Bug#1108958: unblock: openssl
Control: tags -1 -moreinfo
On 2025-07-10 16:57:26 [+0200], Paul Gevers wrote:
>
> Hi,
Hi,
> Could we have a debdiff of your proposed 3.5.1-1 version? Looking at the
> debdiff between experimental and testing is hard because the new upstream
> version is encapsulated in a big patch, which also overlaps with dropped
> patches. I assume you want to upload 3.5.1-1 and not 3.5.0-4 (or similar).
Correct. Please find attached debdiff -w
> Paul
Sebastian
diff -Nru -w openssl-3.5.0/apps/CA.pl.in openssl-3.5.1/apps/CA.pl.in
--- openssl-3.5.0/apps/CA.pl.in 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/apps/CA.pl.in 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
#!{- $config{HASHBANGPERL} -}
-# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -19,14 +19,17 @@
my $openssl = $ENV{'OPENSSL'} // "openssl";
$ENV{'OPENSSL'} = $openssl;
+my @openssl = split_val($openssl);
+
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // "";
+my @OPENSSL_CONFIG = split_val($OPENSSL_CONFIG);
# Command invocations.
-my $REQ = "$openssl req $OPENSSL_CONFIG";
-my $CA = "$openssl ca $OPENSSL_CONFIG";
-my $VERIFY = "$openssl verify";
-my $X509 = "$openssl x509";
-my $PKCS12 = "$openssl pkcs12";
+my @REQ = (@openssl, "req", @OPENSSL_CONFIG);
+my @CA = (@openssl, "ca", @OPENSSL_CONFIG);
+my @VERIFY = (@openssl, "verify");
+my @X509 = (@openssl, "x509");
+my @PKCS12 = (@openssl, "pkcs12");
# Default values for various configuration settings.
my $CATOP = "./demoCA";
@@ -34,10 +37,10 @@
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
-my $DAYS = "-days 365";
-my $CADAYS = "-days 1095"; # 3 years
-my $EXTENSIONS = "-extensions v3_ca";
-my $POLICY = "-policy policy_anything";
+my @DAYS = qw(-days 365);
+my @CADAYS = qw(-days 1095); # 3 years
+my @EXTENSIONS = qw(-extensions v3_ca);
+my @POLICY = qw(-policy policy_anything);
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
@@ -45,31 +48,177 @@
# Commandline parsing
my %EXTRA;
-my $WHAT = shift @ARGV || "";
+my $WHAT = shift @ARGV // "";
@ARGV = parse_extra(@ARGV);
my $RET = 0;
+sub split_val {
+ return split_val_win32(@_) if ($^O eq 'MSWin32');
+ my ($val) = @_;
+ my (@ret, @frag);
+
+ # Skip leading whitespace
+ $val =~ m{\A[ \t]*}ogc;
+
+ # Unix shell-compatible split
+ #
+ # Handles backslash escapes outside quotes and
+ # in double-quoted strings. Parameter and
+ # command-substitution is silently ignored.
+ # Bare newlines outside quotes and (trailing) backslashes are disallowed.
+
+ while (1) {
+ last if (pos($val) == length($val));
+
+ # The first char is never a SPACE or TAB. Possible matches are:
+ # 1. Ordinary string fragment
+ # 2. Single-quoted string
+ # 3. Double-quoted string
+ # 4. Backslash escape
+ # 5. Bare backlash or newline (rejected)
+ #
+ if ($val =~ m{\G([^'" \t\n\\]+)}ogc) {
+ # Ordinary string
+ push @frag, $1;
+ } elsif ($val =~ m{\G'([^']*)'}ogc) {
+ # Single-quoted string
+ push @frag, $1;
+ } elsif ($val =~ m{\G"}ogc) {
+ # Double-quoted string
+ push @frag, "";
+ while (1) {
+ last if ($val =~ m{\G"}ogc);
+ if ($val =~ m{\G([^"\\]+)}ogcs) {
+ # literals
+ push @frag, $1;
+ } elsif ($val =~ m{\G.(["\`\$\\])}ogc) {
+ # backslash-escaped special
+ push @frag, $1;
+ } elsif ($val =~ m{\G.(.)}ogcs) {
+ # backslashed non-special
+ push @frag, "\\$1" unless $1 eq "\n";
+ } else {
+ die sprintf("Malformed quoted string: %s\n", $val);
+ }
+ }
+ } elsif ($val =~ m{\G\\(.)}ogc) {
+ # Backslash is unconditional escape outside quoted strings
+ push @frag, $1 unless $1 eq "\n";
+ } else {
+ die sprintf("Bare backslash or newline in: '%s'\n", $val);
+ }
+ # Done if at SPACE, TAB or end, otherwise continue current fragment
+ #
+ next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
+ push @ret, join("", splice(@frag)) if (@frag > 0);
+ }
+ # Handle final fragment
+ push @ret, join("", splice(@frag)) if (@frag > 0);
+ return @ret;
+}
+
+sub split_val_win32 {
+ my ($val) = @_;
+ my (@ret, @frag);
+
+ # Skip leading whitespace
+ $val =~ m{\A[ \t]*}ogc;
+
+ # Windows-compatible split
+ # See: "Parsing C++ command-line arguments" in:
+ # https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170
+ #
+ # Backslashes are special only when followed by a double-quote
+ # Pairs of double-quotes make a single double-quote.
+ # Closing double-quotes may be omitted.
+
+ while (1) {
+ last if (pos($val) == length($val));
+
+ # The first char is never a SPACE or TAB.
+ # 1. Ordinary string fragment
+ # 2. Double-quoted string
+ # 3. Backslashes preceding a double-quote
+ # 4. Literal backslashes
+ # 5. Bare newline (rejected)
+ #
+ if ($val =~ m{\G([^" \t\n\\]+)}ogc) {
+ # Ordinary string
+ push @frag, $1;
+ } elsif ($val =~ m{\G"}ogc) {
+ # Double-quoted string
+ push @frag, "";
+ while (1) {
+ if ($val =~ m{\G("+)}ogc) {
+ # Two double-quotes make one literal double-quote
+ my $l = length($1);
+ push @frag, q{"} x int($l/2) if ($l > 1);
+ next if ($l % 2 == 0);
+ last;
+ }
+ if ($val =~ m{\G([^"\\]+)}ogc) {
+ push @frag, $1;
+ } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
+ # Backslashes before a double-quote are escapes
+ my $l = length($1);
+ push @frag, q{\\} x int($l / 2);
+ if ($l % 2 == 1) {
+ ++pos($val);
+ push @frag, q{"};
+ }
+ } elsif ($val =~ m{\G((?:(?>[\\]+)[^"\\]+)+)}ogc) {
+ # Backslashes not before a double-quote are not special
+ push @frag, $1;
+ } else {
+ # Tolerate missing closing double-quote
+ last;
+ }
+ }
+ } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
+ my $l = length($1);
+ push @frag, q{\\} x int($l / 2);
+ if ($l % 2 == 1) {
+ ++pos($val);
+ push @frag, q{"};
+ }
+ } elsif ($val =~ m{\G([\\]+)}ogc) {
+ # Backslashes not before a double-quote are not special
+ push @frag, $1;
+ } else {
+ die sprintf("Bare newline in: '%s'\n", $val);
+ }
+ # Done if at SPACE, TAB or end, otherwise continue current fragment
+ #
+ next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
+ push @ret, join("", splice(@frag)) if (@frag > 0);
+ }
+ # Handle final fragment
+ push @ret, join("", splice(@frag)) if (@frag);
+ return @ret;
+}
+
# Split out "-extra-CMD value", and return new |@ARGV|. Fill in
# |EXTRA{CMD}| with list of values.
sub parse_extra
{
+ my @args;
foreach ( @OPENSSL_CMDS ) {
- $EXTRA{$_} = '';
+ $EXTRA{$_} = [];
}
-
- my @result;
- while ( scalar(@_) > 0 ) {
- my $arg = shift;
- if ( $arg !~ m/-extra-([a-z0-9]+)/ ) {
- push @result, $arg;
+ while (@_) {
+ my $arg = shift(@_);
+ if ( $arg !~ m{^-extra-(\w+)$} ) {
+ push @args, split_val($arg);
next;
}
- $arg =~ s/-extra-//;
- die("Unknown \"-${arg}-extra\" option, exiting")
- unless scalar grep { $arg eq $_ } @OPENSSL_CMDS;
- $EXTRA{$arg} .= " " . shift;
+ $arg = $1;
+ die "Unknown \"-extra-${arg}\" option, exiting\n"
+ unless grep { $arg eq $_ } @OPENSSL_CMDS;
+ die "Missing \"-extra-${arg}\" option value, exiting\n"
+ unless (@_ > 0);
+ push @{$EXTRA{$arg}}, split_val(shift(@_));
}
- return @result;
+ return @args;
}
@@ -112,9 +261,9 @@
# Wrapper around system; useful for debugging. Returns just the exit status
sub run
{
- my $cmd = shift;
- print "====\n$cmd\n" if $verbose;
- my $status = system($cmd);
+ my ($cmd, @args) = @_;
+ print "====\n$cmd @args\n" if $verbose;
+ my $status = system {$cmd} $cmd, @args;
print "==> $status\n====\n" if $verbose;
return $status >> 8;
}
@@ -133,17 +282,15 @@
if ($WHAT eq '-newcert' ) {
# create a certificate
- $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"
- . " $EXTRA{req}");
+ $RET = run(@REQ, qw(-new -x509 -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
- $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"
- . " $EXTRA{req}");
+ $RET = run(@REQ, qw(-x509 -precert -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
# create a certificate request
- $RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
+ $RET = run(@REQ, "-new", (defined $1 ? ($1,) : ()), "-keyout", $NEWKEY, "-out", $NEWREQ, @{$EXTRA{req}});
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
@@ -176,48 +323,45 @@
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
print "Making CA certificate ...\n";
- $RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY"
- . " -out ${CATOP}/$CAREQ $EXTRA{req}");
- $RET = run("$CA -create_serial"
- . " -out ${CATOP}/$CACERT $CADAYS -batch"
- . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
- . " $EXTENSIONS"
- . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
+ $RET = run(@REQ, qw(-new -keyout), "${CATOP}/private/$CAKEY",
+ "-out", "${CATOP}/$CAREQ", @{$EXTRA{req}});
+ $RET = run(@CA, qw(-create_serial -out), "${CATOP}/$CACERT", @CADAYS,
+ qw(-batch -keyfile), "${CATOP}/private/$CAKEY", "-selfsign",
+ @EXTENSIONS, "-infiles", "${CATOP}/$CAREQ", @{$EXTRA{ca}})
+ if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
- $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
- . " -certfile ${CATOP}/$CACERT -out $NEWP12"
- . " -export -name \"$cname\" $EXTRA{pkcs12}");
+ $RET = run(@PKCS12, "-in", $NEWCERT, "-inkey", $NEWKEY,
+ "-certfile", "${CATOP}/$CACERT", "-out", $NEWP12,
+ qw(-export -name), $cname, @{$EXTRA{pkcs12}});
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
- $RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
+ $RET = run(@CA, @POLICY, "-infiles", $NEWREQ, @{$EXTRA{ca}});
} elsif ($WHAT eq '-sign' ) {
- $RET = run("$CA $POLICY -out $NEWCERT"
- . " -infiles $NEWREQ $EXTRA{ca}");
+ $RET = run(@CA, @POLICY, "-out", $NEWCERT,
+ "-infiles", $NEWREQ, @{$EXTRA{ca}});
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
- $RET = run("$CA $POLICY -out $NEWCERT"
- . " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
+ $RET = run(@CA, @POLICY, "-out", $NEWCERT, @EXTENSIONS,
+ "-infiles", $NEWREQ, @{$EXTRA{ca}});
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
- $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
- . " -out tmp.pem $EXTRA{x509}");
- $RET = run("$CA $POLICY -out $NEWCERT"
- . "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
+ $RET = run(@X509, qw(-x509toreq -in), $NEWREQ, "-signkey", $NEWREQ,
+ qw(-out tmp.pem), @{$EXTRA{x509}});
+ $RET = run(@CA, @POLICY, "-out", $NEWCERT,
+ qw(-infiles tmp.pem), @{$EXTRA{ca}}) if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
foreach my $file (@files) {
- # -CAfile quoted for VMS, since the C RTL downcases all unquoted
- # arguments to C programs
- my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
+ my $status = run(@VERIFY, "-CAfile", "${CATOP}/$CACERT", $file, @{$EXTRA{verify}});
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
- $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
+ $RET = run(@CA, qw(-gencrl -out), "${CATOP}/crl/$CACRL", @{$EXTRA{ca}});
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
@@ -225,10 +369,10 @@
print "Certificate filename is required; reason optional.\n";
exit 1;
}
- my $reason = $ARGV[1];
- $reason = " -crl_reason $reason"
- if defined $reason && crl_reason_ok($reason);
- $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
+ my @reason;
+ @reason = ("-crl_reason", $ARGV[1])
+ if defined $ARGV[1] && crl_reason_ok($ARGV[1]);
+ $RET = run(@CA, "-revoke", $cname, @reason, @{$EXTRA{ca}});
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";
diff -Nru -w openssl-3.5.0/apps/cmp.c openssl-3.5.1/apps/cmp.c
--- openssl-3.5.0/apps/cmp.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/apps/cmp.c 2025-07-01 13:52:08.000000000 +0200
@@ -955,7 +955,7 @@
OSSL_CMP_CTX *ctx, const char *desc)
{
if (str != NULL) {
- X509_NAME *n = parse_name(str, MBSTRING_ASC, 1, desc);
+ X509_NAME *n = parse_name(str, MBSTRING_UTF8, 1, desc);
if (n == NULL)
return 0;
@@ -2506,6 +2506,7 @@
bio, tmpl)) {
CMP_err1("error saving certTemplate from genp: cannot write file %s",
file);
+ BIO_free(bio);
return 0;
} else {
CMP_info1("stored certTemplate from genp to file '%s'", file);
@@ -2525,6 +2526,7 @@
if (!ASN1_i2d_bio_of(OSSL_CMP_ATAVS, i2d_OSSL_CMP_ATAVS, bio, keyspec)) {
CMP_err1("error saving keySpec from genp: cannot write file %s", file);
+ BIO_free(bio);
return 0;
} else {
CMP_info1("stored keySpec from genp to file '%s'", file);
diff -Nru -w openssl-3.5.0/apps/genpkey.c openssl-3.5.1/apps/genpkey.c
--- openssl-3.5.0/apps/genpkey.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/apps/genpkey.c 2025-07-01 13:52:08.000000000 +0200
@@ -302,12 +302,14 @@
if (mem_outpubkey != NULL) {
rv = mem_bio_to_file(mem_outpubkey, outpubkeyfile, outformat, private);
if (!rv)
- BIO_printf(bio_err, "Error writing to outpubkey: '%s'. Error: %s\n", outpubkeyfile, strerror(errno));
+ BIO_printf(bio_err, "Error writing to outpubkey: '%s'. Error: %s\n",
+ outpubkeyfile, strerror(errno));
}
if (mem_out != NULL) {
rv = mem_bio_to_file(mem_out, outfile, outformat, private);
if (!rv)
- BIO_printf(bio_err, "Error writing to outfile: '%s'. Error: %s\n", outpubkeyfile, strerror(errno));
+ BIO_printf(bio_err, "Error writing to outfile: '%s'. Error: %s\n",
+ outfile, strerror(errno));
}
}
EVP_PKEY_free(pkey);
diff -Nru -w openssl-3.5.0/apps/lib/s_socket.c openssl-3.5.1/apps/lib/s_socket.c
--- openssl-3.5.0/apps/lib/s_socket.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/apps/lib/s_socket.c 2025-07-01 13:52:08.000000000 +0200
@@ -173,8 +173,16 @@
}
/* Save the address */
- if (tfo || !doconn)
+ if (tfo || !doconn) {
+ if (ba_ret == NULL) {
+ BIO_printf(bio_err, "Internal error\n");
+ BIO_closesocket(*sock);
+ *sock = INVALID_SOCKET;
+ goto out;
+ }
+
*ba_ret = BIO_ADDR_dup(BIO_ADDRINFO_address(ai));
+ }
/* Success, don't try any more addresses */
break;
diff -Nru -w openssl-3.5.0/apps/pkeyutl.c openssl-3.5.1/apps/pkeyutl.c
--- openssl-3.5.0/apps/pkeyutl.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/apps/pkeyutl.c 2025-07-01 13:52:08.000000000 +0200
@@ -426,6 +426,7 @@
if (EVP_PKEY_CTX_ctrl_str(ctx, opt, passwd) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
prog, opt);
+ OPENSSL_free(passwd);
goto end;
}
OPENSSL_free(passwd);
diff -Nru -w openssl-3.5.0/apps/speed.c openssl-3.5.1/apps/speed.c
--- openssl-3.5.0/apps/speed.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/apps/speed.c 2025-07-01 13:52:08.000000000 +0200
@@ -507,7 +507,7 @@
static char *kems_algname[MAX_KEM_NUM] = { NULL };
static double kems_results[MAX_KEM_NUM][3]; /* keygen, encaps, decaps */
-#define MAX_SIG_NUM 111
+#define MAX_SIG_NUM 256
static size_t sigs_algs_len = 0;
static char *sigs_algname[MAX_SIG_NUM] = { NULL };
static double sigs_results[MAX_SIG_NUM][3]; /* keygen, sign, verify */
@@ -573,12 +573,12 @@
unsigned char *kem_out[MAX_KEM_NUM];
unsigned char *kem_send_secret[MAX_KEM_NUM];
unsigned char *kem_rcv_secret[MAX_KEM_NUM];
- EVP_PKEY_CTX *sig_gen_ctx[MAX_KEM_NUM];
- EVP_PKEY_CTX *sig_sign_ctx[MAX_KEM_NUM];
- EVP_PKEY_CTX *sig_verify_ctx[MAX_KEM_NUM];
- size_t sig_max_sig_len[MAX_KEM_NUM];
- size_t sig_act_sig_len[MAX_KEM_NUM];
- unsigned char *sig_sig[MAX_KEM_NUM];
+ EVP_PKEY_CTX *sig_gen_ctx[MAX_SIG_NUM];
+ EVP_PKEY_CTX *sig_sign_ctx[MAX_SIG_NUM];
+ EVP_PKEY_CTX *sig_verify_ctx[MAX_SIG_NUM];
+ size_t sig_max_sig_len[MAX_SIG_NUM];
+ size_t sig_act_sig_len[MAX_SIG_NUM];
+ unsigned char *sig_sig[MAX_SIG_NUM];
} loopargs_t;
static int run_benchmark(int async_jobs, int (*loop_function) (void *),
loopargs_t *loopargs);
diff -Nru -w openssl-3.5.0/apps/s_time.c openssl-3.5.1/apps/s_time.c
--- openssl-3.5.0/apps/s_time.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/apps/s_time.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -323,8 +323,10 @@
*/
next:
- if (!(perform & 2))
+ if (!(perform & 2)) {
+ ret = 0;
goto end;
+ }
printf("\n\nNow timing with session id reuse.\n");
/* Get an SSL object so we can reuse the session id */
diff -Nru -w openssl-3.5.0/apps/storeutl.c openssl-3.5.1/apps/storeutl.c
--- openssl-3.5.0/apps/storeutl.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/apps/storeutl.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -201,9 +201,7 @@
}
break;
case OPT_CRITERION_FINGERPRINT:
- if (criterion != 0
- || (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
- && fingerprint != NULL)) {
+ if (criterion != 0) {
BIO_printf(bio_err, "%s: criterion already given.\n",
prog);
goto end;
diff -Nru -w openssl-3.5.0/apps/x509.c openssl-3.5.1/apps/x509.c
--- openssl-3.5.0/apps/x509.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/apps/x509.c 2025-07-01 13:52:08.000000000 +0200
@@ -447,26 +447,26 @@
break;
case OPT_ADDTRUST:
if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
- goto end;
+ goto err;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid trust object value %s\n",
prog, opt_arg());
goto opthelp;
}
if (!sk_ASN1_OBJECT_push(trust, objtmp))
- goto end;
+ goto err;
trustout = 1;
break;
case OPT_ADDREJECT:
if (reject == NULL && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
- goto end;
+ goto err;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid reject object value %s\n",
prog, opt_arg());
goto opthelp;
}
- if (!sk_ASN1_OBJECT_push(trust, objtmp))
- goto end;
+ if (!sk_ASN1_OBJECT_push(reject, objtmp))
+ goto err;
trustout = 1;
break;
case OPT_SETALIAS:
@@ -618,7 +618,7 @@
goto opthelp;
if (!app_RAND_load())
- goto end;
+ goto err;
if (!opt_check_md(digest))
goto opthelp;
@@ -647,7 +647,7 @@
if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(),
app_get0_propq()))
- goto end;
+ goto err;
if (newcert && infile != NULL) {
BIO_printf(bio_err, "The -in option cannot be used with -new\n");
@@ -660,12 +660,12 @@
if (privkeyfile != NULL) {
privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key");
if (privkey == NULL)
- goto end;
+ goto err;
}
if (pubkeyfile != NULL) {
if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e,
"explicitly set public key")) == NULL)
- goto end;
+ goto err;
}
if (newcert) {
@@ -682,10 +682,10 @@
}
if (issu != NULL
&& (fissu = parse_name(issu, chtype, multirdn, "issuer")) == NULL)
- goto end;
+ goto err;
if (subj != NULL
&& (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
- goto end;
+ goto err;
if (CAkeyfile == NULL)
CAkeyfile = CAfile;
@@ -717,7 +717,7 @@
X509V3_CTX ctx2;
if ((extconf = app_load_config(extfile)) == NULL)
- goto end;
+ goto err;
if (extsect == NULL) {
extsect = app_conf_try_string(extconf, "default", "extensions");
if (extsect == NULL)
@@ -739,7 +739,7 @@
req = load_csr_autofmt(infile, informat, vfyopts,
"certificate request input");
if (req == NULL)
- goto end;
+ goto err;
if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "Error unpacking public key from CSR\n");
@@ -770,11 +770,11 @@
goto err;
}
if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
- goto end;
+ goto err;
if (CAfile == NULL && sno == NULL) {
sno = ASN1_INTEGER_new();
if (sno == NULL || !rand_serial(NULL, sno))
- goto end;
+ goto err;
}
if (req != NULL && ext_copy != EXT_COPY_UNSET) {
if (clrext && ext_copy != EXT_COPY_NONE) {
@@ -791,27 +791,27 @@
"Warning: Reading certificate from stdin since no -in or -new option is given\n");
x = load_cert_pass(infile, informat, 1, passin, "certificate");
if (x == NULL)
- goto end;
+ goto err;
}
if ((fsubj != NULL || req != NULL)
&& !X509_set_subject_name(x, fsubj != NULL ? fsubj :
X509_REQ_get_subject_name(req)))
- goto end;
+ goto err;
if ((pubkey != NULL || privkey != NULL || req != NULL)
&& !X509_set_pubkey(x, pubkey != NULL ? pubkey :
privkey != NULL ? privkey :
X509_REQ_get0_pubkey(req)))
- goto end;
+ goto err;
if (CAfile != NULL) {
xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
if (xca == NULL)
- goto end;
+ goto err;
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
- goto end;
+ goto err;
if (alias)
X509_alias_set1(x, (unsigned char *)alias, -1);
@@ -847,9 +847,9 @@
if (sno == NULL)
sno = x509_load_serial(CAfile, CAserial, CA_createserial);
if (sno == NULL)
- goto end;
+ goto err;
if (!x509toreq && !reqfile && !newcert && !self_signed(ctx, x))
- goto end;
+ goto err;
} else {
if (privkey != NULL && !cert_matches_key(x, privkey))
BIO_printf(bio_err,
@@ -857,17 +857,17 @@
}
if (sno != NULL && !X509_set_serialNumber(x, sno))
- goto end;
+ goto err;
if (reqfile || newcert || privkey != NULL || CAfile != NULL) {
if (!preserve_dates && !set_cert_times(x, not_before, not_after, days, 1))
- goto end;
+ goto err;
if (fissu != NULL) {
if (!X509_set_issuer_name(x, fissu))
- goto end;
+ goto err;
} else {
if (!X509_set_issuer_name(x, X509_get_subject_name(issuer_cert)))
- goto end;
+ goto err;
}
}
@@ -875,7 +875,7 @@
/* prepare fallback for AKID, but only if issuer cert equals subject cert */
if (CAfile == NULL) {
if (!X509V3_set_issuer_pkey(&ext_ctx, privkey))
- goto end;
+ goto err;
}
if (extconf != NULL && !x509toreq) {
X509V3_set_nconf(&ext_ctx, extconf);
@@ -904,7 +904,7 @@
goto err;
}
if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL)
- goto end;
+ goto err;
if (extconf != NULL) {
X509V3_set_nconf(&ext_ctx, extconf);
if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
@@ -914,7 +914,7 @@
}
}
if (!do_X509_REQ_sign(rq, privkey, digest, sigopts))
- goto end;
+ goto err;
if (!noout) {
if (outformat == FORMAT_ASN1) {
X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
@@ -932,7 +932,7 @@
} else if (CAfile != NULL) {
if ((CAkey = load_key(CAkeyfile, CAkeyformat,
0, passin, e, "CA private key")) == NULL)
- goto end;
+ goto err;
if (!X509_check_private_key(xca, CAkey)) {
BIO_printf(bio_err,
"CA certificate and CA private key do not match\n");
@@ -940,10 +940,10 @@
}
if (!do_X509_sign(x, 0, CAkey, digest, sigopts, &ext_ctx))
- goto end;
+ goto err;
} else if (privkey != NULL) {
if (!do_X509_sign(x, 0, privkey, digest, sigopts, &ext_ctx))
- goto end;
+ goto err;
}
if (badsig) {
const ASN1_BIT_STRING *signature;
@@ -967,11 +967,11 @@
BIGNUM *bnser = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
if (bnser == NULL)
- goto end;
+ goto err;
if (!BN_add_word(bnser, 1)
|| (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) {
BN_free(bnser);
- goto end;
+ goto err;
}
BN_free(bnser);
i2a_ASN1_INTEGER(out, ser);
diff -Nru -w openssl-3.5.0/CHANGES.md openssl-3.5.1/CHANGES.md
--- openssl-3.5.0/CHANGES.md 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/CHANGES.md 2025-07-01 13:52:08.000000000 +0200
@@ -28,6 +28,29 @@
OpenSSL 3.5
-----------
+### Changes between 3.5.0 and 3.5.1 [1 Jul 2025]
+
+ * Fix x509 application adds trusted use instead of rejected use.
+
+ Issue summary: Use of -addreject option with the openssl x509 application adds
+ a trusted use instead of a rejected use for a certificate.
+
+ Impact summary: If a user intends to make a trusted certificate rejected for
+ a particular use it will be instead marked as trusted for that use.
+
+ ([CVE-2025-4575])
+
+ *Tomas Mraz*
+
+ * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
+ alert being received. Older versions of OpenSSL failed with DTLS if a
+ no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
+ From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We
+ have now restored the original behaviour and brought DTLS back into line with
+ TLS.
+
+ *Matt Caswell*
+
### Changes between 3.4 and 3.5.0 [8 Apr 2025]
* Added server side support for QUIC
@@ -6586,6 +6609,11 @@
*Rob Percival <robpercival@google.com>*
+ * SSLv3 is by default disabled at build-time. Builds that are not
+ configured with "enable-ssl3" will not support SSLv3.
+
+ *Kurt Roeckx*
+
OpenSSL 1.0.2
-------------
@@ -21199,6 +21227,7 @@
<!-- Links -->
+[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
diff -Nru -w openssl-3.5.0/Configurations/unix-Makefile.tmpl openssl-3.5.1/Configurations/unix-Makefile.tmpl
--- openssl-3.5.0/Configurations/unix-Makefile.tmpl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/Configurations/unix-Makefile.tmpl 2025-07-01 13:52:08.000000000 +0200
@@ -809,12 +809,12 @@
cp $$e "$(DESTDIR)$(PKGCONFIGDIR)/$$fn"; \
chmod 644 "$(DESTDIR)$(PKGCONFIGDIR)/$$fn"; \
done
- @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(CMAKECONFIGDIR)
+ @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(CMAKECONFIGDIR)"
@for e in $(INSTALL_EXPORTERS_CMAKE); do \
fn=`basename $$e`; \
$(ECHO) "install $$e -> $(DESTDIR)$(CMAKECONFIGDIR)/$$fn"; \
- cp $$e $(DESTDIR)$(CMAKECONFIGDIR)/$$fn; \
- chmod 644 $(DESTDIR)$(CMAKECONFIGDIR)/$$fn; \
+ cp $$e "$(DESTDIR)$(CMAKECONFIGDIR)/$$fn"; \
+ chmod 644 "$(DESTDIR)$(CMAKECONFIGDIR)/$$fn"; \
done
uninstall_dev: uninstall_runtime_libs
diff -Nru -w openssl-3.5.0/Configure openssl-3.5.1/Configure
--- openssl-3.5.0/Configure 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/Configure 2025-07-01 13:52:08.000000000 +0200
@@ -171,6 +171,7 @@
-Wextra
-Wno-unused-parameter
-Wno-missing-field-initializers
+ -Wno-unterminated-string-initialization
-Wswitch
-Wsign-compare
-Wshadow
diff -Nru -w openssl-3.5.0/crypto/aes/asm/aesv8-armx.pl openssl-3.5.1/crypto/aes/asm/aesv8-armx.pl
--- openssl-3.5.0/crypto/aes/asm/aesv8-armx.pl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/aes/asm/aesv8-armx.pl 2025-07-01 13:52:08.000000000 +0200
@@ -152,7 +152,7 @@
adrp $ptr,.Lrcon
add $ptr,$ptr,:lo12:.Lrcon
___
-$code.=<<___ if ($flavour =~ /32/);
+$code.=<<___ if ($flavour !~ /64/);
adr $ptr,.Lrcon
___
$code.=<<___;
diff -Nru -w openssl-3.5.0/crypto/bio/bio_dump.c openssl-3.5.1/crypto/bio/bio_dump.c
--- openssl-3.5.0/crypto/bio/bio_dump.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/bio/bio_dump.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,6 +47,8 @@
for (i = 0; i < rows; i++) {
n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "",
i * dump_width);
+ if (n < 0)
+ return -1;
for (j = 0; j < dump_width; j++) {
if (SPACE(buf, n, 3)) {
if (((i * dump_width) + j) >= len) {
diff -Nru -w openssl-3.5.0/crypto/bio/bio_print.c openssl-3.5.1/crypto/bio/bio_print.c
--- openssl-3.5.0/crypto/bio/bio_print.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/bio/bio_print.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -535,6 +535,10 @@
LDOUBLE result = value;
if (value < 0)
result = -value;
+ if (result > 0 && result / 2 == result) /* INF */
+ result = 0;
+ else if (result != result) /* NAN */
+ result = 0;
return result;
}
@@ -590,6 +594,9 @@
signvalue = '+';
else if (flags & DP_F_SPACE)
signvalue = ' ';
+ ufvalue = abs_val(fvalue);
+ if (ufvalue == 0 && fvalue != 0) /* INF or NAN? */
+ signvalue = '?';
/*
* G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
@@ -597,12 +604,12 @@
* that from here on.
*/
if (style == G_FORMAT) {
- if (fvalue == 0.0) {
+ if (ufvalue == 0.0) {
realstyle = F_FORMAT;
- } else if (fvalue < 0.0001) {
+ } else if (ufvalue < 0.0001) {
realstyle = E_FORMAT;
- } else if ((max == 0 && fvalue >= 10)
- || (max > 0 && fvalue >= pow_10(max))) {
+ } else if ((max == 0 && ufvalue >= 10)
+ || (max > 0 && ufvalue >= pow_10(max))) {
realstyle = E_FORMAT;
} else {
realstyle = F_FORMAT;
@@ -612,9 +619,9 @@
}
if (style != F_FORMAT) {
- tmpvalue = fvalue;
+ tmpvalue = ufvalue;
/* Calculate the exponent */
- if (fvalue != 0.0) {
+ if (ufvalue != 0.0) {
while (tmpvalue < 1) {
tmpvalue *= 10;
exp--;
@@ -651,9 +658,9 @@
}
}
if (realstyle == E_FORMAT)
- fvalue = tmpvalue;
+ ufvalue = tmpvalue;
}
- ufvalue = abs_val(fvalue);
+
/*
* By subtracting 65535 (2^16-1) we cancel the low order 15 bits
* of ULONG_MAX to avoid using imprecise floating point values.
diff -Nru -w openssl-3.5.0/crypto/bn/asm/rsaz-2k-avxifma.pl openssl-3.5.1/crypto/bn/asm/rsaz-2k-avxifma.pl
--- openssl-3.5.0/crypto/bn/asm/rsaz-2k-avxifma.pl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/bn/asm/rsaz-2k-avxifma.pl 2025-07-01 13:52:08.000000000 +0200
@@ -27,7 +27,6 @@
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-# TODO: Find out the version of NASM that supports VEX-encoded AVX-IFMA instructions
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$avxifma = ($1>=2.40);
@@ -39,6 +38,11 @@
$avxifma = ($ver>=16.0);
}
+if ($win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+ `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?(rc[0-9]+)?/) {
+ $avxifma = ($1>2.16) + ($1==2.16 && ((!defined($2) && !defined($3)) || (defined($2))));
+}
+
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""
or die "can't call $xlate: $!";
*STDOUT=*OUT;
diff -Nru -w openssl-3.5.0/crypto/bn/asm/rsaz-3k-avxifma.pl openssl-3.5.1/crypto/bn/asm/rsaz-3k-avxifma.pl
--- openssl-3.5.0/crypto/bn/asm/rsaz-3k-avxifma.pl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/bn/asm/rsaz-3k-avxifma.pl 2025-07-01 13:52:08.000000000 +0200
@@ -27,7 +27,6 @@
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-# TODO: Find out the version of NASM that supports VEX-encoded AVX-IFMA instructions
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$avxifma = ($1>=2.40);
@@ -39,6 +38,11 @@
$avxifma = ($ver>=16.0);
}
+if ($win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+ `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?(rc[0-9]+)?/) {
+ $avxifma = ($1>2.16) + ($1==2.16 && ((!defined($2) && !defined($3)) || (defined($2))));
+}
+
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""
or die "can't call $xlate: $!";
*STDOUT=*OUT;
diff -Nru -w openssl-3.5.0/crypto/bn/asm/rsaz-4k-avxifma.pl openssl-3.5.1/crypto/bn/asm/rsaz-4k-avxifma.pl
--- openssl-3.5.0/crypto/bn/asm/rsaz-4k-avxifma.pl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/bn/asm/rsaz-4k-avxifma.pl 2025-07-01 13:52:08.000000000 +0200
@@ -27,7 +27,6 @@
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
-# TODO: Find out the version of NASM that supports VEX-encoded AVX-IFMA instructions
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$avxifma = ($1>=2.40);
@@ -39,6 +38,11 @@
$avxifma = ($ver>=16.0);
}
+if ($win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+ `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?(rc[0-9]+)?/) {
+ $avxifma = ($1>2.16) + ($1==2.16 && ((!defined($2) && !defined($3)) || (defined($2))));
+}
+
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""
or die "can't call $xlate: $!";
*STDOUT=*OUT;
diff -Nru -w openssl-3.5.0/crypto/chacha/asm/chacha-armv8-sve.pl openssl-3.5.1/crypto/chacha/asm/chacha-armv8-sve.pl
--- openssl-3.5.0/crypto/chacha/asm/chacha-armv8-sve.pl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/chacha/asm/chacha-armv8-sve.pl 2025-07-01 13:52:08.000000000 +0200
@@ -248,9 +248,6 @@
my $next_offset = $offset + 1;
$code.=<<___;
ld1w {$reg.s},p0/z,[$inp,#$offset,MUL VL]
-#ifdef __AARCH64EB__
- revb $reg.s,p0/m,$reg.s
-#endif
___
if (@_) {
&load_regs($next_offset, @_);
@@ -272,9 +269,6 @@
my $reg = shift;
my $next_offset = $offset + 1;
$code.=<<___;
-#ifdef __AARCH64EB__
- revb $reg.s,p0/m,$reg.s
-#endif
st1w {$reg.s},p0,[$outp,#$offset,MUL VL]
___
if (@_) {
@@ -480,13 +474,29 @@
$code.=<<___;
#ifdef __AARCH64EB__
rev @sxx[0],@sxx[0]
+ revb @mx[0].s,p0/m,@mx[0].s
+ revb @mx[1].s,p0/m,@mx[1].s
rev @sxx[2],@sxx[2]
+ revb @mx[2].s,p0/m,@mx[2].s
+ revb @mx[3].s,p0/m,@mx[3].s
rev @sxx[4],@sxx[4]
+ revb @mx[4].s,p0/m,@mx[4].s
+ revb @mx[5].s,p0/m,@mx[5].s
rev @sxx[6],@sxx[6]
+ revb @mx[6].s,p0/m,@mx[6].s
+ revb @mx[7].s,p0/m,@mx[7].s
rev @sxx[8],@sxx[8]
+ revb @mx[8].s,p0/m,@mx[8].s
+ revb @mx[9].s,p0/m,@mx[9].s
rev @sxx[10],@sxx[10]
+ revb @mx[10].s,p0/m,@mx[10].s
+ revb @mx[11].s,p0/m,@mx[11].s
rev @sxx[12],@sxx[12]
+ revb @mx[12].s,p0/m,@mx[12].s
+ revb @mx[13].s,p0/m,@mx[13].s
rev @sxx[14],@sxx[14]
+ revb @mx[14].s,p0/m,@mx[14].s
+ revb @mx[15].s,p0/m,@mx[15].s
#endif
.if mixin == 1
add @K[6],@K[6],#1
diff -Nru -w openssl-3.5.0/crypto/cmp/cmp_http.c openssl-3.5.1/crypto/cmp/cmp_http.c
--- openssl-3.5.0/crypto/cmp/cmp_http.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/cmp/cmp_http.c 2025-07-01 13:52:08.000000000 +0200
@@ -81,11 +81,11 @@
path++;
if (bios == NULL)
ossl_cmp_log4(DEBUG, ctx,
- "connecting to CMP server via http%s://%s:%s%s/%s",
+ "connecting to CMP server via http%s://%s:%s/%s",
tls_used ? "s" : "", ctx->server, server_port, path);
else
ossl_cmp_log3(DEBUG, ctx,
- "using existing connection with CMP server %s%s and HTTP path /%s",
+ "using existing connection with CMP server %s:%s and HTTP path /%s",
ctx->server, server_port, path);
}
diff -Nru -w openssl-3.5.0/crypto/core_namemap.c openssl-3.5.1/crypto/core_namemap.c
--- openssl-3.5.0/crypto/core_namemap.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/core_namemap.c 2025-07-01 13:52:08.000000000 +0200
@@ -13,7 +13,7 @@
#include "internal/sizes.h"
#include "crypto/context.h"
-#define NAMEMAP_HT_BUCKETS 2048
+#define NAMEMAP_HT_BUCKETS 512
HT_START_KEY_DEFN(namenum_key)
HT_DEF_KEY_FIELD_CHAR_ARRAY(name, 64)
diff -Nru -w openssl-3.5.0/crypto/dh/dh_pmeth.c openssl-3.5.1/crypto/dh/dh_pmeth.c
--- openssl-3.5.0/crypto/dh/dh_pmeth.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/dh/dh_pmeth.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -422,7 +422,7 @@
ret = DH_compute_key_padded(key, dhpubbn, dh);
else
ret = DH_compute_key(key, dhpubbn, dh);
- if (ret < 0)
+ if (ret <= 0)
return ret;
*keylen = ret;
return 1;
diff -Nru -w openssl-3.5.0/crypto/ec/ecp_nistp384.c openssl-3.5.1/crypto/ec/ecp_nistp384.c
--- openssl-3.5.0/crypto/ec/ecp_nistp384.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/ec/ecp_nistp384.c 2025-07-01 13:52:08.000000000 +0200
@@ -684,6 +684,22 @@
out[i] = acc[i];
}
+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
+{
+ widefelem tmp;
+
+ felem_square_ref(tmp, in);
+ felem_reduce_ref(out, tmp);
+}
+
+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
+{
+ widefelem tmp;
+
+ felem_mul_ref(tmp, in1, in2);
+ felem_reduce_ref(out, tmp);
+}
+
#if defined(ECP_NISTP384_ASM)
static void felem_square_wrapper(widefelem out, const felem in);
static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
@@ -695,10 +711,18 @@
static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
+static void (*felem_square_reduce_p)(felem out, const felem in) =
+ felem_square_reduce_ref;
+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
+ felem_mul_reduce_ref;
+
void p384_felem_square(widefelem out, const felem in);
void p384_felem_mul(widefelem out, const felem in1, const felem in2);
void p384_felem_reduce(felem out, const widefelem in);
+void p384_felem_square_reduce(felem out, const felem in);
+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
+
# if defined(_ARCH_PPC64)
# include "crypto/ppc_arch.h"
# endif
@@ -710,6 +734,8 @@
felem_square_p = p384_felem_square;
felem_mul_p = p384_felem_mul;
felem_reduce_p = p384_felem_reduce;
+ felem_square_reduce_p = p384_felem_square_reduce;
+ felem_mul_reduce_p = p384_felem_mul_reduce;
return;
}
@@ -718,7 +744,9 @@
/* Default */
felem_square_p = felem_square_ref;
felem_mul_p = felem_mul_ref;
- felem_reduce_p = p384_felem_reduce;
+ felem_reduce_p = felem_reduce_ref;
+ felem_square_reduce_p = felem_square_reduce_ref;
+ felem_mul_reduce_p = felem_mul_reduce_ref;
}
static void felem_square_wrapper(widefelem out, const felem in)
@@ -737,31 +765,15 @@
# define felem_mul felem_mul_p
# define felem_reduce felem_reduce_p
-void p384_felem_square_reduce(felem out, const felem in);
-void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
-
-# define felem_square_reduce p384_felem_square_reduce
-# define felem_mul_reduce p384_felem_mul_reduce
+# define felem_square_reduce felem_square_reduce_p
+# define felem_mul_reduce felem_mul_reduce_p
#else
# define felem_square felem_square_ref
# define felem_mul felem_mul_ref
# define felem_reduce felem_reduce_ref
-static ossl_inline void felem_square_reduce(felem out, const felem in)
-{
- widefelem tmp;
-
- felem_square(tmp, in);
- felem_reduce(out, tmp);
-}
-
-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
-{
- widefelem tmp;
-
- felem_mul(tmp, in1, in2);
- felem_reduce(out, tmp);
-}
+# define felem_square_reduce felem_square_reduce_ref
+# define felem_mul_reduce felem_mul_reduce_ref
#endif
/*-
diff -Nru -w openssl-3.5.0/crypto/err/openssl.txt openssl-3.5.1/crypto/err/openssl.txt
--- openssl-3.5.0/crypto/err/openssl.txt 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/err/openssl.txt 2025-07-01 13:52:08.000000000 +0200
@@ -803,6 +803,12 @@
pkey application asn1 method already registered
EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
+EVP_R_PROVIDER_ASYM_CIPHER_FAILURE:232:provider asym cipher failure
+EVP_R_PROVIDER_ASYM_CIPHER_NOT_SUPPORTED:235:provider asym cipher not supported
+EVP_R_PROVIDER_KEYMGMT_FAILURE:233:provider keymgmt failure
+EVP_R_PROVIDER_KEYMGMT_NOT_SUPPORTED:236:provider keymgmt not supported
+EVP_R_PROVIDER_SIGNATURE_FAILURE:234:provider signature failure
+EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED:237:provider signature not supported
EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
EVP_R_SETTING_XOF_FAILED:227:setting xof failed
EVP_R_SET_DEFAULT_PROPERTY_FAILURE:209:set default property failure
diff -Nru -w openssl-3.5.0/crypto/evp/asymcipher.c openssl-3.5.1/crypto/evp/asymcipher.c
--- openssl-3.5.0/crypto/evp/asymcipher.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/asymcipher.c 2025-07-01 13:52:08.000000000 +0200
@@ -33,6 +33,7 @@
int ret = 0;
void *provkey = NULL;
EVP_ASYM_CIPHER *cipher = NULL;
+ const char *desc;
EVP_KEYMGMT *tmp_keymgmt = NULL;
const OSSL_PROVIDER *tmp_prov = NULL;
const char *supported_ciph = NULL;
@@ -159,10 +160,12 @@
goto err;
}
+ desc = cipher->description != NULL ? cipher->description : "";
switch (operation) {
case EVP_PKEY_OP_ENCRYPT:
if (cipher->encrypt_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_NOT_SUPPORTED,
+ "%s encrypt_init:%s", cipher->type_name, desc);
ret = -2;
goto err;
}
@@ -170,7 +173,8 @@
break;
case EVP_PKEY_OP_DECRYPT:
if (cipher->decrypt_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_NOT_SUPPORTED,
+ "%s decrypt_init:%s", cipher->type_name, desc);
ret = -2;
goto err;
}
@@ -238,6 +242,8 @@
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
+ EVP_ASYM_CIPHER *cipher;
+ const char *desc;
int ret;
if (ctx == NULL) {
@@ -253,8 +259,12 @@
if (ctx->op.ciph.algctx == NULL)
goto legacy;
- ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.algctx, out, outlen,
- (out == NULL ? 0 : *outlen), in, inlen);
+ cipher = ctx->op.ciph.cipher;
+ desc = cipher->description != NULL ? cipher->description : "";
+ ret = cipher->encrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE,
+ "%s encrypt:%s", cipher->type_name, desc);
return ret;
legacy:
@@ -280,6 +290,8 @@
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
+ EVP_ASYM_CIPHER *cipher;
+ const char *desc;
int ret;
if (ctx == NULL) {
@@ -295,8 +307,13 @@
if (ctx->op.ciph.algctx == NULL)
goto legacy;
- ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.algctx, out, outlen,
- (out == NULL ? 0 : *outlen), in, inlen);
+ cipher = ctx->op.ciph.cipher;
+ desc = cipher->description != NULL ? cipher->description : "";
+ ret = cipher->decrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE,
+ "%s decrypt:%s", cipher->type_name, desc);
+
return ret;
legacy:
diff -Nru -w openssl-3.5.0/crypto/evp/bio_enc.c openssl-3.5.1/crypto/evp/bio_enc.c
--- openssl-3.5.0/crypto/evp/bio_enc.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/bio_enc.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -161,6 +161,7 @@
/* Should be continue next time we are called? */
if (!BIO_should_retry(next)) {
ctx->cont = i;
+ ctx->finished = 1;
i = EVP_CipherFinal_ex(ctx->cipher,
ctx->buf, &(ctx->buf_len));
ctx->ok = i;
diff -Nru -w openssl-3.5.0/crypto/evp/ctrl_params_translate.c openssl-3.5.1/crypto/evp/ctrl_params_translate.c
--- openssl-3.5.0/crypto/evp/ctrl_params_translate.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/ctrl_params_translate.c 2025-07-01 13:52:08.000000000 +0200
@@ -78,11 +78,11 @@
* With the PRE_CTRL_TO_PARAMS state, the
* fixup_args function is expected to modify
* the passed |*params| in whatever way
- * necessary, when |action_type == SET|.
+ * necessary, when |action_type == OSSL_ACTION_SET|.
* With the POST_CTRL_TO_PARAMS state, the
* fixup_args function is expected to modify
* the passed |p2| in whatever way necessary,
- * when |action_type == GET|.
+ * when |action_type == OSSL_ACTION_GET|.
*
* The return value from the fixup_args call
* with the POST_CTRL_TO_PARAMS state becomes
@@ -107,7 +107,7 @@
* With the PRE_CTRL_STR_TO_PARAMS state,
* the fixup_args function is expected to
* modify the passed |*params| in whatever
- * way necessary, when |action_type == SET|.
+ * way necessary, when |action_type == OSSL_ACTION_SET|.
* With the POST_CTRL_STR_TO_PARAMS state,
* the fixup_args function is only expected
* to return a value.
@@ -132,11 +132,11 @@
* With the PRE_PARAMS_TO_CTRL state, the
* fixup_args function is expected to modify
* the passed |p1| and |p2| in whatever way
- * necessary, when |action_type == SET|.
+ * necessary, when |action_type == OSSL_ACTION_SET|.
* With the POST_PARAMS_TO_CTRL state, the
* fixup_args function is expected to
* modify the passed |*params| in whatever
- * way necessary, when |action_type == GET|.
+ * way necessary, when |action_type == OSSL_ACTION_GET|.
*
* CLEANUP_PARAMS_TO_CTRL The cleanup_args functions has been called
* from EVP_PKEY_CTX_get_params() or
@@ -150,7 +150,7 @@
PRE_PARAMS_TO_CTRL, POST_PARAMS_TO_CTRL, CLEANUP_PARAMS_TO_CTRL
};
enum action {
- NONE = 0, GET = 1, SET = 2
+ OSSL_ACTION_NONE = 0, OSSL_ACTION_GET = 1, OSSL_ACTION_SET = 2
};
typedef int fixup_args_fn(enum state state,
const struct translation_st *translation,
@@ -166,7 +166,7 @@
*/
EVP_PKEY_CTX *pctx;
/*
- * The action type (GET or SET). This may be 0 in some cases, and should
+ * The action type (OSSL_ACTION_GET or OSSL_ACTION_SET). This may be 0 in some cases, and should
* be modified by the fixup_args function in the PRE states. It should
* otherwise remain untouched once set.
*/
@@ -215,7 +215,7 @@
/*-
* What this table item does.
*
- * If the item has this set to 0, it means that both GET and SET are
+ * If the item has this set to 0, it means that both OSSL_ACTION_GET and OSSL_ACTION_SET are
* supported, and |fixup_args| will determine which it is. This is to
* support translations of ctrls where the action type depends on the
* value of |p1| or |p2| (ctrls are really bi-directional, but are
@@ -271,7 +271,7 @@
/*
* Fixer functions
*
- * |fixup_args| is always called before (for SET) or after (for GET)
+ * |fixup_args| is always called before (for OSSL_ACTION_SET) or after (for OSSL_ACTION_GET)
* the actual ctrl / OSSL_PARAM function.
*/
fixup_args_fn *fixup_args;
@@ -312,7 +312,7 @@
* function will have to deal with it carefully.
*/
if (translation != NULL) {
- if (!ossl_assert(translation->action_type != GET)) {
+ if (!ossl_assert(translation->action_type != OSSL_ACTION_GET)) {
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
return -2;
}
@@ -344,7 +344,7 @@
* default_fixup_args fixes up all sorts of arguments, governed by the
* diverse attributes in the translation item. It covers all "standard"
* base ctrl functionality, meaning it can handle basic conversion of
- * data between p1+p2 (SET) or return value+p2 (GET) as long as the values
+ * data between p1+p2 (OSSL_ACTION_SET) or return value+p2 (OSSL_ACTION_GET) as long as the values
* don't have extra semantics (such as NIDs, OIDs, that sort of stuff).
* Extra semantics must be handled via specific fixup_args functions.
*
@@ -353,33 +353,36 @@
*
* PRE_CTRL_TO_PARAMS, 0 - ERROR. action type must be
* determined by a fixup function.
- * PRE_CTRL_TO_PARAMS, SET | GET - |p1| and |p2| are converted to an
+ * PRE_CTRL_TO_PARAMS, OSSL_ACTION_SET
+ * | OSSL_ACTION_GET - |p1| and |p2| are converted to an
* OSSL_PARAM according to the data
* type given in |translattion|.
* For OSSL_PARAM_UNSIGNED_INTEGER,
* a BIGNUM passed as |p2| is accepted.
