAECC6B22846D0FC6F0203E8B6963964D11E9E704F83AF1D60E9B1931139E9E9967C4665A831A75D99359A8BA80DD5921E74379AF4CA8DB453EDBC5E669AB17A5254CA6C96794CD5196BE90AF37742C8F6812515FFCC45B08F4158EFF9559F1AEF3665B3D91519DCBC6DF22CD6DA521B86613558602E73D2CA4666972F7D2CB6B46299B1DF2DA29A2A2D99D105E10CB553D6738A9B1DB2A0314C3CF30642D5C44695623D8B95C4426BEA830FB51816B4F086945E9B12A445F42DD68610E3F378A6E69A383D13D85BF +# The following two testcases check that the padding is implicitly enabled +# with X942KDF-ASN1 KDF. +# The plain shared secret for these keys needs padding as seen above. +Derive=ffdhe2048-1 +PeerKey=ffdhe2048-2-pub +KDFType=X942KDF-ASN1 +KDFOutlen=32 +KDFDigest=SHA-256 +CEKAlg=id-aes128-wrap +Ctrl = dh_pad:1 +SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 + +Derive=ffdhe2048-2 +PeerKey=ffdhe2048-1-pub +KDFType=X942KDF-ASN1 +KDFOutlen=32 +KDFDigest=SHA-256 +CEKAlg=id-aes128-wrap +Ctrl = dh_pad:0 +SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 + PrivateKey=ffdhe3072-1 -----BEGIN PRIVATE KEY----- MIIByQIBADCCAZsGCSqGSIb3DQEDATCCAYwCggGBAP//////////rfhUWKK7Spqv diff -Nru openssl-3.0.1/test/recipes/70-test_verify_extra.t openssl-3.0.2/test/recipes/70-test_verify_extra.t --- openssl-3.0.1/test/recipes/70-test_verify_extra.t 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/70-test_verify_extra.t 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -7,15 +7,11 @@ # https://www.openssl.org/source/license.html -use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_dir/; setup("test_verify_extra"); plan tests => 1; ok(run(test(["verify_extra_test", - srctop_file("test", "certs", "rootCA.pem"), - srctop_file("test", "certs", "roots.pem"), - srctop_file("test", "certs", "untrusted.pem"), - srctop_file("test", "certs", "bad.pem"), - srctop_file("test", "certs", "sm2-csr.pem")]))); + srctop_dir("test", "certs")]))); diff -Nru openssl-3.0.1/test/recipes/80-test_ssl_old.t openssl-3.0.2/test/recipes/80-test_ssl_old.t --- openssl-3.0.1/test/recipes/80-test_ssl_old.t 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/recipes/80-test_ssl_old.t 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -346,11 +346,9 @@ } - # plan tests => 11; - subtest 'standard SSL tests' => sub { ###################################################################### - plan tests => 13; + plan tests => 19; SKIP: { skip "SSLv3 is not supported by this OpenSSL build", 4 @@ -378,7 +376,7 @@ } SKIP: { - skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 8 + skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 14 if $no_anytls; SKIP: { @@ -406,17 +404,29 @@ 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); SKIP: { - skip "No IPv4 available on this machine", 1 + skip "No IPv4 available on this machine", 4 unless !disabled("sock") && have_IPv4(); ok(run(test([@ssltest, "-ipv4"])), 'test TLS via IPv4'); + ok(run(test([@ssltest, "-ipv4", "-client_ktls"])), + 'test TLS via IPv4 + ktls(client)'); + ok(run(test([@ssltest, "-ipv4", "-server_ktls"])), + 'test TLS via IPv4 + ktls(server)'); + ok(run(test([@ssltest, "-ipv4", "-client_ktls", "-server_ktls"])), + 'test TLS via IPv4 + ktls'); } SKIP: { - skip "No IPv6 available on this machine", 1 + skip "No IPv6 available on this machine", 4 unless !disabled("sock") && have_IPv6(); ok(run(test([@ssltest, "-ipv6"])), 