- * POST_CTRL_TO_PARAMS, GET - If the OSSL_PARAM data type is a
+ * POST_CTRL_TO_PARAMS, OSSL_ACTION_GET - If the OSSL_PARAM data type is a
* STRING or PTR type, |p1| is set
* to the OSSL_PARAM return size, and
* |p2| is set to the string.
- * PRE_CTRL_STR_TO_PARAMS, !SET - ERROR. That combination is not
+ * PRE_CTRL_STR_TO_PARAMS,
+ * !OSSL_ACTION_SET - ERROR. That combination is not
* supported.
- * PRE_CTRL_STR_TO_PARAMS, SET - |p2| is taken as a string, and is
+ * PRE_CTRL_STR_TO_PARAMS,
+ * OSSL_ACTION_SET - |p2| is taken as a string, and is
* converted to an OSSL_PARAM in a
* standard manner, guided by the
* param key and data type from
* |translation|.
- * PRE_PARAMS_TO_CTRL, SET - the OSSL_PARAM is converted to
+ * PRE_PARAMS_TO_CTRL, OSSL_ACTION_SET - the OSSL_PARAM is converted to
* |p1| and |p2| according to the
* data type given in |translation|
* For OSSL_PARAM_UNSIGNED_INTEGER,
* if |p2| is non-NULL, then |*p2|
* is assigned a BIGNUM, otherwise
* |p1| is assigned an unsigned int.
- * POST_PARAMS_TO_CTRL, GET - |p1| and |p2| are converted to
+ * POST_PARAMS_TO_CTRL, OSSL_ACTION_GET - |p1| and |p2| are converted to
* an OSSL_PARAM, in the same manner
* as for the combination of
- * PRE_CTRL_TO_PARAMS, SET.
+ * PRE_CTRL_TO_PARAMS, OSSL_ACTION_SET.
*/
static int default_fixup_args(enum state state,
const struct translation_st *translation,
@@ -405,7 +408,7 @@
*/
case PRE_CTRL_TO_PARAMS:
/* This is ctrl to params translation, so we need an OSSL_PARAM key */
- if (ctx->action_type == NONE) {
+ if (ctx->action_type == OSSL_ACTION_NONE) {
/*
* No action type is an error here. That's a case for a
* special fixup function.
@@ -439,7 +442,7 @@
}
/*
- * OSSL_PARAM_construct_TYPE() works equally well for both SET and GET.
+ * OSSL_PARAM_construct_TYPE() works equally well for OSSL_ACTION_SET and OSSL_ACTION_GET.
*/
switch (translation->param_data_type) {
case OSSL_PARAM_INTEGER:
@@ -456,7 +459,7 @@
* must deallocate.
*/
if (ctx->p2 != NULL) {
- if (ctx->action_type == SET) {
+ if (ctx->action_type == OSSL_ACTION_SET) {
ctx->buflen = BN_num_bytes(ctx->p2);
if ((ctx->allocated_buf
= OPENSSL_malloc(ctx->buflen)) == NULL)
@@ -516,7 +519,7 @@
* as its return value, we need to ensure that we do it here as well,
* for the OSSL_PARAM data types where this makes sense.
*/
- if (ctx->action_type == GET) {
+ if (ctx->action_type == OSSL_ACTION_GET) {
switch (translation->param_data_type) {
case OSSL_PARAM_UTF8_STRING:
case OSSL_PARAM_UTF8_PTR:
@@ -544,7 +547,7 @@
int exists = 0;
/* Only setting is supported here */
- if (ctx->action_type != SET) {
+ if (ctx->action_type != OSSL_ACTION_SET) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED,
"[action:%d, state:%d] only setting allowed",
ctx->action_type, state);
@@ -610,7 +613,7 @@
case PRE_PARAMS_TO_CTRL:
{
/* This is params to ctrl translation */
- if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) {
+ if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_SET) {
/* For the PRE state, only setting needs some work to be done */
/* When setting, we populate |p1| and |p2| from |*params| */
@@ -648,7 +651,7 @@
return 0;
}
} else if ((state == POST_PARAMS_TO_CTRL || state == PKEY)
- && ctx->action_type == GET) {
+ && ctx->action_type == OSSL_ACTION_GET) {
/* For the POST state, only getting needs some work to be done */
unsigned int param_data_type = translation->param_data_type;
size_t size = (size_t)ctx->p1;
@@ -693,7 +696,7 @@
translation->param_data_type);
return 0;
}
- } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
+ } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) {
if (translation->param_data_type == OSSL_PARAM_OCTET_PTR)
ctx->p2 = &ctx->bufp;
}
@@ -716,8 +719,8 @@
}
/*
- * fix_cipher_md fixes up an EVP_CIPHER / EVP_MD to its name on SET,
- * and cipher / md name to EVP_MD on GET.
+ * fix_cipher_md fixes up an EVP_CIPHER / EVP_MD to its name on OSSL_ACTION_SET,
+ * and cipher / md name to EVP_MD on OSSL_ACTION_GET.
*/
static const char *get_cipher_name(void *cipher)
{
@@ -751,7 +754,7 @@
if ((ret = default_check(state, translation, ctx)) <= 0)
return ret;
- if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == GET) {
+ if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) {
/*
* |ctx->p2| contains the address to an EVP_CIPHER or EVP_MD pointer
* to be filled in. We need to remember it, then make |ctx->p2|
@@ -762,7 +765,7 @@
ctx->orig_p2 = ctx->p2;
ctx->p2 = ctx->name_buf;
ctx->p1 = sizeof(ctx->name_buf);
- } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) {
+ } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET) {
/*
* In different parts of OpenSSL, this ctrl command is used
* differently. Some calls pass a NID as p1, others pass an
@@ -772,7 +775,7 @@
? OBJ_nid2sn(ctx->p1)
: get_name(ctx->p2));
ctx->p1 = strlen(ctx->p2);
- } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) {
+ } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) {
ctx->p2 = (ctx->p2 == NULL ? "" : (char *)get_name(ctx->p2));
ctx->p1 = strlen(ctx->p2);
}
@@ -780,7 +783,7 @@
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
return ret;
- if (state == POST_CTRL_TO_PARAMS && ctx->action_type == GET) {
+ if (state == POST_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) {
/*
* Here's how we reuse |ctx->orig_p2| that was set in the
* PRE_CTRL_TO_PARAMS state above.
@@ -788,7 +791,7 @@
*(void **)ctx->orig_p2 =
(void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2);
ctx->p1 = 1;
- } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) {
+ } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_SET) {
ctx->p2 = (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2);
ctx->p1 = 0;
}
@@ -821,7 +824,7 @@
if (ret > 0) {
ret = 0;
if ((state == POST_CTRL_TO_PARAMS
- || state == POST_CTRL_STR_TO_PARAMS) && ctx->action_type == GET) {
+ || state == POST_CTRL_STR_TO_PARAMS) && ctx->action_type == OSSL_ACTION_GET) {
*(size_t *)ctx->p2 = ctx->sz;
ret = 1;
}
@@ -854,9 +857,9 @@
if (state == PRE_CTRL_TO_PARAMS) {
/*
* In |translations|, the initial value for |ctx->action_type| must
- * be NONE.
+ * be OSSL_ACTION_NONE.
*/
- if (!ossl_assert(ctx->action_type == NONE))
+ if (!ossl_assert(ctx->action_type == OSSL_ACTION_NONE))
return 0;
/* The action type depends on the value of *p1 */
@@ -871,17 +874,17 @@
*/
ctx->p2 = ctx->name_buf;
ctx->p1 = sizeof(ctx->name_buf);
- ctx->action_type = GET;
+ ctx->action_type = OSSL_ACTION_GET;
} else {
- ctx->action_type = SET;
+ ctx->action_type = OSSL_ACTION_SET;
}
}
if ((ret = default_check(state, translation, ctx)) <= 0)
return ret;
- if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET)
- || (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET)) {
+ if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET)
+ || (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET)) {
ret = -2;
/* Convert KDF type numbers to strings */
for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++)
@@ -898,8 +901,8 @@
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
return ret;
- if ((state == POST_CTRL_TO_PARAMS && ctx->action_type == GET)
- || (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET)) {
+ if ((state == POST_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET)
+ || (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_SET)) {
ctx->p1 = ret = -1;
/* Convert KDF type strings to numbers */
@@ -910,7 +913,7 @@
break;
}
ctx->p2 = NULL;
- } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
+ } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) {
ctx->p1 = -2;
}
end:
@@ -955,8 +958,8 @@
if ((ret = default_check(state, translation, ctx)) <= 0)
return ret;
- if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET)
- || (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET)) {
+ if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET)
+ || (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET)) {
/*
* We're translating from ctrl to params and setting the OID, or
* we're translating from params to ctrl and getting the OID.
@@ -973,8 +976,8 @@
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
return ret;
- if ((state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET)
- || (state == POST_CTRL_TO_PARAMS && ctx->action_type == GET)) {
+ if ((state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_SET)
+ || (state == POST_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET)) {
/*
* We're translating from ctrl to params and setting the OID name,
* or we're translating from params to ctrl and getting the OID
@@ -999,7 +1002,7 @@
return ret;
/* This is only settable */
- if (ctx->action_type != SET)
+ if (ctx->action_type != OSSL_ACTION_SET)
return 0;
if (state == PRE_CTRL_TO_PARAMS) {
@@ -1025,7 +1028,7 @@
return ret;
/* This is only settable */
- if (ctx->action_type != SET)
+ if (ctx->action_type != OSSL_ACTION_SET)
return 0;
switch (state) {
@@ -1069,7 +1072,7 @@
return ret;
/* This is only settable */
- if (ctx->action_type != SET)
+ if (ctx->action_type != OSSL_ACTION_SET)
return 0;
if (state == PRE_CTRL_STR_TO_PARAMS) {
@@ -1095,7 +1098,7 @@
return ret;
/* This is currently only settable */
- if (ctx->action_type != SET)
+ if (ctx->action_type != OSSL_ACTION_SET)
return 0;
if (state == PRE_CTRL_TO_PARAMS) {
@@ -1144,7 +1147,7 @@
return ret;
/* This is currently only settable */
- if (ctx->action_type != SET)
+ if (ctx->action_type != OSSL_ACTION_SET)
return 0;
if (state == PRE_CTRL_TO_PARAMS) {
@@ -1194,28 +1197,28 @@
* The initial value for |ctx->action_type| must be zero.
* evp_pkey_ctrl_to_params() takes it from the translation item.
*/
- if (!ossl_assert(ctx->action_type == NONE))
+ if (!ossl_assert(ctx->action_type == OSSL_ACTION_NONE))
return 0;
/* The action type depends on the value of ctx->p1 */
if (ctx->p1 == -2)
- ctx->action_type = GET;
+ ctx->action_type = OSSL_ACTION_GET;
else
- ctx->action_type = SET;
+ ctx->action_type = OSSL_ACTION_SET;
} else if (state == PRE_CTRL_STR_TO_PARAMS) {
- ctx->action_type = SET;
+ ctx->action_type = OSSL_ACTION_SET;
} else if (state == PRE_PARAMS_TO_CTRL) {
/* The initial value for |ctx->action_type| must not be zero. */
- if (!ossl_assert(ctx->action_type != NONE))
+ if (!ossl_assert(ctx->action_type != OSSL_ACTION_NONE))
return 0;
- } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == NONE) {
- ctx->action_type = GET;
+ } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_NONE) {
+ ctx->action_type = OSSL_ACTION_GET;
}
if ((ret = default_check(state, translation, ctx)) <= 0)
return ret;
- if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) {
+ if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET) {
if (ctx->p1 < -1 || ctx->p1 > 1) {
/* Uses the same return value of pkey_ec_ctrl() */
return -2;
@@ -1225,7 +1228,7 @@
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
return ret;
- if (state == POST_CTRL_TO_PARAMS && ctx->action_type == GET) {
+ if (state == POST_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) {
if (ctx->p1 < 0 || ctx->p1 > 1) {
/*
* The provider should return either 0 or 1, any other value is a
@@ -1233,9 +1236,9 @@
*/
ctx->p1 = ret = -1;
}
- } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
+ } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) {
ctx->p1 = -2;
- } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) {
+ } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) {
ctx->p1 = ret;
}
@@ -1262,7 +1265,7 @@
if ((ret = default_check(state, translation, ctx)) <= 0)
return ret;
- if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == GET) {
+ if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) {
/*
* EVP_PKEY_CTRL_GET_RSA_PADDING returns the padding mode in the
* weirdest way for a ctrl. Instead of doing like all other ctrls
@@ -1271,13 +1274,13 @@
* returned. We must therefore remember |ctx->p2|, then make
* |ctx->p2| point at a buffer to be filled in with the name, and
* |ctx->p1| with its size. default_fixup_args() will take care
- * of the rest for us, along with the POST_CTRL_TO_PARAMS && GET
+ * of the rest for us, along with the POST_CTRL_TO_PARAMS && OSSL_ACTION_GET
* code section further down.
*/
ctx->orig_p2 = ctx->p2;
ctx->p2 = ctx->name_buf;
ctx->p1 = sizeof(ctx->name_buf);
- } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) {
+ } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET) {
/*
* Ideally, we should use utf8 strings for the diverse padding modes.
* We only came here because someone called EVP_PKEY_CTX_ctrl(),
@@ -1298,7 +1301,7 @@
ctx->params[0] = OSSL_PARAM_construct_int(translation->param_key,
&ctx->p1);
return 1;
- } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) {
+ } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) {
size_t i;
/*
@@ -1341,8 +1344,8 @@
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
return ret;
- if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
- || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
+ if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_PARAMS_TO_CTRL)
+ || (ctx->action_type == OSSL_ACTION_GET && state == POST_CTRL_TO_PARAMS)) {
size_t i;
for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
@@ -1382,7 +1385,7 @@
if ((ret = default_check(state, translation, ctx)) <= 0)
return ret;
- if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == GET) {
+ if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) {
/*
* EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN returns the saltlen by filling
* in the int pointed at by p2. This is potentially as weird as
@@ -1392,14 +1395,14 @@
* In any case, we must therefore remember |ctx->p2|, then make
* |ctx->p2| point at a buffer to be filled in with the name, and
* |ctx->p1| with its size. default_fixup_args() will take care
- * of the rest for us, along with the POST_CTRL_TO_PARAMS && GET
+ * of the rest for us, along with the POST_CTRL_TO_PARAMS && OSSL_ACTION_GET
* code section further down.
*/
ctx->orig_p2 = ctx->p2;
ctx->p2 = ctx->name_buf;
ctx->p1 = sizeof(ctx->name_buf);
- } else if ((ctx->action_type == SET && state == PRE_CTRL_TO_PARAMS)
- || (ctx->action_type == GET && state == POST_PARAMS_TO_CTRL)) {
+ } else if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_CTRL_TO_PARAMS)
+ || (ctx->action_type == OSSL_ACTION_GET && state == POST_PARAMS_TO_CTRL)) {
size_t i;
for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
@@ -1420,8 +1423,8 @@
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
return ret;
- if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
- || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
+ if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_PARAMS_TO_CTRL)
+ || (ctx->action_type == OSSL_ACTION_GET && state == POST_CTRL_TO_PARAMS)) {
size_t i;
int val;
@@ -1462,8 +1465,8 @@
if ((ret = default_check(state, translation, ctx)) <= 0)
return ret;
- if ((ctx->action_type == SET && state == PRE_CTRL_TO_PARAMS)
- || (ctx->action_type == GET && state == POST_PARAMS_TO_CTRL)) {
+ if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_CTRL_TO_PARAMS)
+ || (ctx->action_type == OSSL_ACTION_GET && state == POST_PARAMS_TO_CTRL)) {
size_t i;
for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
@@ -1479,8 +1482,8 @@
if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
return ret;
- if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
- || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
+ if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_PARAMS_TO_CTRL)
+ || (ctx->action_type == OSSL_ACTION_GET && state == POST_CTRL_TO_PARAMS)) {
size_t i;
for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
@@ -1504,7 +1507,7 @@
* ===============
*
* These all get the data they want, then call default_fixup_args() as
- * a post-ctrl GET fixup. They all get NULL ctx, ctrl_cmd, ctrl_str,
+ * a post-ctrl OSSL_ACTION_GET fixup. They all get NULL ctx, ctrl_cmd, ctrl_str,
* p1, sz
*/
@@ -2047,7 +2050,7 @@
case PRE_PARAMS_TO_CTRL:
if (!EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx))
return 0;
- ctx->action_type = NONE;
+ ctx->action_type = OSSL_ACTION_NONE;
return 1;
case POST_PARAMS_TO_CTRL:
if (OSSL_PARAM_get_utf8_string_ptr(ctx->params, &value) == 0 ||
@@ -2077,13 +2080,13 @@
* that has no separate counterpart in OSSL_PARAM terms, since we get
* the length of the DistID automatically when getting the DistID itself.
*/
- { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_SET1_ID, "distid", "hexdistid",
OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_STRING, NULL },
- { GET, -1, -1, -1,
+ { OSSL_ACTION_GET, -1, -1, -1,
EVP_PKEY_CTRL_GET1_ID, "distid", "hexdistid",
OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, NULL },
- { GET, -1, -1, -1,
+ { OSSL_ACTION_GET, -1, -1, -1,
EVP_PKEY_CTRL_GET1_ID_LEN, NULL, NULL,
OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, fix_distid_len },
@@ -2096,74 +2099,74 @@
* EVP_PKEY_CTRL_DH_KDF_TYPE is used both for setting and getting. The
* fixup function has to handle this...
*/
- { NONE, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_NONE, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_DH_KDF_TYPE, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING,
fix_dh_kdf_type },
- { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_DH_KDF_MD, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_DH_KDF_MD, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_DH_KDF_OUTLEN, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_DH_KDF_UKM, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL },
- { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_DH_KDF_UKM, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
- { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_DH_KDF_OID, NULL, NULL,
OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid },
- { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_DH_KDF_OID, NULL, NULL,
OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid },
/* DHX Keygen Parameters that are shared with DH */
- { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL,
OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type },
- { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL,
OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_DH_NID, "dh_param", NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, NULL },
- { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 },
/* DH Keygen Parameters that are shared with DHX */
- { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL,
OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type },
- { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL,
OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_DH_NID, "dh_param", NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid },
- { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 },
/* DH specific Keygen Parameters */
- { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, "dh_paramgen_generator", NULL,
OSSL_PKEY_PARAM_DH_GENERATOR, OSSL_PARAM_INTEGER, NULL },
/* DHX specific Keygen Parameters */
- { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, "dh_paramgen_subprime_len", NULL,
OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_DH_PAD, "dh_pad", NULL,
OSSL_EXCHANGE_PARAM_PAD, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
@@ -2171,13 +2174,13 @@
* DSA
* ===
*/
- { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, "dsa_paramgen_bits", NULL,
OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, "dsa_paramgen_q_bits", NULL,
OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DSA_PARAMGEN_MD, "dsa_paramgen_md", NULL,
OSSL_PKEY_PARAM_FFC_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
@@ -2185,10 +2188,10 @@
* EC
* ==
*/
- { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL,
OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc },
- { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING,
fix_ec_paramgen_curve_nid },
@@ -2196,29 +2199,29 @@
* EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used
* both for setting and getting. The fixup function has to handle this...
*/
- { NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL,
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER,
fix_ecdh_cofactor },
- { NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type },
- { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL,
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL },
- { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
@@ -2226,10 +2229,10 @@
* SM2
* ==
*/
- { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL,
OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc },
- { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING,
fix_ec_paramgen_curve_nid },
@@ -2237,29 +2240,29 @@
* EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used
* both for setting and getting. The fixup function has to handle this...
*/
- { NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL,
OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER,
fix_ecdh_cofactor },
- { NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type },
- { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL,
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL },
- { GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL,
OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
/*-
@@ -2273,20 +2276,20 @@
* fix_rsa_padding_mode() does the work when the caller has a different
* idea.
*/
- { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_RSA_PADDING, "rsa_padding_mode", NULL,
OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode },
- { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
+ { OSSL_ACTION_GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_GET_RSA_PADDING, NULL, NULL,
OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode },
- { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_mgf1_md", NULL,
OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
+ { OSSL_ACTION_GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_GET_RSA_MGF1_MD, NULL, NULL,
OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
@@ -2297,19 +2300,19 @@
* OSSL_PARAM allows both forms.
* fix_rsa_pss_saltlen() takes care of the distinction.
*/
- { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_saltlen", NULL,
OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING,
fix_rsa_pss_saltlen },
- { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG,
+ { OSSL_ACTION_GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, NULL, NULL,
OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING,
fix_rsa_pss_saltlen },
- { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_RSA_OAEP_MD, "rsa_oaep_md", NULL,
OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
+ { OSSL_ACTION_GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_GET_RSA_OAEP_MD, NULL, NULL,
OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
/*
@@ -2318,35 +2321,35 @@
* expectation for any translation item where |ctrl_str| is NULL and
* |ctrl_hexstr| is non-NULL.
*/
- { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_RSA_OAEP_LABEL, NULL, "rsa_oaep_label",
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
- { GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
+ { OSSL_ACTION_GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL },
- { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL,
"rsa_pkcs1_implicit_rejection",
OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, OSSL_PARAM_UNSIGNED_INTEGER,
NULL },
- { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL,
OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_pss_keygen_mgf1_md", NULL,
OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_keygen_saltlen", NULL,
OSSL_SIGNATURE_PARAM_PSS_SALTLEN, OSSL_PARAM_INTEGER, NULL },
- { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL,
OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL,
OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL,
OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
@@ -2354,7 +2357,7 @@
* SipHash
* ======
*/
- { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_SET_DIGEST_SIZE, "digestsize", NULL,
OSSL_MAC_PARAM_SIZE, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
@@ -2362,13 +2365,13 @@
* TLS1-PRF
* ========
*/
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_TLS_MD, "md", NULL,
OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_TLS_SECRET, "secret", "hexsecret",
OSSL_KDF_PARAM_SECRET, OSSL_PARAM_OCTET_STRING, NULL },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_TLS_SEED, "seed", "hexseed",
OSSL_KDF_PARAM_SEED, OSSL_PARAM_OCTET_STRING, NULL },
@@ -2376,19 +2379,19 @@
* HKDF
* ====
*/
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_HKDF_MD, "md", NULL,
OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_HKDF_SALT, "salt", "hexsalt",
OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_HKDF_KEY, "key", "hexkey",
OSSL_KDF_PARAM_KEY, OSSL_PARAM_OCTET_STRING, NULL },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_HKDF_INFO, "info", "hexinfo",
OSSL_KDF_PARAM_INFO, OSSL_PARAM_OCTET_STRING, NULL },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_HKDF_MODE, "mode", NULL,
OSSL_KDF_PARAM_MODE, OSSL_PARAM_INTEGER, fix_hkdf_mode },
@@ -2396,36 +2399,36 @@
* Scrypt
* ======
*/
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_PASS, "pass", "hexpass",
OSSL_KDF_PARAM_PASSWORD, OSSL_PARAM_OCTET_STRING, NULL },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_SCRYPT_SALT, "salt", "hexsalt",
OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_SCRYPT_N, "N", NULL,
OSSL_KDF_PARAM_SCRYPT_N, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_SCRYPT_R, "r", NULL,
OSSL_KDF_PARAM_SCRYPT_R, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_SCRYPT_P, "p", NULL,
OSSL_KDF_PARAM_SCRYPT_P, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, -1, -1, EVP_PKEY_OP_DERIVE,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, "maxmem_bytes", NULL,
OSSL_KDF_PARAM_SCRYPT_MAXMEM, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
- { SET, -1, -1, EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_TYPE_CRYPT,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_TYPE_CRYPT,
EVP_PKEY_CTRL_CIPHER, NULL, NULL,
OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher },
- { SET, -1, -1, EVP_PKEY_OP_KEYGEN,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_KEYGEN,
EVP_PKEY_CTRL_SET_MAC_KEY, "key", "hexkey",
OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL },
- { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
+ { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_MD, NULL, NULL,
OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
- { GET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
+ { OSSL_ACTION_GET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_GET_MD, NULL, NULL,
OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
@@ -2433,13 +2436,13 @@
* ECX
* ===
*/
- { SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
+ { OSSL_ACTION_SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
- { SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL,
+ { OSSL_ACTION_SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
- { SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
+ { OSSL_ACTION_SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
- { SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL,
+ { OSSL_ACTION_SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
};
@@ -2452,134 +2455,134 @@
*/
/* DH, DSA & EC */
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING,
get_payload_group_name },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_UNSIGNED_INTEGER,
get_payload_private_key },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_PUB_KEY,
0 /* no data type, let get_payload_public_key() handle that */,
get_payload_public_key },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_EC_PUB_X, OSSL_PARAM_UNSIGNED_INTEGER,
get_payload_public_key_ec },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_EC_PUB_Y, OSSL_PARAM_UNSIGNED_INTEGER,
get_payload_public_key_ec },
/* DH and DSA */
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_FFC_P, OSSL_PARAM_UNSIGNED_INTEGER,
get_dh_dsa_payload_p },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_FFC_G, OSSL_PARAM_UNSIGNED_INTEGER,
get_dh_dsa_payload_g },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_FFC_Q, OSSL_PARAM_UNSIGNED_INTEGER,
get_dh_dsa_payload_q },
/* RSA */
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_N, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_n },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_D, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_d },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR1, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f1 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR2, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f2 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR3, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f3 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR4, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f4 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR5, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f5 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR6, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f6 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR7, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f7 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR8, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f8 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR9, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f9 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_FACTOR10, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_f10 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT1, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e1 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT2, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e2 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT3, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e3 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT4, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e4 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT5, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e5 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT6, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e6 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT7, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e7 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT8, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e8 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT9, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e9 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_EXPONENT10, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_e10 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_COEFFICIENT1, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_c1 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_COEFFICIENT2, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_c2 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_COEFFICIENT3, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_c3 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_COEFFICIENT4, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_c4 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_COEFFICIENT5, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_c5 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_COEFFICIENT6, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_c6 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_COEFFICIENT7, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_c7 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_COEFFICIENT8, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_c8 },
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_RSA_COEFFICIENT9, OSSL_PARAM_UNSIGNED_INTEGER,
get_rsa_payload_c9 },
/* EC */
- { GET, -1, -1, -1, 0, NULL, NULL,
+ { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL,
OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, OSSL_PARAM_INTEGER,
get_ec_decoded_from_explicit_params },
};
@@ -2636,8 +2639,8 @@
* for setting, never for getting. Therefore, we only look at
* the setter items.
*/
- if (item->action_type != NONE
- && item->action_type != SET)
+ if (item->action_type != OSSL_ACTION_NONE
+ && item->action_type != OSSL_ACTION_SET)
continue;
/*
* At least one of the ctrl cmd names must be match the ctrl
@@ -2673,7 +2676,7 @@
* key name can therefore be used in both directions. We must
* therefore take the action type into account in this case.
*/
- if ((item->action_type != NONE
+ if ((item->action_type != OSSL_ACTION_NONE
&& tmpl->action_type != item->action_type)
|| (item->param_key != NULL
&& OPENSSL_strcasecmp(tmpl->param_key,
@@ -2748,10 +2751,10 @@
default:
/* fixup_args is expected to make sure this is dead code */
break;
- case GET:
+ case OSSL_ACTION_GET:
ret = evp_pkey_ctx_get_params_strict(pctx, ctx.params);
break;
- case SET:
+ case OSSL_ACTION_SET:
ret = evp_pkey_ctx_set_params_strict(pctx, ctx.params);
break;
}
@@ -2785,7 +2788,7 @@
int ret;
fixup_args_fn *fixup = default_fixup_args;
- tmpl.action_type = SET;
+ tmpl.action_type = OSSL_ACTION_SET;
tmpl.keytype1 = tmpl.keytype2 = keytype;
tmpl.optype = optype;
tmpl.ctrl_str = name;
@@ -2799,7 +2802,7 @@
ctx.ishex = (tmpl.ctrl_hexstr != NULL);
} else {
/* String controls really only support setting */
- ctx.action_type = SET;
+ ctx.action_type = OSSL_ACTION_SET;
}
ctx.ctrl_str = name;
ctx.p1 = (int)strlen(value);
@@ -2814,13 +2817,13 @@
default:
/* fixup_args is expected to make sure this is dead code */
break;
- case GET:
+ case OSSL_ACTION_GET:
/*
* this is dead code, but must be present, or some compilers
* will complain
*/
break;
- case SET:
+ case OSSL_ACTION_SET:
ret = evp_pkey_ctx_set_params_strict(pctx, ctx.params);
break;
}
@@ -2865,7 +2868,7 @@
ret = fixup(PRE_PARAMS_TO_CTRL, translation, &ctx);
- if (ret > 0 && ctx.action_type != NONE)
+ if (ret > 0 && ctx.action_type != OSSL_ACTION_NONE)
ret = EVP_PKEY_CTX_ctrl(pctx, keytype, optype,
ctx.ctrl_cmd, ctx.p1, ctx.p2);
@@ -2897,14 +2900,14 @@
{
if (ctx->keymgmt != NULL)
return 0;
- return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params);
+ return evp_pkey_ctx_setget_params_to_ctrl(ctx, OSSL_ACTION_SET, (OSSL_PARAM *)params);
}
int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
{
if (ctx->keymgmt != NULL)
return 0;
- return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params);
+ return evp_pkey_ctx_setget_params_to_ctrl(ctx, OSSL_ACTION_GET, params);
}
/* This must ONLY be called for legacy EVP_PKEYs */
@@ -2938,7 +2941,7 @@
* support getting.
*/
if (!ossl_assert(translation != NULL)
- || !ossl_assert(translation->action_type == GET)
+ || !ossl_assert(translation->action_type == OSSL_ACTION_GET)
|| !ossl_assert(translation->fixup_args != NULL)) {
return -2;
}
@@ -2952,5 +2955,5 @@
int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params)
{
- return evp_pkey_setget_params_to_ctrl(pkey, GET, params);
+ return evp_pkey_setget_params_to_ctrl(pkey, OSSL_ACTION_GET, params);
}
diff -Nru -w openssl-3.5.0/crypto/evp/evp_err.c openssl-3.5.1/crypto/evp/evp_err.c
--- openssl-3.5.0/crypto/evp/evp_err.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/evp_err.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -151,6 +151,18 @@
"private key decode error"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
"private key encode error"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE),
+ "provider asym cipher failure"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_ASYM_CIPHER_NOT_SUPPORTED),
+ "provider asym cipher not supported"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_KEYMGMT_FAILURE),
+ "provider keymgmt failure"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_KEYMGMT_NOT_SUPPORTED),
+ "provider keymgmt not supported"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_SIGNATURE_FAILURE),
+ "provider signature failure"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED),
+ "provider signature not supported"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SETTING_XOF_FAILED), "setting xof failed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE),
diff -Nru -w openssl-3.5.0/crypto/evp/evp_rand.c openssl-3.5.1/crypto/evp/evp_rand.c
--- openssl-3.5.0/crypto/evp/evp_rand.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/evp_rand.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -646,10 +646,8 @@
{
unsigned int str = evp_rand_strength_locked(ctx);
- if (ctx->meth->nonce == NULL)
- return 0;
- if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
- return 1;
+ if (ctx->meth->nonce != NULL)
+ return ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen) > 0;
return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
}
@@ -657,6 +655,11 @@
{
int res;
+ if (ctx == NULL || out == NULL || outlen == 0) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (!evp_rand_lock(ctx))
return 0;
res = evp_rand_nonce_locked(ctx, out, outlen);
diff -Nru -w openssl-3.5.0/crypto/evp/keymgmt_meth.c openssl-3.5.1/crypto/evp/keymgmt_meth.c
--- openssl-3.5.0/crypto/evp/keymgmt_meth.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/keymgmt_meth.c 2025-07-01 13:52:08.000000000 +0200
@@ -451,9 +451,20 @@
void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
OSSL_CALLBACK *cb, void *cbarg)
{
- if (keymgmt->gen == NULL)
+ void *ret;
+ const char *desc = keymgmt->description != NULL ? keymgmt->description : "";
+
+ if (keymgmt->gen == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_NOT_SUPPORTED,
+ "%s key generation:%s", keymgmt->type_name, desc);
return NULL;
- return keymgmt->gen(genctx, cb, cbarg);
+ }
+
+ ret = keymgmt->gen(genctx, cb, cbarg);
+ if (ret == NULL)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_FAILURE,
+ "%s key generation:%s", keymgmt->type_name, desc);
+ return ret;
}
void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx)
diff -Nru -w openssl-3.5.0/crypto/evp/legacy_sha.c openssl-3.5.1/crypto/evp/legacy_sha.c
--- openssl-3.5.0/crypto/evp/legacy_sha.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/legacy_sha.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -216,7 +216,7 @@
NID_shake##bitlen, \
0, \
bitlen / 8, \
- EVP_MD_FLAG_XOF, \
+ EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT, \
EVP_ORIG_GLOBAL, \
LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \
shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8), \
diff -Nru -w openssl-3.5.0/crypto/evp/m_sigver.c openssl-3.5.1/crypto/evp/m_sigver.c
--- openssl-3.5.0/crypto/evp/m_sigver.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/m_sigver.c 2025-07-01 13:52:08.000000000 +0200
@@ -42,6 +42,7 @@
{
EVP_PKEY_CTX *locpctx = NULL;
EVP_SIGNATURE *signature = NULL;
+ const char *desc;
EVP_KEYMGMT *tmp_keymgmt = NULL;
const OSSL_PROVIDER *tmp_prov = NULL;
const char *supported_sig = NULL;
@@ -251,16 +252,19 @@
}
}
+ desc = signature->description != NULL ? signature->description : "";
if (ver) {
if (signature->digest_verify_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s digest_verify_init:%s", signature->type_name, desc);
goto err;
}
ret = signature->digest_verify_init(locpctx->op.sig.algctx,
mdname, provkey, params);
} else {
if (signature->digest_sign_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s digest_sign_init:%s", signature->type_name, desc);
goto err;
}
ret = signature->digest_sign_init(locpctx->op.sig.algctx,
@@ -275,6 +279,9 @@
goto end;
if (type == NULL) /* This check is redundant but clarifies matters */
ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ ver ? "%s digest_verify_init:%s" : "%s digest_sign_init:%s",
+ signature->type_name, desc);
err:
evp_pkey_ctx_free_old_ops(locpctx);
@@ -395,7 +402,10 @@
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
EVP_PKEY_CTX *pctx = ctx->pctx;
+ int ret;
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
@@ -408,13 +418,19 @@
|| pctx->op.sig.signature == NULL)
goto legacy;
- if (pctx->op.sig.signature->digest_sign_update == NULL) {
- ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ signature = pctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->digest_sign_update == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s digest_sign_update:%s", signature->type_name, desc);
return 0;
}
- return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.algctx,
- data, dsize);
+ ret = signature->digest_sign_update(pctx->op.sig.algctx, data, dsize);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s digest_sign_update:%s", signature->type_name, desc);
+ return ret;
legacy:
if (pctx != NULL) {
@@ -430,7 +446,10 @@
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
EVP_PKEY_CTX *pctx = ctx->pctx;
+ int ret;
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
@@ -443,13 +462,19 @@
|| pctx->op.sig.signature == NULL)
goto legacy;
- if (pctx->op.sig.signature->digest_verify_update == NULL) {
- ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ signature = pctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->digest_verify_update == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s digest_verify_update:%s", signature->type_name, desc);
return 0;
}
- return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.algctx,
- data, dsize);
+ ret = signature->digest_verify_update(pctx->op.sig.algctx, data, dsize);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s digest_verify_update:%s", signature->type_name, desc);
+ return ret;
legacy:
if (pctx != NULL) {
@@ -466,6 +491,8 @@
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
int sctx = 0;
int r = 0;
EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
@@ -481,15 +508,26 @@
|| pctx->op.sig.signature == NULL)
goto legacy;
+ signature = pctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->digest_sign_final == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s digest_sign_final:%s", signature->type_name, desc);
+ return 0;
+ }
+
if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
/* try dup */
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx != NULL)
pctx = dctx;
}
- r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
- sigret, siglen,
+
+ r = signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen,
sigret == NULL ? 0 : *siglen);
+ if (!r)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s digest_sign_final:%s", signature->type_name, desc);
if (dctx == NULL && sigret != NULL)
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
else
@@ -574,6 +612,7 @@
const unsigned char *tbs, size_t tbslen)
{
EVP_PKEY_CTX *pctx = ctx->pctx;
+ int ret;
if (pctx == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@@ -588,13 +627,19 @@
if (pctx->operation == EVP_PKEY_OP_SIGNCTX
&& pctx->op.sig.algctx != NULL
&& pctx->op.sig.signature != NULL) {
- if (pctx->op.sig.signature->digest_sign != NULL) {
+ EVP_SIGNATURE *signature = pctx->op.sig.signature;
+
+ if (signature->digest_sign != NULL) {
+ const char *desc = signature->description != NULL ? signature->description : "";
+
if (sigret != NULL)
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
- return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx,
- sigret, siglen,
- sigret == NULL ? 0 : *siglen,
- tbs, tbslen);
+ ret = signature->digest_sign(pctx->op.sig.algctx, sigret, siglen,
+ sigret == NULL ? 0 : *siglen, tbs, tbslen);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s digest_sign:%s", signature->type_name, desc);
+ return ret;
}
} else {
/* legacy */
@@ -610,6 +655,8 @@
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
int vctx = 0;
unsigned int mdlen = 0;
unsigned char md[EVP_MAX_MD_SIZE];
@@ -627,14 +674,25 @@
|| pctx->op.sig.signature == NULL)
goto legacy;
+ signature = pctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->digest_verify_final == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s digest_verify_final:%s", signature->type_name, desc);
+ return 0;
+ }
+
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
/* try dup */
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx != NULL)
pctx = dctx;
}
- r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
- sig, siglen);
+
+ r = signature->digest_verify_final(pctx->op.sig.algctx, sig, siglen);
+ if (!r)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s digest_verify_final:%s", signature->type_name, desc);
if (dctx == NULL)
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
else
@@ -702,10 +760,16 @@
&& pctx->op.sig.algctx != NULL
&& pctx->op.sig.signature != NULL) {
if (pctx->op.sig.signature->digest_verify != NULL) {
+ EVP_SIGNATURE *signature = pctx->op.sig.signature;
+ const char *desc = signature->description != NULL ? signature->description : "";
+ int ret;
+
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
- return pctx->op.sig.signature->digest_verify(pctx->op.sig.algctx,
- sigret, siglen,
- tbs, tbslen);
+ ret = signature->digest_verify(pctx->op.sig.algctx, sigret, siglen, tbs, tbslen);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s digest_verify:%s", signature->type_name, desc);
+ return ret;
}
} else {
/* legacy */
diff -Nru -w openssl-3.5.0/crypto/evp/pmeth_lib.c openssl-3.5.1/crypto/evp/pmeth_lib.c
--- openssl-3.5.0/crypto/evp/pmeth_lib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/pmeth_lib.c 2025-07-01 13:52:08.000000000 +0200
@@ -480,6 +480,12 @@
}
rctx->legacy_keytype = pctx->legacy_keytype;
+ if (pctx->keymgmt != NULL) {
+ if (!EVP_KEYMGMT_up_ref(pctx->keymgmt))
+ goto err;
+ rctx->keymgmt = pctx->keymgmt;
+ }
+
if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
if (pctx->op.kex.exchange != NULL) {
rctx->op.kex.exchange = pctx->op.kex.exchange;
@@ -584,6 +590,9 @@
EVP_KEYMGMT *tmp_keymgmt = pctx->keymgmt;
void *provkey;
+ if (pctx->pkey == NULL)
+ return rctx;
+
provkey = evp_pkey_export_to_provider(pctx->pkey, pctx->libctx,
&tmp_keymgmt, pctx->propquery);
if (provkey == NULL)
diff -Nru -w openssl-3.5.0/crypto/evp/signature.c openssl-3.5.1/crypto/evp/signature.c
--- openssl-3.5.0/crypto/evp/signature.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/evp/signature.c 2025-07-01 13:52:08.000000000 +0200
@@ -55,6 +55,7 @@
{
const OSSL_DISPATCH *fns = algodef->implementation;
EVP_SIGNATURE *signature = NULL;
+ const char *desc;
/* Counts newctx / freectx */
int ctxfncnt = 0;
/* Counts all init functions */
@@ -72,6 +73,7 @@
if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
goto err;
signature->description = algodef->algorithm_description;
+ desc = signature->description != NULL ? signature->description : "";
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
@@ -290,23 +292,30 @@
*/
valid = 1;
/* Start with the ones where counters say enough */
- if (ctxfncnt != 2)
- /* newctx or freectx missing */
+ if (ctxfncnt != 2) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s newctx or freectx:%s", signature->type_name, desc);
valid = 0;
+ }
if (valid
&& ((gparamfncnt != 0 && gparamfncnt != 2)
|| (sparamfncnt != 0 && sparamfncnt != 2)
|| (gmdparamfncnt != 0 && gmdparamfncnt != 2)
- || (smdparamfncnt != 0 && smdparamfncnt != 2)))
+ || (smdparamfncnt != 0 && smdparamfncnt != 2))) {
/*
* Params functions are optional, but if defined, they must
* be pairwise complete sets, i.e. a getter must have an
* associated gettable, etc
*/
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s params getter or setter:%s", signature->type_name, desc);
valid = 0;
- if (valid && initfncnt == 0)
- /* No init functions */
+ }
+ if (valid && initfncnt == 0) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s init:%s", signature->type_name, desc);
valid = 0;
+ }
/* Now we check for function combinations */
if (valid
@@ -315,17 +324,23 @@
|| (signature->sign_message_init != NULL
&& signature->sign == NULL
&& (signature->sign_message_update == NULL
- || signature->sign_message_final == NULL))))
- /* sign_init functions with no signing function? That's weird */
+ || signature->sign_message_final == NULL)))) {
+ /* sign_init function(s) with no signing function? That's weird */
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s signing function:%s", signature->type_name, desc);
valid = 0;
+ }
if (valid
&& (signature->sign != NULL
|| signature->sign_message_update != NULL
|| signature->sign_message_final != NULL)
&& signature->sign_init == NULL
- && signature->sign_message_init == NULL)
- /* signing functions with no sign_init? That's odd */
+ && signature->sign_message_init == NULL) {
+ /* signing function(s) with no sign_init? That's odd */
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s sign_init or sign_message_init:%s", signature->type_name, desc);
valid = 0;
+ }
if (valid
&& ((signature->verify_init != NULL
@@ -333,46 +348,105 @@
|| (signature->verify_message_init != NULL
&& signature->verify == NULL
&& (signature->verify_message_update == NULL
- || signature->verify_message_final == NULL))))
- /* verify_init functions with no verification function? That's weird */
+ || signature->verify_message_final == NULL)))) {
+ /* verify_init function(s) with no verification function? That's weird */
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s verification function:%s", signature->type_name, desc);
valid = 0;
+ }
if (valid
&& (signature->verify != NULL
|| signature->verify_message_update != NULL
|| signature->verify_message_final != NULL)
&& signature->verify_init == NULL
- && signature->verify_message_init == NULL)
- /* verification functions with no verify_init? That's odd */
+ && signature->verify_message_init == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s verify_init or verify_message_init:%s",
+ signature->type_name, desc);
+ /* verification function(s) with no verify_init? That's odd */
valid = 0;
+ }
if (valid
&& (signature->verify_recover_init != NULL)
- && (signature->verify_recover == NULL))
- /* verify_recover_init functions with no verify_recover? How quaint */
+ && (signature->verify_recover == NULL)) {
+ /* verify_recover_init function with no verify_recover? How quaint */
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s verify_recover:%s", signature->type_name, desc);
valid = 0;
+ }
if (valid
&& (signature->digest_sign_init != NULL
&& signature->digest_sign == NULL
&& (signature->digest_sign_update == NULL
- || signature->digest_sign_final == NULL)))
- /*
- * You can't have a digest_sign_init without *some* performing functions
- */
+ || signature->digest_sign_final == NULL))) {
+ /* You can't have a digest_sign_init without *some* performing functions */
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s digest_sign function:%s", signature->type_name, desc);
valid = 0;
+ }
if (valid
&& ((signature->digest_verify_init != NULL
&& signature->digest_verify == NULL
&& (signature->digest_verify_update == NULL
- || signature->digest_verify_final == NULL))))
- /*
- * You can't have a digest_verify_init without *some* performing functions
- */
+ || signature->digest_verify_final == NULL)))) {
+ /* You can't have a digest_verify_init without *some* performing functions */
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s digest_verify function:%s", signature->type_name, desc);
valid = 0;
+ }
+
+ if (!valid)
+ goto err;
- if (!valid) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
+ if ((signature->digest_sign != NULL
+ || signature->digest_sign_update != NULL
+ || signature->digest_sign_final != NULL)
+ && signature->digest_sign_init == NULL) {
+ /* digest signing function(s) with no digest_sign_init? That's odd */
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s digest_sign_init:%s", signature->type_name, desc);
+ goto err;
+ }
+
+ if ((signature->digest_verify != NULL
+ || signature->digest_verify_update != NULL
+ || signature->digest_verify_final != NULL)
+ && signature->digest_verify_init == NULL) {
+ /* digest verification function(s) with no digest_verify_init? That's odd */
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "missing %s digest_verify_init:%s", signature->type_name, desc);
+ goto err;
+ }
+
+ if ((signature->sign_message_update == NULL) !=
+ (signature->sign_message_final == NULL)) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "only one of %s message signing update and final available:%s",
+ signature->type_name, desc);
+ goto err;
+ }
+ if ((signature->verify_message_update == NULL) !=
+ (signature->verify_message_final == NULL)) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "only one of %s message verification update and final available:%s",
+ signature->type_name, desc);
+ goto err;
+ }
+ if ((signature->digest_sign_update == NULL) !=
+ (signature->digest_sign_final == NULL)) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "only one of %s digest signing update and final available:%s",
+ signature->type_name, desc);
+ goto err;
+ }
+ if ((signature->digest_verify_update == NULL) !=
+ (signature->digest_verify_final == NULL)) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
+ "only one of %s digest verification update and final available:%s",
+ signature->type_name, desc);
goto err;
}
@@ -499,6 +573,7 @@
static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
int operation, const OSSL_PARAM params[])
{
+ const char *desc;
int ret = 0;
void *provkey = NULL;
EVP_KEYMGMT *tmp_keymgmt = NULL;
@@ -557,7 +632,7 @@
* ensured that the key is at least exported to a provider (above).
*/
if (signature->query_key_types != NULL) {
- /* This is expect to be a NULL terminated array */
+ /* This is expected to be a NULL-terminated array */
const char **keytypes;
keytypes = signature->query_key_types();
@@ -708,6 +783,8 @@
/* No more legacy from here down to legacy: */
ctx->op.sig.signature = signature;
+ desc = signature->description != NULL ? signature->description : "";
+
ctx->op.sig.algctx =
signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
if (ctx->op.sig.algctx == NULL) {
@@ -719,7 +796,8 @@
switch (operation) {
case EVP_PKEY_OP_SIGN:
if (signature->sign_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s sign_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@@ -727,7 +805,8 @@
break;
case EVP_PKEY_OP_SIGNMSG:
if (signature->sign_message_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s sign_message_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@@ -735,7 +814,8 @@
break;
case EVP_PKEY_OP_VERIFY:
if (signature->verify_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s verify_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@@ -743,7 +823,8 @@
break;
case EVP_PKEY_OP_VERIFYMSG:
if (signature->verify_message_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s verify_message_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@@ -751,7 +832,8 @@
break;
case EVP_PKEY_OP_VERIFYRECOVER:
if (signature->verify_recover_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s verify_recover_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@@ -849,6 +931,10 @@
int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
const unsigned char *in, size_t inlen)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
+ int ret;
+
if (ctx == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return -1;
@@ -859,18 +945,28 @@
return -1;
}
- if (ctx->op.sig.signature->sign_message_update == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ signature = ctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->sign_message_update == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s sign_message_update:%s", signature->type_name, desc);
return -2;
}
- return ctx->op.sig.signature->sign_message_update(ctx->op.sig.algctx,
- in, inlen);
+ ret = signature->sign_message_update(ctx->op.sig.algctx, in, inlen);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s sign_message_update:%s", signature->type_name, desc);
+ return ret;
}
int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
+ int ret;
+
if (ctx == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return -1;
@@ -881,20 +977,28 @@
return -1;
}
- if (ctx->op.sig.signature->sign_message_final == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ signature = ctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->sign_message_final == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s sign_message_final:%s", signature->type_name, desc);
return -2;
}
- return ctx->op.sig.signature->sign_message_final(ctx->op.sig.algctx,
- sig, siglen,
+ ret = signature->sign_message_final(ctx->op.sig.algctx, sig, siglen,
(sig == NULL) ? 0 : *siglen);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s sign_message_final:%s", signature->type_name, desc);
+ return ret;
}
int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
int ret;
if (ctx == NULL) {
@@ -911,14 +1015,19 @@
if (ctx->op.sig.algctx == NULL)
goto legacy;
- if (ctx->op.sig.signature->sign == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ signature = ctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->sign == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s sign:%s", signature->type_name, desc);
return -2;
}
- ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
+ ret = signature->sign(ctx->op.sig.algctx, sig, siglen,
(sig == NULL) ? 0 : *siglen, tbs, tbslen);
-
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s sign:%s", signature->type_name, desc);
return ret;
legacy:
@@ -977,6 +1086,10 @@
int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
const unsigned char *in, size_t inlen)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
+ int ret;
+
if (ctx == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return -1;
@@ -987,17 +1100,27 @@
return -1;
}
- if (ctx->op.sig.signature->verify_message_update == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ signature = ctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->verify_message_update == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s verify_message_update:%s", signature->type_name, desc);
return -2;
}
- return ctx->op.sig.signature->verify_message_update(ctx->op.sig.algctx,
- in, inlen);
+ ret = signature->verify_message_update(ctx->op.sig.algctx, in, inlen);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s verify_message_update:%s", signature->type_name, desc);
+ return ret;
}
int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
+ int ret;
+
if (ctx == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return -1;
@@ -1008,19 +1131,28 @@
return -1;
}
- if (ctx->op.sig.signature->verify_message_final == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ signature = ctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->verify_message_final == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s verify_message_final:%s", signature->type_name, desc);
return -2;
}
/* The signature must have been set with EVP_PKEY_CTX_set_signature() */
- return ctx->op.sig.signature->verify_message_final(ctx->op.sig.algctx);
+ ret = signature->verify_message_final(ctx->op.sig.algctx);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s verify_message_final:%s", signature->type_name, desc);
+ return ret;
}
int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
int ret;
if (ctx == NULL) {
@@ -1037,13 +1169,19 @@
if (ctx->op.sig.algctx == NULL)
goto legacy;
- if (ctx->op.sig.signature->verify == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ signature = ctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->verify == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s verify:%s", signature->type_name, desc);
return -2;
}
ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
tbs, tbslen);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s verify:%s", signature->type_name, desc);
return ret;
legacy:
@@ -1076,6 +1214,8 @@
unsigned char *rout, size_t *routlen,
const unsigned char *sig, size_t siglen)
{
+ EVP_SIGNATURE *signature;
+ const char *desc;
int ret;
if (ctx == NULL) {
@@ -1091,15 +1231,19 @@
if (ctx->op.sig.algctx == NULL)
goto legacy;
- if (ctx->op.sig.signature->verify_recover == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ signature = ctx->op.sig.signature;
+ desc = signature->description != NULL ? signature->description : "";
+ if (signature->verify_recover == NULL) {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
+ "%s verify_recover:%s", signature->type_name, desc);
return -2;
}
- ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
- routlen,
- (rout == NULL ? 0 : *routlen),
- sig, siglen);
+ ret = signature->verify_recover(ctx->op.sig.algctx, rout, routlen,
+ (rout == NULL ? 0 : *routlen), sig, siglen);
+ if (ret <= 0)
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
+ "%s verify_recover:%s", signature->type_name, desc);
return ret;
legacy:
if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
diff -Nru -w openssl-3.5.0/crypto/hmac/hmac_s390x.c openssl-3.5.1/crypto/hmac/hmac_s390x.c
--- openssl-3.5.0/crypto/hmac/hmac_s390x.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/hmac/hmac_s390x.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -14,6 +14,7 @@
#include "hmac_local.h"
#include "openssl/obj_mac.h"
#include "openssl/evp.h"
+#include "openssl/err.h"
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
# include <openssl/engine.h>
#endif
@@ -189,6 +190,11 @@
{
size_t remain, num;
+ if (ctx->plat.s390x.iimp != 1) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
+ return 0;
+ }
+
if (len == 0)
return 1;
@@ -250,6 +256,11 @@
void *result;
unsigned int res_len;
+ if (ctx->plat.s390x.iimp != 1) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
+ return 0;
+ }
+
ctx->plat.s390x.iimp = 0; /* last block */
s390x_call_kmac(ctx, ctx->plat.s390x.buf, ctx->plat.s390x.num);
diff -Nru -w openssl-3.5.0/crypto/http/http_lib.c openssl-3.5.1/crypto/http/http_lib.c
--- openssl-3.5.0/crypto/http/http_lib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/http/http_lib.c 2025-07-01 13:52:08.000000000 +0200
@@ -59,7 +59,7 @@
const char *user, *user_end;
const char *host, *host_end;
const char *port, *port_end;
- unsigned int portnum;
+ unsigned int portnum = 0;
const char *path, *path_end;
const char *query, *query_end;
const char *frag, *frag_end;
@@ -107,13 +107,7 @@
p = ++host_end;
} else {
/* look for start of optional port, path, query, or fragment */
- host_end = strchr(host, ':');
- if (host_end == NULL)
- host_end = strchr(host, '/');
- if (host_end == NULL)
- host_end = strchr(host, '?');
- if (host_end == NULL)
- host_end = strchr(host, '#');
+ host_end = strpbrk(host, ":/?#");
if (host_end == NULL) /* the remaining string is just the hostname */
host_end = host + strlen(host);
p = host_end;
diff -Nru -w openssl-3.5.0/crypto/ml_kem/ml_kem.c openssl-3.5.1/crypto/ml_kem/ml_kem.c
--- openssl-3.5.0/crypto/ml_kem/ml_kem.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/ml_kem/ml_kem.c 2025-07-01 13:52:08.000000000 +0200
@@ -9,6 +9,7 @@
#include <openssl/byteorder.h>
#include <openssl/rand.h>
+#include <openssl/proverr.h>
#include "crypto/ml_kem.h"
#include "internal/common.h"
#include "internal/constant_time.h"
@@ -1278,16 +1279,26 @@
const ML_KEM_VINFO *vinfo = key->vinfo;
/* Decode and check |t| */
- if (!vector_decode_12(key->t, in, vinfo->rank))
+ if (!vector_decode_12(key->t, in, vinfo->rank)) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY,
+ "%s invalid public 't' vector",
+ vinfo->algorithm_name);
return 0;
+ }
/* Save the matrix |m| recovery seed |rho| */
memcpy(key->rho, in + vinfo->vector_bytes, ML_KEM_RANDOM_BYTES);
/*
* Pre-compute the public key hash, needed for both encap and decap.
* Also pre-compute the matrix expansion, stored with the public key.
*/
- return hash_h(key->pkhash, in, vinfo->pubkey_bytes, mdctx, key)
- && matrix_expand(mdctx, key);
+ if (!hash_h(key->pkhash, in, vinfo->pubkey_bytes, mdctx, key)
+ || !matrix_expand(mdctx, key)) {
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
+ "internal error while parsing %s public key",
+ vinfo->algorithm_name);
+ return 0;
+ }
+ return 1;
}
/*
@@ -1301,8 +1312,12 @@
const ML_KEM_VINFO *vinfo = key->vinfo;
/* Decode and check |s|. */
- if (!vector_decode_12(key->s, in, vinfo->rank))
+ if (!vector_decode_12(key->s, in, vinfo->rank)) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY,
+ "%s invalid private 's' vector",
+ vinfo->algorithm_name);
return 0;
+ }
in += vinfo->vector_bytes;
if (!parse_pubkey(in, mdctx, key))
@@ -1310,8 +1325,12 @@
in += vinfo->pubkey_bytes;
/* Check public key hash. */
- if (memcmp(key->pkhash, in, ML_KEM_PKHASH_BYTES) != 0)
+ if (memcmp(key->pkhash, in, ML_KEM_PKHASH_BYTES) != 0) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY,
+ "%s public key hash mismatch",
+ vinfo->algorithm_name);
return 0;
+ }
in += ML_KEM_PKHASH_BYTES;
memcpy(key->z, in, ML_KEM_RANDOM_BYTES);
@@ -1405,6 +1424,11 @@
end:
OPENSSL_cleanse((void *)augmented_seed, ML_KEM_RANDOM_BYTES);
OPENSSL_cleanse((void *)sigma, ML_KEM_RANDOM_BYTES);
+ if (ret == 0) {
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
+ "internal error while generating %s private key",
+ vinfo->algorithm_name);
+ }
return ret;
}
@@ -1430,10 +1454,14 @@
memcpy(input + ML_KEM_RANDOM_BYTES, key->pkhash, ML_KEM_PKHASH_BYTES);
ret = hash_g(Kr, input, sizeof(input), mdctx, key)
&& encrypt_cpa(ctext, entropy, r, tmp, mdctx, key);
+ OPENSSL_cleanse((void *)input, sizeof(input));
if (ret)
memcpy(secret, Kr, ML_KEM_SHARED_SECRET_BYTES);
- OPENSSL_cleanse((void *)input, sizeof(input));
+ else
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
+ "internal error while performing %s encapsulation",
+ key->vinfo->algorithm_name);
return ret;
}
@@ -1477,8 +1505,12 @@
* The same action is taken, if also |encrypt_cpa| should catastrophically
* fail, due to failure of the |PRF| underlying the CBD functions.
*/
- if (!kdf(failure_key, key->z, ctext, vinfo->ctext_bytes, mdctx, key))
+ if (!kdf(failure_key, key->z, ctext, vinfo->ctext_bytes, mdctx, key)) {
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
+ "internal error while performing %s decapsulation",
+ vinfo->algorithm_name);
return 0;
+ }
decrypt_cpa(decrypted, ctext, tmp, key);
memcpy(decrypted + ML_KEM_SHARED_SECRET_BYTES, pkhash, ML_KEM_PKHASH_BYTES);
if (!hash_g(Kr, decrypted, sizeof(decrypted), mdctx, key)
@@ -1550,7 +1582,7 @@
*/
if (ossl_ml_kem_have_prvkey(key))
OPENSSL_cleanse(key->s,
- key->vinfo->vector_bytes + 2 * ML_KEM_RANDOM_BYTES);
+ key->vinfo->rank * sizeof(scalar) + 2 * ML_KEM_RANDOM_BYTES);
OPENSSL_free(key->t);
key->d = key->z = (uint8_t *)(key->s = key->m = key->t = NULL);
}
@@ -1582,8 +1614,11 @@
const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(evp_type);
ML_KEM_KEY *key;
- if (vinfo == NULL)
+ if (vinfo == NULL) {
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
+ "unsupported ML-KEM key type: %d", evp_type);
return NULL;
+ }
if ((key = OPENSSL_malloc(sizeof(*key))) == NULL)
return NULL;
@@ -1605,6 +1640,9 @@
return key;
ossl_ml_kem_key_free(key);
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
+ "missing SHA3 digest algorithms while creating %s key",
+ vinfo->algorithm_name);
return NULL;
}
diff -Nru -w openssl-3.5.0/crypto/params_dup.c openssl-3.5.1/crypto/params_dup.c
--- openssl-3.5.0/crypto/params_dup.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/params_dup.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -190,18 +190,18 @@
while (1) {
/* If list1 is finished just tack list2 onto the end */
if (*p1cur == NULL) {
- do {
+ while (*p2cur != NULL) {
*dst++ = **p2cur;
p2cur++;
- } while (*p2cur != NULL);
+ }
break;
}
/* If list2 is finished just tack list1 onto the end */
if (*p2cur == NULL) {
- do {
+ while (*p1cur != NULL) {
*dst++ = **p1cur;
p1cur++;
- } while (*p1cur != NULL);
+ }
break;
}
/* consume the list element with the smaller key */
diff -Nru -w openssl-3.5.0/crypto/params_from_text.c openssl-3.5.1/crypto/params_from_text.c
--- openssl-3.5.0/crypto/params_from_text.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/params_from_text.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -220,9 +220,9 @@
BIGNUM *bn;
#ifndef OPENSSL_SYS_UEFI
double d;
+ int dok;
#endif
int ok = -1;
- int dok;
/*
* Iterate through each key in the array printing its key and value
@@ -280,16 +280,16 @@
case OSSL_PARAM_OCTET_STRING:
ok = BIO_dump(bio, (char *)p->data, p->data_size);
break;
+#ifndef OPENSSL_SYS_UEFI
case OSSL_PARAM_REAL:
dok = 0;
-#ifndef OPENSSL_SYS_UEFI
dok = OSSL_PARAM_get_double(p, &d);
-#endif
if (dok == 1)
ok = BIO_printf(bio, "%f\n", d);
else
ok = BIO_printf(bio, "error getting value\n");
break;
+#endif
default:
ok = BIO_printf(bio, "unknown type (%u) of %zu bytes\n",
p->data_type, p->data_size);
diff -Nru -w openssl-3.5.0/crypto/perlasm/x86_64-xlate.pl openssl-3.5.1/crypto/perlasm/x86_64-xlate.pl
--- openssl-3.5.0/crypto/perlasm/x86_64-xlate.pl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/perlasm/x86_64-xlate.pl 2025-07-01 13:52:08.000000000 +0200
@@ -218,6 +218,25 @@
my $current_function;
my %globals;
+{ package vex_prefix; # pick up vex prefixes, example: {vex} vpmadd52luq m256, %ymm, %ymm
+ sub re {
+ my ($class, $line) = @_;
+ my $self = {};
+ my $ret;
+
+ if ($$line =~ /(^\{vex\})/) {
+ bless $self,$class;
+ $self->{value} = $1;
+ $ret = $self;
+ $$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
+ }
+ $ret;
+ }
+ sub out {
+ my $self = shift;
+ $self->{value};
+ }
+}
{ package opcode; # pick up opcodes
sub re {
my ($class, $line) = @_;
@@ -1396,7 +1415,11 @@
if (my $directive=directive->re(\$line)) {
printf "%s",$directive->out();
- } elsif (my $opcode=opcode->re(\$line)) {
+ } else {
+ if (my $vex_prefix=vex_prefix->re(\$line)) {
+ printf "%s",$vex_prefix->out();
+ }
+ if (my $opcode=opcode->re(\$line)) {
my $asm = eval("\$".$opcode->mnemonic());
if ((ref($asm) eq 'CODE') && scalar(my @bytes=&$asm($line))) {
@@ -1447,6 +1470,7 @@
printf "\t%s",$opcode->out();
}
}
+ }
print $line,"\n";
}
diff -Nru -w openssl-3.5.0/crypto/pkcs7/pk7_smime.c openssl-3.5.1/crypto/pkcs7/pk7_smime.c
--- openssl-3.5.0/crypto/pkcs7/pk7_smime.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/pkcs7/pk7_smime.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -333,10 +333,8 @@
if (flags & PKCS7_TEXT) {
if (!SMIME_text(tmpout, out)) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR);
- BIO_free(tmpout);
goto err;
}
- BIO_free(tmpout);
}
/* Now Verify All Signatures */
@@ -354,6 +352,8 @@
ret = 1;
err:
+ if (flags & PKCS7_TEXT)
+ BIO_free(tmpout);
X509_STORE_CTX_free(cert_ctx);
OPENSSL_free(buf);
if (indata != NULL)
diff -Nru -w openssl-3.5.0/crypto/property/property.c openssl-3.5.1/crypto/property/property.c
--- openssl-3.5.0/crypto/property/property.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/property/property.c 2025-07-01 13:52:08.000000000 +0200
@@ -348,7 +348,7 @@
/* Insert into the hash table if required */
if (!ossl_property_write_lock(store)) {
- OPENSSL_free(impl);
+ impl_free(impl);
return 0;
}
diff -Nru -w openssl-3.5.0/crypto/provider_conf.c openssl-3.5.1/crypto/provider_conf.c
--- openssl-3.5.0/crypto/provider_conf.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/provider_conf.c 2025-07-01 13:52:08.000000000 +0200
@@ -379,7 +379,7 @@
ok = provider_conf_params(NULL, &entry, NULL, value, cnf);
if (ok >= 1 && (entry.path != NULL || entry.parameters != NULL)) {
ok = ossl_provider_info_add_to_store(libctx, &entry);
- added = 1;
+ added = ok;
}
if (added == 0)
ossl_provider_info_clear(&entry);
diff -Nru -w openssl-3.5.0/crypto/provider_core.c openssl-3.5.1/crypto/provider_core.c
--- openssl-3.5.0/crypto/provider_core.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/provider_core.c 2025-07-01 13:52:08.000000000 +0200
@@ -1511,6 +1511,16 @@
return ret;
}
+int ossl_provider_activate_fallbacks(OSSL_LIB_CTX *ctx)
+{
+ struct provider_store_st *store = get_provider_store(ctx);
+
+ if (store == NULL)
+ return 0;
+
+ return provider_activate_fallbacks(store);
+}
+
int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
int (*cb)(OSSL_PROVIDER *provider,
void *cbdata),
@@ -1948,12 +1958,12 @@
BIO_printf(trc_out,
"(provider %s) names %s, prop_def %s, desc %s\n",
prov->name,
- res->algorithm_names == NULL ? "none" :
- res->algorithm_names,
- res->property_definition == NULL ? "none" :
- res->property_definition,
- res->algorithm_description == NULL ? "none" :
- res->algorithm_description);
+ idx->algorithm_names == NULL ? "none" :
+ idx->algorithm_names,
+ idx->property_definition == NULL ? "none" :
+ idx->property_definition,
+ idx->algorithm_description == NULL ? "none" :
+ idx->algorithm_description);
}
} else {
BIO_printf(trc_out, "(provider %s) query_operation failed\n", prov->name);
diff -Nru -w openssl-3.5.0/crypto/rand/rand_lib.c openssl-3.5.1/crypto/rand/rand_lib.c
--- openssl-3.5.0/crypto/rand/rand_lib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/rand/rand_lib.c 2025-07-01 13:52:08.000000000 +0200
@@ -289,6 +289,9 @@
if (!RUN_ONCE(&rand_init, do_rand_init))
return NULL;
+ if (rand_meth_lock == NULL)
+ return NULL;
+
if (!CRYPTO_THREAD_read_lock(rand_meth_lock))
return NULL;
tmp_meth = default_RAND_meth;
@@ -755,7 +758,7 @@
*/
static EVP_RAND_CTX *rand_get0_primary(OSSL_LIB_CTX *ctx, RAND_GLOBAL *dgbl)
{
- EVP_RAND_CTX *ret;
+ EVP_RAND_CTX *ret, *seed, *newseed = NULL, *primary;
if (dgbl == NULL)
return NULL;
@@ -764,34 +767,26 @@
return NULL;
ret = dgbl->primary;
+ seed = dgbl->seed;
CRYPTO_THREAD_unlock(dgbl->lock);
if (ret != NULL)
return ret;
- if (!CRYPTO_THREAD_write_lock(dgbl->lock))
- return NULL;
-
- ret = dgbl->primary;
- if (ret != NULL) {
- CRYPTO_THREAD_unlock(dgbl->lock);
- return ret;
- }
-
#if !defined(FIPS_MODULE) || !defined(OPENSSL_NO_FIPS_JITTER)
/* Create a seed source for libcrypto or jitter enabled FIPS provider */
- if (dgbl->seed == NULL) {
+ if (seed == NULL) {
ERR_set_mark();
- dgbl->seed = rand_new_seed(ctx);
+ seed = newseed = rand_new_seed(ctx);
ERR_pop_to_mark();
}
#endif /* !FIPS_MODULE || !OPENSSL_NO_FIPS_JITTER */
#if defined(FIPS_MODULE)
/* The FIPS provider has entropy health tests instead of the primary */
- ret = rand_new_crngt(ctx, dgbl->seed);
+ ret = rand_new_crngt(ctx, seed);
#else /* FIPS_MODULE */
- ret = rand_new_drbg(ctx, dgbl->seed, PRIMARY_RESEED_INTERVAL,
+ ret = rand_new_drbg(ctx, seed, PRIMARY_RESEED_INTERVAL,
PRIMARY_RESEED_TIME_INTERVAL);
#endif /* FIPS_MODULE */
@@ -799,12 +794,30 @@
* The primary DRBG may be shared between multiple threads so we must
* enable locking.
*/
- dgbl->primary = ret;
- if (ret != NULL && !EVP_RAND_enable_locking(ret)) {
+ if (ret == NULL || !EVP_RAND_enable_locking(ret)) {
+ if (ret != NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_ENABLE_LOCKING);
EVP_RAND_CTX_free(ret);
- ret = dgbl->primary = NULL;
}
+ if (newseed == NULL)
+ return NULL;
+ /* else carry on and store seed */
+ ret = NULL;
+ }
+
+ if (!CRYPTO_THREAD_write_lock(dgbl->lock))
+ return NULL;
+
+ primary = dgbl->primary;
+ if (primary != NULL) {
+ CRYPTO_THREAD_unlock(dgbl->lock);
+ EVP_RAND_CTX_free(ret);
+ EVP_RAND_CTX_free(newseed);
+ return primary;
+ }
+ if (newseed != NULL)
+ dgbl->seed = newseed;
+ dgbl->primary = ret;
CRYPTO_THREAD_unlock(dgbl->lock);
return ret;
diff -Nru -w openssl-3.5.0/crypto/sm3/asm/sm3-armv8.pl openssl-3.5.1/crypto/sm3/asm/sm3-armv8.pl
--- openssl-3.5.0/crypto/sm3/asm/sm3-armv8.pl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/sm3/asm/sm3-armv8.pl 2025-07-01 13:52:08.000000000 +0200
@@ -153,13 +153,13 @@
.Loop:
// load input
- ld1 {$s0.16b-$s3.16b}, [$pdata], #64
+ ld1 {$s0.4s-$s3.4s}, [$pdata], #64
sub $num, $num, #1
mov $bkstate1.16b, $state1.16b
mov $bkstate2.16b, $state2.16b
-#ifndef __ARMEB__
+#ifndef __AARCH64EB__
rev32 $s0.16b, $s0.16b
rev32 $s1.16b, $s1.16b
rev32 $s2.16b, $s2.16b
diff -Nru -w openssl-3.5.0/crypto/sm4/asm/sm4-armv8.pl openssl-3.5.1/crypto/sm4/asm/sm4-armv8.pl
--- openssl-3.5.0/crypto/sm4/asm/sm4-armv8.pl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/sm4/asm/sm4-armv8.pl 2025-07-01 13:52:08.000000000 +0200
@@ -32,7 +32,7 @@
my $dst = shift;
my $src = shift;
$code.=<<___;
-#ifndef __ARMEB__
+#ifndef __AARCH64EB__
rev32 $dst.16b,$src.16b
#endif
___
@@ -404,7 +404,7 @@
&enc_blk($ivec);
&rev32($ivec,$ivec);
$code.=<<___;
- st1 {$ivec.16b},[$out],#16
+ st1 {$ivec.4s},[$out],#16
b.ne 1b
b 3f
.Ldec:
@@ -485,11 +485,11 @@
$code.=<<___;
eor @dat[0].16b,@dat[0].16b,$ivec.16b
mov $ivec.16b,@in[0].16b
- st1 {@dat[0].16b},[$out],#16
+ st1 {@dat[0].4s},[$out],#16
b.ne 1b
3:
// save back IV
- st1 {$ivec.16b},[$ivp]
+ st1 {$ivec.4s},[$ivp]
ldp d8,d9,[sp],#16
ret
.size ${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt
diff -Nru -w openssl-3.5.0/crypto/store/store_result.c openssl-3.5.1/crypto/store/store_result.c
--- openssl-3.5.0/crypto/store/store_result.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/store/store_result.c 2025-07-01 13:52:08.000000000 +0200
@@ -153,8 +153,19 @@
goto err;
ERR_pop_to_mark();
- if (*v == NULL)
+ if (*v == NULL) {
+ const char *hint = "";
+
+ if (!OSSL_PROVIDER_available(libctx, "default"))
+ hint = ":maybe need to load the default provider?";
+ if (provider != NULL)
+ ERR_raise_data(ERR_LIB_OSSL_STORE, ERR_R_UNSUPPORTED, "provider=%s%s",
+ OSSL_PROVIDER_get0_name(provider), hint);
+ else if (hint[0] != '\0')
+ ERR_raise_data(ERR_LIB_OSSL_STORE, ERR_R_UNSUPPORTED, "%s", hint);
+ else
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_UNSUPPORTED);
+ }
return (*v != NULL);
err:
diff -Nru -w openssl-3.5.0/crypto/threads_none.c openssl-3.5.1/crypto/threads_none.c
--- openssl-3.5.0/crypto/threads_none.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/threads_none.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -153,18 +153,28 @@
# define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256
-static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
+struct thread_local_storage_entry {
+ void *data;
+ uint8_t used;
+};
+
+static struct thread_local_storage_entry thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
{
- static unsigned int thread_local_key = 0;
+ int entry_idx = 0;
- if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
- return 0;
+ for (entry_idx = 0; entry_idx < OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX; entry_idx++) {
+ if (!thread_local_storage[entry_idx].used)
+ break;
+ }
- *key = thread_local_key++;
+ if (entry_idx == OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+ return 0;
- thread_local_storage[*key] = NULL;
+ *key = entry_idx;
+ thread_local_storage[*key].used = 1;
+ thread_local_storage[*key].data = NULL;
return 1;
}
@@ -174,7 +184,7 @@
if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
return NULL;
- return thread_local_storage[*key];
+ return thread_local_storage[*key].data;
}
int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
@@ -182,13 +192,18 @@
if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
return 0;
- thread_local_storage[*key] = val;
+ thread_local_storage[*key].data = val;
return 1;
}
int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
{
+ if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+ return 0;
+
+ thread_local_storage[*key].used = 0;
+ thread_local_storage[*key].data = NULL;
*key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1;
return 1;
}
diff -Nru -w openssl-3.5.0/crypto/threads_pthread.c openssl-3.5.1/crypto/threads_pthread.c
--- openssl-3.5.0/crypto/threads_pthread.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/threads_pthread.c 2025-07-01 13:52:08.000000000 +0200
@@ -624,7 +624,7 @@
__owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
{
# ifdef USE_RWLOCK
- if (pthread_rwlock_rdlock(lock) != 0)
+ if (!ossl_assert(pthread_rwlock_rdlock(lock) == 0))
return 0;
# else
if (pthread_mutex_lock(lock) != 0) {
@@ -639,7 +639,7 @@
__owur int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
{
# ifdef USE_RWLOCK
- if (pthread_rwlock_wrlock(lock) != 0)
+ if (!ossl_assert(pthread_rwlock_wrlock(lock) == 0))
return 0;
# else
if (pthread_mutex_lock(lock) != 0) {
diff -Nru -w openssl-3.5.0/crypto/ts/ts_rsp_sign.c openssl-3.5.1/crypto/ts/ts_rsp_sign.c
--- openssl-3.5.0/crypto/ts/ts_rsp_sign.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/ts/ts_rsp_sign.c 2025-07-01 13:52:08.000000000 +0200
@@ -648,8 +648,12 @@
}
OPENSSL_free(pp);
- return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
- V_ASN1_SEQUENCE, seq);
+ if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
+ V_ASN1_SEQUENCE, seq)) {
+ ASN1_STRING_free(seq);
+ return 0;
+ }
+ return 1;
}
static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
@@ -671,8 +675,12 @@
}
OPENSSL_free(pp);
- return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
- V_ASN1_SEQUENCE, seq);
+ if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
+ V_ASN1_SEQUENCE, seq)) {
+ ASN1_STRING_free(seq);
+ return 0;
+ }
+ return 1;
}
static int ts_RESP_sign(TS_RESP_CTX *ctx)
diff -Nru -w openssl-3.5.0/crypto/ui/ui_lib.c openssl-3.5.1/crypto/ui/ui_lib.c
--- openssl-3.5.0/crypto/ui/ui_lib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/ui/ui_lib.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -205,6 +205,7 @@
char *result_buf, int minsize, int maxsize)
{
char *prompt_copy = NULL;
+ int ret;
if (prompt != NULL) {
prompt_copy = OPENSSL_strdup(prompt);
@@ -212,9 +213,13 @@
return 0;
}
- return general_allocate_string(ui, prompt_copy, 1,
+ ret = general_allocate_string(ui, prompt_copy, 1,
UIT_PROMPT, flags, result_buf, minsize,
maxsize, NULL);
+ if (ret <= 0)
+ OPENSSL_free(prompt_copy);
+
+ return ret;
}
int UI_add_verify_string(UI *ui, const char *prompt, int flags,
@@ -231,6 +236,7 @@
const char *test_buf)
{
char *prompt_copy = NULL;
+ int ret;
if (prompt != NULL) {
prompt_copy = OPENSSL_strdup(prompt);
@@ -238,9 +244,12 @@
return -1;
}
- return general_allocate_string(ui, prompt_copy, 1,
+ ret = general_allocate_string(ui, prompt_copy, 1,
UIT_VERIFY, flags, result_buf, minsize,
maxsize, test_buf);
+ if (ret <= 0)
+ OPENSSL_free(prompt_copy);
+ return ret;
}
int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
@@ -260,6 +269,7 @@
char *action_desc_copy = NULL;
char *ok_chars_copy = NULL;
char *cancel_chars_copy = NULL;
+ int ret;
if (prompt != NULL) {
prompt_copy = OPENSSL_strdup(prompt);
@@ -285,9 +295,14 @@
goto err;
}
- return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+ ret = general_allocate_boolean(ui, prompt_copy, action_desc_copy,
ok_chars_copy, cancel_chars_copy, 1,
UIT_BOOLEAN, flags, result_buf);
+ if (ret <= 0)
+ goto err;
+
+ return ret;
+
err:
OPENSSL_free(prompt_copy);
OPENSSL_free(action_desc_copy);
@@ -305,6 +320,7 @@
int UI_dup_info_string(UI *ui, const char *text)
{
char *text_copy = NULL;
+ int ret;
if (text != NULL) {
text_copy = OPENSSL_strdup(text);
@@ -312,8 +328,11 @@
return -1;
}
- return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+ ret = general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
0, 0, NULL);
+ if (ret <= 0)
+ OPENSSL_free(text_copy);
+ return ret;
}
int UI_add_error_string(UI *ui, const char *text)
@@ -325,14 +344,19 @@
int UI_dup_error_string(UI *ui, const char *text)
{
char *text_copy = NULL;
+ int ret;
if (text != NULL) {
text_copy = OPENSSL_strdup(text);
if (text_copy == NULL)
return -1;
}
- return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+
+ ret = general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
0, 0, NULL);
+ if (ret <= 0)
+ OPENSSL_free(text_copy);
+ return ret;
}
char *UI_construct_prompt(UI *ui, const char *phrase_desc,
diff -Nru -w openssl-3.5.0/crypto/x509/by_store.c openssl-3.5.1/crypto/x509/by_store.c
--- openssl-3.5.0/crypto/x509/by_store.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/x509/by_store.c 2025-07-01 13:52:08.000000000 +0200
@@ -7,23 +7,34 @@
* https://www.openssl.org/source/license.html
*/
+#include <openssl/safestack.h>
#include <openssl/store.h>
#include "internal/cryptlib.h"
#include "crypto/x509.h"
#include "x509_local.h"
+typedef struct cached_store_st {
+ char *uri;
+ OSSL_LIB_CTX *libctx;
+ char *propq;
+ OSSL_STORE_CTX *ctx;
+} CACHED_STORE;
+
+DEFINE_STACK_OF(CACHED_STORE)
+
/* Generic object loader, given expected type and criterion */
-static int cache_objects(X509_LOOKUP *lctx, const char *uri,
- const OSSL_STORE_SEARCH *criterion,
- int depth, OSSL_LIB_CTX *libctx, const char *propq)
+static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store,
+ const OSSL_STORE_SEARCH *criterion, int depth)
{
int ok = 0;
- OSSL_STORE_CTX *ctx = NULL;
+ OSSL_STORE_CTX *ctx = store->ctx;
X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
- if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL,
- NULL, NULL)) == NULL)
+ if (ctx == NULL
+ && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq,
+ NULL, NULL, NULL, NULL, NULL)) == NULL)
return 0;
+ store->ctx = ctx;
/*
* We try to set the criterion, but don't care if it was valid or not.
@@ -62,9 +73,15 @@
* This is an entry in the "directory" represented by the current
* uri. if |depth| allows, dive into it.
*/
- if (depth > 0)
- ok = cache_objects(lctx, OSSL_STORE_INFO_get0_NAME(info),
- criterion, depth - 1, libctx, propq);
+ if (depth > 0) {
+ CACHED_STORE substore;
+
+ substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info);
+ substore.libctx = store->libctx;
+ substore.propq = store->propq;
+ substore.ctx = NULL;
+ ok = cache_objects(lctx, &substore, criterion, depth - 1);
+ }
} else {
/*
* We know that X509_STORE_add_{cert|crl} increments the object's
@@ -88,21 +105,26 @@
break;
}
OSSL_STORE_close(ctx);
+ store->ctx = NULL;
return ok;
}
-/* Because OPENSSL_free is a macro and for C type match */
-static void free_uri(OPENSSL_STRING data)
+static void free_store(CACHED_STORE *store)
{
- OPENSSL_free(data);
+ if (store != NULL) {
+ OSSL_STORE_close(store->ctx);
+ OPENSSL_free(store->uri);
+ OPENSSL_free(store->propq);
+ OPENSSL_free(store);
+ }
}
static void by_store_free(X509_LOOKUP *ctx)
{
- STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
- sk_OPENSSL_STRING_pop_free(uris, free_uri);
+ STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
+ sk_CACHED_STORE_pop_free(stores, free_store);
}
static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
@@ -112,27 +134,49 @@
switch (cmd) {
case X509_L_ADD_STORE:
if (argp != NULL) {
- STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
- char *data = OPENSSL_strdup(argp);
+ STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
+ CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store));
- if (data == NULL) {
+ if (store == NULL) {
return 0;
}
- if (uris == NULL) {
- uris = sk_OPENSSL_STRING_new_null();
- X509_LOOKUP_set_method_data(ctx, uris);
+
+ store->uri = OPENSSL_strdup(argp);
+ store->libctx = libctx;
+ if (propq != NULL)
+ store->propq = OPENSSL_strdup(propq);
+ store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL,
+ NULL, NULL, NULL);
+ if (store->ctx == NULL
+ || (propq != NULL && store->propq == NULL)
+ || store->uri == NULL) {
+ free_store(store);
+ return 0;
+ }
+
+ if (stores == NULL) {
+ stores = sk_CACHED_STORE_new_null();
+ if (stores != NULL)
+ X509_LOOKUP_set_method_data(ctx, stores);
}
- if (sk_OPENSSL_STRING_push(uris, data) <= 0) {
- OPENSSL_free(data);
+ if (stores == NULL || sk_CACHED_STORE_push(stores, store) <= 0) {
+ free_store(store);
return 0;
}
return 1;
}
/* NOP if no URI is given. */
return 1;
- case X509_L_LOAD_STORE:
+ case X509_L_LOAD_STORE: {
/* This is a shortcut for quick loading of specific containers */
- return cache_objects(ctx, argp, NULL, 0, libctx, propq);
+ CACHED_STORE store;
+
+ store.uri = (char *)argp;
+ store.libctx = libctx;
+ store.propq = (char *)propq;
+ store.ctx = NULL;
+ return cache_objects(ctx, &store, NULL, 0);
+ }
default:
/* Unsupported command */
return 0;
@@ -146,16 +190,15 @@
}
static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret,
- OSSL_LIB_CTX *libctx, const char *propq)
+ const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret)
{
- STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
+ STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
int i;
int ok = 0;
- for (i = 0; i < sk_OPENSSL_STRING_num(uris); i++) {
- ok = cache_objects(ctx, sk_OPENSSL_STRING_value(uris, i), criterion,
- 1 /* depth */, libctx, propq);
+ for (i = 0; i < sk_CACHED_STORE_num(stores); i++) {
+ ok = cache_objects(ctx, sk_CACHED_STORE_value(stores, i), criterion,
+ 1 /* depth */);
if (ok)
break;
@@ -163,13 +206,12 @@
return ok;
}
-static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- const X509_NAME *name, X509_OBJECT *ret,
- OSSL_LIB_CTX *libctx, const char *propq)
+static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+ const X509_NAME *name, X509_OBJECT *ret)
{
OSSL_STORE_SEARCH *criterion =
OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */
- int ok = by_store(ctx, type, criterion, ret, libctx, propq);
+ int ok = by_store(ctx, type, criterion, ret);
STACK_OF(X509_OBJECT) *store_objects =
X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx));
X509_OBJECT *tmp = NULL;
@@ -217,12 +259,6 @@
return ok;
}
-static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- const X509_NAME *name, X509_OBJECT *ret)
-{
- return by_store_subject_ex(ctx, type, name, ret, NULL, NULL);
-}
-
/*
* We lack the implementations for get_by_issuer_serial, get_by_fingerprint
* and get_by_alias. There's simply not enough support in the X509_LOOKUP
@@ -240,7 +276,7 @@
NULL, /* get_by_issuer_serial */
NULL, /* get_by_fingerprint */
NULL, /* get_by_alias */
- by_store_subject_ex,
+ NULL, /* get_by_subject_ex */
by_store_ctrl_ex
};
diff -Nru -w openssl-3.5.0/crypto/x509/v3_lib.c openssl-3.5.1/crypto/x509/v3_lib.c
--- openssl-3.5.0/crypto/x509/v3_lib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/crypto/x509/v3_lib.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -100,7 +100,11 @@
*tmpext = *ext;
tmpext->ext_nid = nid_to;
tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
- return X509V3_EXT_add(tmpext);
+ if (!X509V3_EXT_add(tmpext)) {
+ OPENSSL_free(tmpext);
+ return 0;
+ }
+ return 1;
}
void X509V3_EXT_cleanup(void)
diff -Nru -w openssl-3.5.0/debian/changelog openssl-3.5.1/debian/changelog
--- openssl-3.5.0/debian/changelog 2025-05-28 22:13:00.000000000 +0200
+++ openssl-3.5.1/debian/changelog 2025-07-12 18:49:06.000000000 +0200
@@ -1,3 +1,9 @@
+openssl (3.5.1-1) unstable; urgency=medium
+
+ * Import 3.5.1
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sat, 12 Jul 2025 18:49:06 +0200
+
openssl (3.5.0-2) unstable; urgency=medium
* Fix P-384 curve on lower-than-P9 PPC64 targets Closes: #1106516).
diff -Nru -w openssl-3.5.0/debian/patches/apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch openssl-3.5.1/debian/patches/apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch
--- openssl-3.5.0/debian/patches/apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch 2025-05-28 22:10:17.000000000 +0200
+++ openssl-3.5.1/debian/patches/apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,62 +0,0 @@
-From: Tomas Mraz <tomas@openssl.org>
-Date: Tue, 20 May 2025 16:34:10 +0200
-Subject: apps/x509.c: Fix the -addreject option adding trust instead of
- rejection
-
-Fixes CVE-2025-4575
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Paul Dale <ppzgs1@gmail.com>
-(Merged from https://github.com/openssl/openssl/pull/27672)
-
-(cherry picked from commit 0eb9acc24febb1f3f01f0320cfba9654cf66b0ac)
-(cherry picked from commit e96d22446e633d117e6c9904cb15b4693e956eaa)
-Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
----
- apps/x509.c | 2 +-
- test/recipes/25-test_x509.t | 12 +++++++++++-
- 2 files changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/apps/x509.c b/apps/x509.c
-index fdae8f383a66..0c340c15b321 100644
---- a/apps/x509.c
-+++ b/apps/x509.c
-@@ -465,7 +465,7 @@ int x509_main(int argc, char **argv)
- prog, opt_arg());
- goto opthelp;
- }
-- if (!sk_ASN1_OBJECT_push(trust, objtmp))
-+ if (!sk_ASN1_OBJECT_push(reject, objtmp))
- goto end;
- trustout = 1;
- break;
-diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
-index 09b61708ff8a..dfa0a428f5f0 100644
---- a/test/recipes/25-test_x509.t
-+++ b/test/recipes/25-test_x509.t
-@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
-
- setup("test_x509");
-
--plan tests => 134;
-+plan tests => 138;
-
- # Prevent MSys2 filename munging for arguments that look like file paths but
- # aren't
-@@ -110,6 +110,16 @@ ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE",
- && run(app(["openssl", "verify", "-no_check_time",
- "-trusted", $ca, "-partial_chain", $caout])));
-
-+# test trust decoration
-+ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection",
-+ "-out", "ca-trusted.pem"])));
-+cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection",
-+ 1, 'trusted use - E-mail Protection');
-+ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection",
-+ "-out", "ca-rejected.pem"])));
-+cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection",
-+ 1, 'rejected use - E-mail Protection');
-+
- subtest 'x509 -- x.509 v1 certificate' => sub {
- tconversion( -type => 'x509', -prefix => 'x509v1',
- -in => srctop_file("test", "testx509.pem") );
diff -Nru -w openssl-3.5.0/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch openssl-3.5.1/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch
--- openssl-3.5.0/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2025-05-28 22:10:16.000000000 +0200
+++ openssl-3.5.1/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2025-07-12 18:46:37.000000000 +0200
@@ -36,10 +36,10 @@
"linux-latomic" => {
inherit_from => [ "linux-generic32" ],
diff --git a/Configure b/Configure
-index 15054f94034a..fcb1d4cfefb4 100755
+index 499585438a16..98c0bcb92a79 100755
--- a/Configure
+++ b/Configure
-@@ -1835,7 +1835,7 @@ unless ($disabled{devcryptoeng}) {
+@@ -1836,7 +1836,7 @@ unless ($disabled{devcryptoeng}) {
unless ($disabled{ktls}) {
$config{ktls}="";
my $cc = $config{CROSS_COMPILE}.$config{CC};
diff -Nru -w openssl-3.5.0/debian/patches/c_rehash-compat.patch openssl-3.5.1/debian/patches/c_rehash-compat.patch
--- openssl-3.5.0/debian/patches/c_rehash-compat.patch 2025-05-28 22:10:16.000000000 +0200
+++ openssl-3.5.1/debian/patches/c_rehash-compat.patch 2025-07-12 18:46:37.000000000 +0200
@@ -7,7 +7,7 @@
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index 4dd1b4468279..df059b2e0e12 100644
+index 9f33895a4fd9..c98de9619a4d 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -17,8 +17,6 @@ my $prefix = {- quotify1($config{prefix}) -};
diff -Nru -w openssl-3.5.0/debian/patches/Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch openssl-3.5.1/debian/patches/Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch
--- openssl-3.5.0/debian/patches/Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch 2025-05-28 22:10:17.000000000 +0200
+++ openssl-3.5.1/debian/patches/Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,126 +0,0 @@
-From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
-Date: Thu, 17 Apr 2025 08:51:53 -0500
-Subject: Fix P-384 curve on lower-than-P9 PPC64 targets
-
-The change adding an asm implementation of p384_felem_reduce incorrectly
-uses the accelerated version on both targets that support the intrinsics
-*and* targets that don't, instead of falling back to the generics on older
-targets. This results in crashes when trying to use P-384 on < Power9.
-
-Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com>
-Closes: #27350
-Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC")
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/27429)
-
-(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425)
-(cherry picked from commit a72f753cc5a43e58087358317975f6be46c15e01)
-Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
----
- crypto/ec/ecp_nistp384.c | 54 +++++++++++++++++++++++++++++-------------------
- 1 file changed, 33 insertions(+), 21 deletions(-)
-
-diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
-index 2ceb94fe33b7..9d682f5a02cc 100644
---- a/crypto/ec/ecp_nistp384.c
-+++ b/crypto/ec/ecp_nistp384.c
-@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in)
- out[i] = acc[i];
- }
-
-+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
-+{
-+ widefelem tmp;
-+
-+ felem_square_ref(tmp, in);
-+ felem_reduce_ref(out, tmp);
-+}
-+
-+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
-+{
-+ widefelem tmp;
-+
-+ felem_mul_ref(tmp, in1, in2);
-+ felem_reduce_ref(out, tmp);
-+}
-+
- #if defined(ECP_NISTP384_ASM)
- static void felem_square_wrapper(widefelem out, const felem in);
- static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
-@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
-
- static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
-
-+static void (*felem_square_reduce_p)(felem out, const felem in) =
-+ felem_square_reduce_ref;
-+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
-+ felem_mul_reduce_ref;
-+
- void p384_felem_square(widefelem out, const felem in);
- void p384_felem_mul(widefelem out, const felem in1, const felem in2);
- void p384_felem_reduce(felem out, const widefelem in);
-
-+void p384_felem_square_reduce(felem out, const felem in);
-+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
-+
- # if defined(_ARCH_PPC64)
- # include "crypto/ppc_arch.h"
- # endif
-@@ -710,6 +734,8 @@ static void felem_select(void)
- felem_square_p = p384_felem_square;
- felem_mul_p = p384_felem_mul;
- felem_reduce_p = p384_felem_reduce;
-+ felem_square_reduce_p = p384_felem_square_reduce;
-+ felem_mul_reduce_p = p384_felem_mul_reduce;
-
- return;
- }
-@@ -718,7 +744,9 @@ static void felem_select(void)
- /* Default */
- felem_square_p = felem_square_ref;
- felem_mul_p = felem_mul_ref;
-- felem_reduce_p = p384_felem_reduce;
-+ felem_reduce_p = felem_reduce_ref;
-+ felem_square_reduce_p = felem_square_reduce_ref;
-+ felem_mul_reduce_p = felem_mul_reduce_ref;
- }
-
- static void felem_square_wrapper(widefelem out, const felem in)
-@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
- # define felem_mul felem_mul_p
- # define felem_reduce felem_reduce_p
-
--void p384_felem_square_reduce(felem out, const felem in);
--void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
--
--# define felem_square_reduce p384_felem_square_reduce
--# define felem_mul_reduce p384_felem_mul_reduce
-+# define felem_square_reduce felem_square_reduce_p
-+# define felem_mul_reduce felem_mul_reduce_p
- #else
- # define felem_square felem_square_ref
- # define felem_mul felem_mul_ref
- # define felem_reduce felem_reduce_ref
-
--static ossl_inline void felem_square_reduce(felem out, const felem in)
--{
-- widefelem tmp;
--
-- felem_square(tmp, in);
-- felem_reduce(out, tmp);
--}
--
--static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
--{
-- widefelem tmp;
--
-- felem_mul(tmp, in1, in2);
-- felem_reduce(out, tmp);
--}
-+# define felem_square_reduce felem_square_reduce_ref
-+# define felem_mul_reduce felem_mul_reduce_ref
- #endif
-
- /*-
diff -Nru -w openssl-3.5.0/debian/patches/man-section.patch openssl-3.5.1/debian/patches/man-section.patch
--- openssl-3.5.0/debian/patches/man-section.patch 2025-05-28 22:10:16.000000000 +0200
+++ openssl-3.5.1/debian/patches/man-section.patch 2025-07-12 18:46:37.000000000 +0200
@@ -7,7 +7,7 @@
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index e85763ccf835..55a3bcccde3b 100644
+index a6f666957ec0..46fe9d6f2dd6 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -347,7 +347,8 @@ HTMLDIR=$(DOCDIR)/html
diff -Nru -w openssl-3.5.0/debian/patches/series openssl-3.5.1/debian/patches/series
--- openssl-3.5.0/debian/patches/series 2025-05-28 22:10:17.000000000 +0200
+++ openssl-3.5.1/debian/patches/series 2025-07-12 18:46:26.000000000 +0200
@@ -5,5 +5,3 @@
c_rehash-compat.patch
Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch
conf-Serialize-allocation-free-of-ssl_names.patch
-apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch
-Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch
diff -Nru -w openssl-3.5.0/demos/bio/sconnect.c openssl-3.5.1/demos/bio/sconnect.c
--- openssl-3.5.0/demos/bio/sconnect.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/demos/bio/sconnect.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -74,8 +74,10 @@
/* The BIO has parsed the host:port and even IPv6 literals in [] */
hostname = BIO_get_conn_hostname(out);
- if (!hostname || SSL_set1_host(ssl, hostname) <= 0)
+ if (!hostname || SSL_set1_host(ssl, hostname) <= 0) {
+ BIO_free(ssl_bio);
goto err;
+ }
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);
diff -Nru -w openssl-3.5.0/demos/guide/tls-client-block.c openssl-3.5.1/demos/guide/tls-client-block.c
--- openssl-3.5.0/demos/guide/tls-client-block.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/demos/guide/tls-client-block.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -174,7 +174,7 @@
*/
bio = create_socket_bio(hostname, port, ipv6 ? AF_INET6 : AF_INET);
if (bio == NULL) {
- printf("Failed to crete the BIO\n");
+ printf("Failed to create the BIO\n");
goto end;
}
SSL_set_bio(ssl, bio, bio);
diff -Nru -w openssl-3.5.0/demos/sslecho/main.c openssl-3.5.1/demos/sslecho/main.c
--- openssl-3.5.0/demos/sslecho/main.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/demos/sslecho/main.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -23,7 +23,7 @@
static const int server_port = 4433;
-typedef unsigned char bool;
+typedef unsigned char flag;
#define true 1
#define false 0
@@ -31,9 +31,9 @@
* This flag won't be useful until both accept/read (TCP & SSL) methods
* can be called with a timeout. TBD.
*/
-static volatile bool server_running = true;
+static volatile flag server_running = true;
-static int create_socket(bool isServer)
+static int create_socket(flag isServer)
{
int s;
int optval = 1;
@@ -71,7 +71,7 @@
return s;
}
-static SSL_CTX* create_context(bool isServer)
+static SSL_CTX *create_context(flag isServer)
{
const SSL_METHOD *method;
SSL_CTX *ctx;
@@ -135,7 +135,7 @@
#define BUFFERSIZE 1024
int main(int argc, char **argv)
{
- bool isServer;
+ flag isServer;
int result;
SSL_CTX *ssl_ctx = NULL;
@@ -264,6 +264,11 @@
SSL_shutdown(ssl);
SSL_free(ssl);
close(client_skt);
+ /*
+ * Set client_skt to -1 to avoid double close when
+ * server_running become false before next accept
+ */
+ client_skt = -1;
}
}
printf("Server exiting...\n");
diff -Nru -w openssl-3.5.0/doc/designs/fetching-composite-algorithms.md openssl-3.5.1/doc/designs/fetching-composite-algorithms.md
--- openssl-3.5.0/doc/designs/fetching-composite-algorithms.md 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/designs/fetching-composite-algorithms.md 2025-07-01 13:52:08.000000000 +0200
@@ -20,19 +20,19 @@
As far as this design is concerned, these API sets are affected:
-- SIGNATURE (DigestSign and DigestVerify)
+- SIGNATURE
- ASYM_CIPHER
- KEYEXCH
-The proposal is to add these functions:
+The proposal is to add these initializer functions:
``` C
-EVP_DigestSignInit_ex2(EVP_PKEY_CTX **pctx,
- EVP_SIGNATURE *sig, EVP_PKEY *pkey,
- OSSL_LIB_CTX *libctx, const OSSL_PARAM params[]);
-EVP_DigestVerifyInit_ex2(EVP_PKEY_CTX **pctx,
- EVP_SIGNATURE *sig, EVP_PKEY *pkey,
- OSSL_LIB_CTX *libctx, const OSSL_PARAM params[]);
+int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *pctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
+int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *pctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
+int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *pctx,
+ EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
int EVP_PKEY_encrypt_init_ex2(EVP_PKEY_CTX *ctx, EVP_ASYM_CIPHER *asymciph,
const OSSL_PARAM params[]);
@@ -43,68 +43,12 @@
const OSSL_PARAM params[]);
```
-Because `EVP_SIGNATURE`, `EVP_ASYM_CIPHER` and `EVP_KEYEXCH` aren't limited
-to composite algorithms, these functions can be used just as well with
-explicit fetches of simple algorithms, say "RSA". In that case, the caller
-will need to pass necessary auxiliary parameters through the `OSSL_PARAM` or
-a call to a corresponding `set_params` function.
-
-Requirements on the providers
------------------------------
-
-Because it's not immediately obvious from a composite algorithm name what
-key type it requires / supports, at least in code, allowing the use of an
-explicitly fetched implementation of a composite algorithm requires that
-providers cooperate by declaring what key type is required / supported by
-each algorithm.
-
-For non-composite operation algorithms (like "RSA"), this is not necessary,
-see the fallback strategies below.
-
-There are two ways this could be implemented:
-
-1. through an added provider function that would work like keymgmt's
- `query_operation_name` function, but would return a key type name
- instead:
+Detailed proposal for these APIs will be or are prepared in other design
+documents:
- ``` C
- # define OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPE 26
- OSSL_CORE_MAKE_FUNC(const char *, signature_query_key_type, (void))
-
- # define OSSL_FUNC ASYM_CIPHER_QUERY_KEY_TYPE 12
- OSSL_CORE_MAKE_FUNC(const char *, asym_cipher_query_key_type, (void))
-
- # define OSSL_FUNC_KEYEXCH_QUERY_KEY_TYPE 11
- OSSL_CORE_MAKE_FUNC(const char *, keyexch_query_key_type, (void))
- ```
-
-2. through a gettable `OSSL_PARAM`, using the param identity "keytype"
-
-Fallback strategies
--------------------
-
-Because existing providers haven't been updated to declare composite
-algorithms, or to respond to the key type query, some fallback strategies
-will be needed to find out if the `EVP_PKEY` key type is possible to use
-with the fetched algorithm:
-
-- Check if the fetched operation name matches the key type (keymgmt name)
- of the `EVP_PKEY` that's involved in the operation. For example, this
- is useful when someone fetched the `EVP_SIGNATURE` "RSA".
-- Check if the fetched algorithm name matches the name returned by the
- keymgmt's `query_operation_name` function. For example, this is useful
- when someone fetched the `EVP_SIGNATURE` "ECDSA", for which the key type
- to use is "EC".
-- libcrypto currently has knowledge of some composite algorithm names and
- what they are composed of, accessible with `OBJ_find_sigid_algs` and
- similar functionality. This knowledge is regarded legacy, but can be
- used to figure out the key type.
-
-If none of these strategies work out, the operation initialization should
-fail.
-
-These strategies have their limitations, but the built-in legacy knowledge
-we currently have in libcrypto should be enough to cover most bases.
+- [Functions for explicitly fetched signature algorithms]
+- [Functions for explicitly fetched asym-cipher algorithms] (not yet designed)
+- [Functions for explicitly fetched keyexch algorithms] (not yet designed)
-----
@@ -185,3 +129,7 @@
use the result.
- It fails discoverability, for example through the `openssl list`
command.