'test TLS via IPv6'); + ok(run(test([@ssltest, "-ipv6", "-client_ktls"])), + 'test TLS via IPv6 + ktls(client)'); + ok(run(test([@ssltest, "-ipv6", "-server_ktls"])), + 'test TLS via IPv6 + ktls(client)'); + ok(run(test([@ssltest, "-ipv6", "-client_ktls", "-server_ktls"])), + 'test TLS via IPv6 + ktls'); } } }; @@ -520,7 +530,7 @@ subtest 'RSA/(EC)DHE/PSK tests' => sub { ###################################################################### - plan tests => 6; + plan tests => 10; SKIP: { skip "TLSv1.0 is not supported by this OpenSSL build", 6 @@ -557,7 +567,7 @@ ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])), 'test tls1 with PSK via BIO pair'); - } + } SKIP: { skip "skipping auto DH PSK tests", 1 @@ -568,6 +578,43 @@ } } + SKIP: { + skip "TLSv1.1 is not supported by this OpenSSL build", 4 + if $no_tls1_1; + + SKIP: { + skip "skipping auto DHE PSK test at SECLEVEL 3", 1 + if ($no_dh || $no_psk); + + ok(run(test(['ssl_old_test', '-tls1_1', '-dhe4096', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:DHE-PSK-AES256-CBC-SHA384'])), + 'test auto DHE PSK meets security strength'); + } + + SKIP: { + skip "skipping auto ECDHE PSK test at SECLEVEL 3", 1 + if ($no_ec || $no_psk); + + ok(run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:ECDHE-PSK-AES256-CBC-SHA384'])), + 'test auto ECDHE PSK meets security strength'); + } + + SKIP: { + skip "skipping no RSA PSK at SECLEVEL 3 test", 1 + if ($no_rsa || $no_psk); + + ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:RSA-PSK-AES256-CBC-SHA384'])), + 'test auto RSA PSK does not meet security level 3 requirements (PFS)'); + } + + SKIP: { + skip "skipping no PSK at SECLEVEL 3 test", 1 + if ($no_psk); + + ok(!run(test(['ssl_old_test', '-tls1_1', '-no_dhe', '-psk', '0102030405', '-cipher', '@SECLEVEL=3:PSK-AES256-CBC-SHA384'])), + 'test auto PSK does not meet security level 3 requirements (PFS)'); + } + } + }; subtest 'Custom Extension tests' => sub { diff -Nru openssl-3.0.1/test/run_tests.pl openssl-3.0.2/test/run_tests.pl --- openssl-3.0.1/test/run_tests.pl 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/run_tests.pl 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -309,10 +309,12 @@ my $ret = $harness->runtests(map { [ abs2rel($_, rel2abs(curdir())), basename($_) ] } @preps); -die if $ret->has_errors; -$ret = - $harness->runtests(map { [ abs2rel($_, rel2abs(curdir())), basename($_) ] } - sort { reorder($a) cmp reorder($b) } keys %tests); + +if (ref($ret) ne "TAP::Parser::Aggregator" || !$ret->has_errors) { + $ret = + $harness->runtests(map { [ abs2rel($_, rel2abs(curdir())), basename($_) ] } + sort { reorder($a) cmp reorder($b) } keys %tests); +} # If this is a TAP::Parser::Aggregator, $ret->has_errors is the count of # tests that failed. We don't bother with that exact number, just exit diff -Nru openssl-3.0.1/test/sanitytest.c openssl-3.0.2/test/sanitytest.c --- openssl-3.0.1/test/sanitytest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/sanitytest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -114,6 +114,13 @@ TEST_error("int must not be wider than size_t"); return 0; } + + /* SIZE_MAX is always greater than 2*INT_MAX */ + if (SIZE_MAX - INT_MAX <= INT_MAX) { + TEST_error("SIZE_MAX must exceed 2*INT_MAX"); + return 0; + } + return 1; } diff -Nru openssl-3.0.1/test/sm3_internal_test.c openssl-3.0.2/test/sm3_internal_test.c --- openssl-3.0.1/test/sm3_internal_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/sm3_internal_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,8 +1,8 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2021 UnionTech. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff -Nru openssl-3.0.1/test/sslapitest.c openssl-3.0.2/test/sslapitest.c --- openssl-3.0.1/test/sslapitest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/sslapitest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -557,10 +557,19 @@ static int verify_retry_cb(X509_STORE_CTX *ctx, void *arg) { int res = X509_verify_cert(ctx); + int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + SSL *ssl; + + /* this should not happen but check anyway */ + if (idx < 0 + || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) + return 0; if (res == 0 && X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) - return -1; /* indicate SSL_ERROR_WANT_RETRY_VERIFY */ + /* indicate SSL_ERROR_WANT_RETRY_VERIFY */ + return SSL_set_retry_verify(ssl); + return res; } @@ -672,15 +681,27 @@ return ret; } +static int get_password_cb(char *buf, int size, int rw_flag, void *userdata) +{ + static const char pass[] = "testpass"; + + if (!TEST_int_eq(size, PEM_BUFSIZE)) + return -1; + + memcpy(buf, pass, sizeof(pass) - 1); + return sizeof(pass) - 1; +} + static int test_ssl_ctx_build_cert_chain(void) { int ret = 0; SSL_CTX *ctx = NULL; - char *skey = test_mk_file_path(certsdir, "leaf.key"); + char *skey = test_mk_file_path(certsdir, "leaf-encrypted.key"); char *leaf_chain = test_mk_file_path(certsdir, "leaf-chain.pem"); if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) goto end; + SSL_CTX_set_default_passwd_cb(ctx, get_password_cb); /* leaf_chain contains leaf + subinterCA + interCA + rootCA */ if (!TEST_int_eq(SSL_CTX_use_certificate_chain_file(ctx, leaf_chain), 1) || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, skey, @@ -8062,8 +8083,12 @@ else cert_cb_cnt = 0; - if (tst == 2) - snictx = SSL_CTX_new(TLS_server_method()); + if (tst == 2) { + snictx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); + if (!TEST_ptr(snictx)) + goto end; + } + SSL_CTX_set_cert_cb(sctx, cert_cb, snictx); if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, diff -Nru openssl-3.0.1/test/ssl_old_test.c openssl-3.0.2/test/ssl_old_test.c --- openssl-3.0.1/test/ssl_old_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/ssl_old_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -630,9 +630,11 @@ fprintf(stderr, " -dhe512 - use 512 bit key for DHE (to test failure)\n"); fprintf(stderr, - " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); - fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); + fprintf(stderr, + " -dhe2048 - use 2048 bit key (safe prime) for DHE (default, no-op)\n"); + fprintf(stderr, + " -dhe4096 - use 4096 bit key (safe prime) for DHE\n"); #endif fprintf(stderr, " -no_dhe - disable DHE\n"); #ifndef OPENSSL_NO_EC @@ -647,6 +649,12 @@ #ifndef OPENSSL_NO_TLS1 fprintf(stderr, " -tls1 - use TLSv1\n"); #endif +#ifndef OPENSSL_NO_TLS1_1 + fprintf(stderr, " -tls1_1 - use TLSv1.1\n"); +#endif +#ifndef OPENSSL_NO_TLS1_2 + fprintf(stderr, " -tls1_2 - use TLSv1.2\n"); +#endif #ifndef OPENSSL_NO_DTLS fprintf(stderr, " -dtls - use DTLS\n"); #ifndef OPENSSL_NO_DTLS1 @@ -711,6 +719,8 @@ fprintf(stderr, " -client_sess_in - Read the client session from a file\n"); fprintf(stderr, " -should_reuse - The expected state of reusing the session\n"); fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n"); + fprintf(stderr, " -client_ktls - try to enable client KTLS\n"); + fprintf(stderr, " -server_ktls - try to enable server KTLS\n"); fprintf(stderr, " -provider - Load the given provider into the library context\n"); fprintf(stderr, " -config - Load the given config file into the library context\n"); } @@ -871,7 +881,7 @@ int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0, ssl3 = 0; int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; @@ -883,10 +893,11 @@ int number = 1, reuse = 0; int should_reuse = -1; int no_ticket = 0; + int client_ktls = 0, server_ktls = 0; long bytes = 256L; #ifndef OPENSSL_NO_DH EVP_PKEY *dhpkey; - int dhe512 = 0, dhe1024dsa = 0; + int dhe512 = 0, dhe1024dsa = 0, dhe4096 = 0; int no_dhe = 0; #endif int no_psk = 0; @@ -981,6 +992,8 @@ dhe512 = 1; else if (strcmp(*argv, "-dhe1024dsa") == 0) dhe1024dsa = 1; + else if (strcmp(*argv, "-dhe4096") == 0) + dhe4096 = 1; #endif else if (strcmp(*argv, "-no_ecdhe") == 0) /* obsolete */; @@ -999,6 +1012,8 @@ } else if (strcmp(*argv, "-tls1_2") == 0) { tls1_2 = 1; + } else if (strcmp(*argv, "-tls1_1") == 0) { + tls1_1 = 1; } else if (strcmp(*argv, "-tls1") == 0) { tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { @@ -1167,6 +1182,10 @@ should_reuse = !!atoi(*(++argv)); } else if (strcmp(*argv, "-no_ticket") == 0) { no_ticket = 1; + } else if (strcmp(*argv, "-client_ktls") == 0) { + client_ktls = 1; + } else if (strcmp(*argv, "-server_ktls") == 0) { + server_ktls = 1; } else if (strcmp(*argv, "-provider") == 0) { if (--argc < 1) goto bad; @@ -1217,8 +1236,8 @@ goto end; } - if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should " + if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); EXIT(1); } @@ -1233,6 +1252,11 @@ no_protocol = 1; else #endif +#ifdef OPENSSL_NO_TLS1_1 + if (tls1_1) + no_protocol = 1; + else +#endif #ifdef OPENSSL_NO_TLS1_2 if (tls1_2) no_protocol = 1; @@ -1262,11 +1286,11 @@ goto end; } - if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 + if (!ssl3 && !tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" + "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1318,6 +1342,9 @@ } else if (tls1) { min_version = TLS1_VERSION; max_version = TLS1_VERSION; + } else if (tls1_1) { + min_version = TLS1_1_VERSION; + max_version = TLS1_1_VERSION; } else if (tls1_2) { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; @@ -1482,6 +1509,8 @@ dhpkey = get_dh1024dsa(libctx); else if (dhe512) dhpkey = get_dh512(libctx); + else if (dhe4096) + dhpkey = get_dh4096(libctx); else dhpkey = get_dh2048(libctx); @@ -1724,6 +1753,10 @@ if (sn_client) SSL_set_tlsext_host_name(c_ssl, sn_client); + if (client_ktls) + SSL_set_options(c_ssl, SSL_OP_ENABLE_KTLS); + if (server_ktls) + SSL_set_options(s_ssl, SSL_OP_ENABLE_KTLS); if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION)) goto end; diff -Nru openssl-3.0.1/test/threadstest.c openssl-3.0.2/test/threadstest.c --- openssl-3.0.1/test/threadstest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/threadstest.