+
+<!-- links -->
+[Functions for explicitly fetched signature algorithms]:
+ functions-for-explicitly-fetched-signature-algorithms.md
diff -Nru -w openssl-3.5.0/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md openssl-3.5.1/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md
--- openssl-3.5.0/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md 1970-01-01 01:00:00.000000000 +0100
+++ openssl-3.5.1/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md 2025-07-01 13:52:08.000000000 +0200
@@ -0,0 +1,205 @@
+Functions for explicitly fetched PKEY algorithms
+================================================
+
+Quick background
+----------------
+
+There are several proposed designs that end up revolving around the same
+basic need, explicitly fetched signature algorithms. The following method
+type is affected by this document:
+
+- `EVP_SIGNATURE`
+
+Public API - Add variants of `EVP_PKEY_CTX` functionality
+---------------------------------------------------------
+
+Through OTC discussions, it's been determined that the most suitable APIs to
+touch are the of `EVP_PKEY_` functions.
+Specifically, `EVP_PKEY_sign()`, `EVP_PKEY_verify()`, `EVP_PKEY_verify_recover()`
+and related functions.
+They can be extended to accept an explicitly fetched algorithm of the right
+type, and to be able to incrementally process indefinite length data streams
+when the fetched algorithm permits it (for example, RSA-SHA256).
+
+It must be made clear that the added functionality cannot be used to compose
+an algorithm from different parts. For example, it's not possible to specify
+a `EVP_SIGNATURE` "RSA" and combine it with a parameter that specifies the
+hash "SHA256" to get the "RSA-SHA256" functionality. For an `EVP_SIGNATURE`
+"RSA", the input is still expected to be a digest, or some other input that's
+limited to the modulus size of the RSA pkey.
+
+### Making things less confusing with distinct function names
+
+Until now, `EVP_PKEY_sign()` and friends were only expected to act on the
+pre-computed digest of a message (under the condition that proper flags
+and signature md are specified using functions like
+`EVP_PKEY_CTX_set_rsa_padding()` and `EVP_PKEY_CTX_set_signature_md()`),
+or to act as "primitive" [^1] functions (under the condition that proper
+flags are specified, like `RSA_NO_PADDING` for RSA signatures).
+
+This design proposes an extension to also allow full (not pre-hashed)
+messages to be passed, in a streaming style through an *update* and a
+*final* function.
+
+Discussions have revealed that it is potentially confusing to conflate the
+current functionality with streaming style functionality into the same name,
+so this design separates those out with specific init / update / final
+functions for that purpose. For oneshot functionality, `EVP_PKEY_sign()`
+and `EVP_PKEY_verify()` remain supported.
+
+[^1]: the term "primitive" is borrowed from [PKCS#1](https://www.rfc-editor.org/rfc/rfc8017#section-5)
+
+### Making it possible to verify with an early signature
+
+Some more recent verification algorithms need to obtain the signature
+before processing the data.
+This is particularly important for streaming modes of operation.
+This design proposes a mechanism to accomodate these algorithms
+and modes of operation.
+
+New public API - API Reference
+------------------------------
+
+### For limited input size / oneshot signing with `EVP_SIGNATURE`
+
+``` C
+int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *pctx,
+ EVP_SIGNATURE *algo,
+ const OSSL_PARAM params[]);
+```
+
+### For signing a stream with `EVP_SIGNATURE`
+
+``` C
+int EVP_PKEY_sign_message_init(EVP_PKEY_CTX *pctx,
+ EVP_SIGNATURE *algo,
+ const OSSL_PARAM params[]);
+int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
+ const unsigned char *in,
+ size_t inlen);
+int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
+ unsigned char *sig,
+ size_t *siglen);
+#define EVP_PKEY_sign_message(ctx,sig,siglen,tbs,tbslen) \
+ EVP_PKEY_sign(ctx,sig,siglen,tbs,tbslen)
+```
+
+### For limited input size / oneshot verification with `EVP_SIGNATURE`
+
+``` C
+int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *pctx,
+ EVP_SIGNATURE *algo,
+ const OSSL_PARAM params[]);
+```
+
+### For verifying a stream with `EVP_SIGNATURE`
+
+``` C
+/* Initializers */
+int EVP_PKEY_verify_message_init(EVP_PKEY_CTX *pctx,
+ EVP_SIGNATURE *algo,
+ const OSSL_PARAM params[]);
+/* Signature setter */
+int EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX *pctx,
+ unsigned char *sig, size_t siglen,
+ size_t sigsize);
+/* Update and final */
+int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
+ const unsigned char *in,
+ size_t inlen);
+int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx);
+
+#define EVP_PKEY_verify_message(ctx,sig,siglen,tbs,tbslen) \
+ EVP_PKEY_verify(ctx,sig,siglen,tbs,tbslen)
+```
+
+### For verify_recover with `EVP_SIGNATURE`
+
+Preliminary feedback suggests that a streaming interface is uninteresting for
+verify_recover, so we only specify a new init function.
+
+``` C
+/* Initializers */
+int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *pctx,
+ EVP_SIGNATURE *algo,
+ const OSSL_PARAM params[]);
+```
+
+Requirements on the providers
+-----------------------------
+
+Because it's not immediately obvious from a composite algorithm name what
+key type ("RSA", "EC", ...) it requires / supports, at least in code, allowing
+the use of an explicitly fetched implementation of a composite algorithm
+requires that providers cooperate by declaring what key type is required /
+supported by each algorithm.
+
+For non-composite operation algorithms (like "RSA"), this is not necessary,
+see the fallback strategies below.
+
+This is to be implemented through an added provider function that would work
+like keymgmt's `query_operation_name` function, but would return a NULL
+terminated array of key type name instead:
+
+``` C
+# define OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPE 26
+OSSL_CORE_MAKE_FUNC(const char **, signature_query_key_type, (void))
+```
+
+Furthermore, the distinction of intent, i.e. whether the input is expected
+to be a pre-hashed digest or the original message, must be passed on to the
+provider. Because we already distinguish that with function names in the
+public API, we use the same mapping in the provider interface.
+
+The already existing `signature_sign` and `signature_verify` remain as they
+are, and can be combined with message init calls.
+
+``` C
+# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT 27
+# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE 28
+# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL 29
+OSSL_CORE_MAKE_FUNC(int, signature_sign_message_init,
+ (void *ctx, void *provkey, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_sign_message_update,
+ (void *ctx, const unsigned char *in, size_t inlen))
+OSSL_CORE_MAKE_FUNC(int, signature_sign_message_final,
+ (void *ctx, unsigned char *sig, size_t *siglen, size_t sigsize))
+
+# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT 30
+# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE 31
+# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL 32
+OSSL_CORE_MAKE_FUNC(int, signature_verify_message_init,
+ (void *ctx, void *provkey, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, signature_verify_message_update,
+ (void *ctx, const unsigned char *in, size_t inlen))
+/*
+ * signature_verify_message_final requires that the signature to be verified
+ * against is specified via an OSSL_PARAM.
+ */
+OSSL_CORE_MAKE_FUNC(int, signature_verify_message_final, (void *ctx))
+```
+
+Fallback strategies
+-------------------
+
+Because existing providers haven't been updated to respond to the key type
+query, some fallback strategies will be needed for the init calls that take
+an explicitly fetched `EVP_SIGNATURE` argument (they can at least be used
+for pre-hashed digest operations). To find out if the `EVP_PKEY` key type
+is possible to use with the explicitly fetched algorithm, the following
+fallback strategies may be used.
+
+- Check if the fetched operation name matches the key type (keymgmt name)
+ of the `EVP_PKEY` that's involved in the operation. For example, this
+ is useful when someone fetched the `EVP_SIGNATURE` "RSA". This requires
+ very little modification, as this is already done with the initializer
+ functions that fetch the algorithm implicitly.
+- Check if the fetched algorithm name matches the name returned by the
+ keymgmt's `query_operation_name` function. For example, this is useful
+ when someone fetched the `EVP_SIGNATURE` "ECDSA", for which the key type
+ to use is "EC". This requires very little modification, as this is
+ already done with the initializer functions that fetch the algorithm
+ implicitly.
+
+If none of these strategies work out, the operation initialization should
+fail.
diff -Nru -w openssl-3.5.0/doc/man1/openssl-pkeyutl.pod.in openssl-3.5.1/doc/man1/openssl-pkeyutl.pod.in
--- openssl-3.5.0/doc/man1/openssl-pkeyutl.pod.in 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man1/openssl-pkeyutl.pod.in 2025-07-01 13:52:08.000000000 +0200
@@ -437,10 +437,100 @@
The X25519 and X448 algorithms support key derivation only. Currently there are
no additional options.
+=head2 SLH-DSA ALGORITHMS
+
+The SLH-DSA algorithms (SLH-DSA-SHA2-128s, SLH-DSA-SHA2-128f, SLH-DSA-SHA2-192s, SLH-DSA-SHA2-192f, SLH-DSA-SHA2-256s, SLH-DSA-SHA2-256f) are post-quantum signature algorithms. When using SLH-DSA with pkeyutl, the following options are available:
+
+=over 4
+
+=item B<-sign>
+
+Sign the input data using an SLH-DSA private key. For example:
+
+ $ openssl pkeyutl -sign -in file.txt -inkey slhdsa.pem -out sig
+
+=item B<-verify>
+
+Verify the signature using an SLH-DSA public key. For example:
+
+ $ openssl pkeyutl -verify -in file.txt -inkey slhdsa.pem -sigfile sig
+
+=back
+
+See L<EVP_PKEY-SLH-DSA(7)> and L<EVP_SIGNATURE-SLH-DSA(7)> for additional details about the SLH-DSA algorithm and its implementation.
+
=head1 ML-DSA-44, ML-DSA-65 AND ML-DSA-87 ALGORITHMS
-The B<ML-DSA> algorithms support signing and verification of "raw" messages.
-No preliminary hashing is performed.
+The ML-DSA algorithms are post-quantum signature algorithms that support signing and verification of "raw" messages.
+No preliminary hashing is performed. When using ML-DSA with pkeyutl, the following options are available:
+
+=over 4
+
+=item B<-sign>
+
+Sign the input data using an ML-DSA private key. For example:
+
+ $ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig
+
+=item B<-verify>
+
+Verify the signature using an ML-DSA public key. For example:
+
+ $ openssl pkeyutl -verify -in file.txt -inkey mldsa65.pem -sigfile sig
+
+=item B<-pkeyopt> I<opt>:I<value>
+
+Additional options for ML-DSA signing and verification:
+
+=over 4
+
+=item B<message-encoding>:I<value>
+
+Specifies the message encoding mode used for signing. This controls how the input message is processed before signing. Valid values are described in L<EVP_SIGNATURE-ML-DSA(7)>. For example:
+
+ $ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt message-encoding:1
+
+=item B<test-entropy>:I<value>
+
+Specifies a test entropy value for deterministic signing. For example:
+
+ $ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt test-entropy:abcdefghijklmnopqrstuvwxyz012345
+
+=item B<hextest-entropy>:I<value>
+
+Specifies a test entropy value in hex format. For example:
+
+ $ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt hextest-entropy:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+
+=item B<deterministic>:I<value>
+
+Enables deterministic signing. For example:
+
+ $ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt deterministic:1
+
+=item B<mu>:I<value>
+
+Specifies the mu parameter. For example:
+
+ $ echo -n "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" >file.txt
+ $ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt mu:1
+
+=back
+
+=item B<context-string>:I<string>
+
+Specifies a context string for both signing and verification operations. The context string must be the same for verification to succeed. For example:
+
+ $ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt context-string:mycontext
+ $ openssl pkeyutl -verify -in file.txt -inkey mldsa65.pem -sigfile sig -pkeyopt context-string:mycontext
+
+=item B<hexcontext-string>:I<string>
+
+Specifies a context string in hex format, allowing binary control values. For example:
+
+ $ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt hexcontext-string:6d79636f6e74657874
+
+=back
The signing operation supports a B<deterministic>:I<bool> option,
with I<bool> set to C<1> if a deterministic signature is to be generated
@@ -450,7 +540,7 @@
entropy value via the B<hextest-entropy>:I<value> parameter.
Deterministic B<ML-DSA> signing should only be used in tests.
-See L<EVP_SIGNATURE-ML-DSA(7)> for additional options and detail.
+See L<EVP_SIGNATURE-ML-DSA(7)> for additional details about the ML-DSA algorithms and their implementation.
=head1 ML-KEM-512, ML-KEM-768 AND ML-KEM-1024 ALGORITHMS
@@ -549,6 +639,34 @@
openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \
-pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
+Create an ML-DSA key pair and sign data with a specific context string:
+
+ $ openssl genpkey -algorithm ML-DSA-65 -out mldsa65.pem
+ $ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt context-string:example
+
+Verify a signature using ML-DSA with the same context string:
+
+ $ openssl pkeyutl -verify -in file.txt -inkey mldsa65.pem -sigfile sig -pkeyopt context-string:example
+
+Generate an ML-KEM key pair and use it for encapsulation:
+
+ $ openssl genpkey -algorithm ML-KEM-768 -out mlkem768.pem
+ $ openssl pkey -in mlkem768.pem -pubout -out mlkem768_pub.pem
+ $ openssl pkeyutl -encap -inkey mlkem768_pub.pem -pubin -out ciphertext -secret shared_secret.bin
+
+Decapsulate a shared secret using an ML-KEM private key:
+
+ $ openssl pkeyutl -decap -inkey mlkem768.pem -in ciphertext -secret decapsulated_secret.bin
+
+Create an SLH-DSA key pair and sign data:
+
+ $ openssl genpkey -algorithm SLH-DSA-SHA2-128s -out slh-dsa.pem
+ $ openssl pkeyutl -sign -in file.txt -inkey slh-dsa.pem -out sig
+
+Verify a signature using SLH-DSA:
+
+ $ openssl pkeyutl -verify -in file.txt -inkey slh-dsa.pem -sigfile sig
+
=head1 SEE ALSO
L<openssl(1)>,
diff -Nru -w openssl-3.5.0/doc/man1/openssl-s_client.pod.in openssl-3.5.1/doc/man1/openssl-s_client.pod.in
--- openssl-3.5.0/doc/man1/openssl-s_client.pod.in 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man1/openssl-s_client.pod.in 2025-07-01 13:52:08.000000000 +0200
@@ -507,12 +507,12 @@
=item B<-ign_eof>
Inhibit shutting down the connection when end of file is reached in the
-input.
+input. This implicitly turns on B<-nocommands> as well.
=item B<-quiet>
Inhibit printing of session and certificate information. This implicitly
-turns on B<-ign_eof> as well.
+turns on B<-ign_eof> and B<-nocommands> as well.
=item B<-no_ign_eof>
diff -Nru -w openssl-3.5.0/doc/man3/CMS_get0_SignerInfos.pod openssl-3.5.1/doc/man3/CMS_get0_SignerInfos.pod
--- openssl-3.5.0/doc/man3/CMS_get0_SignerInfos.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/CMS_get0_SignerInfos.pod 2025-07-01 13:52:08.000000000 +0200
@@ -38,7 +38,7 @@
identifier B<si>. It returns zero if the comparison is successful and non zero
if not.
-CMS_SignerInfo_set1_signer_cert() sets the signers certificate of B<si> to
+CMS_SignerInfo_set1_signer_cert() sets the signer's certificate of B<si> to
B<signer>.
=head1 NOTES
@@ -80,7 +80,7 @@
=head1 COPYRIGHT
-Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/CMS_sign.pod openssl-3.5.1/doc/man3/CMS_sign.pod
--- openssl-3.5.0/doc/man3/CMS_sign.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/CMS_sign.pod 2025-07-01 13:52:08.000000000 +0200
@@ -97,7 +97,7 @@
BIO_new_CMS().
If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
If B<signcert> and B<pkey> are NULL then a certificates only CMS structure is
output.
@@ -136,7 +136,7 @@
=head1 COPYRIGHT
-Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/DTLS_set_timer_cb.pod openssl-3.5.1/doc/man3/DTLS_set_timer_cb.pod
--- openssl-3.5.0/doc/man3/DTLS_set_timer_cb.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/DTLS_set_timer_cb.pod 2025-07-01 13:52:08.000000000 +0200
@@ -20,6 +20,17 @@
timeout interval on the DTLS protocol. The callback function will be
called by DTLS for every new DTLS packet that is sent.
+The callback should return the timeout interval in micro seconds.
+
+The I<timer_us> parameter of the callback is the last set timeout
+interval returned. On the first invocation of the callback,
+this value will be 0.
+
+At the beginning of the connection, if no timeout callback has been
+set via DTLS_set_timer_cb(), the default timeout value is 1 second.
+For all subsequent timeouts, the default behavior is to double the
+duration up to a maximum of 1 minute.
+
=head1 RETURN VALUES
Returns void.
@@ -30,7 +41,7 @@
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/EVP_PKEY_CTX_new.pod openssl-3.5.1/doc/man3/EVP_PKEY_CTX_new.pod
--- openssl-3.5.0/doc/man3/EVP_PKEY_CTX_new.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/EVP_PKEY_CTX_new.pod 2025-07-01 13:52:08.000000000 +0200
@@ -49,8 +49,11 @@
for example during parameter generation or key generation for some
algorithms.
-EVP_PKEY_CTX_dup() duplicates the context I<ctx>. It is not supported for a
-keygen operation.
+EVP_PKEY_CTX_dup() duplicates the context I<ctx>.
+It is not supported for a keygen operation.
+It is however possible to duplicate a context freshly created via any of the
+above C<new> functions, provided L<EVP_PKEY_keygen_init(3)> has not yet been
+called on the source context, and then use the copy for key generation.
EVP_PKEY_CTX_free() frees up the context I<ctx>.
If I<ctx> is NULL, nothing is done.
@@ -122,7 +125,7 @@
=head1 COPYRIGHT
-Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/EVP_PKEY_encapsulate.pod openssl-3.5.1/doc/man3/EVP_PKEY_encapsulate.pod
--- openssl-3.5.0/doc/man3/EVP_PKEY_encapsulate.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/EVP_PKEY_encapsulate.pod 2025-07-01 13:52:08.000000000 +0200
@@ -30,14 +30,14 @@
The EVP_PKEY_encapsulate() function performs a public key encapsulation
operation using I<ctx>.
-The shared secret writen to I<genkey> can be used as an input for key
+The shared secret written to I<genkey> can be used as an input for key
derivation, typically for various symmetric algorithms.
Its size is written to I<genkeylen>, which must be initialised to the
size of the provided buffer.
The ciphertext written to I<wrappedkey> is an encapsulated form, which
is expected to be only usable by the holder of the private key corresponding
-to wthe public key associated with I<ctx>.
+to the public key associated with I<ctx>.
This ciphertext is then communicated to the private-key holder, who can use
L<EVP_PKEY_decapsulate(3)> to securely recover the same shared secret.
diff -Nru -w openssl-3.5.0/doc/man3/EVP_PKEY_new.pod openssl-3.5.1/doc/man3/EVP_PKEY_new.pod
--- openssl-3.5.0/doc/man3/EVP_PKEY_new.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/EVP_PKEY_new.pod 2025-07-01 13:52:08.000000000 +0200
@@ -174,7 +174,7 @@
B<ML-KEM-512>,
B<ML-KEM-768> and
B<ML-KEM-1024>
-keys, which don't have legacy numeric I<NID> assigments, but their raw form is
+keys, which don't have legacy numeric I<NID> assignments, but their raw form is
nevertheless available.
@@ -198,7 +198,7 @@
B<ML-KEM-512>,
B<ML-KEM-768> and
B<ML-KEM-1024>
-keys, which don't have legacy numeric I<NID> assigments, but their raw form is
+keys, which don't have legacy numeric I<NID> assignments, but their raw form is
nevertheless available.
EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key()
diff -Nru -w openssl-3.5.0/doc/man3/EVP_PKEY_sign.pod openssl-3.5.1/doc/man3/EVP_PKEY_sign.pod
--- openssl-3.5.0/doc/man3/EVP_PKEY_sign.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/EVP_PKEY_sign.pod 2025-07-01 13:52:08.000000000 +0200
@@ -40,7 +40,7 @@
the key given through L<EVP_PKEY_CTX_new(3)> or L<EVP_PKEY_CTX_new_from_pkey(3)>.
A context I<ctx> without a pre-loaded key cannot be used with this function.
This function provides almost the same functionality as EVP_PKEY_sign_init_ex(),
-but is uniquely intended to be used with a pre-computed messsage digest, and
+but is uniquely intended to be used with a pre-computed message digest, and
allows pre-determining the exact conditions for that message digest, if a
composite signature algorithm (such as RSA-SHA256) was fetched.
Following a call to this function, setting parameters that modifies the digest
@@ -358,7 +358,7 @@
=head1 COPYRIGHT
-Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/EVP_RAND.pod openssl-3.5.1/doc/man3/EVP_RAND.pod
--- openssl-3.5.0/doc/man3/EVP_RAND.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/EVP_RAND.pod 2025-07-01 13:52:08.000000000 +0200
@@ -152,11 +152,8 @@
from a live source will be sought. This call operates as per NIST SP 800-90A
and SP 800-90C.
-EVP_RAND_nonce() creates a nonce in I<out> of maximum length I<outlen>
-bytes from the RAND I<ctx>. The function returns the length of the generated
-nonce. If I<out> is NULL, the length is still returned but no generation
-takes place. This allows a caller to dynamically allocate a buffer of the
-appropriate size.
+EVP_RAND_nonce() creates a nonce in I<out> of length I<outlen>
+bytes from the RAND I<ctx>.
EVP_RAND_enable_locking() enables locking for the RAND I<ctx> and all of
its parents. After this I<ctx> will operate in a thread safe manner, albeit
@@ -385,7 +382,7 @@
EVP_RAND_CTX_up_ref() returns 1 on success, 0 on error.
-EVP_RAND_nonce() returns the length of the nonce.
+EVP_RAND_nonce() returns 1 on success, 0 on error.
EVP_RAND_get_strength() returns the strength of the random number generator
in bits.
@@ -417,7 +414,7 @@
=head1 COPYRIGHT
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod openssl-3.5.1/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
--- openssl-3.5.0/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod 2025-07-01 13:52:08.000000000 +0200
@@ -109,7 +109,7 @@
using the trust store I<ts> and any untrusted certificates in I<extra>.
Doing so, it checks for the purpose "CMP Key Generation Authority" (cmKGA).
-OSSL_CRMF_ENCRYPTEDKEY_init_envdata() returns I<OSSL_CRMF_ENCRYPTEDKEY>, intialized with
+OSSL_CRMF_ENCRYPTEDKEY_init_envdata() returns I<OSSL_CRMF_ENCRYPTEDKEY>, initialized with
the enveloped data I<envdata>.
OSSL_CRMF_ENCRYPTEDVALUE_decrypt() decrypts the encrypted value in the given
diff -Nru -w openssl-3.5.0/doc/man3/OSSL_PARAM_int.pod openssl-3.5.1/doc/man3/OSSL_PARAM_int.pod
--- openssl-3.5.0/doc/man3/OSSL_PARAM_int.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/OSSL_PARAM_int.pod 2025-07-01 13:52:08.000000000 +0200
@@ -392,6 +392,29 @@
if ((p = OSSL_PARAM_locate(params, "cookie")) != NULL)
OSSL_PARAM_set_utf8_ptr(p, "cookie value");
+=head2 Example 3
+
+This example shows a special case where
+I<-Wincompatible-pointer-types-discards-qualifiers> may be set during
+compilation. The value for I<buf> cannot be a I<const char *> type string. An
+alternative in this case would be to use B<OSSL_PARAM> macro abbreviated calls
+rather than the specific callers which allows you to define the sha1 argument
+as a standard character array (I<char[]>).
+
+For example, this code:
+
+ OSSL_PARAM params[2];
+ params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA1", 0);
+ params[1] = OSSL_PARAM_construct_end();
+
+Can be made compatible with the following version:
+
+ char sha1[] = "SHA1"; /* sha1 is defined as char[] in this case */
+ OSSL_PARAM params[2];
+
+ params[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0);
+ params[1] = OSSL_PARAM_construct_end();
+
=head1 SEE ALSO
L<openssl-core.h(7)>, L<OSSL_PARAM(3)>
@@ -402,7 +425,7 @@
=head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/OSSL_PARAM.pod openssl-3.5.1/doc/man3/OSSL_PARAM.pod
--- openssl-3.5.0/doc/man3/OSSL_PARAM.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/OSSL_PARAM.pod 2025-07-01 13:52:08.000000000 +0200
@@ -356,7 +356,7 @@
=head1 SEE ALSO
-L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>
+L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>, L<OSSL_PARAM_construct_utf8_string(3)>
=head1 HISTORY
@@ -364,7 +364,7 @@
=head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/PKCS7_sign.pod openssl-3.5.1/doc/man3/PKCS7_sign.pod
--- openssl-3.5.0/doc/man3/PKCS7_sign.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/PKCS7_sign.pod 2025-07-01 13:52:08.000000000 +0200
@@ -80,7 +80,7 @@
BIO_new_PKCS7().
If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
The I<certs>, I<signcert> and I<pkey> parameters can all be
NULL if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
@@ -122,7 +122,7 @@
=head1 COPYRIGHT
-Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/SSL_CONF_cmd.pod openssl-3.5.1/doc/man3/SSL_CONF_cmd.pod
--- openssl-3.5.0/doc/man3/SSL_CONF_cmd.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/SSL_CONF_cmd.pod 2025-07-01 13:52:08.000000000 +0200
@@ -74,7 +74,7 @@
=item B<-no_renegotiation>
-Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
+Disables all attempts at renegotiation in (D)TLSv1.2 and earlier, same as setting
B<SSL_OP_NO_RENEGOTIATION>.
=item B<-no_resumption_on_reneg>
diff -Nru -w openssl-3.5.0/doc/man3/SSL_CTX_set_min_proto_version.pod openssl-3.5.1/doc/man3/SSL_CTX_set_min_proto_version.pod
--- openssl-3.5.0/doc/man3/SSL_CTX_set_min_proto_version.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/SSL_CTX_set_min_proto_version.pod 2025-07-01 13:52:08.000000000 +0200
@@ -31,9 +31,10 @@
specific protocol versions.
Use these functions instead of disabling specific protocol versions.
-Setting the minimum or maximum version to 0, will enable protocol
+Setting the minimum or maximum version to 0 (default), will enable protocol
versions down to the lowest version, or up to the highest version
-supported by the library, respectively.
+supported by the library, respectively. The supported versions might be
+controlled by system configuration.
Getters return 0 in case B<ctx> or B<ssl> have been configured to
automatically use the lowest or highest version supported by the library.
@@ -67,7 +68,7 @@
=head1 COPYRIGHT
-Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/SSL_CTX_set_options.pod openssl-3.5.1/doc/man3/SSL_CTX_set_options.pod
--- openssl-3.5.0/doc/man3/SSL_CTX_set_options.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/SSL_CTX_set_options.pod 2025-07-01 13:52:08.000000000 +0200
@@ -286,7 +286,7 @@
=item SSL_OP_NO_RENEGOTIATION
-Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
+Disable all renegotiation in (D)TLSv1.2 and earlier. Do not send HelloRequest
messages, and ignore renegotiation requests via ClientHello.
=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
@@ -542,7 +542,7 @@
=head1 COPYRIGHT
-Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/SSL_key_update.pod openssl-3.5.1/doc/man3/SSL_key_update.pod
--- openssl-3.5.0/doc/man3/SSL_key_update.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/SSL_key_update.pod 2025-07-01 13:52:08.000000000 +0200
@@ -53,7 +53,9 @@
will be performed to confirm that it is a suitable time to start a
renegotiation. If so, then it will be initiated immediately. OpenSSL will not
attempt to resume any session associated with the connection in the new
-handshake.
+handshake. Note that some servers will respond to reneogitation attempts with
+a "no_renegotiation" alert. An OpenSSL will immediately fail the connection in
+this case.
When called from the client side, SSL_renegotiate_abbreviated() works in the
same was as SSL_renegotiate() except that OpenSSL will attempt to resume the
@@ -118,7 +120,7 @@
=head1 COPYRIGHT
-Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/SSL_new_listener.pod openssl-3.5.1/doc/man3/SSL_new_listener.pod
--- openssl-3.5.0/doc/man3/SSL_new_listener.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/SSL_new_listener.pod 2025-07-01 13:52:08.000000000 +0200
@@ -130,6 +130,14 @@
available and the listener SSL object is configured in nonblocking mode, NULL is
returned.
+The new SSL object returned from SSL_accept_connection() may or may not have
+completed its handshake at the point it is returned. Optionally, you may use the
+function L<SSL_is_init_finished(3)> to determine this. You may call the
+functions L<SSL_accept(3)>, L<SSL_do_handshake(3)> or L<SSL_handle_events(3)> to
+progress the state of the SSL object towards handshake completion. Other "I/O"
+functions may also implicitly progress the state of the handshake such as
+L<SSL_poll(3)>, L<SSL_read(3)> and L<SSL_write(3)>.
+
The B<SSL_ACCEPT_CONNECTION_NO_BLOCK> flag may be specified to
SSL_accept_connection(). If specified, the call does not block even if the
listener SSL object is configured in blocking mode.
diff -Nru -w openssl-3.5.0/doc/man3/SSL_set1_host.pod openssl-3.5.1/doc/man3/SSL_set1_host.pod
--- openssl-3.5.0/doc/man3/SSL_set1_host.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/SSL_set1_host.pod 2025-07-01 13:52:08.000000000 +0200
@@ -9,8 +9,8 @@
#include <openssl/ssl.h>
- int SSL_set1_host(SSL *s, const char *hostname);
- int SSL_add1_host(SSL *s, const char *hostname);
+ int SSL_set1_host(SSL *s, const char *host);
+ int SSL_add1_host(SSL *s, const char *host);
void SSL_set_hostflags(SSL *s, unsigned int flags);
const char *SSL_get0_peername(SSL *s);
@@ -18,29 +18,36 @@
These functions configure server hostname checks in the SSL client.
-SSL_set1_host() sets the expected DNS hostname to B<name> clearing
-any previously specified hostname. If B<name> is NULL
-or the empty string, the list of hostnames is cleared and name
-checks are not performed on the peer certificate. When a nonempty
-B<name> is specified, certificate verification automatically checks
-the peer hostname via L<X509_check_host(3)> with B<flags> as specified
+SSL_set1_host() sets in the verification parameters of I<s>
+the expected DNS hostname or IP address to I<host>,
+clearing any previously specified IP address and hostnames.
+If I<host> is NULL or the empty string, IP address
+and hostname checks are not performed on the peer certificate.
+When a nonempty I<host> is specified, certificate verification automatically
+checks the peer hostname via L<X509_check_host(3)> with I<flags> as specified
via SSL_set_hostflags(). Clients that enable DANE TLSA authentication
via L<SSL_dane_enable(3)> should leave it to that function to set
the primary reference identifier of the peer, and should not call
SSL_set1_host().
-SSL_add1_host() adds B<name> as an additional reference identifier
-that can match the peer's certificate. Any previous names set via
-SSL_set1_host() or SSL_add1_host() are retained, no change is made
-if B<name> is NULL or empty. When multiple names are configured,
-the peer is considered verified when any name matches. This function
-is required for DANE TLSA in the presence of service name indirection
-via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or
-RFC7673.
+SSL_add1_host() adds I<host> as an additional reference identifier
+that can match the peer's certificate. Any previous hostnames
+set via SSL_set1_host() or SSL_add1_host() are retained.
+Adding an IP address is allowed only if no IP address has been set before.
+No change is made if I<host> is NULL or empty.
+When an IP address and/or multiple hostnames are configured,
+the peer is considered verified when any of these matches.
+This function is required for DANE TLSA in the presence of service name indirection
+via CNAME, MX or SRV records as specified in RFCs 7671, 7672, and 7673.
+
+TLS clients are recommended to use SSL_set1_host() or SSL_add1_host()
+for server hostname or IP address validation,
+as well as L<SSL_set_tlsext_host_name(3)> for Server Name Indication (SNI),
+which may be crucial also for correct routing of the connection request.
-SSL_set_hostflags() sets the B<flags> that will be passed to
+SSL_set_hostflags() sets the I<flags> that will be passed to
L<X509_check_host(3)> when name checks are applicable, by default
-the B<flags> value is 0. See L<X509_check_host(3)> for the list
+the I<flags> value is 0. See L<X509_check_host(3)> for the list
of available flags and their meaning.
SSL_get0_peername() returns the DNS hostname or subject CommonName
@@ -51,7 +58,7 @@
SSL_add1_host() starts with ".", which indicates a parent domain prefix
rather than a fixed name, the matched peer name may be a sub-domain
of the reference identifier. The returned string is allocated by
-the library and is no longer valid once the associated B<ssl> handle
+the library and is no longer valid once the associated I<ssl> handle
is cleared or freed, or a renegotiation takes place. Applications
must not free the return value.
@@ -66,6 +73,8 @@
SSL_set1_host() and SSL_add1_host() return 1 for success and 0 for
failure.
+SSL_set_hostflags() returns nothing at all.
+
SSL_get0_peername() returns NULL if peername verification is not
applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was
matched. Otherwise, it returns the matched peername. To determine
@@ -99,9 +108,8 @@
=head1 SEE ALSO
L<ssl(7)>,
-L<X509_check_host(3)>,
-L<SSL_get_verify_result(3)>.
-L<SSL_dane_enable(3)>.
+L<X509_check_host(3)>, L<SSL_set_tlsext_host_name(3)>,
+L<SSL_get_verify_result(3)>, L<SSL_dane_enable(3)>
=head1 HISTORY
@@ -109,7 +117,7 @@
=head1 COPYRIGHT
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man3/SSL_set_quic_tls_cbs.pod openssl-3.5.1/doc/man3/SSL_set_quic_tls_cbs.pod
--- openssl-3.5.0/doc/man3/SSL_set_quic_tls_cbs.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/SSL_set_quic_tls_cbs.pod 2025-07-01 13:52:08.000000000 +0200
@@ -110,7 +110,7 @@
The OSSL_FUNC_SSL_QUIC_TLS_yield_secret_fn callback (function id
B<OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET>) is called when a new secret has been
-established. The I<prot_level> argument identies the TLS protection level and
+established. The I<prot_level> argument identities the TLS protection level and
will be one of B<OSSL_RECORD_PROTECTION_LEVEL_NONE>,
B<OSSL_RECORD_PROTECTION_LEVEL_EARLY>, B<OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE>
or B<OSSL_RECORD_PROTECTION_LEVEL_APPLICATION>. The I<direction> will either be
diff -Nru -w openssl-3.5.0/doc/man3/X509_check_purpose.pod openssl-3.5.1/doc/man3/X509_check_purpose.pod
--- openssl-3.5.0/doc/man3/X509_check_purpose.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/X509_check_purpose.pod 2025-07-01 13:52:08.000000000 +0200
@@ -80,7 +80,7 @@
which can be achieved by using the result of X509_PURPOSE_get_unused_id().
The function also sets in the entry the trust id I<trust>, the given I<flags>,
the purpose (long) name I<name>, the short name I<sname>, the purpose checking
-funktion I<ck> of type B<int (*) (const X509_PURPOSE *, const X509 *, int)>,
+function I<ck> of type B<int (*) (const X509_PURPOSE *, const X509 *, int)>,
and its user data I<arg> which may be retrieved via the B<X509_PURPOSE> pointer.
X509_PURPOSE_cleanup() removes all purposes that are not pre-defined.
diff -Nru -w openssl-3.5.0/doc/man3/X509_STORE_CTX_new.pod openssl-3.5.1/doc/man3/X509_STORE_CTX_new.pod
--- openssl-3.5.0/doc/man3/X509_STORE_CTX_new.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man3/X509_STORE_CTX_new.pod 2025-07-01 13:52:08.000000000 +0200
@@ -85,7 +85,7 @@
X509_STORE_CTX_init() sets up I<ctx> for a subsequent verification operation.
X509_STORE_CTX_init() initializes the internal state and resources of the
-given I<ctx>. Among others, it sets the verification parameters associcated
+given I<ctx>. Among others, it sets the verification parameters associated
with the method name C<default>, which includes the C<any> purpose,
and takes over callback function pointers from I<trust_store> (unless NULL).
It must be called before each call to L<X509_verify_cert(3)> or
@@ -319,7 +319,7 @@
=head1 COPYRIGHT
-Copyright 2009-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man7/ossl-guide-tls-introduction.pod openssl-3.5.1/doc/man7/ossl-guide-tls-introduction.pod
--- openssl-3.5.0/doc/man7/ossl-guide-tls-introduction.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man7/ossl-guide-tls-introduction.pod 2025-07-01 13:52:08.000000000 +0200
@@ -74,7 +74,7 @@
=head1 CERTIFICATES
In order for a client to establish a connection to a server it must authenticate
-the identify of that server, i.e. it needs to confirm that the server is really
+the identity of that server, i.e. it needs to confirm that the server is really
the server that it claims to be and not some imposter. In order to do this the
server will send to the client a digital certificate (also commonly referred to
as an X.509 certificate). The certificate contains various information about the
@@ -311,7 +311,7 @@
=head1 COPYRIGHT
-Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.5.0/doc/man7/OSSL_PROVIDER-FIPS.pod openssl-3.5.1/doc/man7/OSSL_PROVIDER-FIPS.pod
--- openssl-3.5.0/doc/man7/OSSL_PROVIDER-FIPS.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man7/OSSL_PROVIDER-FIPS.pod 2025-07-01 13:52:08.000000000 +0200
@@ -573,6 +573,19 @@
=back
+You can load the FIPS provider into multiple library contexts as any other
+provider. However the following restriction applies. The FIPS provider cannot
+be used by multiple copies of OpenSSL libcrypto in a single process.
+
+As the provider saves core callbacks to the libcrypto obtained in the
+OSSL_provider_init() call to global data it will fail if subsequent
+invocations of its OSSL_provider_init() function yield different addresses
+of these callbacks than in the initial call. This happens when different
+copies of libcrypto are present in the memory of the process and both try
+to load the same FIPS provider. A workaround is to have a different copy
+of the FIPS provider loaded for each of the libcrypto instances in the
+process.
+
=head1 SEE ALSO
L<openssl-fipsinstall(1)>,
diff -Nru -w openssl-3.5.0/doc/man7/provider-cipher.pod openssl-3.5.1/doc/man7/provider-cipher.pod
--- openssl-3.5.0/doc/man7/provider-cipher.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man7/provider-cipher.pod 2025-07-01 13:52:08.000000000 +0200
@@ -134,8 +134,8 @@
set of "encrypt" functions, or a complete set of "decrypt" functions, or a
single "cipher" function. Similarly, there can be a complete set of pipeline
"encrypt" functions, and/or a complete set of pipeline "decrypt" functions.
-In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be
-present.
+In all cases the OSSL_FUNC_cipher_get_params and both OSSL_FUNC_cipher_newctx
+and OSSL_FUNC_cipher_freectx functions must be present.
All other functions are optional.
=head2 Context Management Functions
diff -Nru -w openssl-3.5.0/doc/man7/provider-keymgmt.pod openssl-3.5.1/doc/man7/provider-keymgmt.pod
--- openssl-3.5.0/doc/man7/provider-keymgmt.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man7/provider-keymgmt.pod 2025-07-01 13:52:08.000000000 +0200
@@ -32,7 +32,7 @@
void OSSL_FUNC_keymgmt_gen_cleanup(void *genctx);
/* Key loading by object reference, also a constructor */
- void *OSSL_FUNC_keymgmt_load(const void *reference, size_t *reference_sz);
+ void *OSSL_FUNC_keymgmt_load(const void *reference, size_t reference_sz);
/* Key object information */
int OSSL_FUNC_keymgmt_get_params(void *keydata, OSSL_PARAM params[]);
diff -Nru -w openssl-3.5.0/doc/man7/provider-signature.pod openssl-3.5.1/doc/man7/provider-signature.pod
--- openssl-3.5.0/doc/man7/provider-signature.pod 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/doc/man7/provider-signature.pod 2025-07-01 13:52:08.000000000 +0200
@@ -107,8 +107,7 @@
The signature (OSSL_OP_SIGNATURE) operation enables providers to implement
signature algorithms and make them available to applications via the API
functions L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)>,
-and L<EVP_PKEY_verify_recover(3)> (as well
-as other related functions).
+and L<EVP_PKEY_verify_recover(3)> (as well as other related functions).
All "functions" mentioned here are passed as function pointers between
F<libcrypto> and the provider in L<OSSL_DISPATCH(3)> arrays via
@@ -201,10 +200,22 @@
=back
-OSSL_FUNC_signature_set_ctx_params and OSSL_FUNC_signature_settable_ctx_params are optional,
-but if one of them is present then the other one must also be present. The same
-applies to OSSL_FUNC_signature_get_ctx_params and OSSL_FUNC_signature_gettable_ctx_params, as
-well as the "md_params" functions. The OSSL_FUNC_signature_dupctx function is optional.
+The OSSL_FUNC_signature_set_ctx_params() and
+OSSL_FUNC_signature_settable_ctx_params() functions are optional,
+but if one of them is provided then the other one must also be provided.
+The same applies to the OSSL_FUNC_signature_get_ctx_params() and
+OSSL_FUNC_signature_gettable_ctx_params() functions,
+as well as the "md_params" functions.
+
+The OSSL_FUNC_signature_dupctx() function is optional.
+It is not yet used by OpenSSL.
+
+The OSSL_FUNC_signature_query_key_types() function is optional.
+When present, it should return a NULL-terminated array of strings
+indicating the key types supported by the provider for signature operations.
+Otherwise the signature algorithm name must match the given key
+or match the default signature algorithm name of the key,
+both checked using L<EVP_SIGNATURE_is_a(3)>.
A signature algorithm must also implement some mechanism for generating,
loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation.
@@ -378,7 +389,7 @@
the signature should be written to I<*siglen>.
OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation
-previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously
+previously started through OSSL_FUNC_signature_digest_sign_init(). A previously
initialised signature context is passed in the I<ctx> parameter. The data to be
signed is in I<tbs> which should be I<tbslen> bytes long. Unless I<sig> is NULL,
the signature should be written to the location pointed to by the I<sig>
@@ -388,7 +399,7 @@
=head2 Digest Verify Functions
-OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a
+OSSL_FUNC_signature_digest_verify_init() initialises a context for verifying given a
provider side verification context in the I<ctx> parameter, and a pointer to a
provider key object in the I<provkey> parameter.
The I<params>, if not NULL, should be set on the context in a manner similar to
@@ -412,7 +423,7 @@
verified is in I<sig> which is I<siglen> bytes long.
OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation
-previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously
+previously started through OSSL_FUNC_signature_digest_verify_init(). A previously
initialised verification context is passed in the I<ctx> parameter. The data to be
verified is in I<tbs> which should be I<tbslen> bytes long. The signature to be
verified is in I<sig> which is I<siglen> bytes long.
@@ -470,8 +481,13 @@
=item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
-Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of
-signature algorithm and digest algorithm for the signature operation.
+Gets the DER-encoded AlgorithmIdentifier for the signature operation.
+This typically corresponds to the combination of a digest algorithm
+with a purely asymmetric signature algorithm, such as SHA256WithECDSA.
+
+The L<ASN1_item_sign_ctx(3)> function relies on this operation and is used by
+many other functions that sign ASN.1 structures such as X.509 certificates,
+certificate requests, and CRLs, as well as OCSP, CMP, and CMS messages.
=item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer>
@@ -599,11 +615,20 @@
OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params(),
return the gettable or settable parameters in a constant L<OSSL_PARAM(3)> array.
-All other functions should return 1 for success or 0 on error.
+OSSL_FUNC_signature_query_key_types() should return a NULL-terminated array of strings.
+
+All verification functions should return 1 for success,
+0 for a non-matching signature, and a negative value for operation failure.
+
+All other functions should return 1 for success
+and 0 or a negative value for failure.
=head1 SEE ALSO
-L<provider(7)>
+L<provider(7)>, L<provider-base(7)/Provider Functions>,
+L<OSSL_PARAM(3)>, L<OSSL_DISPATCH(3)>, L<OSSL_ALGORITHM(3)>,
+L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)>, L<EVP_PKEY_verify_recover(3)>,
+L<EVP_SIGNATURE_is_a(3)>, L<ASN1_item_sign_ctx(3)>
=head1 HISTORY
diff -Nru -w openssl-3.5.0/HACKING.md openssl-3.5.1/HACKING.md
--- openssl-3.5.0/HACKING.md 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/HACKING.md 2025-07-01 13:52:08.000000000 +0200
@@ -1,33 +1,80 @@
MODIFYING OPENSSL SOURCE
========================
-This document describes the way to add custom modifications to OpenSSL sources.
+This document describes the way to add custom modifications to OpenSSL
+sources.
+
+If you are adding new C source files
+------------------------------------
+
+Please update the `build.info` files in the directories where you placed the
+C source files, to include a line like this for each new C source file:
+
+- In `crypto/` or any of its subdirectories (intended for `libcrypto`):
+
+ SOURCE[../libcrypto]={name-of-C-source-file}
+
+- In `ssl/` or any of its subdirectories (intended for `libssl`):
+
+ SOURCE[../libssl]={name-of-C-source-file}
+
+Do note that the path given as the `SOURCE` attribute must be adapted
+appropriately for the location of the `build.info` file, as it's a relative
+path to where the library itself is built, for example:
+
+- For `crypto/build.info`, the library path should be `../libcrypto`
+- For `crypto/evp/build.info`, the library path should be
+ `../../libcrypto`
+- For `ssl/build.info`, the library path should be `../libssl`
+- For `ssl/quic/build.info`, the library path should be `../../libssl`
+
+To know more about `build.info` files, please read [doc/internal/man7/build.info.pod].
+For better viewing, consider converting it to HTML or PDF using `pod2html`
+or `pod2pdf`.
+
+Adding new public functions
+---------------------------
If you are adding new public functions to the custom library build, you need to
- either add a prototype in one of the existing OpenSSL header files;
- or provide a new header file and edit
- [Configurations/unix-Makefile.tmpl](Configurations/unix-Makefile.tmpl)
- to pick up that file.
+either add a prototype in one of the existing OpenSSL header files, or
+provide a new header file and edit.
+
+Only headers in the `include/openssl` subdirectory are considered for public
+functions. If you're creating a new header file, it must be located in that
+directory.
+
+Functions declared in `include/openssl` header files are assumed to be part
+of the `libcrypto` library unless specified otherwise. *If your new
+functions are meant for the `libssl` library*, you will need to edit
+[Configurations/unix-Makefile.tmpl] and add the header file name in the
+array `my @sslheaders_tmpl`.
+
+Updating OpenSSL's bookkeeping files
+------------------------------------
+
+OpenSSL has a few bookkeeping files to keep track of exposed functions, most
+importantly `util/libcrypto.num` and `util/libssl.num`. Any time a new
+public function - as defined above - is added, these files must be updated.
- After that, perform the following steps:
+To make such an update, please do the following:
./Configure -Werror --strict-warnings [your-options]
make update
- make
- make test
- `make update` ensures that your functions declarations are added to
- `util/libcrypto.num` or `util/libssl.num`.
- If you plan to submit the changes you made to OpenSSL
- (see [CONTRIBUTING.md](CONTRIBUTING.md)), it's worth running:
+If you plan to submit the changes you made to OpenSSL (see
+[CONTRIBUTING.md]), it's also worth running the following after running
+`make update`, to ensure that documentation has correct format.
make doc-nits
- after running `make update` to ensure that documentation has correct format.
+Do note that `make update` also generates files related to OIDs (in the
+`crypto/objects/` folder) and errors messages.
- `make update` also generates files related to OIDs (in the `crypto/objects/`
- folder) and errors.
- If a merge error occurs in one of these generated files, then the
+If a git merge error occurs in one of these generated files, then the
generated files need to be removed and regenerated using `make update`.
To aid in this process, the generated files can be committed separately
- so they can be removed easily.
+so they can be removed easily by reverting that commit.