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,6 +33,8 @@ int res; res = TEST_true(CRYPTO_THREAD_read_lock(lock)) + && TEST_true(CRYPTO_THREAD_unlock(lock)) + && TEST_true(CRYPTO_THREAD_write_lock(lock)) && TEST_true(CRYPTO_THREAD_unlock(lock)); CRYPTO_THREAD_lock_free(lock); diff -Nru openssl-3.0.1/test/tls-provider.c openssl-3.0.2/test/tls-provider.c --- openssl-3.0.1/test/tls-provider.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/tls-provider.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -840,6 +840,9 @@ { OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new(); + if (libctx == NULL) + return 0; + *provctx = libctx; /* diff -Nru openssl-3.0.1/test/upcallstest.c openssl-3.0.2/test/upcallstest.c --- openssl-3.0.1/test/upcallstest.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/upcallstest.c 2022-03-15 14:30:24.000000000 +0000 @@ -68,6 +68,15 @@ if (!c_obj_add_sigid(handle, SIGALG_OID, DIGEST_SN, SIG_LN)) return 0; + /* additional tests checking empty digest algs are accepted, too */ + if (!c_obj_add_sigid(handle, SIGALG_OID, "", SIG_LN)) + return 0; + if (!c_obj_add_sigid(handle, SIGALG_OID, NULL, SIG_LN)) + return 0; + /* checking wrong digest alg name is rejected: */ + if (c_obj_add_sigid(handle, SIGALG_OID, "NonsenseAlg", SIG_LN)) + return 0; + return 1; } diff -Nru openssl-3.0.1/test/verify_extra_test.c openssl-3.0.2/test/verify_extra_test.c --- openssl-3.0.1/test/verify_extra_test.c 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/test/verify_extra_test.c 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,15 +12,20 @@ #include #include #include +#include #include #include #include "testutil.h" -static const char *root_f; -static const char *roots_f; -static const char *untrusted_f; -static const char *bad_f; -static const char *req_f; +static const char *certs_dir; +static char *root_f = NULL; +static char *roots_f = NULL; +static char *untrusted_f = NULL; +static char *bad_f = NULL; +static char *req_f = NULL; +static char *sroot_cert = NULL; +static char *ca_cert = NULL; +static char *ee_cert = NULL; #define load_cert_from_file(file) load_cert_pem(file, NULL) @@ -99,8 +104,6 @@ return ret; } -OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n") - static int test_distinguishing_id(void) { X509 *x = NULL; @@ -219,6 +222,76 @@ return test_self_signed(bad_f, 0, 0); } +static int do_test_purpose(int purpose, int expected) +{ + X509 *eecert = load_cert_from_file(ee_cert); /* may result in NULL */ + X509 *untrcert = load_cert_from_file(ca_cert); + X509 *trcert = load_cert_from_file(sroot_cert); + STACK_OF(X509) *trusted = sk_X509_new_null(); + STACK_OF(X509) *untrusted = sk_X509_new_null(); + X509_STORE_CTX *ctx = X509_STORE_CTX_new(); + int testresult = 0; + + if (!TEST_ptr(eecert) + || !TEST_ptr(untrcert) + || !TEST_ptr(trcert) + || !TEST_ptr(trusted) + || !TEST_ptr(untrusted) + || !TEST_ptr(ctx)) + goto err; + + + if (!TEST_true(sk_X509_push(trusted, trcert))) + goto err; + trcert = NULL; + if (!TEST_true(sk_X509_push(untrusted, untrcert))) + goto err; + untrcert = NULL; + + if (!TEST_true(X509_STORE_CTX_init(ctx, NULL, eecert, untrusted))) + goto err; + + if (!TEST_true(X509_STORE_CTX_set_purpose(ctx, purpose))) + goto err; + + /* + * X509_STORE_CTX_set0_trusted_stack() is bady named. Despite the set0 name + * we are still responsible for freeing trusted after we have finished with + * it. + */ + X509_STORE_CTX_set0_trusted_stack(ctx, trusted); + + if (!TEST_int_eq(X509_verify_cert(ctx), expected)) + goto err; + + testresult = 1; + err: + sk_X509_pop_free(trusted, X509_free); + sk_X509_pop_free(untrusted, X509_free); + X509_STORE_CTX_free(ctx); + X509_free(eecert); + X509_free(untrcert); + X509_free(trcert); + return testresult; +} + +static int test_purpose_ssl_client(void) +{ + return do_test_purpose(X509_PURPOSE_SSL_CLIENT, 0); +} + +static int test_purpose_ssl_server(void) +{ + return do_test_purpose(X509_PURPOSE_SSL_SERVER, 1); +} + +static int test_purpose_any(void) +{ + return do_test_purpose(X509_PURPOSE_ANY, 1); +} + +OPT_TEST_DECLARE_USAGE("certs-dir\n") + int setup_tests(void) { if (!test_skip_common_options()) { @@ -226,13 +299,19 @@ return 0; } - if (!TEST_ptr(root_f = test_get_argument(0)) - || !TEST_ptr(roots_f = test_get_argument(1)) - || !TEST_ptr(untrusted_f = test_get_argument(2)) - || !TEST_ptr(bad_f = test_get_argument(3)) - || !TEST_ptr(req_f = test_get_argument(4))) + if (!TEST_ptr(certs_dir = test_get_argument(0))) return 0; + if (!TEST_ptr(root_f = test_mk_file_path(certs_dir, "rootCA.pem")) + || !TEST_ptr(roots_f = test_mk_file_path(certs_dir, "roots.pem")) + || !TEST_ptr(untrusted_f = test_mk_file_path(certs_dir, "untrusted.pem")) + || !TEST_ptr(bad_f = test_mk_file_path(certs_dir, "bad.pem")) + || !TEST_ptr(req_f = test_mk_file_path(certs_dir, "sm2-csr.pem")) + || !TEST_ptr(sroot_cert = test_mk_file_path(certs_dir, "sroot-cert.pem")) + || !TEST_ptr(ca_cert = test_mk_file_path(certs_dir, "ca-cert.pem")) + || !TEST_ptr(ee_cert = test_mk_file_path(certs_dir, "ee-cert.pem"))) + goto err; + ADD_TEST(test_alt_chains_cert_forgery); ADD_TEST(test_store_ctx); ADD_TEST(test_distinguishing_id); @@ -240,5 +319,23 @@ ADD_TEST(test_self_signed_good); ADD_TEST(test_self_signed_bad); ADD_TEST(test_self_signed_error); + ADD_TEST(test_purpose_ssl_client); + ADD_TEST(test_purpose_ssl_server); + ADD_TEST(test_purpose_any); return 1; + err: + cleanup_tests(); + return 0; +} + +void cleanup_tests(void) +{ + OPENSSL_free(root_f); + OPENSSL_free(roots_f); + OPENSSL_free(untrusted_f); + OPENSSL_free(bad_f); + OPENSSL_free(req_f); + OPENSSL_free(sroot_cert); + OPENSSL_free(ca_cert); + OPENSSL_free(ee_cert); } diff -Nru openssl-3.0.1/util/missingcrypto.txt openssl-3.0.2/util/missingcrypto.txt --- openssl-3.0.1/util/missingcrypto.txt 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/util/missingcrypto.txt 2022-03-15 14:30:24.000000000 +0000 @@ -264,7 +264,6 @@ BN_mod_lshift1(3) BN_mod_lshift1_quick(3) BN_mod_lshift_quick(3) -BN_mod_sqrt(3) BN_mod_sub_quick(3) BN_nist_mod_192(3) BN_nist_mod_224(3) @@ -1277,13 +1276,10 @@ X509_STORE_CTX_get_by_subject(3) X509_STORE_CTX_get_explicit_policy(3) X509_STORE_CTX_get_obj_by_subject(3) -X509_STORE_CTX_purpose_inherit(3) X509_STORE_CTX_set0_dane(3) X509_STORE_CTX_set_depth(3) X509_STORE_CTX_set_flags(3) -X509_STORE_CTX_set_purpose(3) X509_STORE_CTX_set_time(3) -X509_STORE_CTX_set_trust(3) X509_STORE_get_verify(3) X509_TRUST_add(3) X509_TRUST_cleanup(3) diff -Nru openssl-3.0.1/util/missingssl.txt openssl-3.0.2/util/missingssl.txt --- openssl-3.0.1/util/missingssl.txt 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/util/missingssl.txt 2022-03-15 14:30:24.000000000 +0000 @@ -22,12 +22,10 @@ SSL_copy_session_id(3) SSL_dup_CA_list(3) SSL_get0_dane(3) -SSL_get_certificate(3) SSL_get_current_compression(3) SSL_get_current_expansion(3) SSL_get_finished(3) SSL_get_peer_finished(3) -SSL_get_privatekey(3) SSL_set_SSL_CTX(3) SSL_set_debug(3) SSL_set_not_resumable_session_callback(3) diff -Nru openssl-3.0.1/util/other.syms openssl-3.0.2/util/other.syms --- openssl-3.0.1/util/other.syms 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/util/other.syms 2022-03-15 14:30:24.000000000 +0000 @@ -362,7 +362,7 @@ OPENSSL_MSTR_HELPER define OPENSSL_VERSION_MAJOR define OPENSSL_VERSION_MINOR define -OPENSSL_VERSION_NUMBER define deprecated 3.0.0 +OPENSSL_VERSION_NUMBER define OPENSSL_VERSION_PATCH define OPENSSL_VERSION_PRE_RELEASE define OPENSSL_VERSION_PREREQ define @@ -668,3 +668,4 @@ EVP_PKEY_size define EVP_PKEY_id define EVP_PKEY_base_id define +SSL_set_retry_verify define diff -Nru openssl-3.0.1/util/perl/OpenSSL/config.pm openssl-3.0.2/util/perl/OpenSSL/config.pm --- openssl-3.0.1/util/perl/OpenSSL/config.pm 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/util/perl/OpenSSL/config.pm 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -485,6 +485,14 @@ [ 'x86_64-apple-darwin.*', sub { my $KERNEL_BITS = $ENV{KERNEL_BITS} // ''; + # macOS >= 10.15 is 64-bit only + my $SW_VERS = `sw_vers -productVersion 2>/dev/null`; + if ($SW_VERS =~ /^(\d+)\.(\d+)\.(\d+)$/) { + if ($1 > 10 || ($1 == 10 && $2 >= 15)) { + die "32-bit applications not supported on macOS 10.15 or later\n" if $KERNEL_BITS eq '32'; + return { target => "darwin64-x86_64" }; + } + } return { target => "darwin-i386" } if $KERNEL_BITS eq '32'; print < [ 'L_ENDIAN' ] } ], [ 'powerpc64-.*-.*bsd.*', { target => "BSD-generic64", defines => [ 'B_ENDIAN' ] } ], + [ 'riscv64-.*-.*bsd.*', { target => "BSD-riscv64" } ], [ 'sparc64-.*-.*bsd.*', { target => "BSD-sparc64" } ], [ 'ia64-.*-.*bsd.*', { target => "BSD-ia64" } ], [ 'x86_64-.*-dragonfly.*', { target => "BSD-x86_64" } ], diff -Nru openssl-3.0.1/util/perl/OpenSSL/copyright.pm openssl-3.0.2/util/perl/OpenSSL/copyright.pm --- openssl-3.0.1/util/perl/OpenSSL/copyright.pm 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/util/perl/OpenSSL/copyright.pm 2022-03-15 14:30:24.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -23,11 +23,11 @@ # See if git's available open my $FH, - "git log -1 --date=format:%Y --format=format:%ad $file 2>/dev/null|" + "git log -1 --date=short --format=format:%cd $file 2>/dev/null|" or return $YEAR; my $LINE = <$FH>; close $FH; - chomp($LINE); + $LINE =~ s/^([0-9]*)-.*/$1/; $YEAR = $LINE if $LINE; return $YEAR; } diff -Nru openssl-3.0.1/VERSION.dat openssl-3.0.2/VERSION.dat --- openssl-3.0.1/VERSION.dat 2021-12-14 16:16:25.000000000 +0000 +++ openssl-3.0.2/VERSION.dat 2022-03-15 14:30:24.000000000 +0000 @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=1 +PATCH=2 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="14 Dec 2021" +RELEASE_DATE="15 Mar 2022" SHLIB_VERSION=3