+
+[doc/internal/man7/build.info.pod]: ./doc/internal/man7/build.info.pod
+[Configurations/unix-Makefile.tmpl]: ./Configurations/unix-Makefile.tmpl
+[CONTRIBUTING.md]: ./CONTRIBUTING.md
diff -Nru -w openssl-3.5.0/include/internal/common.h openssl-3.5.1/include/internal/common.h
--- openssl-3.5.0/include/internal/common.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/internal/common.h 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -22,8 +22,8 @@
# define ossl_likely(x) __builtin_expect(!!(x), 1)
# define ossl_unlikely(x) __builtin_expect(!!(x), 0)
# else
-# define ossl_likely(x) x
-# define ossl_unlikely(x) x
+# define ossl_likely(x) (x)
+# define ossl_unlikely(x) (x)
# endif
# if defined(__GNUC__) || defined(__clang__)
diff -Nru -w openssl-3.5.0/include/internal/constant_time.h openssl-3.5.1/include/internal/constant_time.h
--- openssl-3.5.0/include/internal/constant_time.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/internal/constant_time.h 2025-07-01 13:52:08.000000000 +0200
@@ -322,6 +322,18 @@
return r;
}
+/* Convenience method for unsigned char. */
+static ossl_inline unsigned char value_barrier_8(unsigned char a)
+{
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
+ unsigned char r;
+ __asm__("" : "=r"(r) : "0"(a));
+#else
+ volatile unsigned char r = a;
+#endif
+ return r;
+}
+
static ossl_inline unsigned int constant_time_select(unsigned int mask,
unsigned int a,
unsigned int b)
@@ -382,7 +394,7 @@
{
uint32_t xor = *a ^ *b;
- xor &= mask;
+ xor &= value_barrier_32(mask);
*a ^= xor;
*b ^= xor;
}
@@ -402,7 +414,7 @@
{
uint64_t xor = *a ^ *b;
- xor &= mask;
+ xor &= value_barrier_64(mask);
*a ^= xor;
*b ^= xor;
}
@@ -429,7 +441,7 @@
for (i = 0; i < len; i++) {
tmp = a[i] ^ b[i];
- tmp &= mask;
+ tmp &= value_barrier_8(mask);
a[i] ^= tmp;
b[i] ^= tmp;
}
diff -Nru -w openssl-3.5.0/include/internal/e_os.h openssl-3.5.1/include/internal/e_os.h
--- openssl-3.5.0/include/internal/e_os.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/internal/e_os.h 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -106,17 +106,6 @@
# define EACCES 13
# endif
# include <string.h>
-# ifdef _WIN64
-# define strlen(s) _strlen31(s)
-/* cut strings to 2GB */
-static __inline unsigned int _strlen31(const char *str)
-{
- unsigned int len = 0;
- while (*str && len < 0x80000000U)
- str++, len++;
- return len & 0x7FFFFFFF;
-}
-# endif /* def(_WIN64) */
# include <malloc.h>
# if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
# if _MSC_VER>=1300 && _MSC_VER<1600
diff -Nru -w openssl-3.5.0/include/internal/hashfunc.h openssl-3.5.1/include/internal/hashfunc.h
--- openssl-3.5.0/include/internal/hashfunc.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/internal/hashfunc.h 2025-07-01 13:52:08.000000000 +0200
@@ -11,6 +11,7 @@
# define OPENSSL_HASHFUNC_H
# include <openssl/e_os2.h>
+# include <stddef.h>
/**
* Generalized fnv1a 64 bit hash function
*/
diff -Nru -w openssl-3.5.0/include/internal/json_enc.h openssl-3.5.1/include/internal/json_enc.h
--- openssl-3.5.0/include/internal/json_enc.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/internal/json_enc.h 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -202,9 +202,6 @@
/* Encode a JSON integer from an int64_t. */
void ossl_json_i64(OSSL_JSON_ENC *json, int64_t value);
-/* Encode a JSON number from a 64-bit floating point value. */
-void ossl_json_f64(OSSL_JSON_ENC *json, double value);
-
/*
* Encode a JSON UTF-8 string from a zero-terminated string. The string passed
* can be freed immediately following the call to this function.
diff -Nru -w openssl-3.5.0/include/internal/provider.h openssl-3.5.1/include/internal/provider.h
--- openssl-3.5.0/include/internal/provider.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/internal/provider.h 2025-07-01 13:52:08.000000000 +0200
@@ -61,6 +61,9 @@
/* Return pointer to the provider's context */
void *ossl_provider_ctx(const OSSL_PROVIDER *prov);
+/* Force loading of fallback providers if necessary */
+int ossl_provider_activate_fallbacks(OSSL_LIB_CTX *ctx);
+
/* Iterate over all loaded providers */
int ossl_provider_doall_activated(OSSL_LIB_CTX *,
int (*cb)(OSSL_PROVIDER *provider,
diff -Nru -w openssl-3.5.0/include/internal/quic_ssl.h openssl-3.5.1/include/internal/quic_ssl.h
--- openssl-3.5.0/include/internal/quic_ssl.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/internal/quic_ssl.h 2025-07-01 13:52:08.000000000 +0200
@@ -72,8 +72,8 @@
int ossl_quic_renegotiate_check(SSL *ssl, int initok);
int ossl_quic_do_handshake(SSL *s);
-void ossl_quic_set_connect_state(SSL *s);
-void ossl_quic_set_accept_state(SSL *s);
+int ossl_quic_set_connect_state(SSL *s, int raiseerrs);
+int ossl_quic_set_accept_state(SSL *s, int raiseerrs);
__owur int ossl_quic_has_pending(const SSL *s);
__owur int ossl_quic_handle_events(SSL *s);
diff -Nru -w openssl-3.5.0/include/internal/quic_tls.h openssl-3.5.1/include/internal/quic_tls.h
--- openssl-3.5.0/include/internal/quic_tls.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/internal/quic_tls.h 2025-07-01 13:52:08.000000000 +0200
@@ -96,6 +96,8 @@
/* Advance the state machine */
int ossl_quic_tls_tick(QUIC_TLS *qtls);
+void ossl_quic_tls_clear(QUIC_TLS *qtls);
+
int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls,
const unsigned char *transport_params,
size_t transport_params_len);
diff -Nru -w openssl-3.5.0/include/openssl/evperr.h openssl-3.5.1/include/openssl/evperr.h
--- openssl-3.5.0/include/openssl/evperr.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/openssl/evperr.h 2025-07-01 13:52:08.000000000 +0200
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -104,6 +104,12 @@
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
+# define EVP_R_PROVIDER_ASYM_CIPHER_FAILURE 232
+# define EVP_R_PROVIDER_ASYM_CIPHER_NOT_SUPPORTED 235
+# define EVP_R_PROVIDER_KEYMGMT_FAILURE 233
+# define EVP_R_PROVIDER_KEYMGMT_NOT_SUPPORTED 236
+# define EVP_R_PROVIDER_SIGNATURE_FAILURE 234
+# define EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED 237
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
# define EVP_R_SETTING_XOF_FAILED 227
# define EVP_R_SET_DEFAULT_PROPERTY_FAILURE 209
diff -Nru -w openssl-3.5.0/include/openssl/ssl.h.in openssl-3.5.1/include/openssl/ssl.h.in
--- openssl-3.5.0/include/openssl/ssl.h.in 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/include/openssl/ssl.h.in 2025-07-01 13:52:08.000000000 +0200
@@ -1831,8 +1831,8 @@
__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust);
__owur int SSL_set_trust(SSL *ssl, int trust);
-__owur int SSL_set1_host(SSL *s, const char *hostname);
-__owur int SSL_add1_host(SSL *s, const char *hostname);
+__owur int SSL_set1_host(SSL *s, const char *host);
+__owur int SSL_add1_host(SSL *s, const char *host);
__owur const char *SSL_get0_peername(SSL *s);
void SSL_set_hostflags(SSL *s, unsigned int flags);
diff -Nru -w openssl-3.5.0/NEWS.md openssl-3.5.1/NEWS.md
--- openssl-3.5.0/NEWS.md 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/NEWS.md 2025-07-01 13:52:08.000000000 +0200
@@ -23,6 +23,16 @@
OpenSSL 3.5
-----------
+### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025]
+
+OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fix x509 application adds trusted use instead of rejected use.
+ ([CVE-2025-4575])
+
### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025]
OpenSSL 3.5.0 is a feature release adding significant new functionality to
@@ -1889,7 +1899,7 @@
* Support for various new platforms
<!-- Links -->
-
+[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
diff -Nru -w openssl-3.5.0/NOTES-WINDOWS.md openssl-3.5.1/NOTES-WINDOWS.md
--- openssl-3.5.0/NOTES-WINDOWS.md 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/NOTES-WINDOWS.md 2025-07-01 13:52:08.000000000 +0200
@@ -87,6 +87,11 @@
on the Universal CRT or
- `perl Configure` to let Configure figure out the platform
+ a. If you don't plan to develop OpenSSL yourself and don't need to rebuild,
+ in other words, if you always do a new build, turning off the build
+ dependency feature can speed up build times by up to 50%:
+ `perl Configure no-makedepend`
+
6. `nmake`
7. `nmake test`
diff -Nru -w openssl-3.5.0/providers/fips/fipsprov.c openssl-3.5.1/providers/fips/fipsprov.c
--- openssl-3.5.0/providers/fips/fipsprov.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/fips/fipsprov.c 2025-07-01 13:52:08.000000000 +0200
@@ -17,6 +17,7 @@
#include <openssl/proverr.h>
#include <openssl/indicator.h>
#include "internal/cryptlib.h"
+#include "internal/provider.h"
#include "prov/implementations.h"
#include "prov/names.h"
#include "prov/provider_ctx.h"
@@ -887,6 +888,15 @@
goto err;
/*
+ * Ensure our internal provider is loaded. We use this whenever the FIPS
+ * provider internally uses the EVP API. We proactively load this now
+ * rather than waiting for lazy loading to ensure it is always present when
+ * we need it.
+ */
+ if (!ossl_provider_activate_fallbacks(libctx))
+ goto err;
+
+ /*
* We did initial set up of selftest_params in a local copy, because we
* could not create fgbl until c_CRYPTO_zalloc was defined in the loop
* above.
diff -Nru -w openssl-3.5.0/providers/fips.checksum openssl-3.5.1/providers/fips.checksum
--- openssl-3.5.0/providers/fips.checksum 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/fips.checksum 2025-07-01 13:52:08.000000000 +0200
@@ -1 +1 @@
-e52ef0424b1c707a55e63763491f5ffc6462cab120929199bae37bd876094761 providers/fips-sources.checksums
+cffe76b0bc6464c7c864d5e2eaaf528439cb6c9908dc75666d530aa8a65e152e providers/fips-sources.checksums
diff -Nru -w openssl-3.5.0/providers/fips-sources.checksums openssl-3.5.1/providers/fips-sources.checksums
--- openssl-3.5.0/providers/fips-sources.checksums 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/fips-sources.checksums 2025-07-01 13:52:08.000000000 +0200
@@ -28,7 +28,7 @@
5d03d59af5d77979bed0662a2e971951899d407d11dcf6a8e174453aaebecea2 crypto/aes/asm/aesni-xts-avx512.pl
0489a10fbb1a8ca3652848d5c1e14e519501e189bad3e5827a573c26df359691 crypto/aes/asm/aesp8-ppc.pl
e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl
-901a977a566f51788186ed566438db09d2331894f9de9ace1aa7e267dae3fe74 crypto/aes/asm/aesv8-armx.pl
+578142d03bc47353952fca2027eb63ec97ce9a1379c0f3c7ac0fdf110eb3378b crypto/aes/asm/aesv8-armx.pl
5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl
12cd3c8a9ce7153c577ff6238d81ec1947dfc43ee80cb15ee886cdf811969417 crypto/aes/asm/bsaes-armv8.pl
c72f6cbf3b9900d956e05003ec8df758b29b43519c7801d677c3f992bc589d4e crypto/aes/asm/bsaes-x86_64.pl
@@ -59,11 +59,11 @@
0b3350f56d423a4df918a08e90c7c66227c4449a9f9c44096eacc254ebc65f9f crypto/bn/asm/ppc64-mont-fixed.pl
a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f crypto/bn/asm/ppc64-mont.pl
a6982e91f35fbcefe897106b3f5c8957359fb58b74beac12bdcb8d3b7daa15f5 crypto/bn/asm/rsaz-2k-avx512.pl
-9ff806a5dc4320c73cdf717161185b3515bb56e893f098e617ebb16b25ed9006 crypto/bn/asm/rsaz-2k-avxifma.pl
+1b059fa9056c6b476f036ffa5dc74092d9366ee94a98f8f3e57e9b452a695232 crypto/bn/asm/rsaz-2k-avxifma.pl
df7268cd5461269db0d8d1ef62c2d9ff6608eb0c071e798b06ad9ddfcbef1a31 crypto/bn/asm/rsaz-3k-avx512.pl
-a36293b89332a4fb8ef4f3013c26bc5bb42290ec255a699b15b4e72285f49886 crypto/bn/asm/rsaz-3k-avxifma.pl
+b8424d830f41a038f3c98d8664c6cf7d2d3e1748cdce260db41fa3c74f1d88d9 crypto/bn/asm/rsaz-3k-avxifma.pl
9ae9cf7a926eea6543237eb4c537860a36e6373e9091e2c581868871ba84fd74 crypto/bn/asm/rsaz-4k-avx512.pl
-2cd3ac19df2f322e518aba881dc98423c3aafcef8cec6c8611f870fdf6d54d7d crypto/bn/asm/rsaz-4k-avxifma.pl
+afcf51a732c80eadae1650e22e4af34904112a8b95467087a16d9d2394934730 crypto/bn/asm/rsaz-4k-avxifma.pl
6e47bf041e51d8086c4933c2a5da3ce6d1b136592984754461d59aa81e4995a6 crypto/bn/asm/rsaz-avx2.pl
149842bf63d1ef1895a251a83d9941fc3ed744dab359b42d635d04cc8d2f2864 crypto/bn/asm/rsaz-x86_64.pl
30fedf48dfc5fec1c2044b6c226dd9fc42a92522cc589797a23a79d452bdd2cf crypto/bn/asm/s390x-gf2m.pl
@@ -123,7 +123,7 @@
1d2760fae983b7fdba8fbb63b0f357dc161f6d0f0695f6b73e8d92ed19899185 crypto/context.c
67c2367871b9350a7f7af5be903d6bcca9ebdbff0e9a9bd9f61b56bef5b76696 crypto/core_algorithm.c
ab29529cca1308302d852999f2790c404a4dc0ef8cd6653260739f70b2f22758 crypto/core_fetch.c
-61111a5f2eba07860b1ae2b6512c9cfb30cb7f580db5606fe1c22f1fa7599f2f crypto/core_namemap.c
+79522ab7376ba85aca2cfce84a77613e3721470307f2acb28fd318a51182be0d crypto/core_namemap.c
819f75bcb1cbd6633381ec9ad043152ae2ec1f71471650864f2cb8c88612cab5 crypto/cpuid.c
a6732e22ccb49cf51fc9dbf23f6059774b70ecc3d7e848c5df112a2d3c179027 crypto/cryptlib.c
66dbfc58916709d5a6913777346083247942a8d9458ee9b2bf443f0ea4988d64 crypto/ctype.c
@@ -204,7 +204,7 @@
43f81968983e9a466b7dc9cffe64302418703f7a66adcbac4b7c4d8cb19c9af5 crypto/ec/ecx_backend.c
5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3 crypto/ec/ecx_backend.h
2be4ca60082891bdc99f8c6ebc5392c1f0a7a53f0bcf18dcf5497a7aee0b9c84 crypto/ec/ecx_key.c
-62136e558017c5c3b2c60ac22f1bfed252519c6a8595f9725356bca1a0c70ea8 crypto/evp/asymcipher.c
+73c956c97fd558b0fd267934657fb829fd8d9ab12dda2d96d3ca1521f0416ca8 crypto/evp/asymcipher.c
80da494704c8fc54fea36e5de7100a6c2fdcc5f8c50f43ac477df5f56fa57e58 crypto/evp/dh_support.c
bc9f3b827e3d29ac485fff9fb1c8f71d7e2bcd883ccc44c776de2f620081df58 crypto/evp/digest.c
838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c
@@ -212,14 +212,14 @@
baccbd623a94ba350c07e0811033ad66a2c892ef51ccb051b4a65bf2ba625a85 crypto/evp/evp_fetch.c
52b4aba9e2beb9d382ebd09daf44009e5ddaeae8d3434546e2884ab8ea481d7a crypto/evp/evp_lib.c
32949d15dfc1a3049eb3000ddc10db077eb442e1fa224b2541aa1fcc6137d80e crypto/evp/evp_local.h
-eaaf795148c5dd99c4194d076c029c843f3aee0c37afeb0dac43a86fd931ac68 crypto/evp/evp_rand.c
+603c97974acd94e66f9718d3d68ab5cd6e0093499feabb1f1417778d768b5d6e crypto/evp/evp_rand.c
2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c
3d04aa938f45a04550ce4d53306d60da4ca6a54e1a4e9f19b75ca22277ce7bdb crypto/evp/exchange.c
294284ad040fe4b74845f91b1903c961c757e1ef3fcc2ffa35f43f37f1655e64 crypto/evp/kdf_lib.c
90742590db894920ffdb737a450ee591488aa455802e777400b1bf887618fd7a crypto/evp/kdf_meth.c
948f7904e81008588288a1ba7969b9de83546c687230ffe2a3fd0be1651bce8f crypto/evp/kem.c
55d141a74405415ad21789abcace9557f1d1ef54cf207e99993bf0a801f4b81e crypto/evp/keymgmt_lib.c
-ac5194aedcd6790903817faf4aec199a2100e27cf2d778caae3d8d79cc28f596 crypto/evp/keymgmt_meth.c
+5cb9ddc6a7434bd7e063bf85455c2025fb34e4eb846d7d113dbcedc25eeac7a3 crypto/evp/keymgmt_meth.c
9e44d1ffb52fee194b12c50962907c8637e7d92f08339345ec9fd3bd4a248e69 crypto/evp/mac_lib.c
cd611921dc773b47207c036b9108ec820ab39d67780ba4adc9ccb9dc8da58627 crypto/evp/mac_meth.c
4f0a9a7baa72c6984edb53c46101b6ff774543603bec1e1d3a6123adf27e41db crypto/evp/p_lib.c
@@ -227,7 +227,7 @@
759573aea2a4cc7b6f763b440e6868bfcfcb7ca94d812fa61ab24a194be2cb36 crypto/evp/pmeth_gn.c
c2c8f6d17dc3d85ffcced051047c0b00ce99d119635f4626c5c6db3d59d86fbb crypto/evp/pmeth_lib.c
ba4ff38738cbcfd3841d53a2fab92227638ceca176d3ffe50e486c9dcbabb5dd crypto/evp/s_lib.c
-0eaabfe314cb94a942584f74de69f8dec1287a4afe383050e37ee44a41aea447 crypto/evp/signature.c
+3c003fa01341a69c461b75cffd93cf31a1899373d7e95a1ef3754ea1bfbb77fe crypto/evp/signature.c
a3ba57f8181cfbbf017fe1d4fa8d80f4999eea6d2834b0bcda22b60e6a5e31e3 crypto/evp/skeymgmt_meth.c
64f7e366e681930ba10267272b87dba223b9744a01c27ba0504a4941802a580d crypto/ex_data.c
d986ec74995b05ff65a68df320ab45894ba35d7be4906f8d78ca5fca294a4e6c crypto/ffc/ffc_backend.c
@@ -263,7 +263,7 @@
1d7f57a41034988a4e7d4c9a998760d2ef802c5e90275d09a3ca31c5f3403d94 crypto/ml_dsa/ml_dsa_sign.c
5217ef237e21872205703b95577290c34898423466a465c7bd609b2eb4627964 crypto/ml_dsa/ml_dsa_sign.h
abd934284bcd8061027a69f437fa4410c6b72cd950be1ebe048244d036371208 crypto/ml_dsa/ml_dsa_vector.h
-e100125310394a6b8796a29c4536c248aeeab6a344f8ce53573ca4daed8259a8 crypto/ml_kem/ml_kem.c
+defc2e4e81ff1b78056c795bc0565f4241a259c2957abe84a51bcbc1e4ace3f1 crypto/ml_kem/ml_kem.c
36e24eae5d38cc9666ae40e4e8a2dc12328e1159fea68447cb19dab174d25adf crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl
33357356cd739d4ae89d52f0804b6900e4b94d8829323819c6f64c8908e978df crypto/modes/asm/aes-gcm-armv8_64.pl
bcc09bdb474f045d04c983fa09c31a010c5a25513f53a5d3653ade91304f0f96 crypto/modes/asm/aes-gcm-avx512.pl
@@ -298,21 +298,21 @@
05563d44cb345e7859093296f95a3ea5139fcc316e98fcb86c6748ee49363a84 crypto/param_build.c
cae7bd4973d36edbdc3bdd8d2c8d157f2c4fcfae00fdf821b67aebb789bc8aa6 crypto/param_build_set.c
7b32b19c1cf7152ef7e55e8ae7a045be4882da84ecd82ddf24df961656ec581b crypto/params.c
-bb7b79b5a070050f5e7dfc66b5635f0891bc278e3e24eec3583b769b33bef657 crypto/params_dup.c
-17df6718f11307a0d0c4d8de5a8bbb35408f5546c465c1dd3b631c924adb2e58 crypto/params_from_text.c
+c0e0ba07ca5d4acfe450e4ae53a10ed254097ed2f537f01a4a43a9f5b5cab501 crypto/params_dup.c
+fc2432f5a76784d4ca47db1803c8b19acbaea26987f8e33dd8cc5571f8101b40 crypto/params_from_text.c
f50450f7e5f6896fb8e3cde2fdc11cc543124c854ef9d88252a166606ca80081 crypto/params_idx.c
9620a96eb5e411f5c96c210fb7975afe6b24635e4c5565be34fb8d10589890e7 crypto/ppccap.c
46fa4994a6234a98a2845d9337475913f6bc229f1928abc82224de7edf2784b8 crypto/ppccpuid.pl
467c416422ecf61e3b713c5eb259fdbcb4aa73ae8dee61804d0b85cfd3fff4f7 crypto/property/defn_cache.c
-ced9474eca99c4920ee9dc3a810ee77af31aa344d54ea2aca702305abfc6aa1f crypto/property/property.c
+91c1f1f8eb5588ed9da17386c244ae68a6a81717b1c7ab6c9f1a6a57973a039f crypto/property/property.c
66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h
d32105cb087d708d0504a787f74bc163cc398c299faf2e98d6bb5ae02f5ce9b7 crypto/property/property_parse.c
a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c
20e69b9d594dfc443075eddbb0e6bcc0ed36ca51993cd50cc5a4f86eb31127f8 crypto/property/property_string.c
-8dffed281002fcbc3e54dd4be74f5739c3e6a244ce579f6a86ad8d5dfb0d3374 crypto/provider_core.c
+faa002fd33a147494ea93dbd1cef07138c6f61432d6465ceb4a34118e31e0a72 crypto/provider_core.c
d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h
5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c
-eeb769fb3f552c7fbb1de4d3725e03376919bc062e8d4fc5ee47f3571206047e crypto/rand/rand_lib.c
+e13cf63765dd538a75eb9d2cb8fcb0243e6bd2988dd420c83806a69984dad558 crypto/rand/rand_lib.c
fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h
426ba915ca65a770f8264129f8ac47db7aaf06c6ae51517c5d775eacdf91b9f6 crypto/rcu_internal.h
48f6a98e3d7e9ae79f2d2b8ea9965d0c4ec3b1a4473adbceb47fe1e7930dc3c1 crypto/riscv32cpuid.pl
@@ -415,8 +415,8 @@
a00e16963e1e2a0126c6a8e62da8a14f98de9736027654c925925dadd0ca3cc1 crypto/thread/arch/thread_win.c
27ec0090f4243c96e4fbe1babfd4320c2a16615ffa368275433217d50a1ef76c crypto/thread/internal.c
67ba8d87fbbb7c9a9e438018e7ecfd1cedd4d00224be05755580d044f5f1317a crypto/threads_lib.c
-30c223a6099b9d8aa7bf1a0a258f2ecad2129da2486eb8718f06c846752e234b crypto/threads_none.c
-40952905fcf107fa1ff6b51036d55b374dd7e4b8d71e541769675354e81b076f crypto/threads_pthread.c
+b1a828491d9ce305802662561788facac92dff70cca9ead807f3e28741ff21e0 crypto/threads_none.c
+c659f7ce5c4b59d2a1cff78485fa8e89c8d20d5798df4afc1b94ff635ffc0262 crypto/threads_pthread.c
9c3bf7b4baa302a4017150fbcaa114ee9df935b18d5a3a8c8015003780d4e7de crypto/threads_win.c
7edd638df588b14711a50c98d458c4fc83f223ed03bc6c39c7c8edf7915b7cfa crypto/time.c
88c5f9f4d2611223d283ebd2ae10ae5ecbb9972d00f747d93fcb74b62641e3f9 crypto/x86_64cpuid.pl
@@ -452,8 +452,8 @@
7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h
d6d1cd1ec7581046f5a84359a32ed41caad9e7c1b4d1eb9665ea4763de10e6b3 include/crypto/types.h
27d13538d9303b1c2f0b2ce9b6d376097ce7661354fbefbde24b7ef07206ea45 include/internal/bio.h
-a8cb407a10e50b1168412bd6ed6af9552cac1326d28c35f91152c48edc42dc3f include/internal/common.h
-6aaccec4ca8f14a9d6c6b1e6428c1f72147a9c63c45b01107b2a0f29c1065adf include/internal/constant_time.h
+7c8bdf83fc61de37027111c24c41049debb2c9f856fa97bf6ac93319cfef1f35 include/internal/common.h
+77616e7546ed1bae9df366327663261282b16664a616725436715df9ff99b598 include/internal/constant_time.h
c5bb97f654984130c8b44c09a52395bce0b22985d5dbc9c4d9377d86283f11f8 include/internal/core.h
bbba72ba1d0e2985cb316dd9f3bf63893dd58d5624ad7caa10aad81d8b6df0fc include/internal/cryptlib.h
9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h
@@ -461,13 +461,13 @@
8059e715f981fbe02b5731610ed24bb6ae617a55e90b03f4260cbb6ccd71e8de include/internal/deterministic_nonce.h
fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b include/internal/dso.h
f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7 include/internal/dsoerr.h
-9bc1bb8edd4874773358832ea0aeab820e08a3b30bc955147208c44d5fd04090 include/internal/e_os.h
+924fddff69e5ee237e38d48dd55d4c5f6d6ef8b6443bbe217c760009bbcc87c4 include/internal/e_os.h
6e33d1c6f82a4483a0e52ee3c9713e123efc5aba0601e7f13078aa45910cd70a include/internal/e_winsock.h
c9cb7a25ba2c1a451ba7cca7e165606f891ee8d3e927c06a2e4f84db7f7622eb include/internal/encoder.h
70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef include/internal/endian.h
4838a68ff626825c261df6a1fd21e156e25d8365af45552f29054d7038a7db3d include/internal/ffc.h
4c9c4b7fc19615fb480fe18c86521d57313d24a8de556681741054abc2e3a690 include/internal/fips.h
-987958a28eac3411c4b4bf0a5d351c2274caa2a30b6376c21e5777e7c33d962f include/internal/hashfunc.h
+45e1f3a274ddce17d62681f3150eeb522ef9716b0b41bfdc33327cf72c4356d2 include/internal/hashfunc.h
d9c95e7fe7ae09b2c4aff57eaefbec962cbbeb202ee3cf15950716760c83460f include/internal/hashtable.h
f6f30785e3eced1ccdd4b149286ff2b8bbb860eb7e070cbe54c997aa022854da include/internal/namemap.h
b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d include/internal/nelem.h
@@ -478,7 +478,7 @@
46d7980258a8d11353af3e3dab87c368eec054e46ac8a0facec68b23ba94d91b include/internal/params.h
d4ac19b28ea61f03383364cfad1e941cac44fc36787d80882c5b76ecc9d34e29 include/internal/property.h
727326afb3d33fdffdf26471e313f27892708318c0934089369e4b28267e2635 include/internal/propertyerr.h
-3f1eeabbcfd18c23d365a3586abb59091b654a741b4970162c88374711d7c975 include/internal/provider.h
+f3ac89b2eaaa7f83d7d2606be65aff28136aec5b961884c45f79bf8540ad6f34 include/internal/provider.h
95d21e761402fcbf1d3bdb261e425316b07d2790dd190e4eeaa1e21e40ff9a59 include/internal/rcu.h
baf5df9b8b91cb5b821ee27348a47364c9dfc86144c9573403e9d54fa970f81f include/internal/refcount.h
a01805714966e6de536ee182d5476cb1708d019631f016f331a034cf3b2b3158 include/internal/safe_math.h
@@ -531,7 +531,7 @@
69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h
aa02455482d744418123266f581b9b4310ba678c7d28c10fffc5eec74ce3c8ef include/openssl/err.h.in
29ea398f6a2dfa3d42516030f4b5e6b1de06bbff4326ae42a7e63e2380abe33a include/openssl/evp.h
-04f901922c5b607b6f1fbcd8e9510e9475e3060d6901517b52ae8a5ed0f0065b include/openssl/evperr.h
+b2a8058dd51abe6c1ac4a0f32175f550a308efd31607a9cf1620aa032b1f7e55 include/openssl/evperr.h
f37c13a7cc0b05a734efcafb7da321dcc366090c255da8ee532e5f2be2eaa152 include/openssl/fips_names.h
fef2b79b4de2cd74b02f12f1c0515cb2eaca742b8ded67fce722fb417e818e25 include/openssl/fipskey.h.in
47a088c98ad536ea99f2c6a9333e372507cb61b9bdffb930c586ed52f8f261eb include/openssl/hmac.h
@@ -611,7 +611,7 @@
8ea192553b423e881d85118c70bcb26a40fbdee4e110f230c966939c76f4aa7e providers/common/securitycheck_fips.c
abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c
d8cb05784ae8533a7d9569d4fbaaea4175b63a7c9f4fb0f254215224069dea6b providers/fips/fipsindicator.c
-6d9c45b756b3e64fb31b3fdf75a4d93f8a71b7dc6c5d2cd842ef9d3a8ec445e4 providers/fips/fipsprov.c
+e9383013a79a8223784a69a66bb610d16d54e61ea978f67a3d31de9f48cd4627 providers/fips/fipsprov.c
7be8349d3b557b6d9d5f87d318253a73d21123628a08f50726502abf0e3d8a44 providers/fips/include/fips/fipsindicator.h
ef204adc49776214dbb299265bc4f2c40b48848cbea4c25b8029f2b46a5c9797 providers/fips/include/fips_indicator_params.inc
f2581d7b4e105f2bb6d30908f3c2d9959313be08cec6dbeb49030c125a7676d3 providers/fips/include/fips_selftest_params.inc
@@ -663,7 +663,7 @@
c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666 providers/implementations/ciphers/ciphercommon_local.h
39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d providers/implementations/digests/digestcommon.c
6b1b0223a8ed6cd9210bcef2e148266bd5131d0f5fc6cd459f4bc0db808c6008 providers/implementations/digests/sha2_prov.c
-47a1b107e0e37607370e3f91c23eb8b6403892867239d5e1c17f8c94cfa83c56 providers/implementations/digests/sha3_prov.c
+efb4d6e3b1d870ba680c73beb509398e6cce633937c58e6cc5fbbfcf7888711f providers/implementations/digests/sha3_prov.c
9b37f34d48b3346c6ca3de430e190d7bfbd4e327d728870a64c7bd806ab700b6 providers/implementations/exchange/dh_exch.c
ad943431c43913443461c709a179c577f7278aa061fab6e1ecbb4d0f211db63d providers/implementations/exchange/ecdh_exch.c
d44c5a6d3156392757415f34afc1ab164fb0e9cd1e97977386d7cd13f3555df5 providers/implementations/exchange/ecx_exch.c
@@ -683,7 +683,7 @@
190f66af533067b80f18d7a12ba5440927e3e93b218f67473b4dea7dd9db88a6 providers/implementations/include/prov/mlx_kem.h
af1adbeaa97de9b550f987e4badfa3809ba8c734bf7b90b830882cd95175d667 providers/implementations/include/prov/names.h
b9f8781167f274ccd8b643b3bb6c4e1108fb27b2aae588518261af9415228dae providers/implementations/include/prov/seeding.h
-c67ea899ea2f37e4fc44f25bdbb965f91cc4d29c833c1e3a19603f97efd6288a providers/implementations/kdfs/hkdf.c
+f63b54479dcc4923db9d0baa87b38a8da6f8186b8838a906e6b9ef52522bf489 providers/implementations/kdfs/hkdf.c
8a294c68ed3369ba4f3f7ee87b322702ddb59b63bf5ec2c72719ef121618c3ca providers/implementations/kdfs/kbkdf.c
c0acc0869b8adbd399fbd024f7f7e664c462f4be51b72b41b7aebf1e3233a897 providers/implementations/kdfs/pbkdf2.c
c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h
@@ -699,25 +699,25 @@
24cc3cc8e8681c77b7f96c83293bd66045fd8ad69f756e673ca7f8ca9e82b0af providers/implementations/keymgmt/dsa_kmgmt.c
e10086c31aafae0562054e3b07f12409e39b87b5e96ee7668c231c37861aa447 providers/implementations/keymgmt/ec_kmgmt.c
258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc
-b9646607ca2027919b591048bce0364349049a668468ccdda76b8a8082d7749c providers/implementations/keymgmt/ecx_kmgmt.c
+d042d687da861d2a39658c6b857a6507a70fa78cecdf883bd1dcdafcf102e084 providers/implementations/keymgmt/ecx_kmgmt.c
daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d providers/implementations/keymgmt/kdf_legacy_kmgmt.c
-17d6bc9f386f147765d9653639056dcb40e258239a5a9fdc4876a4f0a1d47c21 providers/implementations/keymgmt/mac_legacy_kmgmt.c
-d3d5c6d673ed16b4d179e7049f5eb3e6fc6cfbddb362ec8553ee32bd41864c72 providers/implementations/keymgmt/ml_dsa_kmgmt.c
-b05ed431602f27241993b9f50f11ced172b9278366c35ca9596890f6c763fb6b providers/implementations/keymgmt/ml_kem_kmgmt.c
+d97d7c8d3410b3e560ef2becaea2a47948e22205be5162f964c5e51a7eef08cb providers/implementations/keymgmt/mac_legacy_kmgmt.c
+24384616fcba4eb5594ccb2ebc199bcee8494ce1b3f4ac7824f17743e39c0279 providers/implementations/keymgmt/ml_dsa_kmgmt.c
+830c339dfc7f301ce5267ef9b0dc173b84d9597509c1a61ae038f3c01af78f45 providers/implementations/keymgmt/ml_kem_kmgmt.c
e15b780a1489bbe4c7d40d6aaa3bccfbf973e3946578f460eeb8373c657eee91 providers/implementations/keymgmt/mlx_kmgmt.c
9376a19735fcc79893cb3c6b0cff17a2cae61db9e9165d9a30f8def7f8e8e7c7 providers/implementations/keymgmt/rsa_kmgmt.c
-093f6c2b9f39a97d4061800f59177c88f5ca2c1034e4d795a5a1d7a599916a06 providers/implementations/keymgmt/slh_dsa_kmgmt.c
+6f0a786170ba9af860e36411d158ac0bd74bcb4d75c818a0cebadbc764759283 providers/implementations/keymgmt/slh_dsa_kmgmt.c
9d02d481b9c7c0c9e0932267d1a3e1fef00830aaa03093f000b88aa042972b9f providers/implementations/macs/cmac_prov.c
3c558b57fff3588b6832475e0b1c5be590229ad50d95a6ebb089b62bf5fe382d providers/implementations/macs/gmac_prov.c
3b5e591e8f6c6ba721a20d978452c9aae9a8259b3595b158303a49b35f286e53 providers/implementations/macs/hmac_prov.c
6f9100c9cdd39f94601d04a6564772686571711ff198cf8469e86444d1ba25f3 providers/implementations/macs/kmac_prov.c
4115f822e2477cd2c92a1c956cca1e4dbc5d86366e2a44a37526756153c0e432 providers/implementations/rands/drbg.c
-a417b4596695f6f3b456fa380df9014259a4af6278deb325c885203d5799f569 providers/implementations/rands/drbg_ctr.c
+b7e24bb9265501e37253e801028f3fd0af5111a100c0b2005c53d43f02c03389 providers/implementations/rands/drbg_ctr.c
857043f63023b1b74936600aca189f39910d1b109720903cbe7f0d5752f381e9 providers/implementations/rands/drbg_hash.c
8bdd3fef08e6395de772b04648bf819268907bcf1f0f1b150880dc2056d9cb10 providers/implementations/rands/drbg_hmac.c
-b6dba662e23d8c762cc31d5ead7f42bbad682fb64a8b064bdc415b7b5d89fc13 providers/implementations/rands/drbg_local.h
+2c63defffcc681ada17a6cc3eb895634fd8bf86110796a6381cc3dedd26fd47d providers/implementations/rands/drbg_local.h
ddae75f1e08416c92802faafba9d524e3bf58c13e9fcb51735733e161006f89e providers/implementations/rands/fips_crng_test.c
-068bec8b3cab01b0ab6d5d5046eab4d993058234a7687347e0bff637c70e479e providers/implementations/rands/test_rng.c
+04e726d547a00d0254362b0ebd3ddf87f58a53b78d3a070a1620f5fa714330bb providers/implementations/rands/test_rng.c
bd3c3d166be0e171e08e1cd03a943a643b4c181f11d8dde5e508d50163ac0cb8 providers/implementations/signature/dsa_sig.c
848ecf7587757410f98661a22fdf6eece53cc317224a22826d838131a47de8b0 providers/implementations/signature/ecdsa_sig.c
bd48b0fe43f0d0d91eb34bdfd48fbcfd69bceabf0ddc678702fe9ef968064bb6 providers/implementations/signature/eddsa_sig.c
diff -Nru -w openssl-3.5.0/providers/implementations/ciphers/cipher_chacha20_poly1305.c openssl-3.5.1/providers/implementations/ciphers/cipher_chacha20_poly1305.c
--- openssl-3.5.0/providers/implementations/ciphers/cipher_chacha20_poly1305.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/ciphers/cipher_chacha20_poly1305.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -32,7 +32,7 @@
static OSSL_FUNC_cipher_cipher_fn chacha20_poly1305_cipher;
static OSSL_FUNC_cipher_final_fn chacha20_poly1305_final;
static OSSL_FUNC_cipher_gettable_ctx_params_fn chacha20_poly1305_gettable_ctx_params;
-#define chacha20_poly1305_settable_ctx_params ossl_cipher_aead_settable_ctx_params
+static OSSL_FUNC_cipher_settable_ctx_params_fn chacha20_poly1305_settable_ctx_params;
#define chacha20_poly1305_gettable_params ossl_cipher_generic_gettable_params
#define chacha20_poly1305_update chacha20_poly1305_cipher
@@ -158,6 +158,21 @@
return chacha20_poly1305_known_gettable_ctx_params;
}
+static const OSSL_PARAM chacha20_poly1305_known_settable_ctx_params[] = {
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
+ OSSL_PARAM_END
+};
+static const OSSL_PARAM *chacha20_poly1305_settable_ctx_params(
+ ossl_unused void *cctx, ossl_unused void *provctx
+ )
+{
+ return chacha20_poly1305_known_settable_ctx_params;
+}
+
static int chacha20_poly1305_set_ctx_params(void *vctx,
const OSSL_PARAM params[])
{
@@ -238,7 +253,6 @@
return 0;
}
}
- /* ignore OSSL_CIPHER_PARAM_AEAD_MAC_KEY */
return 1;
}
diff -Nru -w openssl-3.5.0/providers/implementations/digests/sha3_prov.c openssl-3.5.1/providers/implementations/digests/sha3_prov.c
--- openssl-3.5.0/providers/implementations/digests/sha3_prov.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/digests/sha3_prov.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,7 +20,7 @@
#include "prov/implementations.h"
#define SHA3_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT
-#define SHAKE_FLAGS PROV_DIGEST_FLAG_XOF
+#define SHAKE_FLAGS (PROV_DIGEST_FLAG_XOF | PROV_DIGEST_FLAG_ALGID_ABSENT)
#define KMAC_FLAGS PROV_DIGEST_FLAG_XOF
/*
diff -Nru -w openssl-3.5.0/providers/implementations/kdfs/hkdf.c openssl-3.5.1/providers/implementations/kdfs/hkdf.c
--- openssl-3.5.0/providers/implementations/kdfs/hkdf.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/kdfs/hkdf.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -307,14 +307,12 @@
}
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
- if (p->data_size != 0 && p->data != NULL) {
OPENSSL_free(ctx->salt);
ctx->salt = NULL;
if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->salt, 0,
&ctx->salt_len))
return 0;
}
- }
return 1;
}
diff -Nru -w openssl-3.5.0/providers/implementations/keymgmt/ecx_kmgmt.c openssl-3.5.1/providers/implementations/keymgmt/ecx_kmgmt.c
--- openssl-3.5.0/providers/implementations/keymgmt/ecx_kmgmt.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/keymgmt/ecx_kmgmt.c 2025-07-01 13:52:08.000000000 +0200
@@ -505,9 +505,11 @@
if (algdesc != NULL
&& !ossl_FIPS_IND_callback(libctx, algdesc, "KeyGen Init")) {
OPENSSL_free(gctx);
- return 0;
+ return NULL;
}
#endif
+ } else {
+ return NULL;
}
if (!ecx_gen_set_params(gctx, params)) {
ecx_gen_cleanup(gctx);
@@ -843,6 +845,9 @@
{
struct ecx_gen_ctx *gctx = genctx;
+ if (gctx == NULL)
+ return;
+
OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen);
OPENSSL_free(gctx->propq);
OPENSSL_free(gctx);
diff -Nru -w openssl-3.5.0/providers/implementations/keymgmt/mac_legacy_kmgmt.c openssl-3.5.1/providers/implementations/keymgmt/mac_legacy_kmgmt.c
--- openssl-3.5.0/providers/implementations/keymgmt/mac_legacy_kmgmt.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/keymgmt/mac_legacy_kmgmt.c 2025-07-01 13:52:08.000000000 +0200
@@ -519,6 +519,9 @@
{
struct mac_gen_ctx *gctx = genctx;
+ if (gctx == NULL)
+ return;
+
OPENSSL_secure_clear_free(gctx->priv_key, gctx->priv_key_len);
ossl_prov_cipher_reset(&gctx->cipher);
OPENSSL_free(gctx);
diff -Nru -w openssl-3.5.0/providers/implementations/keymgmt/ml_dsa_kmgmt.c openssl-3.5.1/providers/implementations/keymgmt/ml_dsa_kmgmt.c
--- openssl-3.5.0/providers/implementations/keymgmt/ml_dsa_kmgmt.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/keymgmt/ml_dsa_kmgmt.c 2025-07-01 13:52:08.000000000 +0200
@@ -84,6 +84,8 @@
sig, &sig_len, sizeof(sig)) <= 0)
goto err;
+ OSSL_SELF_TEST_oncorrupt_byte(st, sig);
+
if (ossl_ml_dsa_verify(key, 0, msg, sizeof(msg), NULL, 0, 0,
sig, sig_len) <= 0)
goto err;
@@ -355,7 +357,7 @@
OSSL_CALLBACK *param_cb, void *cbarg)
{
ML_DSA_KEY *key = keydata;
- OSSL_PARAM params[3];
+ OSSL_PARAM params[4];
const uint8_t *buf;
int include_private, pnum = 0;
@@ -368,9 +370,8 @@
include_private = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
/*
- * Note that the public key can be recovered from the private key, so we
- * just export one or the other. If the seed is present, both the seed and
- * the private key are exported. The recipient will have a choice.
+ * Note that if the seed is present, both the seed and the private key are
+ * exported. The recipient will have a choice.
*/
if (include_private) {
if ((buf = ossl_ml_dsa_key_get_seed(key)) != NULL) {
@@ -383,7 +384,8 @@
ossl_ml_dsa_key_get_priv_len(key));
}
}
- if (pnum == 0 && (buf = ossl_ml_dsa_key_get_pub(key)) != NULL) {
+ if (((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ && ((buf = ossl_ml_dsa_key_get_pub(key)) != NULL)) {
params[pnum++] = OSSL_PARAM_construct_octet_string
(OSSL_PKEY_PARAM_PUB_KEY, (void *)buf,
ossl_ml_dsa_key_get_pub_len(key));
@@ -472,8 +474,10 @@
goto err;
}
#ifdef FIPS_MODULE
- if (!ml_dsa_pairwise_test(key))
+ if (!ml_dsa_pairwise_test(key)) {
+ ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
goto err;
+ }
#endif
return key;
err:
@@ -525,6 +529,9 @@
{
struct ml_dsa_gen_ctx *gctx = genctx;
+ if (gctx == NULL)
+ return;
+
OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
OPENSSL_free(gctx->propq);
OPENSSL_free(gctx);
diff -Nru -w openssl-3.5.0/providers/implementations/keymgmt/ml_kem_kmgmt.c openssl-3.5.1/providers/implementations/keymgmt/ml_kem_kmgmt.c
--- openssl-3.5.0/providers/implementations/keymgmt/ml_kem_kmgmt.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/keymgmt/ml_kem_kmgmt.c 2025-07-01 13:52:08.000000000 +0200
@@ -794,6 +794,9 @@
{
PROV_ML_KEM_GEN_CTX *gctx = vgctx;
+ if (gctx == NULL)
+ return;
+
if (gctx->seed != NULL)
OPENSSL_cleanse(gctx->seed, ML_KEM_RANDOM_BYTES);
OPENSSL_free(gctx->propq);
diff -Nru -w openssl-3.5.0/providers/implementations/keymgmt/slh_dsa_kmgmt.c openssl-3.5.1/providers/implementations/keymgmt/slh_dsa_kmgmt.c
--- openssl-3.5.0/providers/implementations/keymgmt/slh_dsa_kmgmt.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/keymgmt/slh_dsa_kmgmt.c 2025-07-01 13:52:08.000000000 +0200
@@ -145,21 +145,23 @@
}
static int key_to_params(SLH_DSA_KEY *key, OSSL_PARAM_BLD *tmpl,
- int include_private)
+ int selection)
{
/* Error if there is no key or public key */
if (key == NULL || ossl_slh_dsa_key_get_pub(key) == NULL)
return 0;
- /*
- * Note that the private key always contains the public key elements so we
- * just save the one blob and return.
- */
- if (include_private && ossl_slh_dsa_key_get_priv(key) != NULL)
- return ossl_param_build_set_octet_string(tmpl, NULL,
+
+ if (((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ && ossl_slh_dsa_key_get_priv(key) != NULL)
+ if (ossl_param_build_set_octet_string(tmpl, NULL,
OSSL_PKEY_PARAM_PRIV_KEY,
ossl_slh_dsa_key_get_priv(key),
- ossl_slh_dsa_key_get_priv_len(key));
- /* Otherwise write out the public key element */
+ ossl_slh_dsa_key_get_priv_len(key)) != 1)
+ return 0;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
+ return 1;
+
return ossl_param_build_set_octet_string(tmpl, NULL,
OSSL_PKEY_PARAM_PUB_KEY,
ossl_slh_dsa_key_get_pub(key),
@@ -215,7 +217,7 @@
SLH_DSA_KEY *key = keydata;
OSSL_PARAM_BLD *tmpl;
OSSL_PARAM *params = NULL;
- int ret = 0, include_private;
+ int ret = 0;
if (!ossl_prov_is_running() || key == NULL)
return 0;
@@ -227,8 +229,7 @@
if (tmpl == NULL)
return 0;
- include_private = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0);
- if (!key_to_params(key, tmpl, include_private))
+ if (!key_to_params(key, tmpl, selection))
goto err;
params = OSSL_PARAM_BLD_to_param(tmpl);
@@ -346,8 +347,10 @@
gctx->entropy, gctx->entropy_len))
goto err;
#ifdef FIPS_MODULE
- if (!slh_dsa_fips140_pairwise_test(ctx, key, gctx->libctx))
+ if (!slh_dsa_fips140_pairwise_test(ctx, key, gctx->libctx)) {
+ ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
goto err;
+ }
#endif /* FIPS_MODULE */
ossl_slh_dsa_hash_ctx_free(ctx);
return key;
@@ -403,6 +406,9 @@
{
struct slh_dsa_gen_ctx *gctx = genctx;
+ if (gctx == NULL)
+ return;
+
OPENSSL_cleanse(gctx->entropy, gctx->entropy_len);
OPENSSL_free(gctx->propq);
OPENSSL_free(gctx);
diff -Nru -w openssl-3.5.0/providers/implementations/keymgmt/template_kmgmt.c openssl-3.5.1/providers/implementations/keymgmt/template_kmgmt.c
--- openssl-3.5.0/providers/implementations/keymgmt/template_kmgmt.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/keymgmt/template_kmgmt.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -387,6 +387,9 @@
{
struct template_gen_ctx *gctx = genctx;
+ if (gctx == NULL)
+ return;
+
debug_print("gen cleanup for %p\n", gctx);
OPENSSL_free(gctx);
}
diff -Nru -w openssl-3.5.0/providers/implementations/rands/drbg_ctr.c openssl-3.5.1/providers/implementations/rands/drbg_ctr.c
--- openssl-3.5.0/providers/implementations/rands/drbg_ctr.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/rands/drbg_ctr.c 2025-07-01 13:52:08.000000000 +0200
@@ -23,6 +23,7 @@
#include "crypto/evp.h"
#include "crypto/evp/evp_local.h"
#include "internal/provider.h"
+#include "internal/common.h"
static OSSL_FUNC_rand_newctx_fn drbg_ctr_new_wrapper;
static OSSL_FUNC_rand_freectx_fn drbg_ctr_free;
@@ -85,6 +86,8 @@
* are XORing. So just process however much input we have.
*/
n = inlen < ctr->keylen ? inlen : ctr->keylen;
+ if (!ossl_assert(n <= sizeof(ctr->K)))
+ return;
for (i = 0; i < n; i++)
ctr->K[i] ^= in[i];
if (inlen <= ctr->keylen)
diff -Nru -w openssl-3.5.0/providers/implementations/rands/drbg_local.h openssl-3.5.1/providers/implementations/rands/drbg_local.h
--- openssl-3.5.0/providers/implementations/rands/drbg_local.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/rands/drbg_local.h 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -32,16 +32,6 @@
# define TIME_INTERVAL (60*60) /* 1 hour */
/*
- * The number of bytes that constitutes an atomic lump of entropy with respect
- * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat
- * arbitrary, the smaller the value, the less entropy is consumed on first
- * read but the higher the probability of the test failing by accident.
- *
- * The value is in bytes.
- */
-#define CRNGT_BUFSIZ 16
-
-/*
* Maximum input size for the DRBG (entropy, nonce, personalization string)
*
* NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes.
@@ -247,14 +237,6 @@
OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, NULL), \
OSSL_PARAM_uint64(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, NULL)
-/* Continuous test "entropy" calls */
-size_t ossl_crngt_get_entropy(PROV_DRBG *drbg,
- unsigned char **pout,
- int entropy, size_t min_len, size_t max_len,
- int prediction_resistance);
-void ossl_crngt_cleanup_entropy(PROV_DRBG *drbg,
- unsigned char *out, size_t outlen);
-
/* Confirm digest is allowed to be used with a DRBG */
int ossl_drbg_verify_digest(PROV_DRBG *drbg, OSSL_LIB_CTX *libctx, const EVP_MD *md);
diff -Nru -w openssl-3.5.0/providers/implementations/rands/test_rng.c openssl-3.5.1/providers/implementations/rands/test_rng.c
--- openssl-3.5.0/providers/implementations/rands/test_rng.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/rands/test_rng.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -158,7 +158,7 @@
static size_t test_rng_nonce(void *vtest, unsigned char *out,
unsigned int strength, size_t min_noncelen,
- ossl_unused size_t max_noncelen)
+ size_t max_noncelen)
{
PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
size_t i;
@@ -174,9 +174,10 @@
if (t->nonce == NULL)
return 0;
+ i = t->nonce_len > max_noncelen ? max_noncelen : t->nonce_len;
if (out != NULL)
- memcpy(out, t->nonce, t->nonce_len);
- return t->nonce_len;
+ memcpy(out, t->nonce, i);
+ return i;
}
static int test_rng_get_ctx_params(void *vtest, OSSL_PARAM params[])
diff -Nru -w openssl-3.5.0/providers/implementations/storemgmt/winstore_store.c openssl-3.5.1/providers/implementations/storemgmt/winstore_store.c
--- openssl-3.5.0/providers/implementations/storemgmt/winstore_store.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/providers/implementations/storemgmt/winstore_store.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -183,6 +183,7 @@
{
OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
const OSSL_ALGORITHM *to_algo = NULL;
+ const char *input_structure = NULL;
if (ctx->dctx != NULL)
return 1;
@@ -198,7 +199,8 @@
goto err;
}
- if (!OSSL_DECODER_CTX_set_input_structure(ctx->dctx, "Certificate")) {
+ input_structure = "Certificate";
+ if (!OSSL_DECODER_CTX_set_input_structure(ctx->dctx, input_structure)) {
ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
goto err;
}
@@ -208,6 +210,7 @@
to_algo++) {
OSSL_DECODER *to_obj = NULL;
OSSL_DECODER_INSTANCE *to_obj_inst = NULL;
+ const char *input_type;
/*
* Create the internal last resort decoder implementation
@@ -217,12 +220,22 @@
*/
to_obj = ossl_decoder_from_algorithm(0, to_algo, NULL);
if (to_obj != NULL)
- to_obj_inst = ossl_decoder_instance_new(to_obj, ctx->provctx);
+ to_obj_inst = ossl_decoder_instance_new_forprov(to_obj, ctx->provctx,
+ input_structure);
OSSL_DECODER_free(to_obj);
if (to_obj_inst == NULL)
goto err;
+ /*
+ * The input type has to be DER
+ */
+ input_type = OSSL_DECODER_INSTANCE_get_input_type(to_obj_inst);
+ if (OPENSSL_strcasecmp(input_type, "DER") != 0) {
+ ossl_decoder_instance_free(to_obj_inst);
+ continue;
+ }
+
if (!ossl_decoder_ctx_add_decoder_inst(ctx->dctx,
to_obj_inst)) {
ossl_decoder_instance_free(to_obj_inst);
diff -Nru -w openssl-3.5.0/ssl/quic/json_enc.c openssl-3.5.1/ssl/quic/json_enc.c
--- openssl-3.5.0/ssl/quic/json_enc.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/quic/json_enc.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -11,7 +11,6 @@
#include "internal/nelem.h"
#include "internal/numbers.h"
#include <string.h>
-#include <math.h>
/*
* wbuf
@@ -595,33 +594,6 @@
json_write_char(json, '"');
}
-/* Encode a JSON number from a 64-bit floating point value. */
-void ossl_json_f64(OSSL_JSON_ENC *json, double value)
-{
- char buf[32];
-
- if (!json_pre_item(json))
- return;
-
-#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
- {
- int checks = isnan(value);
-# if !defined(OPENSSL_SYS_VMS)
- checks |= isinf(value);
-# endif
-
- if (checks) {
- json_raise_error(json);
- return;
- }
- }
-#endif
-
- BIO_snprintf(buf, sizeof(buf), "%1.17g", value);
- json_write_str(json, buf);
- json_post_item(json);
-}
-
/*
* Encode a JSON UTF-8 string from a zero-terminated string. The string passed
* can be freed immediately following the call to this function.
diff -Nru -w openssl-3.5.0/ssl/quic/quic_channel_local.h openssl-3.5.1/ssl/quic/quic_channel_local.h
--- openssl-3.5.0/ssl/quic/quic_channel_local.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/quic/quic_channel_local.h 2025-07-01 13:52:08.000000000 +0200
@@ -41,7 +41,10 @@
/*
* The associated TLS 1.3 connection data. Used to provide the handshake
* layer; its 'network' side is plugged into the crypto stream for each EL
- * (other than the 0-RTT EL).
+ * (other than the 0-RTT EL). Note that the `tls` SSL object is not "owned"
+ * by this channel. It is created and managed elsewhere and is guaranteed
+ * to be valid for the lifetime of the channel. Therefore we do not free it
+ * when we free the channel.
*/
QUIC_TLS *qtls;
SSL *tls;
diff -Nru -w openssl-3.5.0/ssl/quic/quic_impl.c openssl-3.5.1/ssl/quic/quic_impl.c
--- openssl-3.5.0/ssl/quic/quic_impl.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/quic/quic_impl.c 2025-07-01 13:52:08.000000000 +0200
@@ -186,6 +186,10 @@
* This determines whether SSL_get_error() is updated; the value it returns
* is modified only by an I/O call.
*
+ * QCTX_NO_ERROR
+ * Don't raise an error if the object type is wrong. Should not be used in
+ * conjunction with any flags that may raise errors not related to a wrong
+ * object type.
*/
#define QCTX_C (1U << 0)
#define QCTX_S (1U << 1)
@@ -195,6 +199,7 @@
#define QCTX_LOCK (1U << 5)
#define QCTX_IO (1U << 6)
#define QCTX_D (1U << 7)
+#define QCTX_NO_ERROR (1U << 8)
/*
* Called when expect_quic failed. Used to diagnose why such a call failed and
@@ -205,7 +210,9 @@
const uint32_t mask = QCTX_C | QCTX_S | QCTX_L | QCTX_D;
int code = ERR_R_UNSUPPORTED;
- if ((flags & mask) == QCTX_D)
+ if ((flags & QCTX_NO_ERROR) != 0)
+ return 1;
+ else if ((flags & mask) == QCTX_D)
code = SSL_R_DOMAIN_USE_ONLY;
else if ((flags & mask) == QCTX_L)
code = SSL_R_LISTENER_USE_ONLY;
@@ -225,7 +232,8 @@
*
* After this returns 1, all fields of the passed QCTX are initialised.
* Returns 0 on failure. This function is intended to be used to provide API
- * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure.
+ * semantics and as such, it invokes QUIC_RAISE_NON_NORMAL_ERROR() on failure
+ * unless the QCTX_NO_ERROR flag is set.
*
* The flags argument controls the preconditions and postconditions of this
* function. See above for the different flags.
@@ -378,6 +386,25 @@
return ok;
}
+static int is_quic_c(const SSL *s, QCTX *ctx, int raiseerrs)
+{
+ uint32_t flags = QCTX_C;
+
+ if (!raiseerrs)
+ flags |= QCTX_NO_ERROR;
+ return expect_quic_as(s, ctx, flags);
+}
+
+/* Same as expect_quic_cs except that errors are not raised if raiseerrs == 0 */
+static int is_quic_cs(const SSL *s, QCTX *ctx, int raiseerrs)
+{
+ uint32_t flags = QCTX_C | QCTX_S;
+
+ if (!raiseerrs)
+ flags |= QCTX_NO_ERROR;
+ return expect_quic_as(s, ctx, flags);
+}
+
static int expect_quic_cs(const SSL *s, QCTX *ctx)
{
return expect_quic_as(s, ctx, QCTX_C | QCTX_S);
@@ -1672,33 +1699,47 @@
}
/* SSL_set_connect_state */
-void ossl_quic_set_connect_state(SSL *s)
+int ossl_quic_set_connect_state(SSL *s, int raiseerrs)
{
QCTX ctx;
- if (!expect_quic_cs(s, &ctx))
- return;
+ if (!is_quic_c(s, &ctx, raiseerrs))
+ return 0;
+
+ if (ctx.qc->as_server_state == 0)
+ return 1;
/* Cannot be changed after handshake started */
- if (ctx.qc->started || ctx.is_stream)
- return;
+ if (ctx.qc->started) {
+ if (raiseerrs)
+ QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL);
+ return 0;
+ }
ctx.qc->as_server_state = 0;
+ return 1;
}
/* SSL_set_accept_state */
-void ossl_quic_set_accept_state(SSL *s)
+int ossl_quic_set_accept_state(SSL *s, int raiseerrs)
{
QCTX ctx;
- if (!expect_quic_cs(s, &ctx))
- return;
+ if (!is_quic_c(s, &ctx, raiseerrs))
+ return 0;
+
+ if (ctx.qc->as_server_state == 1)
+ return 1;
/* Cannot be changed after handshake started */
- if (ctx.qc->started || ctx.is_stream)
- return;
+ if (ctx.qc->started) {
+ if (raiseerrs)
+ QUIC_RAISE_NON_NORMAL_ERROR(NULL, SSL_R_INVALID_COMMAND, NULL);
+ return 0;
+ }
ctx.qc->as_server_state = 1;
+ return 1;
}
/* SSL_do_handshake */
@@ -1983,7 +2024,8 @@
int ossl_quic_connect(SSL *s)
{
/* Ensure we are in connect state (no-op if non-idle). */
- ossl_quic_set_connect_state(s);
+ if (!ossl_quic_set_connect_state(s, 1))
+ return -1;
/* Begin or continue the handshake */
return ossl_quic_do_handshake(s);
@@ -1993,7 +2035,8 @@
int ossl_quic_accept(SSL *s)
{
/* Ensure we are in accept state (no-op if non-idle). */
- ossl_quic_set_accept_state(s);
+ if (!ossl_quic_set_accept_state(s, 1))
+ return -1;
/* Begin or continue the handshake */
return ossl_quic_do_handshake(s);
@@ -2325,8 +2368,9 @@
QCTX ctx;
int net_error, last_error;
- if (!expect_quic_cs(s, &ctx))
- return 0;
+ /* SSL_get_errors() should not raise new errors */
+ if (!is_quic_cs(s, &ctx, 0 /* suppress errors */))
+ return SSL_ERROR_SSL;
qctx_lock(&ctx);
net_error = ossl_quic_channel_net_error(ctx.qc->ch);
@@ -4849,6 +4893,9 @@
return 0;
key = ossl_quic_build_new_token(peer, NULL, 0);
+ if (key == NULL)
+ return 0;
+
ossl_crypto_mutex_lock(c->mutex);
tok = lh_QUIC_TOKEN_retrieve(c->cache, key);
if (tok != NULL) {
@@ -5106,6 +5153,8 @@
&& ossl_quic_stream_has_send_buffer(xso->stream)
&& ossl_quic_sstream_get_buffer_avail(xso->stream->sstream)
&& !ossl_quic_sstream_get_final_size(xso->stream->sstream, NULL)
+ && ossl_quic_txfc_get_cwm(&xso->stream->txfc)
+ > ossl_quic_sstream_get_cur_size(xso->stream->sstream)
&& quic_mutation_allowed(xso->conn, /*req_active=*/1);
}
diff -Nru -w openssl-3.5.0/ssl/quic/quic_method.c openssl-3.5.1/ssl/quic/quic_method.c
--- openssl-3.5.0/ssl/quic/quic_method.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/quic/quic_method.c 2025-07-01 13:52:08.000000000 +0200
@@ -23,5 +23,5 @@
IMPLEMENT_quic_meth_func(OSSL_QUIC_ANY_VERSION,
OSSL_QUIC_server_method,
- ssl_undefined_function,
- ossl_quic_connect, ssl3_undef_enc_method)
+ ossl_quic_accept,
+ ssl_undefined_function, ssl3_undef_enc_method)
diff -Nru -w openssl-3.5.0/ssl/quic/quic_port.c openssl-3.5.1/ssl/quic/quic_port.c
--- openssl-3.5.0/ssl/quic/quic_port.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/quic/quic_port.c 2025-07-01 13:52:08.000000000 +0200
@@ -458,34 +458,38 @@
QUIC_CONNECTION *qc = NULL;
QUIC_LISTENER *ql = NULL;
- if (port->get_conn_user_ssl != NULL) {
+ /*
+ * It only makes sense to call this function if we know how to associate
+ * the handshake layer we are about to create with some user_ssl object.
+ */
+ if (!ossl_assert(port->get_conn_user_ssl != NULL))
+ return NULL;
user_ssl = port->get_conn_user_ssl(ch, port->user_ssl_arg);
if (user_ssl == NULL)
return NULL;
qc = (QUIC_CONNECTION *)user_ssl;
ql = (QUIC_LISTENER *)port->user_ssl_arg;
+
+ /*
+ * We expect the user_ssl to be newly created so it must not have an
+ * existing qc->tls
+ */
+ if (!ossl_assert(qc->tls == NULL)) {
+ SSL_free(user_ssl);
+ return NULL;
}
tls = ossl_ssl_connection_new_int(port->channel_ctx, user_ssl, TLS_method());
+ qc->tls = tls;
if (tls == NULL || (tls_conn = SSL_CONNECTION_FROM_SSL(tls)) == NULL) {
SSL_free(user_ssl);
return NULL;
}
- /*
- * If we got a user ssl, which will be embedded in a quic connection
- * we need to fix up the connections tls pointer here
- */
- if (qc != NULL)
- qc->tls = tls;
-
if (ql != NULL && ql->obj.ssl.ctx->new_pending_conn_cb != NULL)
if (!ql->obj.ssl.ctx->new_pending_conn_cb(ql->obj.ssl.ctx, user_ssl,
ql->obj.ssl.ctx->new_pending_conn_arg)) {
- SSL_free(tls);
SSL_free(user_ssl);
- if (qc != NULL)
- qc->tls = NULL;
return NULL;
}
@@ -531,6 +535,11 @@
*/
ch->tls = (tls != NULL) ? tls : port_new_handshake_layer(port, ch);
+ if (ch->tls == NULL) {
+ OPENSSL_free(ch);
+ return NULL;
+ }
+
#ifndef OPENSSL_NO_QLOG
/*
* If we're using qlog, make sure the tls get further configured properly
@@ -548,7 +557,6 @@
* And finally init the channel struct
*/
if (!ossl_quic_channel_init(ch)) {
- SSL_free(ch->tls);
OPENSSL_free(ch);
return NULL;
}
diff -Nru -w openssl-3.5.0/ssl/quic/quic_tls.c openssl-3.5.1/ssl/quic/quic_tls.c
--- openssl-3.5.0/ssl/quic/quic_tls.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/quic/quic_tls.c 2025-07-01 13:52:08.000000000 +0200
@@ -177,6 +177,8 @@
if (!ossl_assert("Should not happen" == NULL))
goto err;
#endif
+ } else {
+ kdfdigest = NULL;
}
if (!rl->qtls->args.yield_secret_cb(level, qdir, suite_id,
@@ -856,6 +858,13 @@
}
#endif
+void ossl_quic_tls_clear(QUIC_TLS *qtls)
+{
+ if (qtls == NULL)
+ return;
+ qtls->local_transport_params_consumed = 0;
+}
+
int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls,
const unsigned char *transport_params,
size_t transport_params_len)
diff -Nru -w openssl-3.5.0/ssl/record/methods/dtls_meth.c openssl-3.5.1/ssl/record/methods/dtls_meth.c
--- openssl-3.5.0/ssl/record/methods/dtls_meth.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/record/methods/dtls_meth.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -571,6 +571,12 @@
return OSSL_RECORD_RETURN_FATAL;
}
+ if (rr->length == 0) {
+ /* No payload data in this record. Dump it */
+ rl->packet_length = 0;
+ goto again;
+ }
+
rl->num_recs = 1;
return OSSL_RECORD_RETURN_SUCCESS;
}
diff -Nru -w openssl-3.5.0/ssl/record/rec_layer_d1.c openssl-3.5.1/ssl/record/rec_layer_d1.c
--- openssl-3.5.0/ssl/record/rec_layer_d1.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/record/rec_layer_d1.c 2025-07-01 13:52:08.000000000 +0200
@@ -436,6 +436,17 @@
#endif
sc->shutdown |= SSL_RECEIVED_SHUTDOWN;
return 0;
+ } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
+ /*
+ * This is a warning but we receive it if we requested
+ * renegotiation and the peer denied it. Terminate with a fatal
+ * alert because if the application tried to renegotiate it
+ * presumably had a good reason and expects it to succeed. In
+ * the future we might have a renegotiation where we don't care
+ * if the peer refused it where we carry on.
+ */
+ SSLfatal(sc, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION);
+ return -1;
}
} else if (alert_level == SSL3_AL_FATAL) {
sc->rwstate = SSL_NOTHING;
diff -Nru -w openssl-3.5.0/ssl/record/rec_layer_s3.c openssl-3.5.1/ssl/record/rec_layer_s3.c
--- openssl-3.5.0/ssl/record/rec_layer_s3.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/record/rec_layer_s3.c 2025-07-01 13:52:08.000000000 +0200
@@ -551,6 +551,10 @@
return ret;
}
+/*
+ * Release data from a record.
+ * If length == 0 then we will release the entire record.
+ */
int ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr, size_t length)
{
assert(rr->length >= length);
@@ -572,6 +576,7 @@
/* We allocated the buffers for this record (only happens with DTLS) */
OPENSSL_free(rr->allocdata);
rr->allocdata = NULL;
+ s->rlayer.curr_rec++;
}
rr->length -= length;
if (rr->length > 0)
@@ -920,10 +925,10 @@
/*
* This is a warning but we receive it if we requested
* renegotiation and the peer denied it. Terminate with a fatal
- * alert because if application tried to renegotiate it
+ * alert because if the application tried to renegotiate it
* presumably had a good reason and expects it to succeed. In
- * future we might have a renegotiation where we don't care if
- * the peer refused it where we carry on.
+ * the future we might have a renegotiation where we don't care
+ * if the peer refused it where we carry on.
*/
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION);
return -1;
diff -Nru -w openssl-3.5.0/ssl/rio/poll_builder.c openssl-3.5.1/ssl/rio/poll_builder.c
--- openssl-3.5.0/ssl/rio/poll_builder.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/rio/poll_builder.c 2025-07-01 13:52:08.000000000 +0200
@@ -16,7 +16,9 @@
int ossl_rio_poll_builder_init(RIO_POLL_BUILDER *rpb)
{
-#if RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
+#if RIO_POLL_METHOD == RIO_POLL_METHOD_NONE
+ return 0;
+#elif RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
FD_ZERO(&rpb->rfd);
FD_ZERO(&rpb->wfd);
FD_ZERO(&rpb->efd);
@@ -113,8 +115,11 @@
if (i >= rpb->pfd_alloc) {
if (!rpb_ensure_alloc(rpb, rpb->pfd_alloc * 2))
return 0;
+ pfds = rpb->pfd_heap;
}
+ assert((rpb->pfd_heap != NULL && rpb->pfd_heap == pfds) ||
+ (rpb->pfd_heap == NULL && rpb->pfds == pfds));
assert(i <= rpb->pfd_num && rpb->pfd_num <= rpb->pfd_alloc);
pfds[i].fd = fd;
pfds[i].events = 0;
diff -Nru -w openssl-3.5.0/ssl/rio/poll_builder.h openssl-3.5.1/ssl/rio/poll_builder.h
--- openssl-3.5.0/ssl/rio/poll_builder.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/rio/poll_builder.h 2025-07-01 13:52:08.000000000 +0200
@@ -23,7 +23,9 @@
* FDs.
*/
typedef struct rio_poll_builder_st {
-# if RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
+# if RIO_POLL_METHOD == RIO_POLL_METHOD_NONE
+ int unused_dummy; /* make microsoft compiler happy */
+# elif RIO_POLL_METHOD == RIO_POLL_METHOD_SELECT
fd_set rfd, wfd, efd;
int hwm_fd;
# elif RIO_POLL_METHOD == RIO_POLL_METHOD_POLL
diff -Nru -w openssl-3.5.0/ssl/rio/poll_method.h openssl-3.5.1/ssl/rio/poll_method.h
--- openssl-3.5.0/ssl/rio/poll_method.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/rio/poll_method.h 2025-07-01 13:52:08.000000000 +0200
@@ -14,9 +14,12 @@
# define RIO_POLL_METHOD_SELECT 1
# define RIO_POLL_METHOD_POLL 2
+# define RIO_POLL_METHOD_NONE 3
# ifndef RIO_POLL_METHOD
-# if !defined(OPENSSL_SYS_WINDOWS) && defined(POLLIN)
+# if defined(OPENSSL_SYS_UEFI)
+# define RIO_POLL_METHOD RIO_POLL_METHOD_NONE
+# elif !defined(OPENSSL_SYS_WINDOWS) && defined(POLLIN)
# define RIO_POLL_METHOD RIO_POLL_METHOD_POLL
# else
# define RIO_POLL_METHOD RIO_POLL_METHOD_SELECT
diff -Nru -w openssl-3.5.0/ssl/s3_lib.c openssl-3.5.1/ssl/s3_lib.c
--- openssl-3.5.0/ssl/s3_lib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/s3_lib.c 2025-07-01 13:52:08.000000000 +0200
@@ -5036,7 +5036,10 @@
}
if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ /*
+ * the public key was probably a weak key
+ */
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
goto err;
}
@@ -5141,7 +5144,7 @@
}
if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
goto err;
}
diff -Nru -w openssl-3.5.0/ssl/ssl_cert.c openssl-3.5.1/ssl/ssl_cert.c
--- openssl-3.5.0/ssl/ssl_cert.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/ssl_cert.c 2025-07-01 13:52:08.000000000 +0200
@@ -478,9 +478,9 @@
/* Set suite B flags if needed */
X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
if (!X509_STORE_CTX_set_ex_data(ctx,
- SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
+ SSL_get_ex_data_X509_STORE_CTX_idx(),
+ SSL_CONNECTION_GET_USER_SSL(s)))
goto end;
- }
/* Verify via DANE if enabled */
if (DANETLS_ENABLED(&s->dane))
diff -Nru -w openssl-3.5.0/ssl/ssl_lib.c openssl-3.5.1/ssl/ssl_lib.c
--- openssl-3.5.0/ssl/ssl_lib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/ssl_lib.c 2025-07-01 13:52:08.000000000 +0200
@@ -33,6 +33,11 @@
#include "internal/ssl_unwrap.h"
#include "quic/quic_local.h"
+#ifndef OPENSSL_NO_SSLKEYLOG
+# include <sys/stat.h>
+# include <fcntl.h>
+#endif
+
static int ssl_undefined_function_3(SSL_CONNECTION *sc, unsigned char *r,
unsigned char *s, size_t t, size_t *u)
{
@@ -652,6 +657,8 @@
return 0;
}
+ ossl_quic_tls_clear(sc->qtls);
+
if (!RECORD_LAYER_reset(&sc->rlayer))
return 0;
@@ -1135,52 +1142,55 @@
return X509_VERIFY_PARAM_set_trust(sc->param, trust);
}
-int SSL_set1_host(SSL *s, const char *hostname)
+int SSL_set1_host(SSL *s, const char *host)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
- /* If a hostname is provided and parses as an IP address,
- * treat it as such. */
- if (hostname != NULL
- && X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname) == 1)
+ /* clear hostname(s) and IP address in any case, also if host parses as an IP address */
+ (void)X509_VERIFY_PARAM_set1_host(sc->param, NULL, 0);
+ (void)X509_VERIFY_PARAM_set1_ip(sc->param, NULL, 0);
+ if (host == NULL)
return 1;
- return X509_VERIFY_PARAM_set1_host(sc->param, hostname, 0);
+ /* If a host is provided and parses as an IP address, treat it as such. */
+ return X509_VERIFY_PARAM_set1_ip_asc(sc->param, host)
+ || X509_VERIFY_PARAM_set1_host(sc->param, host, 0);
}
-int SSL_add1_host(SSL *s, const char *hostname)
+int SSL_add1_host(SSL *s, const char *host)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
if (sc == NULL)
return 0;
- /* If a hostname is provided and parses as an IP address,
- * treat it as such. */
- if (hostname) {
+ /* If a host is provided and parses as an IP address, treat it as such. */
+ if (host != NULL) {
ASN1_OCTET_STRING *ip;
char *old_ip;
- ip = a2i_IPADDRESS(hostname);
- if (ip) {
+ ip = a2i_IPADDRESS(host);
+ if (ip != NULL) {
/* We didn't want it; only to check if it *is* an IP address */
ASN1_OCTET_STRING_free(ip);
old_ip = X509_VERIFY_PARAM_get1_ip_asc(sc->param);
- if (old_ip) {
+ if (old_ip != NULL) {
OPENSSL_free(old_ip);
/* There can be only one IP address */
+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
+ "IP address was already set");
return 0;
}
- return X509_VERIFY_PARAM_set1_ip_asc(sc->param, hostname);
+ return X509_VERIFY_PARAM_set1_ip_asc(sc->param, host);
}
}
- return X509_VERIFY_PARAM_add1_host(sc->param, hostname, 0);
+ return X509_VERIFY_PARAM_add1_host(sc->param, host, 0);
}
void SSL_set_hostflags(SSL *s, unsigned int flags)
@@ -3978,6 +3988,33 @@
* via ssl.h.
*/
+#ifndef OPENSSL_NO_SSLKEYLOG
+static BIO *get_sslkeylog_bio(const char *keylogfile)
+{
+# ifdef _POSIX_C_SOURCE
+ BIO *b;
+ int fdno = -1;
+ FILE *fp = NULL;
+
+ fdno = open(keylogfile, O_WRONLY | O_CREAT | O_APPEND, 0600);
+ if (fdno < 0)
+ return NULL;
+
+ fp = fdopen(fdno, "a");
+ if (fp == NULL) {
+ close(fdno);
+ return NULL;
+ }
+
+ if ((b = BIO_new_fp(fp, BIO_CLOSE)) == NULL)
+ fclose(fp);
+ return b;
+# else
+ return BIO_new_file(keylogfile, "a");
+# endif
+}
+#endif
+
SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
const SSL_METHOD *meth)
{
@@ -4290,7 +4327,7 @@
* if its already there.
*/
if (keylog_bio == NULL) {
- keylog_bio = BIO_new_file(keylogfile, "a");
+ keylog_bio = get_sslkeylog_bio(keylogfile);
if (keylog_bio == NULL) {
OSSL_TRACE(TLS, "Unable to create keylog bio\n");
goto out;
@@ -4945,6 +4982,9 @@
return ossl_quic_do_handshake(s);
#endif
+ if (sc == NULL)
+ return -1;
+
if (sc->handshake_func == NULL) {
ERR_raise(ERR_LIB_SSL, SSL_R_CONNECTION_TYPE_NOT_SET);
return -1;
@@ -4977,7 +5017,8 @@
#ifndef OPENSSL_NO_QUIC
if (IS_QUIC(s)) {
- ossl_quic_set_accept_state(s);
+ /* We suppress errors because this is a void function */
+ (void)ossl_quic_set_accept_state(s, 0 /* suppress errors */);
return;
}
#endif
@@ -4996,7 +5037,8 @@
#ifndef OPENSSL_NO_QUIC
if (IS_QUIC(s)) {
- ossl_quic_set_connect_state(s);
+ /* We suppress errors because this is a void function */
+ (void)ossl_quic_set_connect_state(s, 0 /* suppress errors */);
return;
}
#endif
@@ -5466,6 +5508,8 @@
new_cert = ssl_cert_dup(ctx->cert);
if (new_cert == NULL)
goto err;
+ if (!custom_exts_copy_conn(&new_cert->custext, &sc->cert->custext))
+ goto err;
if (!custom_exts_copy_flags(&new_cert->custext, &sc->cert->custext))
goto err;
diff -Nru -w openssl-3.5.0/ssl/ssl_local.h openssl-3.5.1/ssl/ssl_local.h
--- openssl-3.5.0/ssl/ssl_local.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/ssl_local.h 2025-07-01 13:52:08.000000000 +0200
@@ -2067,6 +2067,11 @@
* corresponding ServerHello extension.
*/
# define SSL_EXT_FLAG_SENT 0x2
+/*
+ * Indicates an extension that was set on SSL object and needs to be
+ * preserved when switching SSL contexts.
+ */
+# define SSL_EXT_FLAG_CONN 0x4
typedef struct {
custom_ext_method *meths;
@@ -2772,6 +2777,8 @@
__owur int tls13_setup_key_block(SSL_CONNECTION *s);
__owur size_t tls13_final_finish_mac(SSL_CONNECTION *s, const char *str, size_t slen,
unsigned char *p);
+__owur int tls13_store_handshake_traffic_hash(SSL_CONNECTION *s);
+__owur int tls13_store_server_finished_hash(SSL_CONNECTION *s);
__owur int tls13_change_cipher_state(SSL_CONNECTION *s, int which);
__owur int tls13_update_key(SSL_CONNECTION *s, int send);
__owur int tls13_hkdf_expand(SSL_CONNECTION *s,
@@ -2996,6 +3003,8 @@
__owur int custom_exts_copy(custom_ext_methods *dst,
const custom_ext_methods *src);
+__owur int custom_exts_copy_conn(custom_ext_methods *dst,
+ const custom_ext_methods *src);
__owur int custom_exts_copy_flags(custom_ext_methods *dst,
const custom_ext_methods *src);
void custom_exts_free(custom_ext_methods *exts);
diff -Nru -w openssl-3.5.0/ssl/ssl_sess.c openssl-3.5.1/ssl/ssl_sess.c
--- openssl-3.5.0/ssl/ssl_sess.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/ssl_sess.c 2025-07-01 13:52:08.000000000 +0200
@@ -595,6 +595,8 @@
SSL_TICKET_STATUS r;
if (SSL_CONNECTION_IS_TLS13(s)) {
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
/*
* By default we will send a new ticket. This can be overridden in the
* ticket processing.
@@ -607,6 +609,7 @@
hello->pre_proc_exts, NULL, 0))
return -1;
+ /* If we resumed, s->session will now be set */
ret = s->session;
} else {
/* sets s->ext.ticket_expected */
diff -Nru -w openssl-3.5.0/ssl/statem/extensions.c openssl-3.5.1/ssl/statem/extensions.c
--- openssl-3.5.0/ssl/statem/extensions.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/statem/extensions.c 2025-07-01 13:52:08.000000000 +0200
@@ -1736,11 +1736,14 @@
static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
int sent)
{
+ if (s->session == NULL)
+ return 1;
+
/* MaxFragmentLength defaults to disabled */
if (s->session->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_UNSPECIFIED)
s->session->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_DISABLED;
- if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) {
+ if (USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) {
s->rlayer.rrlmethod->set_max_frag_len(s->rlayer.rrl,
GET_MAX_FRAGMENT_LENGTH(s->session));
s->rlayer.wrlmethod->set_max_frag_len(s->rlayer.wrl,
@@ -1897,6 +1900,10 @@
already_set[comp] = 1;
}
}
+ if (PACKET_remaining(&supported_comp_algs) != 0) {
+ SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
+ return 0;
+ }
#endif
return 1;
}
diff -Nru -w openssl-3.5.0/ssl/statem/extensions_cust.c openssl-3.5.1/ssl/statem/extensions_cust.c
--- openssl-3.5.0/ssl/statem/extensions_cust.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/statem/extensions_cust.c 2025-07-01 13:52:08.000000000 +0200
@@ -107,7 +107,7 @@
custom_ext_method *meth = exts->meths;
for (i = 0; i < exts->meths_count; i++, meth++)
- meth->ext_flags = 0;
+ meth->ext_flags &= ~(SSL_EXT_FLAG_SENT | SSL_EXT_FLAG_RECEIVED);
}
/* Pass received custom extension data to the application for parsing. */
@@ -279,6 +279,31 @@
return 1;
}
+/* Copy old style API wrapper arguments */
+static void custom_ext_copy_old_cb(custom_ext_method *methdst,
+ const custom_ext_method *methsrc,
+ int *err)
+{
+ if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
+ return;
+
+ if (*err) {
+ methdst->add_arg = NULL;
+ methdst->parse_arg = NULL;
+ return;
+ }
+
+ methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
+ sizeof(custom_ext_add_cb_wrap));
+ methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
+ sizeof(custom_ext_parse_cb_wrap));
+
+ if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
+ *err = 1;
+
+ return;
+}
+
/* Copy table of custom extensions */
int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
{
@@ -293,31 +318,59 @@
return 0;
dst->meths_count = src->meths_count;
- for (i = 0; i < src->meths_count; i++) {
- custom_ext_method *methsrc = src->meths + i;
- custom_ext_method *methdst = dst->meths + i;
+ for (i = 0; i < src->meths_count; i++)
+ custom_ext_copy_old_cb(&dst->meths[i], &src->meths[i], &err);
+ }
- if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
- continue;
+ if (err) {
+ custom_exts_free(dst);
+ return 0;
+ }
- /*
- * We have found an old style API wrapper. We need to copy the
- * arguments too.
- */
+ return 1;
+}
- if (err) {
- methdst->add_arg = NULL;
- methdst->parse_arg = NULL;
+/* Copy custom extensions that were set on connection */
+int custom_exts_copy_conn(custom_ext_methods *dst,
+ const custom_ext_methods *src)
+{
+ size_t i;
+ int err = 0;
+
+ if (src->meths_count > 0) {
+ size_t meths_count = 0;
+
+ for (i = 0; i < src->meths_count; i++)
+ if ((src->meths[i].ext_flags & SSL_EXT_FLAG_CONN) != 0)
+ meths_count++;
+
+ if (meths_count > 0) {
+ custom_ext_method *methdst =
+ OPENSSL_realloc(dst->meths,
+ (dst->meths_count + meths_count) *
+ sizeof(custom_ext_method));
+
+ if (methdst == NULL)
+ return 0;
+
+ for (i = 0; i < dst->meths_count; i++)
+ custom_ext_copy_old_cb(&methdst[i], &dst->meths[i], &err);
+
+ dst->meths = methdst;
+ methdst += dst->meths_count;
+
+ for (i = 0; i < src->meths_count; i++) {
+ custom_ext_method *methsrc = &src->meths[i];
+
+ if ((methsrc->ext_flags & SSL_EXT_FLAG_CONN) == 0)
continue;
- }
- methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
- sizeof(custom_ext_add_cb_wrap));
- methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
- sizeof(custom_ext_parse_cb_wrap));
+ memcpy(methdst, methsrc, sizeof(custom_ext_method));
+ custom_ext_copy_old_cb(methdst, methsrc, &err);
+ methdst++;
+ }
- if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
- err = 1;
+ dst->meths_count += meths_count;
}
}
@@ -416,6 +469,7 @@
meth->add_cb = add_cb;
meth->free_cb = free_cb;
meth->ext_type = ext_type;
+ meth->ext_flags = (ctx == NULL) ? SSL_EXT_FLAG_CONN : 0;
meth->add_arg = add_arg;
meth->parse_arg = parse_arg;
exts->meths_count++;
diff -Nru -w openssl-3.5.0/ssl/statem/statem_clnt.c openssl-3.5.1/ssl/statem/statem_clnt.c
--- openssl-3.5.0/ssl/statem/statem_clnt.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/statem/statem_clnt.c 2025-07-01 13:52:08.000000000 +0200
@@ -911,6 +911,17 @@
/* SSLfatal() already called */
return WORK_ERROR;
}
+ /*
+ * For QUIC we deferred setting up these keys until now so
+ * that we can ensure write keys are always set up before read
+ * keys.
+ */
+ if (SSL_IS_QUIC_HANDSHAKE(s)
+ && !ssl->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
+ /* SSLfatal() already called */
+ return WORK_ERROR;
+ }
}
}
break;
@@ -1788,8 +1799,7 @@
*/
if (SSL_CONNECTION_IS_TLS13(s)) {
if (!ssl->method->ssl3_enc->setup_key_block(s)
- || !ssl->method->ssl3_enc->change_cipher_state(s,
- SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
+ || !tls13_store_handshake_traffic_hash(s)) {
/* SSLfatal() already called */
goto err;
}
@@ -1802,14 +1812,21 @@
* are changed. Since QUIC doesn't do TLS early data or need middlebox
* compat this doesn't cause a problem.
*/
- if (s->early_data_state == SSL_EARLY_DATA_NONE
- && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0
- && !ssl->method->ssl3_enc->change_cipher_state(s,
+ if (SSL_IS_QUIC_HANDSHAKE(s)
+ || (s->early_data_state == SSL_EARLY_DATA_NONE
+ && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0)) {
+ if (!ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
/* SSLfatal() already called */
goto err;
}
}
+ if (!ssl->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
+ /* SSLfatal() already called */
+ goto err;
+ }
+ }
OPENSSL_free(extensions);
return MSG_PROCESS_CONTINUE_READING;
@@ -3816,6 +3833,7 @@
* moment. We need to do it now.
*/
if (SSL_CONNECTION_IS_TLS13(s)
+ && !SSL_IS_QUIC_HANDSHAKE(s)
&& SSL_IS_FIRST_HANDSHAKE(s)
&& (s->early_data_state != SSL_EARLY_DATA_NONE
|| (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
@@ -3906,6 +3924,7 @@
* moment. We need to do it now.
*/
if (SSL_IS_FIRST_HANDSHAKE(sc)
+ && !SSL_IS_QUIC_HANDSHAKE(sc)
&& (sc->early_data_state != SSL_EARLY_DATA_NONE
|| (sc->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
&& (!ssl->method->ssl3_enc->change_cipher_state(sc,
diff -Nru -w openssl-3.5.0/ssl/statem/statem_dtls.c openssl-3.5.1/ssl/statem/statem_dtls.c
--- openssl-3.5.0/ssl/statem/statem_dtls.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/statem/statem_dtls.c 2025-07-01 13:52:08.000000000 +0200
@@ -16,9 +16,6 @@
#include "internal/cryptlib.h"
#include "internal/ssl_unwrap.h"
#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
@@ -116,6 +113,7 @@
size_t len, frag_off, overhead, used_len;
SSL *ssl = SSL_CONNECTION_GET_SSL(s);
SSL *ussl = SSL_CONNECTION_GET_USER_SSL(s);
+ uint8_t saved_payload[DTLS1_HM_HEADER_LENGTH];
if (!dtls1_query_mtu(s))
return -1;
@@ -218,6 +216,15 @@
}
dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH);
+ /*
+ * Save the data that will be overwritten by
+ * dtls1_write_messsage_header so no corruption occurs when using
+ * a msg callback.
+ */
+ if (s->msg_callback && s->init_off != 0)
+ memcpy(saved_payload, &s->init_buf->data[s->init_off],
+ sizeof(saved_payload));
+
dtls1_write_message_header(s,
(unsigned char *)&s->init_buf->
data[s->init_off]);
@@ -225,6 +232,11 @@
ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len,
&written);
+
+ if (type == SSL3_RT_HANDSHAKE && s->msg_callback && s->init_off != 0)
+ memcpy(&s->init_buf->data[s->init_off], saved_payload,
+ sizeof(saved_payload));
+
if (ret <= 0) {
/*
* might need to update MTU here, but we don't know which
@@ -297,7 +309,7 @@
if (written == s->init_num) {
if (s->msg_callback)
s->msg_callback(1, s->version, type, s->init_buf->data,
- (size_t)(s->init_off + s->init_num), ussl,
+ s->init_off + s->init_num, ussl,
s->msg_callback_arg);
s->init_off = 0; /* done writing this message */
diff -Nru -w openssl-3.5.0/ssl/statem/statem_lib.c openssl-3.5.1/ssl/statem/statem_lib.c
--- openssl-3.5.0/ssl/statem/statem_lib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/statem/statem_lib.c 2025-07-01 13:52:08.000000000 +0200
@@ -626,6 +626,7 @@
*/
if (SSL_CONNECTION_IS_TLS13(s)
&& !s->server
+ && !SSL_IS_QUIC_HANDSHAKE(s)
&& (s->early_data_state != SSL_EARLY_DATA_NONE
|| (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
&& s->s3.tmp.cert_req == 0
@@ -933,7 +934,21 @@
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
}
- if (!ssl->method->ssl3_enc->change_cipher_state(s,
+ if (!tls13_store_server_finished_hash(s)) {
+ /* SSLfatal() already called */
+ return MSG_PROCESS_ERROR;
+ }
+
+ /*
+ * For non-QUIC we set up the client's app data read keys now, so
+ * that we can go straight into reading 0.5RTT data from the server.
+ * For QUIC we don't do that, and instead defer setting up the keys
+ * until after we have set up the write keys in order to ensure that
+ * write keys are always set up before read keys (so that if we read
+ * a message we have the correct keys in place to ack it)
+ */
+ if (!SSL_IS_QUIC_HANDSHAKE(s)
+ && !ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
/* SSLfatal() already called */
return MSG_PROCESS_ERROR;
@@ -2365,23 +2380,24 @@
real_max = ver_max;
/* Check for downgrades */
- if (s->version == TLS1_2_VERSION && real_max > s->version) {
- if (memcmp(tls12downgrade,
+ /* TODO(DTLSv1.3): Update this code for DTLSv1.3 */
+ if (!SSL_CONNECTION_IS_DTLS(s) && real_max > s->version) {
+ /* Signal applies to all versions */
+ if (memcmp(tls11downgrade,
s->s3.server_random + SSL3_RANDOM_SIZE
- - sizeof(tls12downgrade),
- sizeof(tls12downgrade)) == 0) {
+ - sizeof(tls11downgrade),
+ sizeof(tls11downgrade)) == 0) {
s->version = origv;
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_R_INAPPROPRIATE_FALLBACK);
return 0;
}
- } else if (!SSL_CONNECTION_IS_DTLS(s)
- && s->version < TLS1_2_VERSION
- && real_max > s->version) {
- if (memcmp(tls11downgrade,
+ /* Only when accepting TLS1.3 */
+ if (real_max == TLS1_3_VERSION
+ && memcmp(tls12downgrade,
s->s3.server_random + SSL3_RANDOM_SIZE
- - sizeof(tls11downgrade),
- sizeof(tls11downgrade)) == 0) {
+ - sizeof(tls12downgrade),
+ sizeof(tls12downgrade)) == 0) {
s->version = origv;
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_R_INAPPROPRIATE_FALLBACK);
diff -Nru -w openssl-3.5.0/ssl/statem/statem_srvr.c openssl-3.5.1/ssl/statem/statem_srvr.c
--- openssl-3.5.0/ssl/statem/statem_srvr.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/statem/statem_srvr.c 2025-07-01 13:52:08.000000000 +0200
@@ -977,6 +977,7 @@
if (SSL_CONNECTION_IS_TLS13(s)) {
if (!ssl->method->ssl3_enc->setup_key_block(s)
+ || !tls13_store_handshake_traffic_hash(s)
|| !ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
/* SSLfatal() already called */
@@ -1040,6 +1041,7 @@
if (!ssl->method->ssl3_enc->generate_master_secret(s,
s->master_secret, s->handshake_secret, 0,
&dummy)
+ || !tls13_store_server_finished_hash(s)
|| !ssl->method->ssl3_enc->change_cipher_state(s,
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
/* SSLfatal() already called */
diff -Nru -w openssl-3.5.0/ssl/t1_lib.c openssl-3.5.1/ssl/t1_lib.c
--- openssl-3.5.0/ssl/t1_lib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/t1_lib.c 2025-07-01 13:52:08.000000000 +0200
@@ -972,9 +972,11 @@
goto end;
gix->grp = grps;
gix->ix = ix;
- if (sk_TLS_GROUP_IX_push(collect, gix) <= 0)
+ if (sk_TLS_GROUP_IX_push(collect, gix) <= 0) {
+ OPENSSL_free(gix);
goto end;
}
+ }
sk_TLS_GROUP_IX_sort(collect);
num = sk_TLS_GROUP_IX_num(collect);
diff -Nru -w openssl-3.5.0/ssl/tls13_enc.c openssl-3.5.1/ssl/tls13_enc.c
--- openssl-3.5.0/ssl/tls13_enc.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/ssl/tls13_enc.c 2025-07-01 13:52:08.000000000 +0200
@@ -446,6 +446,31 @@
return 1;
}
+static int tls13_store_hash(SSL_CONNECTION *s, unsigned char *hash, size_t len)
+{
+ size_t hashlen;
+
+ if (!ssl3_digest_cached_records(s, 1)
+ || !ssl_handshake_hash(s, hash, len, &hashlen)) {
+ /* SSLfatal() already called */;
+ return 0;
+ }
+
+ return 1;
+}
+
+int tls13_store_handshake_traffic_hash(SSL_CONNECTION *s)
+{
+ return tls13_store_hash(s, s->handshake_traffic_hash,
+ sizeof(s->handshake_traffic_hash));
+}
+
+int tls13_store_server_finished_hash(SSL_CONNECTION *s)
+{
+ return tls13_store_hash(s, s->server_finished_hash,
+ sizeof(s->server_finished_hash));
+}
+
int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
{
/* ASCII: "c e traffic", in hex for EBCDIC compatibility */
@@ -633,6 +658,7 @@
label = server_application_traffic;
labellen = sizeof(server_application_traffic) - 1;
log_label = SERVER_APPLICATION_LABEL;
+ hash = s->server_finished_hash;
}
}
@@ -648,16 +674,6 @@
}
}
- /*
- * Save the hash of handshakes up to now for use when we calculate the
- * client application traffic secret
- */
- if (label == server_application_traffic)
- memcpy(s->server_finished_hash, hashval, hashlen);
-
- if (label == server_handshake_traffic)
- memcpy(s->handshake_traffic_hash, hashval, hashlen);
-
if (label == client_application_traffic) {
/*
* We also create the resumption master secret, but this time use the
diff -Nru -w openssl-3.5.0/test/bio_comp_test.c openssl-3.5.1/test/bio_comp_test.c
--- openssl-3.5.0/test/bio_comp_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/bio_comp_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -83,8 +83,10 @@
int size = sizes[n % 4];
int type = n / 4;
- if (!TEST_ptr(original = OPENSSL_malloc(BUFFER_SIZE))
- || !TEST_ptr(result = OPENSSL_malloc(BUFFER_SIZE)))
+ original = OPENSSL_malloc(BUFFER_SIZE);
+ result = OPENSSL_malloc(BUFFER_SIZE);
+
+ if (!TEST_ptr(original) || !TEST_ptr(result))
goto err;
switch (type) {
diff -Nru -w openssl-3.5.0/test/bio_enc_test.c openssl-3.5.1/test/bio_enc_test.c
--- openssl-3.5.0/test/bio_enc_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/bio_enc_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -139,7 +139,17 @@
if (!TEST_ptr(mem))
goto err;
BIO_push(b, mem);
+#if 0
+ /*
+ * This is wrong to do, it always fails, and incorrectly ends up
+ * calling `EVP_CipherFinal()` and setting ctx->finished = 1, ...
+ * all of which are unwanted. But just deleting this is less
+ * instructive to future readers of the code. Don't call BIO_flush
+ * until you're done either reading or writing and want to finalise
+ * the state.
+ */
(void)BIO_flush(b);
+#endif
memset(out, 0, sizeof(out));
len = BIO_read(b, out, sizeof(out));
BIO_free_all(b);
@@ -256,6 +266,66 @@
# endif
# endif
+static int test_bio_enc_eof_read_flush(void)
+{
+ /* Length chosen to ensure base64 encoding employs padding */
+ const unsigned char pbuf[] = "Attack at dawn";
+ unsigned char cbuf[16]; /* At least as long as pbuf */
+ const EVP_CIPHER *cipher = EVP_aes_256_gcm();
+ EVP_CIPHER_CTX *ctx = NULL;
+ BIO *mem = NULL, *b64 = NULL, *cbio = NULL;
+ unsigned char tag[16];
+ size_t key_size, iv_size;
+ int n, ret = 0;
+
+ memset(tag, 0, sizeof(tag));
+ if (!TEST_ptr(cipher)
+ || !TEST_int_gt((key_size = EVP_CIPHER_key_length(cipher)), 0)
+ || !TEST_int_gt((iv_size = EVP_CIPHER_iv_length(cipher)), 0)
+ || !TEST_ptr(mem = BIO_new(BIO_s_mem()))
+ || !TEST_ptr(b64 = BIO_new(BIO_f_base64()))
+ || !TEST_ptr(cbio = BIO_new(BIO_f_cipher()))
+ || !TEST_ptr(BIO_push(b64, mem))
+ || !TEST_ptr(BIO_push(cbio, b64))
+ || !TEST_int_gt(BIO_get_cipher_ctx(cbio, &ctx), 0)
+ || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, KEY, IV, ENCRYPT))
+ || !TEST_int_gt(BIO_write(cbio, pbuf, sizeof(pbuf) - 1), 0)
+ || !TEST_int_gt(BIO_flush(cbio), 0)
+ || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
+ sizeof(tag), tag), 0))
+ goto end;
+ BIO_free(cbio);
+ BIO_free(b64);
+ b64 = cbio = NULL;
+
+ BIO_set_mem_eof_return(mem, 0);
+ BIO_set_flags(mem, BIO_FLAGS_NONCLEAR_RST);
+ if (!TEST_int_gt(BIO_reset(mem), 0)
+ || !TEST_ptr(b64 = BIO_new(BIO_f_base64()))
+ || !TEST_ptr(cbio = BIO_new(BIO_f_cipher()))
+ || !TEST_ptr(BIO_push(b64, mem))
+ || !TEST_ptr(BIO_push(cbio, b64))
+ || !TEST_int_gt(BIO_get_cipher_ctx(cbio, &ctx), 0)
+ || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, KEY, IV, DECRYPT))
+ || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
+ sizeof(tag), tag), 0)
+ || !TEST_int_gt((n = BIO_read(cbio, cbuf, sizeof(cbuf))), 0)
+ || !TEST_true(BIO_get_cipher_status(cbio))
+ /* Evaluate both and report whether either or both failed */
+ || (!TEST_int_gt(BIO_flush(cbio), 0) +
+ !TEST_true(BIO_get_cipher_status(cbio)))
+ || !TEST_mem_eq(cbuf, n, pbuf, sizeof(pbuf) - 1))
+ goto end;
+
+ ret = 1;
+
+ end:
+ BIO_free(cbio);
+ BIO_free(b64);
+ BIO_free(mem);
+ return ret;
+}
+
int setup_tests(void)
{
ADD_ALL_TESTS(test_bio_enc_aes_128_cbc, 2);
@@ -268,5 +338,6 @@
ADD_ALL_TESTS(test_bio_enc_chacha20_poly1305, 2);
# endif
# endif
+ ADD_TEST(test_bio_enc_eof_read_flush);
return 1;
}
diff -Nru -w openssl-3.5.0/test/bioprinttest.c openssl-3.5.1/test/bioprinttest.c
--- openssl-3.5.0/test/bioprinttest.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/bioprinttest.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -19,90 +19,97 @@
static int justprint = 0;
-static char *fpexpected[][10][5] = {
+static char *fpexpected[][11][5] = {
{
- /* 00 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" },
- /* 01 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" },
- /* 02 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" },
- /* 03 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" },
- /* 04 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
- /* 05 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" },
- /* 06 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" },
- /* 07 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" },
- /* 08 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" },
- /* 09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
- },
- {
- /* 10 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" },
- /* 11 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" },
- /* 12 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" },
- /* 13 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" },
- /* 14 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" },
- /* 15 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" },
- /* 16 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" },
- /* 17 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" },
- /* 18 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" },
- /* 19 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" },
- },
- {
- /* 20 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" },
- /* 21 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" },
- /* 22 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" },
- /* 23 */ { " 6.6667e-04", " 0.0007", " 0.0006667", " 6.6667E-04", " 0.0006667" },
- /* 24 */ { " 6.6667e-05", " 0.0001", " 6.667e-05", " 6.6667E-05", " 6.667E-05" },
- /* 25 */ { " 6.6667e+00", " 6.6667", " 6.667", " 6.6667E+00", " 6.667" },
- /* 26 */ { " 6.6667e+01", " 66.6667", " 66.67", " 6.6667E+01", " 66.67" },
- /* 27 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" },
- /* 28 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" },
- /* 29 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" },
- },
- {
- /* 30 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" },
- /* 31 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" },
- /* 32 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" },
- /* 33 */ { " 6.66667e-04", " 0.00067", " 0.00066667", " 6.66667E-04", " 0.00066667" },
- /* 34 */ { " 6.66667e-05", " 0.00007", " 6.6667e-05", " 6.66667E-05", " 6.6667E-05" },
- /* 35 */ { " 6.66667e+00", " 6.66667", " 6.6667", " 6.66667E+00", " 6.6667" },
- /* 36 */ { " 6.66667e+01", " 66.66667", " 66.667", " 6.66667E+01", " 66.667" },
- /* 37 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" },
- /* 38 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" },
- /* 39 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" },
- },
- {
- /* 40 */ { "0e+00", "0", "0", "0E+00", "0" },
- /* 41 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
- /* 42 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
- /* 43 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" },
- /* 44 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" },
- /* 45 */ { "7e+00", "7", "7", "7E+00", "7" },
- /* 46 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" },
- /* 47 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" },
- /* 48 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" },
- /* 49 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" },
- },
- {
- /* 50 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" },
- /* 51 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" },
- /* 52 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" },
- /* 53 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" },
- /* 54 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" },
- /* 55 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" },
- /* 56 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" },
- /* 57 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" },
- /* 58 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" },
- /* 59 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" },
- },
- {
- /* 60 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" },
- /* 61 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" },
- /* 62 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" },
- /* 63 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" },
- /* 64 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
- /* 65 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" },
- /* 66 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" },
- /* 67 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" },
- /* 68 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" },
- /* 69 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+ /* 0.00 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" },
+ /* 0.01 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" },
+ /* 0.02 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" },
+ /* 0.03 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" },
+ /* 0.04 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
+ /* 0.05 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" },
+ /* 0.06 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" },
+ /* 0.07 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" },
+ /* 0.08 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" },
+ /* 0.09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+ /* 0.10 */ { "-6.6667e+04", "-66666.6667", "-6.667e+04", "-6.6667E+04", "-6.667E+04" },
+ },
+ {
+ /* 1.00 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" },
+ /* 1.01 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" },
+ /* 1.02 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" },
+ /* 1.03 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" },
+ /* 1.04 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" },
+ /* 1.05 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" },
+ /* 1.06 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" },
+ /* 1.07 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" },
+ /* 1.08 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" },
+ /* 1.09 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" },
+ /* 1.10 */ { "-6.66667e+04", "-66666.66667", "-66667", "-6.66667E+04", "-66667" },
+ },
+ {
+ /* 2.00 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" },
+ /* 2.01 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" },
+ /* 2.02 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" },
+ /* 2.03 */ { " 6.6667e-04", " 0.0007", " 0.0006667", " 6.6667E-04", " 0.0006667" },
+ /* 2.04 */ { " 6.6667e-05", " 0.0001", " 6.667e-05", " 6.6667E-05", " 6.667E-05" },
+ /* 2.05 */ { " 6.6667e+00", " 6.6667", " 6.667", " 6.6667E+00", " 6.667" },
+ /* 2.06 */ { " 6.6667e+01", " 66.6667", " 66.67", " 6.6667E+01", " 66.67" },
+ /* 2.07 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" },
+ /* 2.08 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" },
+ /* 2.09 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" },
+ /* 2.10 */ { " -6.6667e+04", " -66666.6667", " -6.667e+04", " -6.6667E+04", " -6.667E+04" },
+ },
+ {
+ /* 3.00 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" },
+ /* 3.01 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" },
+ /* 3.02 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" },
+ /* 3.03 */ { " 6.66667e-04", " 0.00067", " 0.00066667", " 6.66667E-04", " 0.00066667" },
+ /* 3.04 */ { " 6.66667e-05", " 0.00007", " 6.6667e-05", " 6.66667E-05", " 6.6667E-05" },
+ /* 3.05 */ { " 6.66667e+00", " 6.66667", " 6.6667", " 6.66667E+00", " 6.6667" },
+ /* 3.06 */ { " 6.66667e+01", " 66.66667", " 66.667", " 6.66667E+01", " 66.667" },
+ /* 3.07 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" },
+ /* 3.08 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" },
+ /* 3.09 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" },
+ /* 3.10 */ { "-6.66667e+04", "-66666.66667", " -66667", "-6.66667E+04", " -66667" },
+ },
+ {
+ /* 4.00 */ { "0e+00", "0", "0", "0E+00", "0" },
+ /* 4.01 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
+ /* 4.02 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
+ /* 4.03 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" },
+ /* 4.04 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" },
+ /* 4.05 */ { "7e+00", "7", "7", "7E+00", "7" },
+ /* 4.06 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" },
+ /* 4.07 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" },
+ /* 4.08 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" },
+ /* 4.09 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" },
+ /* 4.10 */ { "-7e+04", "-66667", "-7e+04", "-7E+04", "-7E+04" },
+ },
+ {
+ /* 5.00 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" },
+ /* 5.01 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" },
+ /* 5.02 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" },
+ /* 5.03 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" },
+ /* 5.04 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" },
+ /* 5.05 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" },
+ /* 5.06 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" },
+ /* 5.07 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" },
+ /* 5.08 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" },
+ /* 5.09 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" },
+ /* 5.10 */ { "-6.666667e+04", "-66666.666667", "-66666.7", "-6.666667E+04", "-66666.7" },
+ },
+ {
+ /* 6.00 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" },
+ /* 6.01 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" },
+ /* 6.02 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" },
+ /* 6.03 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" },
+ /* 6.04 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
+ /* 6.05 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" },
+ /* 6.06 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" },
+ /* 6.07 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" },
+ /* 6.08 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" },
+ /* 6.09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+ /* 6.10 */ { "-6.6667e+04", "-66666.6667", "-6.667e+04", "-6.6667E+04", "-6.667E+04" },
},
};
@@ -203,7 +210,7 @@
if (justprint) {
if (i == 0)
- printf(" /* %d%d */ { \"%s\"", test, sub, result);
+ printf(" /* %d.%02d */ { \"%s\"", test, sub, result);
else
printf(", \"%s\"", result);
} else if (!TEST_str_eq(fpexpected[test][sub][i], result)) {
@@ -234,7 +241,8 @@
&& TEST_true(dofptest(i, t++, 66.0 + frac, pwp->w, pwp->p))
&& TEST_true(dofptest(i, t++, 666.0 + frac, pwp->w, pwp->p))
&& TEST_true(dofptest(i, t++, 6666.0 + frac, pwp->w, pwp->p))
- && TEST_true(dofptest(i, t++, 66666.0 + frac, pwp->w, pwp->p));
+ && TEST_true(dofptest(i, t++, 66666.0 + frac, pwp->w, pwp->p))
+ && TEST_true(dofptest(i, t++, -66666.0 - frac, pwp->w, pwp->p));
if (justprint)
printf(" },\n");
return r;
diff -Nru -w openssl-3.5.0/test/cmp_client_test.c openssl-3.5.1/test/cmp_client_test.c
--- openssl-3.5.0/test/cmp_client_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/cmp_client_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -227,7 +227,8 @@
static int test_exec_IR_ses_poll_no_timeout(void)
{
return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter,
- 2 /* pollCount */, checkAfter + 4,
+ 2 /* pollCount */,
+ checkAfter + 14, /* usually 4 is sufficient */
OSSL_CMP_PKISTATUS_accepted);
}
diff -Nru -w openssl-3.5.0/test/dhtest.c openssl-3.5.1/test/dhtest.c
--- openssl-3.5.0/test/dhtest.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/dhtest.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -208,17 +208,17 @@
alen = DH_size(a);
if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
- || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
+ || !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0))
goto err3;
blen = DH_size(b);
if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
- || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
+ || !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0))
goto err3;
clen = DH_size(c);
if (!TEST_ptr(cbuf = OPENSSL_malloc(clen))
- || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1))
+ || !TEST_int_gt((cout = DH_compute_key(cbuf, apub_key, c)), 0))
goto err3;
if (!TEST_true(aout >= 20)
@@ -694,12 +694,12 @@
alen = DH_size(a);
if (!TEST_int_gt(alen, 0) || !TEST_ptr(abuf = OPENSSL_malloc(alen))
- || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
+ || !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0))
goto err;
blen = DH_size(b);
if (!TEST_int_gt(blen, 0) || !TEST_ptr(bbuf = OPENSSL_malloc(blen))
- || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
+ || !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0))
goto err;
if (!TEST_true(aout >= 20)
diff -Nru -w openssl-3.5.0/test/dtlstest.c openssl-3.5.1/test/dtlstest.c
--- openssl-3.5.0/test/dtlstest.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/dtlstest.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -587,6 +587,105 @@
return testresult;
}
+static int test_duplicate_app_data(void)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *sssl = NULL, *cssl = NULL;
+ int testresult = 0;
+ BIO *bio;
+ char msg[] = { 0x00, 0x01, 0x02, 0x03 };
+ char buf[10];
+ int ret;
+
+ if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
+ DTLS_client_method(),
+ DTLS1_VERSION, 0,
+ &sctx, &cctx, cert, privkey)))
+ return 0;
+
+#ifndef OPENSSL_NO_DTLS1_2
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
+ goto end;
+#else
+ /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
+ if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
+ || !TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "AES128-SHA:@SECLEVEL=0")))
+ goto end;
+#endif
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl,
+ NULL, NULL)))
+ goto end;
+
+ /* Send flight 1: ClientHello */
+ if (!TEST_int_le(SSL_connect(cssl), 0))
+ goto end;
+
+ /* Recv flight 1, send flight 2: ServerHello, Certificate, ServerHelloDone */
+ if (!TEST_int_le(SSL_accept(sssl), 0))
+ goto end;
+
+ /* Recv flight 2, send flight 3: ClientKeyExchange, CCS, Finished */
+ if (!TEST_int_le(SSL_connect(cssl), 0))
+ goto end;
+
+ /* Recv flight 3, send flight 4: datagram 0(NST, CCS) datagram 1(Finished) */
+ if (!TEST_int_gt(SSL_accept(sssl), 0))
+ goto end;
+
+ bio = SSL_get_wbio(sssl);
+ if (!TEST_ptr(bio))
+ goto end;
+
+ /*
+ * Send flight 4 (cont'd): datagram 2(app data)
+ * + datagram 3 (app data duplicate)
+ */
+ if (!TEST_int_eq(SSL_write(sssl, msg, sizeof(msg)), (int)sizeof(msg)))
+ goto end;
+
+ if (!TEST_true(mempacket_dup_last_packet(bio)))
+ goto end;
+
+ /* App data comes before NST/CCS */
+ if (!TEST_true(mempacket_move_packet(bio, 0, 2)))
+ goto end;
+
+ /*
+ * Recv flight 4 (datagram 2): app data + flight 4 (datagram 0): NST, CCS, +
+ * + flight 4 (datagram 1): Finished
+ */
+ if (!TEST_int_gt(SSL_connect(cssl), 0))
+ goto end;
+
+ /*
+ * Read flight 4 (app data)
+ */
+ if (!TEST_int_eq(SSL_read(cssl, buf, sizeof(buf)), (int)sizeof(msg)))
+ goto end;
+
+ if (!TEST_mem_eq(buf, sizeof(msg), msg, sizeof(msg)))
+ goto end;
+
+ /*
+ * Read flight 4, datagram 3. We expect the duplicated app data to have been
+ * dropped, with no more data available
+ */
+ if (!TEST_int_le(ret = SSL_read(cssl, buf, sizeof(buf)), 0)
+ || !TEST_int_eq(SSL_get_error(cssl, ret), SSL_ERROR_WANT_READ))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(cssl);
+ SSL_free(sssl);
+ SSL_CTX_free(cctx);
+ SSL_CTX_free(sctx);
+
+ return testresult;
+}
+
/* Confirm that we can create a connections using DTLSv1_listen() */
static int test_listen(void)
{
@@ -658,6 +757,7 @@
ADD_TEST(test_just_finished);
ADD_ALL_TESTS(test_swap_records, 4);
ADD_TEST(test_listen);
+ ADD_TEST(test_duplicate_app_data);
return 1;
}
diff -Nru -w openssl-3.5.0/test/ectest.c openssl-3.5.1/test/ectest.c
--- openssl-3.5.0/test/ectest.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/ectest.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -2819,7 +2819,7 @@
int is_prime = 0;
EC_KEY *eckey1 = NULL, *eckey2 = NULL;
EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
- EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL;
+ EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL, *dctx = NULL;
size_t sslen, t;
unsigned char *pub1 = NULL , *pub2 = NULL;
OSSL_PARAM_BLD *param_bld = NULL;
@@ -3042,11 +3042,12 @@
EVP_PKEY_CTX_free(pctx1);
if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
|| !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &t), 1)
+ || !TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx1))
+ || !TEST_int_eq(EVP_PKEY_derive_set_peer_ex(dctx, pkey2, 1), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &t), 1)
|| !TEST_int_gt(bsize, t)
|| !TEST_int_le(sslen, t)
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &t), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(dctx, buf1, &t), 1)
/* compare with previous result */
|| !TEST_mem_eq(buf1, t, buf2, sslen))
goto err;
@@ -3074,6 +3075,7 @@
EVP_PKEY_free(pkey2);
EVP_PKEY_CTX_free(pctx1);
EVP_PKEY_CTX_free(pctx2);
+ EVP_PKEY_CTX_free(dctx);
return ret;
}
diff -Nru -w openssl-3.5.0/test/evp_extra_test.c openssl-3.5.1/test/evp_extra_test.c
--- openssl-3.5.0/test/evp_extra_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/evp_extra_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -3524,6 +3524,7 @@
size_t outlen;
int ret = 0;
unsigned char salt[] = "";
+ unsigned char fake[] = "0123456789";
unsigned char key[] = "012345678901234567890123456789";
unsigned char info[] = "";
const unsigned char expected[] = {
@@ -3540,6 +3541,8 @@
if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake,
+ sizeof(fake) - 1), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
sizeof(salt) - 1), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
diff -Nru -w openssl-3.5.0/test/evp_pkey_provided_test.c openssl-3.5.1/test/evp_pkey_provided_test.c
--- openssl-3.5.0/test/evp_pkey_provided_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/evp_pkey_provided_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2180,6 +2180,53 @@
return ret;
}
+static const char *name_dup_algs[] = {
+#ifndef OPENSSL_NO_ECX
+ "ED25519",
+#endif
+#ifndef OPENSSL_NO_ML_KEM
+ "ML-KEM-512",
+#endif
+#ifndef OPENSSL_NO_ML_DSA
+ "ML-DSA-44",
+#endif
+ NULL
+};
+
+static int test_name_dup(int idx)
+{
+ const char *alg = name_dup_algs[idx];
+ EVP_PKEY *key = NULL;
+ EVP_PKEY_CTX *factory = NULL, *ctx = NULL;
+ int i, ret = 0;
+
+ if (alg == NULL
+ || (factory = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL)) == NULL)
+ return 1;
+ TEST_info("Testing fresh context dup for: %s", alg);
+
+ /* Run twice to check that *repeated* use works */
+ for (i = 0; i < 2; ++i) {
+ EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_free(key);
+ key = NULL;
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_dup(factory))
+ || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
+ || !TEST_int_gt(EVP_PKEY_keygen(ctx, &key), 0)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret = 1;
+
+ end:
+ EVP_PKEY_CTX_free(factory);
+ EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_free(key);
+
+ return ret;
+}
+
int setup_tests(void)
{
if (!test_skip_common_options()) {
@@ -2191,6 +2238,7 @@
return 0;
ADD_TEST(test_evp_pkey_ctx_dup_kdf);
+ ADD_ALL_TESTS(test_name_dup, OSSL_NELEM(name_dup_algs));
ADD_TEST(test_evp_pkey_get_bn_param_large);
ADD_TEST(test_fromdata_rsa);
ADD_TEST(test_fromdata_rsa_derive_from_pq_sp800);
diff -Nru -w openssl-3.5.0/test/evp_test.c openssl-3.5.1/test/evp_test.c
--- openssl-3.5.0/test/evp_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/evp_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -677,8 +677,10 @@
if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, propquery)) == NULL
&& (digest = EVP_get_digestbyname(alg)) == NULL)
return 0;
- if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
+ if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) {
+ EVP_MD_free(fetched_digest);
return 0;
+ }
t->data = mdat;
mdat->digest = digest;
mdat->fetched_digest = fetched_digest;
@@ -5359,7 +5361,9 @@
clear_test(t);
free_key_list(public_keys);
+ public_keys = NULL;
free_key_list(private_keys);
+ private_keys = NULL;
BIO_free(t->s.key);
c = t->s.errors;
OPENSSL_free(t);
diff -Nru -w openssl-3.5.0/test/helpers/quictestlib.c openssl-3.5.1/test/helpers/quictestlib.c
--- openssl-3.5.0/test/helpers/quictestlib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/helpers/quictestlib.c 2025-07-01 13:52:08.000000000 +0200
@@ -72,6 +72,12 @@
struct noise_args_data_st noiseargs;
};
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+static int client_ready = 0;
+static CRYPTO_CONDVAR *client_ready_cond = NULL;
+static CRYPTO_MUTEX *client_ready_mutex = NULL;
+#endif
+
static void packet_plain_finish(void *arg);
static void handshake_finish(void *arg);
static OSSL_TIME qtest_get_time(void);
@@ -136,16 +142,28 @@
BIO *tmpbio = NULL;
QTEST_DATA *bdata = NULL;
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+ if (client_ready_cond == NULL) {
+ client_ready_cond = ossl_crypto_condvar_new();
+ if (client_ready_cond == NULL)
+ return 0;
+ }
+
+ if (client_ready_mutex == NULL) {
+ client_ready_mutex = ossl_crypto_mutex_new();
+ if (client_ready_mutex == NULL) {
+ ossl_crypto_condvar_free(&client_ready_cond);
+ client_ready_cond = NULL;
+ return 0;
+ }
+ }
+#endif
+
bdata = OPENSSL_zalloc(sizeof(QTEST_DATA));
if (bdata == NULL)
return 0;
*qtserv = NULL;
- if (*cssl == NULL) {
- *cssl = SSL_new(clientctx);
- if (!TEST_ptr(*cssl))
- return 0;
- }
if (fault != NULL) {
*fault = OPENSSL_zalloc(sizeof(**fault));
@@ -154,6 +172,12 @@
bdata->fault = *fault;
}
+ if (*cssl == NULL) {
+ *cssl = SSL_new(clientctx);
+ if (!TEST_ptr(*cssl))
+ goto err;
+ }
+
#ifndef OPENSSL_NO_SSL_TRACE
if ((flags & QTEST_FLAG_CLIENT_TRACE) != 0) {
tmpbio = BIO_new_fp(stdout, BIO_NOCLOSE);
@@ -433,7 +457,6 @@
static TSAN_QUALIFIER int abortserverthread = 0;
static QUIC_TSERVER *globtserv;
static const thread_t thread_zero;
-
static void run_server_thread(void)
{
/*
@@ -495,6 +518,7 @@
int retc = -1, rets = 0, abortctr = 0, ret = 0;
int clienterr = 0, servererr = 0;
#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+
/*
* Pointless initialisation to avoid bogus compiler warnings about using
* t uninitialised
@@ -503,6 +527,15 @@
if (clientssl != NULL)
abortserverthread = 0;
+
+ /*
+ * Only set the client_ready flag to zero if we are the client
+ */
+ if (clientssl != NULL) {
+ ossl_crypto_mutex_lock(client_ready_mutex);
+ client_ready = 0;
+ ossl_crypto_mutex_unlock(client_ready_mutex);
+ }
#endif
if (!TEST_ptr(qtserv)) {
@@ -531,6 +564,12 @@
if (!clienterr && retc <= 0) {
int err;
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+ ossl_crypto_mutex_lock(client_ready_mutex);
+ client_ready = 1;
+ ossl_crypto_condvar_broadcast(client_ready_cond);
+ ossl_crypto_mutex_unlock(client_ready_mutex);
+#endif
retc = SSL_connect(clientssl);
if (retc <= 0) {
err = SSL_get_error(clientssl, retc);
@@ -557,8 +596,18 @@
qtest_add_time(1);
if (clientssl != NULL)
SSL_handle_events(clientssl);
- if (qtserv != NULL)
+ if (qtserv != NULL) {
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+ ossl_crypto_mutex_lock(client_ready_mutex);
+ for (;;) {
+ if (client_ready == 1)
+ break;
+ ossl_crypto_condvar_wait(client_ready_cond, client_ready_mutex);
+ }
+ ossl_crypto_mutex_unlock(client_ready_mutex);
+#endif
ossl_quic_tserver_tick(qtserv);
+ }
if (!servererr && rets <= 0) {
servererr = ossl_quic_tserver_is_term_any(qtserv);
@@ -587,6 +636,14 @@
if (qtserv == NULL && rets > 0) {
#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+ /*
+ * Make sure we unblock the server before we wait on completion here
+ * in case it didn't happen in the connect loop above
+ */
+ ossl_crypto_mutex_lock(client_ready_mutex);
+ client_ready = 1;
+ ossl_crypto_condvar_broadcast(client_ready_cond);
+ ossl_crypto_mutex_unlock(client_ready_mutex);
if (!TEST_true(wait_for_thread(t)) || !TEST_true(globserverret))
goto err;
#else
@@ -632,6 +689,11 @@
* t uninitialised
*/
thread_t t = thread_zero;
+
+ ossl_crypto_condvar_free(&client_ready_cond);
+ client_ready_cond = NULL;
+ ossl_crypto_mutex_free(&client_ready_mutex);
+ client_ready_mutex = NULL;
#endif
if (SSL_get_blocking_mode(clientssl) > 0) {
diff -Nru -w openssl-3.5.0/test/helpers/ssltestlib.c openssl-3.5.1/test/helpers/ssltestlib.c
--- openssl-3.5.0/test/helpers/ssltestlib.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/helpers/ssltestlib.c 2025-07-01 13:52:08.000000000 +0200
@@ -536,6 +536,40 @@
return 1;
}
+int mempacket_dup_last_packet(BIO *bio)
+{
+ MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
+ MEMPACKET *thispkt, *duppkt;
+ int numpkts = sk_MEMPACKET_num(ctx->pkts);
+
+ /* We can only duplicate a packet if there is at least 1 pending */
+ if (numpkts <= 0)
+ return 0;
+
+ /* Get the last packet */
+ thispkt = sk_MEMPACKET_value(ctx->pkts, numpkts - 1);
+ if (thispkt == NULL)
+ return 0;
+
+ duppkt = OPENSSL_malloc(sizeof(*duppkt));
+ if (duppkt == NULL)
+ return 0;
+
+ *duppkt = *thispkt;
+ duppkt->data = OPENSSL_memdup(thispkt->data, thispkt->len);
+ if (duppkt->data == NULL) {
+ mempacket_free(duppkt);
+ return 0;
+ }
+ duppkt->num++;
+ if (sk_MEMPACKET_insert(ctx->pkts, duppkt, numpkts) <= 0) {
+ mempacket_free(duppkt);
+ return 0;
+ }
+
+ return 1;
+}
+
int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
int type)
{
@@ -1224,12 +1258,13 @@
* has SSL_get_error() return the value in the |want| parameter. The connection
* attempt could be restarted by a subsequent call to this function.
*/
-int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
- int read, int listen)
+int create_bare_ssl_connection_ex(SSL *serverssl, SSL *clientssl, int want,
+ int read, int listen, int *cm_count, int *sm_count)
{
int retc = -1, rets = -1, err, abortctr = 0, ret = 0;
int clienterr = 0, servererr = 0;
int isdtls = SSL_is_dtls(serverssl);
+ int icm_count = 0, ism_count = 0;
#ifndef OPENSSL_NO_SOCK
BIO_ADDR *peer = NULL;
@@ -1255,6 +1290,7 @@
retc = SSL_connect(clientssl);
if (retc <= 0)
err = SSL_get_error(clientssl, retc);
+ icm_count++;
}
if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
@@ -1280,12 +1316,14 @@
listen = 0;
rets = 0;
}
+ ism_count++;
} else
#endif
{
rets = SSL_accept(serverssl);
if (rets <= 0)
err = SSL_get_error(serverssl, rets);
+ ism_count++;
}
}
@@ -1311,6 +1349,7 @@
TEST_info("Unexpected SSL_read() success!");
goto err;
}
+ ism_count++;
}
if (retc > 0 && rets <= 0) {
if (SSL_read(clientssl, buf, sizeof(buf)) > 0) {
@@ -1318,6 +1357,7 @@
TEST_info("Unexpected SSL_read() success!");
goto err;
}
+ icm_count++;
}
}
if (++abortctr == MAXLOOPS) {
@@ -1336,23 +1376,36 @@
ret = 1;
err:
+ if (cm_count != NULL)
+ *cm_count = icm_count;
+ if (sm_count != NULL)
+ *sm_count = ism_count;
#ifndef OPENSSL_NO_SOCK
BIO_ADDR_free(peer);
#endif
return ret;
}
+int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
+ int read, int listen)
+{
+ return create_bare_ssl_connection_ex(serverssl, clientssl, want, read,
+ listen, NULL, NULL);
+}
+
/*
* Create an SSL connection including any post handshake NewSessionTicket
* messages.
*/
-int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
+int create_ssl_connection_ex(SSL *serverssl, SSL *clientssl, int want,
+ int *cm_count, int *sm_count)
{
int i;
unsigned char buf;
size_t readbytes;
- if (!create_bare_ssl_connection(serverssl, clientssl, want, 1, 0))
+ if (!create_bare_ssl_connection_ex(serverssl, clientssl, want, 1, 0,
+ cm_count, sm_count))
return 0;
/*
@@ -1368,11 +1421,18 @@
SSL_ERROR_WANT_READ)) {
return 0;
}
+ if (cm_count != NULL)
+ (*cm_count)++;
}
return 1;
}
+int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
+{
+ return create_ssl_connection_ex(serverssl, clientssl, want, NULL, NULL);
+}
+
void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl)
{
SSL_shutdown(clientssl);
diff -Nru -w openssl-3.5.0/test/helpers/ssltestlib.h openssl-3.5.1/test/helpers/ssltestlib.h
--- openssl-3.5.0/test/helpers/ssltestlib.h 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/helpers/ssltestlib.h 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -28,11 +28,15 @@
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
int read, int listen);
+int create_bare_ssl_connection_ex(SSL *serverssl, SSL *clientssl, int want,
+ int read, int listen, int *cm_count, int *sm_count);
int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
SSL **cssl, int sfd, int cfd);
int wait_until_sock_readable(int sock);
int create_test_sockets(int *cfdp, int *sfdp, int socktype, BIO_ADDR *saddr);
int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want);
+int create_ssl_connection_ex(SSL *serverssl, SSL *clientssl, int want,
+ int *cm_count, int *sm_count);
void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl);
/* Note: Not thread safe! */
@@ -70,6 +74,7 @@
int mempacket_swap_epoch(BIO *bio);
int mempacket_move_packet(BIO *bio, int d, int s);
+int mempacket_dup_last_packet(BIO *bio);
int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
int type);
diff -Nru -w openssl-3.5.0/test/hmactest.c openssl-3.5.1/test/hmactest.c
--- openssl-3.5.0/test/hmactest.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/hmactest.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -214,6 +214,29 @@
return 1;
}
+/* https://github.com/openssl/openssl/issues/13210 */
+static int test_hmac_final_update_fail(void)
+{
+ HMAC_CTX *ctx = NULL;
+ unsigned char buf[EVP_MAX_MD_SIZE];
+ unsigned int len;
+ int ret = 0;
+
+ /* HMAC_Update() after HMAC_Final() must return an error. */
+ if (!TEST_ptr(ctx = HMAC_CTX_new()))
+ goto err;
+ if (!TEST_true(HMAC_Init_ex(ctx, test[5].key, test[5].key_len, EVP_sha256(), NULL))
+ || !TEST_true(HMAC_Update(ctx, test[5].data, test[5].data_len))
+ || !TEST_true(HMAC_Final(ctx, buf, &len))
+ || !TEST_false(HMAC_Update(ctx, test[5].data, test[5].data_len))
+ || !TEST_false(HMAC_Final(ctx, buf, &len)))
+ goto err;
+
+ ret = 1;
+err:
+ HMAC_CTX_free(ctx);
+ return ret;
+}
static int test_hmac_copy(void)
{
@@ -435,6 +458,7 @@
ADD_TEST(test_hmac_single_shot);
ADD_TEST(test_hmac_bad);
ADD_TEST(test_hmac_run);
+ ADD_TEST(test_hmac_final_update_fail);
ADD_TEST(test_hmac_copy);
ADD_TEST(test_hmac_copy_uninited);
ADD_ALL_TESTS(test_hmac_chunks,
diff -Nru -w openssl-3.5.0/test/http_test.c openssl-3.5.1/test/http_test.c
--- openssl-3.5.0/test/http_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/http_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -332,6 +332,16 @@
return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path");
}
+static int test_http_url_timestamp(void)
+{
+ return test_http_url_ok("host/p/2017-01-03T00:00:00", 0, "host", "80",
+ "/p/2017-01-03T00:00:00")
+ && test_http_url_ok("http://host/p/2017-01-03T00:00:00";, 0, "host",
+ "80", "/p/2017-01-03T00:00:00")
+ && test_http_url_ok("https://host/p/2017-01-03T00:00:00";, 1, "host",
+ "443", "/p/2017-01-03T00:00:00");
+}
+
static int test_http_url_path_query(void)
{
return test_http_url_path_query_ok("http://usr@host:1/p?q=x#frag";, "/p?q=x")
@@ -559,6 +569,7 @@
return 0;
ADD_TEST(test_http_url_dns);
+ ADD_TEST(test_http_url_timestamp);
ADD_TEST(test_http_url_path_query);
ADD_TEST(test_http_url_userinfo_query_fragment);
ADD_TEST(test_http_url_ipv4);
diff -Nru -w openssl-3.5.0/test/json_test.c openssl-3.5.1/test/json_test.c
--- openssl-3.5.0/test/json_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/json_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -119,7 +119,6 @@
#define OPJ_BOOL(x) OP_CALL_I(ossl_json_bool, (x))
#define OPJ_U64(x) OP_CALL_U64(ossl_json_u64, (x))
#define OPJ_I64(x) OP_CALL_I64(ossl_json_i64, (x))
-#define OPJ_F64(x) OP_CALL_D(ossl_json_f64, (x))
#define OPJ_KEY(x) OP_CALL_P(ossl_json_key, (x))
#define OPJ_STR(x) OP_CALL_P(ossl_json_str, (x))
#define OPJ_STR_LEN(x, xl) OP_CALL_PZ(ossl_json_str_len, (x), (xl))
diff -Nru -w openssl-3.5.0/test/ossl_store_test.c openssl-3.5.1/test/ossl_store_test.c
--- openssl-3.5.0/test/ossl_store_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/ossl_store_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -58,6 +58,75 @@
return ret;
}
+#ifndef OPENSSL_NO_WINSTORE
+/*
+ * This is the one of the root certificate authorities from the
+ * microsoft cert store. We use it to extract the subject name
+ * so that we can search for it in the store
+ */
+static const unsigned char mscert[] = {
+ 0x30, 0x82, 0x01, 0x3b, 0x30, 0x81, 0xee, 0xa0, 0x03, 0x02, 0x01, 0x02,
+ 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x81,
+ 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13,
+ 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65,
+ 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
+ 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29,
+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f,
+ 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+ 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
+ 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x35, 0x30,
+ 0x34, 0x32, 0x39, 0x30, 0x35, 0x34, 0x33, 0x33, 0x30, 0x5a, 0x18, 0x0f,
+ 0x32, 0x31, 0x32, 0x35, 0x30, 0x34, 0x32, 0x39, 0x30, 0x35, 0x34, 0x33,
+ 0x33, 0x30, 0x5a, 0x30, 0x00, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b,
+ 0x65, 0x70, 0x03, 0x21, 0x00, 0x21, 0x86, 0x38, 0x28, 0x7d, 0xad, 0x35,
+ 0xad, 0xc3, 0x91, 0x07, 0x41, 0x65, 0x02, 0xe1, 0x72, 0x79, 0xf4, 0x0d,
+ 0xd5, 0xe2, 0xbb, 0xba, 0xd8, 0x81, 0x06, 0xad, 0xa0, 0x7b, 0x2a, 0x41,
+ 0x09, 0xa3, 0x02, 0x30, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
+ 0x03, 0x41, 0x00, 0x2e, 0xbb, 0xb9, 0x55, 0x59, 0x24, 0xb0, 0xdb, 0x18,
+ 0xd0, 0xb4, 0xa6, 0x8b, 0xa8, 0xbf, 0x4c, 0xbd, 0x83, 0x27, 0xe7, 0xc2,
+ 0xc8, 0x13, 0xc2, 0x81, 0xbe, 0xdf, 0x04, 0x7b, 0x09, 0x87, 0x08, 0x53,
+ 0x97, 0xd6, 0x7c, 0xb7, 0x6c, 0xa6, 0x78, 0x63, 0x3c, 0x27, 0x29, 0x81,
+ 0x85, 0xd0, 0x73, 0x92, 0x2d, 0x5c, 0x33, 0x8e, 0x88, 0x18, 0x9b, 0x1c,
+ 0xcf, 0xc3, 0x4a, 0xf0, 0x82, 0x05, 0x05
+};
+#define TEST_CERT_LEN 1521
+
+static int test_store_open_winstore(void)
+{
+ int ret = 0;
+ OSSL_STORE_CTX *sctx = NULL;
+ OSSL_STORE_SEARCH *search = NULL;
+ UI_METHOD *ui_method = NULL;
+ OSSL_STORE_INFO *info = NULL;
+ X509* testcert = NULL;
+ const unsigned char* certptr = mscert;
+
+ /*
+ * Test the winstore, by opening it, searching for the MS root certificate
+ * and ensure that it was found. Note that we have to search by
+ * subject name, as winstore only allows searches by that method
+ */
+ ret = TEST_ptr(testcert = d2i_X509(NULL, &certptr, TEST_CERT_LEN))
+ && TEST_ptr(search = OSSL_STORE_SEARCH_by_name(X509_get_issuer_name(testcert)))
+ && TEST_ptr(ui_method = UI_create_method("DummyUI"))
+ && TEST_ptr(sctx = OSSL_STORE_open_ex("org.openssl.winstore:", NULL,
+ NULL, ui_method, NULL, NULL,
+ NULL, NULL))
+ && TEST_true(OSSL_STORE_find(sctx, search))
+ && TEST_ptr(info = OSSL_STORE_load(sctx));
+ UI_destroy_method(ui_method);
+ OSSL_STORE_INFO_free(info);
+ OSSL_STORE_SEARCH_free(search);
+ OSSL_STORE_close(sctx);
+ X509_free(testcert);
+ return ret;
+}
+#endif
+
static int test_store_search_by_key_fingerprint_fail(void)
{
int ret;
@@ -230,6 +299,9 @@
if (infile != NULL)
ADD_TEST(test_store_open);
+#ifndef OPENSSL_NO_WINSTORE
+ ADD_TEST(test_store_open_winstore);
+#endif
ADD_TEST(test_store_search_by_key_fingerprint_fail);
ADD_ALL_TESTS(test_store_get_params, 3);
if (sm2file != NULL)
diff -Nru -w openssl-3.5.0/test/pairwise_fail_test.c openssl-3.5.1/test/pairwise_fail_test.c
--- openssl-3.5.0/test/pairwise_fail_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/pairwise_fail_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -129,6 +129,39 @@
goto err;
if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
goto err;
+ if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
+ goto err;
+ if (!TEST_ptr_null(pkey))
+ goto err;
+ } else if (strncmp(pairwise_name, "ml-dsa", 6) == 0) {
+ if (!TEST_true(setup_selftest_pairwise_failure(type)))
+ goto err;
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "ML-DSA-87", NULL)))
+ goto err;
+ if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
+ goto err;
+ if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
+ goto err;
+ if (!TEST_ptr_null(pkey))
+ goto err;
+ } else if (strncmp(pairwise_name, "slh-dsa", 7) == 0) {
+ if (!TEST_true(setup_selftest_pairwise_failure(type)))
+ goto err;
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "SLH-DSA-SHA2-256f", NULL)))
+ goto err;
+ if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
+ goto err;
+ if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
+ goto err;
+ if (!TEST_ptr_null(pkey))
+ goto err;
+ } else if (strncmp(pairwise_name, "ml-kem", 6) == 0) {
+ if (!TEST_true(setup_selftest_pairwise_failure(type)))
+ goto err;
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "ML-KEM-1024", NULL)))
+ goto err;
+ if (!TEST_int_eq(EVP_PKEY_keygen_init(ctx), 1))
+ goto err;
if (!TEST_int_le(EVP_PKEY_keygen(ctx, &pkey), 0))
goto err;
if (!TEST_ptr_null(pkey))
diff -Nru -w openssl-3.5.0/test/params_api_test.c openssl-3.5.1/test/params_api_test.c
--- openssl-3.5.0/test/params_api_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/params_api_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -42,9 +42,13 @@
if (IS_LITTLE_ENDIAN) {
memcpy(out, in, outlen);
} else {
- if (outlen < inlen)
+ if (outlen < inlen) {
in = (const char *)in + inlen - outlen;
- swap_copy(out, in, outlen);
+ inlen = outlen;
+ }
+ if (!ossl_assert(outlen <= inlen))
+ return;
+ swap_copy(out, in, inlen);
}
}
@@ -815,6 +819,33 @@
OSSL_PARAM_free(cp1);
return ret;
}
+static int test_param_merge(void)
+{
+ int val, ret;
+ int values[] = {1, 2, 3, 4};
+ OSSL_PARAM *p = NULL, *cp = NULL;
+ OSSL_PARAM param[3], param1[3];
+
+ param[0] = OSSL_PARAM_construct_int("diff1", &values[0]);
+ param[1] = OSSL_PARAM_construct_int("same", &values[1]);
+ param[2] = OSSL_PARAM_construct_end();
+ param1[0] = OSSL_PARAM_construct_int("diff2", &values[2]);
+ param1[1] = OSSL_PARAM_construct_int("same", &values[3]);
+ param1[2] = OSSL_PARAM_construct_end();
+
+ ret = TEST_ptr(p = OSSL_PARAM_merge(param, param1))
+ && TEST_ptr(cp = OSSL_PARAM_locate(p, "diff1"))
+ && TEST_true(OSSL_PARAM_get_int(p, &val))
+ && TEST_int_eq(val, values[0])
+ && TEST_ptr(cp = OSSL_PARAM_locate(p, "diff2"))
+ && TEST_true(OSSL_PARAM_get_int(cp, &val))
+ && TEST_int_eq(val, values[2])
+ && TEST_ptr(cp = OSSL_PARAM_locate(p, "same"))
+ && TEST_true(OSSL_PARAM_get_int(cp, &val))
+ && TEST_int_eq(val, values[3]);
+ OSSL_PARAM_free(p);
+ return ret;
+}
int setup_tests(void)
{
@@ -834,5 +865,6 @@
ADD_ALL_TESTS(test_param_construct, 4);
ADD_TEST(test_param_modified);
ADD_TEST(test_param_copy_null);
+ ADD_TEST(test_param_merge);
return 1;
}
diff -Nru -w openssl-3.5.0/test/quicapitest.c openssl-3.5.1/test/quicapitest.c
--- openssl-3.5.0/test/quicapitest.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/quicapitest.c 2025-07-01 13:52:08.000000000 +0200
@@ -2502,6 +2502,18 @@
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
+static SSL_CTX *create_client_ctx(void)
+{
+ SSL_CTX *ssl_ctx;
+
+ if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) {
+ SSL_CTX_free(ssl_ctx);
+ ssl_ctx = NULL;
+ }
+
+ return ssl_ctx;
+}
+
static SSL_CTX *create_server_ctx(void)
{
SSL_CTX *ssl_ctx;
@@ -2687,6 +2699,170 @@
return ret;
}
+static int create_quic_ssl_objects(SSL_CTX *sctx, SSL_CTX *cctx,
+ SSL **lssl, SSL **cssl)
+{
+ BIO_ADDR *addr = NULL;
+ struct in_addr ina;
+ BIO *cbio = NULL, *sbio = NULL;
+ int ret = 0;
+
+ *cssl = *lssl = NULL;
+ ina.s_addr = htonl(0x1f000001);
+
+ if (!TEST_true(BIO_new_bio_dgram_pair(&cbio, 0, &sbio, 0)))
+ goto err;
+
+ if (!TEST_ptr(addr = create_addr(&ina, 8040)))
+ goto err;
+
+ if (!TEST_true(bio_addr_bind(sbio, addr)))
+ goto err;
+ addr = NULL;
+
+ *lssl = ql_create(sctx, sbio);
+ sbio = NULL;
+ if (!TEST_ptr(*lssl))
+ goto err;
+
+ if (!TEST_ptr(*cssl = SSL_new(cctx)))
+ goto err;
+
+ if (!TEST_ptr(addr = create_addr(&ina, 8040)))
+ goto err;
+ if (!TEST_true(bio_addr_bind(cbio, addr)))
+ goto err;
+
+ if (!TEST_true(qc_init(*cssl, addr))) {
+ addr = NULL;
+ goto err;
+ }
+ addr = NULL;
+ SSL_set_bio(*cssl, cbio, cbio);
+ cbio = NULL;
+
+ ret = 1;
+
+ err:
+ if (!ret) {
+ SSL_free(*cssl);
+ SSL_free(*lssl);
+ *cssl = *lssl = NULL;
+ }
+ BIO_free(cbio);
+ BIO_free(sbio);
+ BIO_ADDR_free(addr);
+
+ return ret;
+}
+
+static int test_ssl_accept_connection(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL;
+ int testresult = 0;
+ int ret, i;
+
+ if (!TEST_ptr(sctx = create_server_ctx())
+ || !TEST_ptr(cctx = create_client_ctx()))
+ goto err;
+
+ if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl))
+ goto err;
+
+ /* Calling SSL_accept() on a listener is expected to fail */
+ ret = SSL_accept(qlistener);
+ if (!TEST_int_le(ret, 0)
+ || !TEST_int_eq(SSL_get_error(qlistener, ret), SSL_ERROR_SSL))
+ goto err;
+
+ /* Send ClientHello and server retry */
+ for (i = 0; i < 2; i++) {
+ ret = SSL_connect(clientssl);
+ if (!TEST_int_le(ret, 0)
+ || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
+ goto err;
+ SSL_handle_events(qlistener);
+ }
+
+ /* We expect a server SSL object which has not yet completed its handshake */
+ serverssl = SSL_accept_connection(qlistener, 0);
+ if (!TEST_ptr(serverssl) || !TEST_false(SSL_is_init_finished(serverssl)))
+ goto err;
+
+ /* Call SSL_accept() and SSL_connect() until we are connected */
+ if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE, 0, 0)))
+ goto err;
+
+ testresult = 1;
+
+ err:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_free(qlistener);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+static SSL *quic_verify_ssl = NULL;
+
+static int quic_verify_cb(int ok, X509_STORE_CTX *ctx)
+{
+ SSL *cssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+
+ /* Confirm we got the SSL object we were expecting */
+ return TEST_ptr_eq(cssl, quic_verify_ssl);
+}
+
+static int test_ssl_set_verify(void)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL;
+ int testresult = 0;
+ int ret, i;
+
+ if (!TEST_ptr(sctx = create_server_ctx())
+ || !TEST_ptr(cctx = create_client_ctx()))
+ goto err;
+
+ if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl))
+ goto err;
+
+ quic_verify_ssl = clientssl;
+ SSL_set_verify(clientssl, SSL_VERIFY_PEER, quic_verify_cb);
+
+ /* Send ClientHello and server retry */
+ for (i = 0; i < 2; i++) {
+ ret = SSL_connect(clientssl);
+ if (!TEST_int_le(ret, 0)
+ || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
+ goto err;
+ SSL_handle_events(qlistener);
+ }
+
+ /* We expect a server SSL object which has not yet completed its handshake */
+ serverssl = SSL_accept_connection(qlistener, 0);
+
+ /* Call SSL_accept() and SSL_connect() until we are connected */
+ if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE, 0, 0)))
+ goto err;
+
+ testresult = 1;
+
+ err:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_free(qlistener);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
/***********************************************************************************/
OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
@@ -2786,6 +2962,8 @@
ADD_TEST(test_new_token);
#endif
ADD_TEST(test_server_method_with_ssl_new);
+ ADD_TEST(test_ssl_accept_connection);
+ ADD_TEST(test_ssl_set_verify);
return 1;
err:
cleanup_tests();
diff -Nru -w openssl-3.5.0/test/quic_multistream_test.c openssl-3.5.1/test/quic_multistream_test.c
--- openssl-3.5.0/test/quic_multistream_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/quic_multistream_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -25,6 +25,16 @@
static const char *certfile, *keyfile;
+#if defined(_AIX)
+/*
+ * Some versions of AIX define macros for events and revents for use when
+ * accessing pollfd structures (see Github issue #24236). That interferes
+ * with our use of these names here. We simply undef them.
+ */
+# undef revents
+# undef events
+#endif
+
#if defined(OPENSSL_THREADS)
struct child_thread_args {
struct helper *h;
diff -Nru -w openssl-3.5.0/test/radix/quic_ops.c openssl-3.5.1/test/radix/quic_ops.c
--- openssl-3.5.0/test/radix/quic_ops.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/radix/quic_ops.c 2025-07-01 13:52:08.000000000 +0200
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include "internal/sockets.h"
+#include <openssl/rand.h>
static const unsigned char alpn_ossltest[] = {
/* "\x08ossltest" (hex for EBCDIC resilience) */
@@ -565,6 +566,40 @@
return ok;
}
+DEF_FUNC(hf_write_rand)
+{
+ int ok = 0, r;
+ SSL *ssl;
+ void *buf = NULL;
+ size_t buf_len, bytes_written = 0;
+
+ F_POP(buf_len);
+ REQUIRE_SSL(ssl);
+
+ while (buf_len > 0) {
+ size_t thislen = buf_len > 1024 ? 1024 : buf_len;
+
+ if (buf == NULL)
+ buf = OPENSSL_malloc(thislen);
+ if (!TEST_ptr(buf))
+ goto err;
+ if (!TEST_int_eq(RAND_bytes(buf, thislen), 1))
+ goto err;
+ r = SSL_write_ex(ssl, buf, thislen, &bytes_written);
+ if (!TEST_true(r)
+ || !check_consistent_want(ssl, r)
+ || !TEST_size_t_eq(bytes_written, thislen))
+ goto err;
+
+ buf_len -= thislen;
+ }
+
+ ok = 1;
+err:
+ OPENSSL_free(buf);
+ return ok;
+}
+
DEF_FUNC(hf_write_ex2)
{
int ok = 0, r;
@@ -1112,6 +1147,11 @@
OP_PUSH_BUFP(buf, buf_len), \
OP_FUNC(hf_write))
+#define OP_WRITE_RAND(name, buf_len) \
+ (OP_SELECT_SSL(0, name), \
+ OP_PUSH_SIZE(buf_len), \
+ OP_FUNC(hf_write_rand))
+
#define OP_WRITE_B(name, buf) \
OP_WRITE(name, (buf), sizeof(buf))
diff -Nru -w openssl-3.5.0/test/radix/quic_tests.c openssl-3.5.1/test/radix/quic_tests.c
--- openssl-3.5.0/test/radix/quic_tests.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/radix/quic_tests.c 2025-07-01 13:52:08.000000000 +0200
@@ -7,6 +7,16 @@
* https://www.openssl.org/source/license.html
*/
+#if defined(_AIX)
+/*
+ * Some versions of AIX define macros for events and revents for use when
+ * accessing pollfd structures (see Github issue #24236). That interferes
+ * with our use of these names here. We simply undef them.
+ */
+# undef revents
+# undef events
+#endif
+
/*
* Test Scripts
* ============================================================================
@@ -232,6 +242,58 @@
}
}
+DEF_FUNC(check_writeable)
+{
+ int ok = 0;
+ SSL *ssl;
+ SSL_POLL_ITEM item;
+ size_t result_count = 0;
+ uint64_t expect;
+ const struct timeval z_timeout = {0}, *p_timeout = &z_timeout;
+
+ F_POP(expect);
+ REQUIRE_SSL(ssl);
+
+ item.desc = SSL_as_poll_descriptor(ssl);
+ item.events = SSL_POLL_EVENT_W;
+ item.revents = 0;
+
+ /* Zero-timeout call. */
+ result_count = SIZE_MAX;
+ if (!TEST_true(SSL_poll(&item, 1, sizeof(SSL_POLL_ITEM),
+ p_timeout, 0, &result_count)))
+ goto err;
+
+ ok = (!!(item.revents & SSL_POLL_EVENT_W) == expect);
+
+ err:
+ return ok;
+}
+
+DEF_SCRIPT(check_cwm, "check stream obeys cwm")
+{
+ OP_SIMPLE_PAIR_CONN();
+
+ /* Create the initial stream by writing some data */
+ OP_WRITE_RAND(C, 1024);
+
+ /* We should be writeable at the start */
+ OP_PUSH_U64(1);
+ OP_SELECT_SSL(0, C);
+ OP_FUNC(check_writeable);
+
+ /* Default stream cwm is 512k (we already sent 1k). Consume all the rest */
+ OP_WRITE_RAND(C, 511 * 1024);
+
+ /* Confirm we are no longer writeable */
+ OP_PUSH_U64(0);
+ OP_SELECT_SSL(0, C);
+ OP_FUNC(check_writeable);
+
+ /* We now expect writes to fail */
+ OP_WRITE_FAIL(C);
+}
+
/*
* List of Test Scripts
* ============================================================================
@@ -240,4 +302,5 @@
USE(simple_conn)
USE(simple_thread)
USE(ssl_poll)
+ USE(check_cwm)
};
diff -Nru -w openssl-3.5.0/test/rand_test.c openssl-3.5.1/test/rand_test.c
--- openssl-3.5.0/test/rand_test.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/rand_test.c 2025-07-01 13:52:08.000000000 +0200
@@ -15,6 +15,8 @@
#include "crypto/rand.h"
#include "testutil.h"
+static char *configfile;
+
static int test_rand(void)
{
EVP_RAND_CTX *privctx;
@@ -23,6 +25,7 @@
OSSL_PARAM params[2], *p = params;
unsigned char entropy1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
unsigned char entropy2[] = { 0xff, 0xfe, 0xfd };
+ unsigned char nonce[] = { 0x00, 0x01, 0x02, 0x03, 0x04 };
unsigned char outbuf[3];
*p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
@@ -46,6 +49,13 @@
|| !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf)))
return 0;
+ *params = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
+ nonce, sizeof(nonce));
+ if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params))
+ || !TEST_true(EVP_RAND_nonce(privctx, outbuf, sizeof(outbuf)))
+ || !TEST_mem_eq(outbuf, sizeof(outbuf), nonce, sizeof(outbuf)))
+ return 0;
+
if (fips_provider_version_lt(NULL, 3, 4, 0)) {
/* Skip the rest and pass the test */
return 1;
@@ -244,9 +254,33 @@
return res;
}
+static int test_rand_get0_primary(void)
+{
+ OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
+ int res = 0;
+
+ if (!TEST_ptr(ctx))
+ return 0;
+
+ if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile)))
+ goto err;
+
+ /* We simply test that we get a valid primary */
+ if (!TEST_ptr(RAND_get0_primary(ctx)))
+ goto err;
+
+ res = 1;
+ err:
+ OSSL_LIB_CTX_free(ctx);
+ return res;
+}
+
int setup_tests(void)
{
- char *configfile;
+ if (!test_skip_common_options()) {
+ TEST_error("Error parsing test options\n");
+ return 0;
+ }
if (!TEST_ptr(configfile = test_get_argument(0))
|| !TEST_true(RAND_set_DRBG_type(NULL, "TEST-RAND", "fips=no",
@@ -263,5 +297,9 @@
ADD_TEST(fips_health_tests);
ADD_TEST(test_rand_random_provider);
+
+ if (!OSSL_PROVIDER_available(NULL, "fips")
+ || fips_provider_version_ge(NULL, 3, 5, 1))
+ ADD_TEST(test_rand_get0_primary);
return 1;
}
diff -Nru -w openssl-3.5.0/test/recipes/25-test_verify.t openssl-3.5.1/test/recipes/25-test_verify.t
--- openssl-3.5.0/test/recipes/25-test_verify.t 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/25-test_verify.t 2025-07-01 13:52:08.000000000 +0200
@@ -10,6 +10,7 @@
use strict;
use warnings;
+use Cwd qw(abs_path);
use File::Spec::Functions qw/canonpath/;
use File::Copy;
use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/;
@@ -17,19 +18,19 @@
setup("test_verify");
+my @certspath = qw(test certs);
sub verify {
my ($cert, $purpose, $trusted, $untrusted, @opts) = @_;
- my @path = qw(test certs);
my @args = qw(openssl verify -auth_level 1);
push(@args, "-purpose", $purpose) if $purpose ne "";
push(@args, @opts);
- for (@$trusted) { push(@args, "-trusted", srctop_file(@path, "$_.pem")) }
- for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
- push(@args, srctop_file(@path, "$cert.pem"));
+ for (@$trusted) { push(@args, "-trusted", srctop_file(@certspath, "$_.pem")) }
+ for (@$untrusted) { push(@args, "-untrusted", srctop_file(@certspath, "$_.pem")) }
+ push(@args, srctop_file(@certspath, "$cert.pem"));
run(app([@args]));
}
-plan tests => 194;
+plan tests => 203;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -592,3 +593,31 @@
"-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
"-explicit_policy"),
"Bad certificate policy");
+
+# CAstore option
+my $rootcertname = "root-cert";
+my $rootcert = srctop_file(@certspath, "${rootcertname}.pem");
+sub vfy_root { verify($rootcertname, "", [], [], @_) }
+ok(vfy_root("-CAfile", $rootcert), "CAfile");
+ok(vfy_root("-CAstore", $rootcert), "CAstore");
+ok(vfy_root("-CAstore", $rootcert, "-CAfile", $rootcert), "CAfile and existing CAstore");
+ok(!vfy_root("-CAstore", "non-existing", "-CAfile", $rootcert), "CAfile and non-existing CAstore");
+SKIP: {
+ skip "file names with colons aren't supported on Windows and VMS", 2
+ if $^O =~ /^(MsWin32|VMS)$/;
+ my $foo_file = "foo:cert.pem";
+ copy($rootcert, $foo_file);
+ ok(vfy_root("-CAstore", $foo_file), "CAstore foo:file");
+}
+my $foo_file = "cert.pem";
+copy($rootcert, $foo_file);
+ok(vfy_root("-CAstore", $foo_file), "CAstore foo:file");
+my $abs_cert = abs_path($rootcert);
+# Windows file: URIs should have a path part starting with a slash, i.e.
+# file://authority/C:/what/ever/foo.pem and file:///C:/what/ever/foo.pem
+# file://C:/what/ever/foo.pem is non-standard and may not be accepted.
+# See RFC 8089 for details.
+$abs_cert = "/" . $abs_cert if ($^O eq "MSWin32");
+ok(vfy_root("-CAstore", "file://".$abs_cert), "CAstore file:///path");
+ok(vfy_root("-CAstore", "file://localhost".$abs_cert), "CAstore file://localhost/path");
+ok(!vfy_root("-CAstore", "file://otherhost".$abs_cert), "CAstore file://otherhost/path");
diff -Nru -w openssl-3.5.0/test/recipes/25-test_x509.t openssl-3.5.1/test/recipes/25-test_x509.t
--- openssl-3.5.0/test/recipes/25-test_x509.t 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/25-test_x509.t 2025-07-01 13:52:08.000000000 +0200
@@ -16,7 +16,7 @@
setup("test_x509");
-plan tests => 134;
+plan tests => 138;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
@@ -110,6 +110,16 @@
&& run(app(["openssl", "verify", "-no_check_time",
"-trusted", $ca, "-partial_chain", $caout])));
+# test trust decoration
+ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection",
+ "-out", "ca-trusted.pem"])));
+cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection",
+ 1, 'trusted use - E-mail Protection');
+ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection",
+ "-out", "ca-rejected.pem"])));
+cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection",
+ 1, 'rejected use - E-mail Protection');
+
subtest 'x509 -- x.509 v1 certificate' => sub {
tconversion( -type => 'x509', -prefix => 'x509v1',
-in => srctop_file("test", "testx509.pem") );
diff -Nru -w openssl-3.5.0/test/recipes/30-test_evp_data/evpciph_des3_common.txt openssl-3.5.1/test/recipes/30-test_evp_data/evpciph_des3_common.txt
--- openssl-3.5.0/test/recipes/30-test_evp_data/evpciph_des3_common.txt 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/30-test_evp_data/evpciph_des3_common.txt 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
#
-# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -74,7 +74,7 @@
Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
# Test that DES3 ECB mode encryption is not FIPS approved
-Availablein = fipss
+Availablein = fips
FIPSversion = >=3.4.0
Cipher = DES-EDE3-ECB
Operation = ENCRYPT
diff -Nru -w openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_slh_dsa_keygen.txt openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_slh_dsa_keygen.txt
--- openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_slh_dsa_keygen.txt 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_slh_dsa_keygen.txt 2025-07-01 13:52:08.000000000 +0200
@@ -6,7 +6,7 @@
# https://www.openssl.org/source/license.html
# ACVP test data for SLH-DSA keyGen generated from
-# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/SLH-DSA-keyGen-FIPS204/internalProjection.json
+# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/SLH-DSA-keyGen-FIPS205/internalProjection.json
# [version 53]
FIPSversion = >=3.5.0
diff -Nru -w openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_slh_dsa_siggen.txt openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_slh_dsa_siggen.txt
--- openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_slh_dsa_siggen.txt 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_slh_dsa_siggen.txt 2025-07-01 13:52:08.000000000 +0200
@@ -6,7 +6,7 @@
# https://www.openssl.org/source/license.html
# ACVP test data for SLH-DSA sigGen generated from
-# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/SLH-DSA-sigGen-FIPS204/internalProjection.json
+# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/SLH-DSA-sigGen-FIPS205/internalProjection.json
# [version 53]
PrivateKeyRaw = SLH_DSA_SHA2_128f_1:SLH-DSA-SHA2-128f:D5213BA4BB6470F1B9EDA88CBC94E6277A58A951EF7F2B81461DBAC41B5A6B83FA495FB834DEFEA7CC96A81309479135A67029E90668C5A58B96E60111491F3D
diff -Nru -w openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_slh_dsa_sigver.txt openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_slh_dsa_sigver.txt
--- openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_slh_dsa_sigver.txt 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_slh_dsa_sigver.txt 2025-07-01 13:52:08.000000000 +0200
@@ -6,7 +6,7 @@
# https://www.openssl.org/source/license.html
# ACVP test data for SLH-DSA sigVer generated from
-# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/SLH-DSA-sigVer-FIPS204/internalProjection.json
+# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/SLH-DSA-sigVer-FIPS205/internalProjection.json
# [version 53]
PublicKeyRaw = SLH_DSA_SHA2_128f_1:SLH-DSA-SHA2-128f:68669488582C94B7A609C9AB7EA5E15319A4F53DF851840326BE7E7BDD5B70CE
diff -Nru -w openssl-3.5.0/test/recipes/30-test_pairwise_fail.t openssl-3.5.1/test/recipes/30-test_pairwise_fail.t
--- openssl-3.5.0/test/recipes/30-test_pairwise_fail.t 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/30-test_pairwise_fail.t 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -22,7 +22,7 @@
plan skip_all => "These tests are unsupported in a non fips build"
if disabled("fips");
-plan tests => 6;
+plan tests => 9;
my $provconf = srctop_file("test", "fips-and-base.cnf");
run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]),
@@ -77,3 +77,45 @@
"-pairwise", "eddsa"])),
"fips provider eddsa keygen pairwise failure test");
}
+
+SKIP: {
+ skip "Skip ML-DSA test because of no ml-dsa in this build", 1
+ if disabled("ml-dsa");
+
+ run(test(["fips_version_test", "-config", $provconf, ">=3.5.0"]),
+ capture => 1, statusvar => \my $exit);
+ skip "FIPS provider version is too old", 1
+ if !$exit;
+
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "ml-dsa"])),
+ "fips provider ml-dsa keygen pairwise failure test");
+}
+
+SKIP: {
+ skip "Skip SLH-DSA test because of no slh-dsa in this build", 1
+ if disabled("slh-dsa");
+
+ run(test(["fips_version_test", "-config", $provconf, ">=3.5.0"]),
+ capture => 1, statusvar => \my $exit);
+ skip "FIPS provider version is too old", 1
+ if !$exit;
+
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "slh-dsa"])),
+ "fips provider slh-dsa keygen pairwise failure test");
+}
+
+SKIP: {
+ skip "Skip ML-KEM test because of no ml-kem in this build", 1
+ if disabled("ml-kem");
+
+ run(test(["fips_version_test", "-config", $provconf, ">=3.5.0"]),
+ capture => 1, statusvar => \my $exit);
+ skip "FIPS provider version is too old", 1
+ if !$exit;
+
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "ml-kem"])),
+ "fips provider ml-kem keygen pairwise failure test");
+}
diff -Nru -w openssl-3.5.0/test/recipes/70-test_sslkeylogfile.t openssl-3.5.1/test/recipes/70-test_sslkeylogfile.t
--- openssl-3.5.0/test/recipes/70-test_sslkeylogfile.t 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/70-test_sslkeylogfile.t 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -19,7 +19,12 @@
plan skip_all => "$test_name requires SSLKEYLOGFILE support"
if disabled("sslkeylog");
-plan tests => 1;
+my $tests = 1;
+if ($^O =~ /^(linux)$/) {
+ $tests = 2;
+}
+
+plan tests => $tests;
my $shlib_wrap = srctop_file("util", "wrap.pl");
@@ -75,3 +80,9 @@
# Test 1: Compare the output of -keylogfile and SSLKEYLOGFILE, and make sure they match
# Note, the former adds a comment, that the latter does not, so ignore comments with -I in diff
ok(run(cmd(["diff", "-I" ,"^#.*\$", $sslkeylogfile, $trace_file])));
+
+# Test 2, linux-specific: the keylog file should have permission 0600
+if ($^O =~ /^(linux)$/) {
+ my $mode = sprintf("%04o", (stat($sslkeylogfile))[2] & 07777);
+ ok($mode eq "0600");
+}
diff -Nru -w openssl-3.5.0/test/recipes/70-test_sslrecords.t openssl-3.5.1/test/recipes/70-test_sslrecords.t
--- openssl-3.5.0/test/recipes/70-test_sslrecords.t 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/70-test_sslrecords.t 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -33,17 +33,17 @@
my $sslv2testtype = undef;
my $proxy_start_success = 0;
-plan tests => 42;
+plan tests => 44;
SKIP: {
- skip "TLS 1.2 is disabled", 21 if disabled("tls1_2");
+ skip "TLS 1.2 is disabled", 22 if disabled("tls1_2");
# Run tests with TLS
run_tests(0);
}
SKIP: {
- skip "DTLS 1.2 is disabled", 21 if disabled("dtls1_2");
- skip "DTLSProxy does not work on Windows", 21 if $^O =~ /^(MSWin32)$/;
+ skip "DTLS 1.2 is disabled", 22 if disabled("dtls1_2");
+ skip "DTLSProxy does not work on Windows", 22 if $^O =~ /^(MSWin32)$/;
run_tests(1);
}
@@ -336,8 +336,17 @@
}
}
}
-}
+ SKIP: {
+ skip "DTLS only record tests", 1 if $run_test_as_dtls != 1;
+ #Test 22: We should ignore empty app data records
+ $proxy->clear();
+ $proxy->filter(\&empty_app_data);
+ $proxy->start();
+ ok(TLSProxy::Message->success(), "Empty app data in DTLS");
+
+ }
+}
sub add_empty_recs_filter
{
@@ -864,3 +873,41 @@
}
}
+
+sub empty_app_data
+{
+ my $proxy = shift;
+
+ # We're only interested in the client's Certificate..Finished flight
+ if ($proxy->flight != 4) {
+ return;
+ }
+
+ my $data = pack "C52",
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, #IV
+ 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f,
+ 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, 0x0f, #One block of empty padded data
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13; #MAC, assume to be 20 bytes
+
+ # Add a zero length app data record at the end
+ # This will have the same sequence number as the subsequent app data record
+ # that s_client will send - which will cause that second record to be
+ # dropped. But that isn't important for this test.
+ my $record = TLSProxy::Record->new_dtls(
+ 4,
+ TLSProxy::Record::RT_APPLICATION_DATA,
+ TLSProxy::Record::VERS_DTLS_1_2,
+ 1,
+ 1,
+ length($data),
+ 0,
+ length($data),
+ 0,
+ $data,
+ ""
+ );
+ push @{$proxy->record_list}, $record;
+}
diff -Nru -w openssl-3.5.0/test/recipes/70-test_tls13downgrade.t openssl-3.5.1/test/recipes/70-test_tls13downgrade.t
--- openssl-3.5.0/test/recipes/70-test_tls13downgrade.t 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/70-test_tls13downgrade.t 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -24,9 +24,8 @@
if disabled("sock");
plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled"
- if disabled("tls1_3")
- || (disabled("ec") && disabled("dh"))
- || disabled("tls1_2");
+ if disabled("tls1_3") || disabled("tls1_2")
+ || (disabled("ec") && disabled("dh"));
my $proxy = TLSProxy::Proxy->new(
undef,
@@ -39,89 +38,150 @@
DOWNGRADE_TO_TLS_1_2 => 0,
DOWNGRADE_TO_TLS_1_1 => 1,
FALLBACK_FROM_TLS_1_3 => 2,
+ DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL => 3,
+ DOWNGRADE_TO_TLS_1_1_WITH_TLS_1_2_SIGNAL => 4,
};
#Test 1: Downgrade from TLSv1.3 to TLSv1.2
$proxy->filter(\&downgrade_filter);
my $testtype = DOWNGRADE_TO_TLS_1_2;
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 6;
-ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.2");
+plan tests => 8;
+ok(is_illegal_parameter_client_alert(), "Downgrade TLSv1.3 to TLSv1.2");
-#Test 2: Downgrade from TLSv1.3 to TLSv1.1
+#Test 2: Downgrade from TLSv1.3 to TLSv1.2 (server sends TLSv1.1 signal)
$proxy->clear();
-$testtype = DOWNGRADE_TO_TLS_1_1;
-$proxy->start();
-ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.1");
-
-#Test 3: Downgrade from TLSv1.2 to TLSv1.1
-$proxy->clear();
-$proxy->clientflags("-no_tls1_3");
-$proxy->serverflags("-no_tls1_3");
+$testtype = DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL;
$proxy->start();
-ok(TLSProxy::Message->fail(), "Downgrade TLSv1.2 to TLSv1.1");
+ok(is_illegal_parameter_client_alert(),
+ "Downgrade from TLSv1.3 to TLSv1.2 (server sends TLSv1.1 signal)");
-#Test 4: Client falls back from TLSv1.3 (server does not support the fallback
+#Test 3: Client falls back from TLSv1.3 (server does not support the fallback
# SCSV)
$proxy->clear();
$testtype = FALLBACK_FROM_TLS_1_3;
$proxy->clientflags("-fallback_scsv -no_tls1_3");
$proxy->start();
-my $alert = TLSProxy::Message->alert();
-ok(TLSProxy::Message->fail()
- && !$alert->server()
- && $alert->description() == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER,
- "Fallback from TLSv1.3");
+ok(is_illegal_parameter_client_alert(), "Fallback from TLSv1.3");
SKIP: {
- skip "TLSv1.1 disabled", 2 if disabled("tls1_1");
- #Test 5: A client side protocol "hole" should not be detected as a downgrade
+ skip "TLSv1.1 disabled", 5 if disabled("tls1_1");
+
+ my $client_flags = "-min_protocol TLSv1.1 -cipher DEFAULT:\@SECLEVEL=0";
+ my $server_flags = "-min_protocol TLSv1.1";
+ my $ciphers = "AES128-SHA:\@SECLEVEL=0";
+
+ #Test 4: Downgrade from TLSv1.3 to TLSv1.1
+ $proxy->clear();
+ $testtype = DOWNGRADE_TO_TLS_1_1;
+ $proxy->clientflags($client_flags);
+ $proxy->serverflags($server_flags);
+ $proxy->ciphers($ciphers);
+ $proxy->start();
+ ok(is_illegal_parameter_client_alert(), "Downgrade TLSv1.3 to TLSv1.1");
+
+ #Test 5: Downgrade from TLSv1.3 to TLSv1.1 (server sends TLSv1.2 signal)
+ $proxy->clear();
+ $testtype = DOWNGRADE_TO_TLS_1_1_WITH_TLS_1_2_SIGNAL;
+ $proxy->clientflags($client_flags);
+ $proxy->serverflags($server_flags);
+ $proxy->ciphers($ciphers);
+ $proxy->start();
+ ok(is_illegal_parameter_client_alert(),
+ "Downgrade TLSv1.3 to TLSv1.1 (server sends TLSv1.2 signal)");
+
+ #Test 6: Downgrade from TLSv1.2 to TLSv1.1
+ $proxy->clear();
+ $testtype = DOWNGRADE_TO_TLS_1_1;
+ $proxy->clientflags($client_flags." -max_protocol TLSv1.2");
+ $proxy->serverflags($server_flags." -max_protocol TLSv1.2");
+ $proxy->ciphers($ciphers);
+ $proxy->start();
+ ok(is_illegal_parameter_client_alert(), "Downgrade TLSv1.2 to TLSv1.1");
+
+ #Test 7: A client side protocol "hole" should not be detected as a downgrade
$proxy->clear();
$proxy->filter(undef);
- $proxy->clientflags("-no_tls1_2");
- $proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
+ $proxy->clientflags($client_flags." -no_tls1_2");
+ $proxy->serverflags($server_flags);
+ $proxy->ciphers($ciphers);
$proxy->start();
ok(TLSProxy::Message->success(), "TLSv1.2 client-side protocol hole");
- #Test 6: A server side protocol "hole" should not be detected as a downgrade
+ #Test 8: A server side protocol "hole" should not be detected as a downgrade
$proxy->clear();
$proxy->filter(undef);
- $proxy->serverflags("-no_tls1_2");
+ $proxy->clientflags($client_flags);
+ $proxy->serverflags($server_flags." -no_tls1_2");
+ $proxy->ciphers($ciphers);
$proxy->start();
ok(TLSProxy::Message->success(), "TLSv1.2 server-side protocol hole");
}
+# Validate that the exchange fails with an illegal parameter alert from
+# the client
+sub is_illegal_parameter_client_alert
+{
+ return 0 unless TLSProxy::Message->fail();
+ my $alert = TLSProxy::Message->alert();
+ return 1 if !$alert->server()
+ && $alert->description()
+ == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER;
+ return 0;
+}
+
sub downgrade_filter
{
my $proxy = shift;
- # We're only interested in the initial ClientHello
- if ($proxy->flight != 0) {
+ # We're only interested in the initial ClientHello and ServerHello
+ if ($proxy->flight > 1) {
return;
}
- my $message = ${$proxy->message_list}[0];
+ my $message = ${$proxy->message_list}[$proxy->flight];
+
+ # ServerHello
+ if ($proxy->flight == 1 && defined($message)) {
+ # Update the last byte of the downgrade signal
+ if ($testtype == DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL) {
+ $message->random(substr($message->random, 0, 31) . "\0");
+ $message->repack();
+ } elsif ($testtype == DOWNGRADE_TO_TLS_1_1_WITH_TLS_1_2_SIGNAL) {
+ $message->random(substr($message->random, 0, 31) . "\1");
+ $message->repack();
+ }
+
+ return;
+ }
+ # ClientHello
+ if ($proxy->flight == 0) {
my $ext;
if ($testtype == FALLBACK_FROM_TLS_1_3) {
#The default ciphersuite we use for TLSv1.2 without any SCSV
my @ciphersuites = (TLSProxy::Message::CIPHER_RSA_WITH_AES_128_CBC_SHA);
$message->ciphersuite_len(2 * scalar @ciphersuites);
$message->ciphersuites(\@ciphersuites);
- } else {
- if ($testtype == DOWNGRADE_TO_TLS_1_2) {
+ }
+ else {
+ if ($testtype == DOWNGRADE_TO_TLS_1_2
+ || $testtype == DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL) {
$ext = pack "C3",
0x02, # Length
0x03, 0x03; #TLSv1.2
- } else {
+ }
+ else {
$ext = pack "C3",
0x02, # Length
0x03, 0x02; #TLSv1.1
}
- $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext);
+ $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ $ext);
}
$message->repack();
}
+}
diff -Nru -w openssl-3.5.0/test/recipes/80-test_ca.t openssl-3.5.1/test/recipes/80-test_ca.t
--- openssl-3.5.0/test/recipes/80-test_ca.t 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/recipes/80-test_ca.t 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -21,9 +21,7 @@
$ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1);
my $cnf = srctop_file("test","ca-and-certs.cnf");
-my $std_openssl_cnf = '"'
- . srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf")
- . '"';
+my $std_openssl_cnf = srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf");
sub src_file {
return srctop_file("test", "certs", shift);
@@ -40,14 +38,14 @@
$ENV{OPENSSL_CONFIG} = qq(-config "$cnf");
skip "failed creating CA structure", 4
if !ok(run(perlapp(["CA.pl","-newca",
- "-extra-req", "-key $cakey"], stdin => undef)),
+ "-extra-req", qq{-key "$cakey"}], stdin => undef)),
'creating CA structure');
my $eekey = src_file("ee-key.pem");
$ENV{OPENSSL_CONFIG} = qq(-config "$cnf");
skip "failed creating new certificate request", 3
if !ok(run(perlapp(["CA.pl","-newreq",
- '-extra-req', "-outform DER -section userreq -key $eekey"])),
+ '-extra-req', qq{-outform DER -section userreq -key "$eekey"}])),
'creating certificate request');
$ENV{OPENSSL_CONFIG} = qq(-rand_serial -inform DER -config "$std_openssl_cnf");
skip "failed to sign certificate request", 2
@@ -62,7 +60,8 @@
my $eekey2 = src_file("ee-key-3072.pem");
$ENV{OPENSSL_CONFIG} = qq(-config "$cnf");
- ok(run(perlapp(["CA.pl", "-precert", '-extra-req', "-section userreq -key $eekey2"], stderr => undef)),
+ ok(run(perlapp(["CA.pl", "-precert",
+ '-extra-req', qq{-section userreq -key "$eekey2"}], stderr => undef)),
'creating new pre-certificate');
}
diff -Nru -w openssl-3.5.0/test/sslapitest.c openssl-3.5.1/test/sslapitest.c
--- openssl-3.5.0/test/sslapitest.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/sslapitest.c 2025-07-01 13:52:08.000000000 +0200
@@ -7315,18 +7315,6 @@
} else {
SSL_set_accept_state(serverssl);
}
- /*
- * A peculiarity of SSL_clear() is that it does not clear the session.
- * This is intended behaviour so that a client can create a new
- * connection and reuse the session. But this doesn't make much sense
- * on the server side - and causes incorrect behaviour due to the
- * handshake failing (even though the documentation does say SSL_clear()
- * is supposed to work on the server side). We clear the session
- * explicitly - although note that the documentation for
- * SSL_set_session() says that its only useful for clients!
- */
- if (!TEST_true(SSL_set_session(serverssl, NULL)))
- goto end;
SSL_free(clientssl);
clientssl = NULL;
} else {
@@ -12599,6 +12587,7 @@
int alert;
int err;
int forcefail;
+ int sm_count;
};
static int clientquicdata = 0xff, serverquicdata = 0xfe;
@@ -12686,6 +12675,94 @@
return 1;
}
+struct secret_yield_entry {
+ uint8_t recorded;
+ int prot_level;
+ int direction;
+ int sm_generation;
+ SSL *ssl;
+};
+
+static struct secret_yield_entry secret_history[16];
+static int secret_history_idx = 0;
+/*
+ * Note, this enum needs to match the direction values passed
+ * to yield_secret_cb
+ */
+typedef enum {
+ LAST_DIR_READ = 0,
+ LAST_DIR_WRITE = 1,
+ LAST_DIR_UNSET = 2
+} last_dir_history_state;
+
+static int check_secret_history(SSL *s)
+{
+ int i;
+ int ret = 0;
+ last_dir_history_state last_state = LAST_DIR_UNSET;
+ int last_prot_level = 0;
+ int last_generation = 0;
+
+ TEST_info("Checking history for %p\n", (void *)s);
+ for (i = 0; secret_history[i].recorded == 1; i++) {
+ if (secret_history[i].ssl != s)
+ continue;
+ TEST_info("Got %s(%d) secret for level %d, last level %d, last state %d, gen %d\n",
+ secret_history[i].direction == 1 ? "Write" : "Read", secret_history[i].direction,
+ secret_history[i].prot_level, last_prot_level, last_state,
+ secret_history[i].sm_generation);
+
+ if (last_state == LAST_DIR_UNSET) {
+ last_prot_level = secret_history[i].prot_level;
+ last_state = secret_history[i].direction;
+ last_generation = secret_history[i].sm_generation;
+ continue;
+ }
+
+ switch(secret_history[i].direction) {
+ case 1:
+ /*
+ * write case
+ * NOTE: There is an odd corner case here. It may occur that
+ * in a single iteration of the state machine, the read key is yielded
+ * prior to the write key for the same level. This is undesireable
+ * for quic, but it is ok, as the general implementation of every 3rd
+ * party quic stack while prefering write keys before read, allows
+ * for read before write if both keys are yielded in the same call
+ * to SSL_do_handshake, as the tls adaptation code for that quic stack
+ * can then cache keys until both are available, so we allow read before
+ * write here iff they occur in the same iteration of SSL_do_handshake
+ * as represented by the recorded sm_generation value.
+ */
+ if (last_prot_level == secret_history[i].prot_level
+ && last_state == LAST_DIR_READ) {
+ if (last_generation == secret_history[i].sm_generation) {
+ TEST_info("Read before write key in same SSL state machine iteration is ok");
+ } else {
+ TEST_error("Got read key before write key");
+ goto end;
+ }
+ }
+ /* FALLTHROUGH */
+ case 0:
+ /*
+ * Read case
+ */
+ break;
+ default:
+ TEST_error("Unknown direction");
+ goto end;
+ }
+ last_prot_level = secret_history[i].prot_level;
+ last_state = secret_history[i].direction;
+ last_generation = secret_history[i].sm_generation;
+ }
+
+ ret = 1;
+end:
+ return ret;
+}
+
static int yield_secret_cb(SSL *s, uint32_t prot_level, int direction,
const unsigned char *secret, size_t secret_len,
void *arg)
@@ -12720,12 +12797,34 @@
goto err;
}
+ secret_history[secret_history_idx].direction = direction;
+ secret_history[secret_history_idx].prot_level = (int)prot_level;
+ secret_history[secret_history_idx].recorded = 1;
+ secret_history[secret_history_idx].ssl = s;
+ secret_history[secret_history_idx].sm_generation = data->sm_count;
+ secret_history_idx++;
return 1;
err:
data->err = 1;
return 0;
}
+static int yield_secret_cb_fail(SSL *s, uint32_t prot_level, int direction,
+ const unsigned char *secret, size_t secret_len,
+ void *arg)
+{
+ (void)s;
+ (void)prot_level;
+ (void)direction;
+ (void)secret;
+ (void)secret_len;
+ (void)arg;
+ /*
+ * This callback is to test double free in quic tls
+ */
+ return 0;
+}
+
static int got_transport_params_cb(SSL *s, const unsigned char *params,
size_t params_len,
void *arg)
@@ -12766,13 +12865,15 @@
* Test 0: Normal run
* Test 1: Force a failure
* Test 3: Use a CCM based ciphersuite
+ * Test 4: fail yield_secret_cb to see double free
+ * Test 5: Normal run with SNI
*/
static int test_quic_tls(int idx)
{
- SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL_CTX *sctx = NULL, *sctx2 = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
- const OSSL_DISPATCH qtdis[] = {
+ OSSL_DISPATCH qtdis[] = {
{OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND, (void (*)(void))crypto_send_cb},
{OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD,
(void (*)(void))crypto_recv_rcd_cb},
@@ -12794,6 +12895,12 @@
};
int i;
+ if (idx == 4)
+ qtdis[3].function = (void (*)(void))yield_secret_cb_fail;
+
+ snicb = 0;
+ memset(secret_history, 0, sizeof(secret_history));
+ secret_history_idx = 0;
memset(&sdata, 0, sizeof(sdata));
memset(&cdata, 0, sizeof(cdata));
sdata.peer = &cdata;
@@ -12806,6 +12913,18 @@
&sctx, &cctx, cert, privkey)))
goto end;
+ if (idx == 5) {
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), NULL,
+ TLS1_3_VERSION, 0,
+ &sctx2, NULL, cert, privkey)))
+ goto end;
+
+ /* Set up SNI */
+ if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
+ || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
+ goto end;
+ }
+
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
NULL)))
goto end;
@@ -12832,18 +12951,26 @@
sizeof(sparams))))
goto end;
- if (idx != 1) {
- if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ if (idx != 1 && idx != 4) {
+ if (!TEST_true(create_ssl_connection_ex(serverssl, clientssl, SSL_ERROR_NONE,
+ &cdata.sm_count, &sdata.sm_count)))
goto end;
} else {
/* We expect this connection to fail */
- if (!TEST_false(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ if (!TEST_false(create_ssl_connection_ex(serverssl, clientssl, SSL_ERROR_NONE,
+ &cdata.sm_count, &sdata.sm_count)))
goto end;
testresult = 1;
sdata.err = 0;
goto end;
}
+ /* We should have had the SNI callback called exactly once */
+ if (idx == 5) {
+ if (!TEST_int_eq(snicb, 1))
+ goto end;
+ }
+
/* Check no problems during the handshake */
if (!TEST_false(sdata.alert)
|| !TEST_false(cdata.alert)
@@ -12860,6 +12987,14 @@
goto end;
}
+ /*
+ * Check that our secret history yields write secrets before read secrets
+ */
+ if (!TEST_int_eq(check_secret_history(serverssl), 1))
+ goto end;
+ if (!TEST_int_eq(check_secret_history(clientssl), 1))
+ goto end;
+
/* Check the transport params */
if (!TEST_mem_eq(sdata.params, sdata.params_len, cparams, sizeof(cparams))
|| !TEST_mem_eq(cdata.params, cdata.params_len, sparams,
@@ -12877,6 +13012,7 @@
end:
SSL_free(serverssl);
SSL_free(clientssl);
+ SSL_CTX_free(sctx2);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
@@ -12924,6 +13060,8 @@
};
int i;
+ memset(secret_history, 0, sizeof(secret_history));
+ secret_history_idx = 0;
memset(&sdata, 0, sizeof(sdata));
memset(&cdata, 0, sizeof(cdata));
sdata.peer = &cdata;
@@ -12973,6 +13111,12 @@
sizeof(sparams))))
goto end;
+ /*
+ * Reset our secret history so we get the record of the second connection
+ */
+ memset(secret_history, 0, sizeof(secret_history));
+ secret_history_idx = 0;
+
SSL_set_quic_tls_early_data_enabled(serverssl, 1);
SSL_set_quic_tls_early_data_enabled(clientssl, 1);
@@ -12993,7 +13137,10 @@
|| !TEST_true(cdata.wenc_level == OSSL_RECORD_PROTECTION_LEVEL_EARLY))
goto end;
- if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ sdata.sm_count = 0;
+ cdata.sm_count = 0;
+ if (!TEST_true(create_ssl_connection_ex(serverssl, clientssl, SSL_ERROR_NONE,
+ &cdata.sm_count, &sdata.sm_count)))
goto end;
/* Check no problems during the handshake */
@@ -13012,6 +13159,11 @@
goto end;
}
+ if (!TEST_int_eq(check_secret_history(serverssl), 1))
+ goto end;
+ if (!TEST_int_eq(check_secret_history(clientssl), 1))
+ goto end;
+
/* Check the transport params */
if (!TEST_mem_eq(sdata.params, sdata.params_len, cparams, sizeof(cparams))
|| !TEST_mem_eq(cdata.params, cdata.params_len, sparams,
@@ -13044,6 +13196,79 @@
}
#endif /* !defined(OSSL_NO_USABLE_TLS1_3) */
+static int test_no_renegotiation(int idx)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ int testresult = 0, ret;
+ int max_proto;
+ const SSL_METHOD *sm, *cm;
+ unsigned char buf[5];
+
+ if (idx == 0) {
+#ifndef OPENSSL_NO_TLS1_2
+ max_proto = TLS1_2_VERSION;
+ sm = TLS_server_method();
+ cm = TLS_client_method();
+#else
+ return TEST_skip("TLSv1.2 is disabled in this build");
+#endif
+ } else {
+#ifndef OPENSSL_NO_DTLS1_2
+ max_proto = DTLS1_2_VERSION;
+ sm = DTLS_server_method();
+ cm = DTLS_client_method();
+#else
+ return TEST_skip("DTLSv1.2 is disabled in this build");
+#endif
+ }
+ if (!TEST_true(create_ssl_ctx_pair(libctx, sm, cm, 0, max_proto,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ SSL_CTX_set_options(sctx, SSL_OP_NO_RENEGOTIATION);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_true(SSL_renegotiate(clientssl))
+ || !TEST_int_le(ret = SSL_connect(clientssl), 0)
+ || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
+ goto end;
+
+ /*
+ * We've not sent any application data, so we expect this to fail. It should
+ * also read the renegotiation attempt, and send back a no_renegotiation
+ * warning alert because we have renegotiation disabled.
+ */
+ if (!TEST_int_le(ret = SSL_read(serverssl, buf, sizeof(buf)), 0))
+ goto end;
+ if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_WANT_READ))
+ goto end;
+
+ /*
+ * The client should now see the no_renegotiation warning and fail the
+ * connection
+ */
+ if (!TEST_int_le(ret = SSL_connect(clientssl), 0)
+ || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_SSL)
+ || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_RENEGOTIATION))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
int setup_tests(void)
@@ -13369,9 +13594,10 @@
#endif
ADD_ALL_TESTS(test_alpn, 4);
#if !defined(OSSL_NO_USABLE_TLS1_3)
- ADD_ALL_TESTS(test_quic_tls, 3);
+ ADD_ALL_TESTS(test_quic_tls, 6);
ADD_TEST(test_quic_tls_early_data);
#endif
+ ADD_ALL_TESTS(test_no_renegotiation, 2);
return 1;
err:
diff -Nru -w openssl-3.5.0/test/testutil/testutil_init.c openssl-3.5.1/test/testutil/testutil_init.c
--- openssl-3.5.0/test/testutil/testutil_init.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/testutil/testutil_init.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -92,6 +92,7 @@
"warning: unable to setup trace callback for category '%s'.\n",
OSSL_trace_get_category_name(category));
+ OPENSSL_free(trace_data);
OSSL_trace_set_callback(category, NULL, NULL);
BIO_free_all(channel);
}
diff -Nru -w openssl-3.5.0/test/threadstest.c openssl-3.5.1/test/threadstest.c
--- openssl-3.5.0/test/threadstest.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/test/threadstest.c 2025-07-01 13:52:08.000000000 +0200
@@ -590,6 +590,29 @@
return 1;
}
+/*
+ * Basic test to ensure that we can repeatedly create and
+ * destroy local keys without leaking anything
+ */
+static int test_thread_local_multi_key(void)
+{
+ int dummy;
+ int i;
+
+ for (i = 0; i < 1000; i++) {
+ if (!TEST_true(CRYPTO_THREAD_init_local(&thread_local_key,
+ thread_local_destructor)))
+ return 0;
+
+ if (!TEST_true(CRYPTO_THREAD_set_local(&thread_local_key, &dummy)))
+ return 0;
+
+ if (!TEST_true(CRYPTO_THREAD_cleanup_local(&thread_local_key)))
+ return 0;
+ }
+ return 1;
+}
+
static int test_atomic(void)
{
int val = 0, ret = 0, testresult = 0;
@@ -1339,6 +1362,7 @@
#endif
ADD_TEST(test_once);
ADD_TEST(test_thread_local);
+ ADD_TEST(test_thread_local_multi_key);
ADD_TEST(test_atomic);
ADD_TEST(test_multi_load);
ADD_TEST(test_multi_general_worker_default_provider);
diff -Nru -w openssl-3.5.0/tools/c_rehash.in openssl-3.5.1/tools/c_rehash.in
--- openssl-3.5.0/tools/c_rehash.in 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/tools/c_rehash.in 2025-07-01 13:52:08.000000000 +0200
@@ -1,7 +1,7 @@
#!{- $config{HASHBANGPERL} -}
{- use OpenSSL::Util; -}
# {- join("\n# ", @autowarntext) -}
-# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -63,10 +63,10 @@
my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
-if (! -x $openssl) {
+if (!(-f $openssl && -x $openssl)) {
my $found = 0;
foreach (split /$path_delim/, $ENV{PATH}) {
- if (-x "$_/$openssl") {
+ if (-f "$_/$openssl" && -x "$_/$openssl") {
$found = 1;
$openssl = "$_/$openssl";
last;
@@ -88,7 +88,7 @@
if (-d $dirlist[0]) {
chdir $dirlist[0];
- $openssl="$pwd/$openssl" if (!-x $openssl);
+ $openssl="$pwd/$openssl" if (!(-f $openssl && -x $openssl));
chdir $pwd;
}
diff -Nru -w openssl-3.5.0/util/check-format.pl openssl-3.5.1/util/check-format.pl
--- openssl-3.5.0/util/check-format.pl 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/util/check-format.pl 2025-07-01 13:52:08.000000000 +0200
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
#
-# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
# Copyright Siemens AG 2019-2022
#
# Licensed under the Apache License 2.0 (the "License").
@@ -62,7 +62,8 @@
# except within if ... else constructs where some branch contains more than one
# statement. Since the exception is hard to recognize when such branches occur
# after the current position (such that false positives would be reported)
-# the tool by checks for this rule by default only for do/while/for bodies.
+# the tool checks for this rule by default only for do/while/for bodies
+# and for 'if' without 'else'.
# Yet with the --1-stmt option false positives are preferred over negatives.
# False negatives occur if the braces are more than two non-blank lines apart.
#
@@ -168,9 +169,9 @@
my $line_body_start; # number of line where last function body started, or 0
my $line_function_start; # number of line where last function definition started, used for $line_body_start
my $last_function_header; # header containing name of last function defined, used if $line_body_start != 0
-my $line_opening_brace; # number of previous line with opening brace after if/do/while/for, optionally for 'else'
+my $line_opening_brace; # number of previous line with opening brace after if/do/while/for, partly for 'else/else if' - used for detection of { 1 stmt }
-my $keyword_opening_brace; # name of previous keyword, used if $line_opening_brace != 0
+my $keyword_opening_brace; # name of keyword (or combination 'else if') just before '{', used if $line_opening_brace != 0
my $block_indent; # currently required normal indentation at block/statement level
my $hanging_offset; # extra indent, which may be nested, for just one hanging statement or expr or typedef
my @in_do_hanging_offsets; # stack of hanging offsets for nested 'do' ... 'while'
@@ -465,7 +466,9 @@
push @nested_block_indents, $block_indent;
push @nested_hanging_offsets, $in_expr ? $hanging_offset : 0;
push @nested_in_typedecl, $in_typedecl if $in_typedecl != 0;
- $block_indent += INDENT_LEVEL + $hanging_offset;
+ my $indent_inc = INDENT_LEVEL;
+ $indent_inc = 0 if (m/^[\s@]*(case|default)\W.*\{[\s@]*$/); # leading 'case' or 'default' and trailing '{'
+ $block_indent += $indent_inc + $hanging_offset;
$hanging_offset = 0;
}
if ($c ne "{" || $in_stmt) { # for '{' inside stmt/expr (not: decl), for '(', '[', or '?' anywhere
@@ -830,7 +833,8 @@
report("space after function/macro name")
if $intra_line =~ m/(\w+)\s+\(/ # fn/macro name with space before '('
&& !($1 =~ m/^(sizeof|if|else|while|do|for|switch|case|default|break|continue|goto|return|void|char|signed|unsigned|int|short|long|float|double|typedef|enum|struct|union|auto|extern|static|const|volatile|register)$/) # not keyword
- && !(m/^\s*#\s*define\s+\w+\s+\(/); # not a macro without parameters having a body that starts with '('
+ && !(m/^\s*#\s*define\s+\w+\s+\(/) # not a macro without parameters having a body that starts with '('
+ && !(m/^\s*typedef\W/); # not a typedef
report("missing space before '{'") if $intra_line =~ m/[^\s{(\[]\{/; # '{' without preceding space or {([
report("missing space after '}'") if $intra_line =~ m/\}[^\s,;\])}]/; # '}' without following space or ,;])}
}
@@ -911,8 +915,9 @@
}
if (m/^[\s@]*(case|default)(\W.*$|$)/) { # leading 'case' or 'default'
- my $keyword = $1;
- report("code after $keyword: ") if $2 =~ /:.*[^\s@].*$/;
+ my ($keyword, $rest) = ($1, $2);
+ report("code after $keyword: ") if $rest =~ /:.*[^\s@]/ && !
+ ($rest =~ /:[\s@]*\{[\s@]*$/); # after, ':', trailing '{';
$local_offset = -INDENT_LEVEL;
} else {
if (m/^([\s@]*)(\w+):/) { # (leading) label, cannot be "default"
@@ -978,7 +983,7 @@
my $next_word = $1;
if ($line_opening_brace > 0 &&
($keyword_opening_brace ne "if" ||
- $extended_1_stmt || $next_word ne "else") &&
+ $extended_1_stmt || $next_word ne "else") && # --1-stmt or 'if' without 'else'
($line_opening_brace == $line_before2 ||
$line_opening_brace == $line_before)
&& $contents_before =~ m/;/) { # there is at least one terminator ';', so there is some stmt
@@ -1016,8 +1021,9 @@
}
if ($paren_expr_start || $return_enum_start || $assignment_start)
{
- my ($head, $mid, $tail) = ($1, $3, $4);
+ my ($head, $pre, $mid, $tail) = ($1, $2, $3, $4);
$keyword_opening_brace = $mid if $mid ne "=";
+ $keyword_opening_brace = "else if" if $pre =~ m/(^|\W)else[\s@]+$/ && $mid eq "if" && !$extended_1_stmt; # prevent reporting "{ 1 stmt }" on "else if" unless --1-stmt
# to cope with multi-line expressions, do this also if !($tail =~ m/\{/)
push @in_if_hanging_offsets, $hanging_offset if $mid eq "if";
@@ -1135,10 +1141,10 @@
report("'{' not at line start") if length($head) != $preproc_offset && $head =~ m/\)\s*/; # at end of function definition header
$line_body_start = $contents =~ m/LONG BODY/ ? 0 : $line if $line_function_start != 0;
}
- } else {
- $line_opening_brace = $line if $keyword_opening_brace =~ m/if|do|while|for|(OSSL_)?LIST_FOREACH(_\w+)?/;
+ } else { # prepare detection of { 1 stmt }
+ $line_opening_brace = $line if $keyword_opening_brace =~ m/^(if|do|while|for|(OSSL_)?LIST_FOREACH(_\w+)?)$/;
# using, not assigning, $keyword_opening_brace here because it could be on an earlier line
- $line_opening_brace = $line if $keyword_opening_brace eq "else" && $extended_1_stmt &&
+ $line_opening_brace = $line if $keyword_opening_brace =~ m/else|else if/ && $extended_1_stmt &&
# TODO prevent false positives for if/else where braces around single-statement branches
# should be avoided but only if all branches have just single statements
# The following helps detecting the exception when handling multiple 'if ... else' branches:
diff -Nru -w openssl-3.5.0/util/check-format-test-negatives.c openssl-3.5.1/util/check-format-test-negatives.c
--- openssl-3.5.0/util/check-format-test-negatives.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/util/check-format-test-negatives.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2015-2022
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -10,7 +10,7 @@
/*
* A collection of test cases where check-format.pl should not report issues.
- * There are some known false positives, though, which are marked below.
+ * There are some known false positives, though, which are marked below using /*@
*/
#include <errno.h> /* should not report whitespace nits within <...> */
@@ -161,6 +161,13 @@
while (1);
while (2);
+ if (pcrl != NULL) {
+ 1;
+ 2;
+ } else if (pcrls != NULL) {
+ 1;
+ }
+
if (1)
f(a, b);
do
@@ -236,6 +243,9 @@
return 0;
}
break;
+ case 1: {
+ ;
+ }
default:
/* This should be dead code */
return 0;
@@ -254,7 +264,14 @@
&& expr_line3)
hanging_stmt;
}
-#define m \
+
+#define m1 \
+ if (ctx == NULL) \
+ return 0; \
+ if (ossl_param_is_empty(params)) \
+ return 1; \
+
+#define m2 \
do { /* should not be confused with function header followed by '{' */ \
} while (0)
@@ -279,6 +296,7 @@
{NULL}
};
+typedef bool (*LOG_cb_t)(int lineno, severity level, const char *msg);
typedef * d(int)
x;
typedef (int)
diff -Nru -w openssl-3.5.0/util/check-format-test-positives.c openssl-3.5.1/util/check-format-test-positives.c
--- openssl-3.5.0/util/check-format-test-positives.c 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/util/check-format-test-positives.c 2025-07-01 13:52:08.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2015-2022
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -15,12 +15,15 @@
*/
/*
- * The '@'s after '*' are used for self-tests: they mark lines containing
- * a single flaw that should be reported. Normally it should be reported
- * while handling the given line, but in case of delayed checks there is a
- * following digit indicating the number of reports expected for this line.
+ * The '@'s after leading '*' in comment lines are used for self-tests:
+ * they mark lines containing a single issue that should be reported.
+ * Normally it should be reported while handling the given line,
+ * but in case of delayed checks there is a following digit
+ * indicating the number of reports expected for this line.
*/
+/* this line is between 81 and 100 chars long, to be reported with -strict-len */
+
/* For each of the following set of lines the tool should complain once */
/*@ tab character: */
/*@ intra-line carriage return character: */
@@ -46,8 +49,7 @@
*/ /*@ multi-line comment end indent off by -1 (relative to comment start) */
*/ /*@ unexpected comment ending delimiter outside comment */
/*- '-' for formatted comment not allowed in intra-line comment */
-/*@ comment line is 4 columns tooooooooooooooooo wide, reported unless sloppy-len */
-/*@ comment line is 5 columns toooooooooooooooooooooooooooooooooooooooooooooo wide */
+/*@ comment line is toooooooooooo wide by 1 char, or by 21 chars in case strict-len option is used */
#if ~0 /*@ '#if' with constant condition */
#endif /*@ indent of preproc. directive off by 1 (must be 0) */
#define X (1 + 1) /*@0 extra space in body, reported unless sloppy-spc */
@@ -100,7 +102,7 @@
b, /*@ expr indent as on line above, accepted if sloppy-hang */
b, /*@ expr indent off -8 but @ extra indent accepted if sloppy-hang */
"again aligned" /*@ expr indent off by -9 (left of stmt indent, */ "right",
- abc == /*@ .. so reported also with sloppy-hang; this line is too long */ 456
+ abc == /*@ .. so reported also with sloppy-hang; this line is too long by 6 or 26 chars */ 456
# define MAC(A) (A) /*@ nesting indent of preprocessor directive off by 1 */
? 1 /*@ hanging expr indent off by 1 */
: 2); /*@ hanging expr indent off by 2, or 1 for leading ':' */
diff -Nru -w openssl-3.5.0/util/perl/TLSProxy/Proxy.pm openssl-3.5.1/util/perl/TLSProxy/Proxy.pm
--- openssl-3.5.0/util/perl/TLSProxy/Proxy.pm 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/util/perl/TLSProxy/Proxy.pm 2025-07-01 13:52:08.000000000 +0200
@@ -27,6 +27,7 @@
use TLSProxy::NextProto;
my $have_IPv6;
+my $useINET6;
my $IP_factory;
BEGIN
@@ -49,6 +50,7 @@
if ($@ eq "") {
$IP_factory = sub { IO::Socket::INET6->new(Domain => AF_INET6, @_); };
$have_IPv6 = 1;
+ $useINET6 = 1;
} else {
eval {
require IO::Socket::IP;
@@ -63,9 +65,11 @@
if ($@ eq "") {
$IP_factory = sub { IO::Socket::IP->new(@_); };
$have_IPv6 = 1;
+ $useINET6 = 0;
} else {
$IP_factory = sub { IO::Socket::INET->new(@_); };
$have_IPv6 = 0;
+ $useINET6 = 0;
}
}
}
@@ -93,6 +97,7 @@
sub init
{
+ require IO::Socket::IP;
my $class = shift;
my ($filter,
$execute,
@@ -100,10 +105,43 @@
$debug,
$isdtls) = @_;
+ my $test_client_port;
+
+ # Sometimes, our random selection of client ports gets unlucky
+ # And we randomly select a port thats already in use. This causes
+ # this test to fail, so lets harden ourselves against that by doing
+ # a test bind to the randomly selected port, and only continue once we
+ # find a port thats available.
+ my $test_client_addr = $have_IPv6 ? "[::1]" : "127.0.0.1";
+ my $found_port = 0;
+ for (my $i = 0; $i <= 10; $i++) {
+ $test_client_port = 49152 + int(rand(65535 - 49152));
+ my $test_sock;
+ if ($useINET6 == 0) {
+ $test_sock = IO::Socket::IP->new(LocalPort => $test_client_port,
+ LocalAddr => $test_client_addr);
+ } else {
+ $test_sock = IO::Socket::INET6->new(LocalAddr => $test_client_addr,
+ LocalPort => $test_client_port,
+ Domain => AF_INET6);
+ }
+ if ($test_sock) {
+ $found_port = 1;
+ $test_sock->close();
+ print "Found available client port ${test_client_port}\n";
+ last;
+ }
+ print "Port ${test_client_port} in use - $@\n";
+ }
+
+ if ($found_port == 0) {
+ die "Unable to find usable port for TLSProxy";
+ }
+
my $self = {
#Public read/write
- proxy_addr => $have_IPv6 ? "[::1]" : "127.0.0.1",
- client_addr => $have_IPv6 ? "[::1]" : "127.0.0.1",
+ proxy_addr => $test_client_addr,
+ client_addr => $test_client_addr,
filter => $filter,
serverflags => "",
clientflags => "",
@@ -114,7 +152,7 @@
#Public read
isdtls => $isdtls,
proxy_port => 0,
- client_port => 49152 + int(rand(65535 - 49152)),
+ client_port => $test_client_port,
server_port => 0,
serverpid => 0,
clientpid => 0,
diff -Nru -w openssl-3.5.0/util/platform_symbols/unix-symbols.txt openssl-3.5.1/util/platform_symbols/unix-symbols.txt
--- openssl-3.5.0/util/platform_symbols/unix-symbols.txt 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/util/platform_symbols/unix-symbols.txt 2025-07-01 13:52:08.000000000 +0200
@@ -145,6 +145,7 @@
strlen
strncmp
strncpy
+strpbrk
strrchr
strspn
strstr
diff -Nru -w openssl-3.5.0/util/platform_symbols/windows-symbols.txt openssl-3.5.1/util/platform_symbols/windows-symbols.txt
--- openssl-3.5.0/util/platform_symbols/windows-symbols.txt 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/util/platform_symbols/windows-symbols.txt 2025-07-01 13:52:08.000000000 +0200
@@ -86,6 +86,7 @@
__C_specific_handler
wcsstr
__current_exception_context
+strlen
strstr
strchr
memmove
@@ -125,6 +126,7 @@
strspn
strcspn
strncpy
+strpbrk
strncmp
strcmp
strcat_s
diff -Nru -w openssl-3.5.0/util/wrap.pl.in openssl-3.5.1/util/wrap.pl.in
--- openssl-3.5.0/util/wrap.pl.in 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/util/wrap.pl.in 2025-07-01 13:52:08.000000000 +0200
@@ -18,6 +18,38 @@
OpenSSL::Util->import();
}
+sub quote_cmd_win32 {
+ my $cmd = "";
+
+ foreach my $arg (@_) {
+ if ($arg =~ m{\A[\w,-./@]+\z}) {
+ $cmd .= $arg . q{ };;
+ } else {
+ $cmd .= q{"} . quote_arg_win32($arg) . q{" };
+ }
+ }
+ return substr($cmd, 0, -1);
+}
+
+sub quote_arg_win32 {
+ my ($arg) = @_;
+ my $val = "";
+
+ pos($arg) = 0;
+ while (1) {
+ return $val if (pos($arg) == length($arg));
+ if ($arg =~ m{\G((?:(?>[\\]*)[^"\\]+)+)}ogc) {
+ $val .= $1;
+ } elsif ($arg =~ m{\G"}ogc) {
+ $val .= qq{\\"};
+ } elsif ($arg =~ m{\G((?>[\\]+)(?="|\z))}ogc) {
+ $val .= qq{\\} x (2 * length($1));
+ } else {
+ die sprintf("Internal error quoting: '%s'\n", $arg);
+ }
+ }
+}
+
my $there = canonpath(catdir(dirname($0), updir()));
my $std_engines = catdir($there, 'engines');
my $std_providers = catdir($there, 'providers');
@@ -90,7 +122,12 @@
# The exec() statement on MSWin32 doesn't seem to give back the exit code
# from the call, so we resort to using system() instead.
-my $waitcode = system @cmd;
+my $waitcode;
+if ($^O eq 'MSWin32') {
+ $waitcode = system(quote_cmd_win32(@cmd));
+} else {
+ $waitcode = system @cmd;
+}
# According to documentation, -1 means that system() couldn't run the command,
# otherwise, the value is similar to the Unix wait() status value
diff -Nru -w openssl-3.5.0/VERSION.dat openssl-3.5.1/VERSION.dat
--- openssl-3.5.0/VERSION.dat 2025-04-08 15:09:06.000000000 +0200
+++ openssl-3.5.1/VERSION.dat 2025-07-01 13:52:08.000000000 +0200
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=5
-PATCH=0
+PATCH=1
PRE_RELEASE_TAG=
BUILD_METADATA=
-RELEASE_DATE="8 Apr 2025"
+RELEASE_DATE="1 Jul 2025"
SHLIB_VERSION=3
Reply to: