--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: bookworm-pu: package openssl/3.0.17-1~deb12u1
- From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
- Date: Sun, 13 Jul 2025 14:53:21 +0200
- Message-id: <20250713125321.rrleliCe@breakpoint.cc>
Package: release.debian.org
Control: affects -1 + src:openssl
X-Debbugs-Cc: openssl@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: bookworm
X-Debbugs-Cc: sebastian@breakpoint.cc
Severity: normal
This is a forthcoming update of OpenSSL for the 3.0 series which is in
Bookworm. Upstream describes this release as "Miscellaneous minor bug
fixes".
The package has an extensive testsuite. The 3.5.1 release had just an
unblock filled and was earlier in experimental and debci did not report
any fallout. Since the 3.5.1 version is in unstable I can say that all
fixes which are part of this package are also in unstable.
Please find attached a debdiff against Bookworm.
Sebastian
diff -Nru -w openssl-3.0.16/apps/CA.pl.in openssl-3.0.17/apps/CA.pl.in
--- openssl-3.0.16/apps/CA.pl.in 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/apps/CA.pl.in 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
#!{- $config{HASHBANGPERL} -}
-# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -19,14 +19,17 @@
my $openssl = $ENV{'OPENSSL'} // "openssl";
$ENV{'OPENSSL'} = $openssl;
+my @openssl = split_val($openssl);
+
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // "";
+my @OPENSSL_CONFIG = split_val($OPENSSL_CONFIG);
# Command invocations.
-my $REQ = "$openssl req $OPENSSL_CONFIG";
-my $CA = "$openssl ca $OPENSSL_CONFIG";
-my $VERIFY = "$openssl verify";
-my $X509 = "$openssl x509";
-my $PKCS12 = "$openssl pkcs12";
+my @REQ = (@openssl, "req", @OPENSSL_CONFIG);
+my @CA = (@openssl, "ca", @OPENSSL_CONFIG);
+my @VERIFY = (@openssl, "verify");
+my @X509 = (@openssl, "x509");
+my @PKCS12 = (@openssl, "pkcs12");
# Default values for various configuration settings.
my $CATOP = "./demoCA";
@@ -34,8 +37,10 @@
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
-my $DAYS = "-days 365";
-my $CADAYS = "-days 1095"; # 3 years
+my @DAYS = qw(-days 365);
+my @CADAYS = qw(-days 1095); # 3 years
+my @EXTENSIONS = qw(-extensions v3_ca);
+my @POLICY = qw(-policy policy_anything);
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
@@ -43,31 +48,177 @@
# Commandline parsing
my %EXTRA;
-my $WHAT = shift @ARGV || "";
+my $WHAT = shift @ARGV // "";
@ARGV = parse_extra(@ARGV);
my $RET = 0;
+sub split_val {
+ return split_val_win32(@_) if ($^O eq 'MSWin32');
+ my ($val) = @_;
+ my (@ret, @frag);
+
+ # Skip leading whitespace
+ $val =~ m{\A[ \t]*}ogc;
+
+ # Unix shell-compatible split
+ #
+ # Handles backslash escapes outside quotes and
+ # in double-quoted strings. Parameter and
+ # command-substitution is silently ignored.
+ # Bare newlines outside quotes and (trailing) backslashes are disallowed.
+
+ while (1) {
+ last if (pos($val) == length($val));
+
+ # The first char is never a SPACE or TAB. Possible matches are:
+ # 1. Ordinary string fragment
+ # 2. Single-quoted string
+ # 3. Double-quoted string
+ # 4. Backslash escape
+ # 5. Bare backlash or newline (rejected)
+ #
+ if ($val =~ m{\G([^'" \t\n\\]+)}ogc) {
+ # Ordinary string
+ push @frag, $1;
+ } elsif ($val =~ m{\G'([^']*)'}ogc) {
+ # Single-quoted string
+ push @frag, $1;
+ } elsif ($val =~ m{\G"}ogc) {
+ # Double-quoted string
+ push @frag, "";
+ while (1) {
+ last if ($val =~ m{\G"}ogc);
+ if ($val =~ m{\G([^"\\]+)}ogcs) {
+ # literals
+ push @frag, $1;
+ } elsif ($val =~ m{\G.(["\`\$\\])}ogc) {
+ # backslash-escaped special
+ push @frag, $1;
+ } elsif ($val =~ m{\G.(.)}ogcs) {
+ # backslashed non-special
+ push @frag, "\\$1" unless $1 eq "\n";
+ } else {
+ die sprintf("Malformed quoted string: %s\n", $val);
+ }
+ }
+ } elsif ($val =~ m{\G\\(.)}ogc) {
+ # Backslash is unconditional escape outside quoted strings
+ push @frag, $1 unless $1 eq "\n";
+ } else {
+ die sprintf("Bare backslash or newline in: '%s'\n", $val);
+ }
+ # Done if at SPACE, TAB or end, otherwise continue current fragment
+ #
+ next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
+ push @ret, join("", splice(@frag)) if (@frag > 0);
+ }
+ # Handle final fragment
+ push @ret, join("", splice(@frag)) if (@frag > 0);
+ return @ret;
+}
+
+sub split_val_win32 {
+ my ($val) = @_;
+ my (@ret, @frag);
+
+ # Skip leading whitespace
+ $val =~ m{\A[ \t]*}ogc;
+
+ # Windows-compatible split
+ # See: "Parsing C++ command-line arguments" in:
+ # https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170
+ #
+ # Backslashes are special only when followed by a double-quote
+ # Pairs of double-quotes make a single double-quote.
+ # Closing double-quotes may be omitted.
+
+ while (1) {
+ last if (pos($val) == length($val));
+
+ # The first char is never a SPACE or TAB.
+ # 1. Ordinary string fragment
+ # 2. Double-quoted string
+ # 3. Backslashes preceding a double-quote
+ # 4. Literal backslashes
+ # 5. Bare newline (rejected)
+ #
+ if ($val =~ m{\G([^" \t\n\\]+)}ogc) {
+ # Ordinary string
+ push @frag, $1;
+ } elsif ($val =~ m{\G"}ogc) {
+ # Double-quoted string
+ push @frag, "";
+ while (1) {
+ if ($val =~ m{\G("+)}ogc) {
+ # Two double-quotes make one literal double-quote
+ my $l = length($1);
+ push @frag, q{"} x int($l/2) if ($l > 1);
+ next if ($l % 2 == 0);
+ last;
+ }
+ if ($val =~ m{\G([^"\\]+)}ogc) {
+ push @frag, $1;
+ } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
+ # Backslashes before a double-quote are escapes
+ my $l = length($1);
+ push @frag, q{\\} x int($l / 2);
+ if ($l % 2 == 1) {
+ ++pos($val);
+ push @frag, q{"};
+ }
+ } elsif ($val =~ m{\G((?:(?>[\\]+)[^"\\]+)+)}ogc) {
+ # Backslashes not before a double-quote are not special
+ push @frag, $1;
+ } else {
+ # Tolerate missing closing double-quote
+ last;
+ }
+ }
+ } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
+ my $l = length($1);
+ push @frag, q{\\} x int($l / 2);
+ if ($l % 2 == 1) {
+ ++pos($val);
+ push @frag, q{"};
+ }
+ } elsif ($val =~ m{\G([\\]+)}ogc) {
+ # Backslashes not before a double-quote are not special
+ push @frag, $1;
+ } else {
+ die sprintf("Bare newline in: '%s'\n", $val);
+ }
+ # Done if at SPACE, TAB or end, otherwise continue current fragment
+ #
+ next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
+ push @ret, join("", splice(@frag)) if (@frag > 0);
+ }
+ # Handle final fragment
+ push @ret, join("", splice(@frag)) if (@frag);
+ return @ret;
+}
+
# Split out "-extra-CMD value", and return new |@ARGV|. Fill in
# |EXTRA{CMD}| with list of values.
sub parse_extra
{
+ my @args;
foreach ( @OPENSSL_CMDS ) {
- $EXTRA{$_} = '';
+ $EXTRA{$_} = [];
}
-
- my @result;
- while ( scalar(@_) > 0 ) {
- my $arg = shift;
- if ( $arg !~ m/-extra-([a-z0-9]+)/ ) {
- push @result, $arg;
+ while (@_) {
+ my $arg = shift(@_);
+ if ( $arg !~ m{^-extra-(\w+)$} ) {
+ push @args, split_val($arg);
next;
}
- $arg =~ s/-extra-//;
- die("Unknown \"-${arg}-extra\" option, exiting")
- unless scalar grep { $arg eq $_ } @OPENSSL_CMDS;
- $EXTRA{$arg} .= " " . shift;
+ $arg = $1;
+ die "Unknown \"-extra-${arg}\" option, exiting\n"
+ unless grep { $arg eq $_ } @OPENSSL_CMDS;
+ die "Missing \"-extra-${arg}\" option value, exiting\n"
+ unless (@_ > 0);
+ push @{$EXTRA{$arg}}, split_val(shift(@_));
}
- return @result;
+ return @args;
}
@@ -110,9 +261,9 @@
# Wrapper around system; useful for debugging. Returns just the exit status
sub run
{
- my $cmd = shift;
- print "====\n$cmd\n" if $verbose;
- my $status = system($cmd);
+ my ($cmd, @args) = @_;
+ print "====\n$cmd @args\n" if $verbose;
+ my $status = system {$cmd} $cmd, @args;
print "==> $status\n====\n" if $verbose;
return $status >> 8;
}
@@ -131,17 +282,15 @@
if ($WHAT eq '-newcert' ) {
# create a certificate
- $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"
- . " $EXTRA{req}");
+ $RET = run(@REQ, qw(-new -x509 -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
- $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"
- . " $EXTRA{req}");
+ $RET = run(@REQ, qw(-x509 -precert -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
# create a certificate request
- $RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
+ $RET = run(@REQ, "-new", (defined $1 ? ($1,) : ()), "-keyout", $NEWKEY, "-out", $NEWREQ, @{$EXTRA{req}});
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
@@ -174,48 +323,45 @@
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
print "Making CA certificate ...\n";
- $RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY"
- . " -out ${CATOP}/$CAREQ $EXTRA{req}");
- $RET = run("$CA -create_serial"
- . " -out ${CATOP}/$CACERT $CADAYS -batch"
- . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
- . " -extensions v3_ca"
- . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
+ $RET = run(@REQ, qw(-new -keyout), "${CATOP}/private/$CAKEY",
+ "-out", "${CATOP}/$CAREQ", @{$EXTRA{req}});
+ $RET = run(@CA, qw(-create_serial -out), "${CATOP}/$CACERT", @CADAYS,
+ qw(-batch -keyfile), "${CATOP}/private/$CAKEY", "-selfsign",
+ @EXTENSIONS, "-infiles", "${CATOP}/$CAREQ", @{$EXTRA{ca}})
+ if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
- $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
- . " -certfile ${CATOP}/$CACERT -out $NEWP12"
- . " -export -name \"$cname\" $EXTRA{pkcs12}");
+ $RET = run(@PKCS12, "-in", $NEWCERT, "-inkey", $NEWKEY,
+ "-certfile", "${CATOP}/$CACERT", "-out", $NEWP12,
+ qw(-export -name), $cname, @{$EXTRA{pkcs12}});
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
- $RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}");
+ $RET = run(@CA, @POLICY, "-infiles", $NEWREQ, @{$EXTRA{ca}});
} elsif ($WHAT eq '-sign' ) {
- $RET = run("$CA -policy policy_anything -out $NEWCERT"
- . " -infiles $NEWREQ $EXTRA{ca}");
+ $RET = run(@CA, @POLICY, "-out", $NEWCERT,
+ "-infiles", $NEWREQ, @{$EXTRA{ca}});
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
- $RET = run("$CA -policy policy_anything -out $NEWCERT"
- . " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}");
+ $RET = run(@CA, @POLICY, "-out", $NEWCERT, @EXTENSIONS,
+ "-infiles", $NEWREQ, @{$EXTRA{ca}});
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
- $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
- . " -out tmp.pem $EXTRA{x509}");
- $RET = run("$CA -policy policy_anything -out $NEWCERT"
- . "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
+ $RET = run(@X509, qw(-x509toreq -in), $NEWREQ, "-signkey", $NEWREQ,
+ qw(-out tmp.pem), @{$EXTRA{x509}});
+ $RET = run(@CA, @POLICY, "-out", $NEWCERT,
+ qw(-infiles tmp.pem), @{$EXTRA{ca}}) if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
foreach my $file (@files) {
- # -CAfile quoted for VMS, since the C RTL downcases all unquoted
- # arguments to C programs
- my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
+ my $status = run(@VERIFY, "-CAfile", "${CATOP}/$CACERT", $file, @{$EXTRA{verify}});
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
- $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
+ $RET = run(@CA, qw(-gencrl -out), "${CATOP}/crl/$CACRL", @{$EXTRA{ca}});
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
@@ -223,10 +369,10 @@
print "Certificate filename is required; reason optional.\n";
exit 1;
}
- my $reason = $ARGV[1];
- $reason = " -crl_reason $reason"
- if defined $reason && crl_reason_ok($reason);
- $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
+ my @reason;
+ @reason = ("-crl_reason", $ARGV[1])
+ if defined $ARGV[1] && crl_reason_ok($ARGV[1]);
+ $RET = run(@CA, "-revoke", $cname, @reason, @{$EXTRA{ca}});
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";
diff -Nru -w openssl-3.0.16/apps/cmp.c openssl-3.0.17/apps/cmp.c
--- openssl-3.0.16/apps/cmp.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/apps/cmp.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -878,7 +878,7 @@
OSSL_CMP_CTX *ctx, const char *desc)
{
if (str != NULL) {
- X509_NAME *n = parse_name(str, MBSTRING_ASC, 1, desc);
+ X509_NAME *n = parse_name(str, MBSTRING_UTF8, 1, desc);
if (n == NULL)
return 0;
diff -Nru -w openssl-3.0.16/apps/cms.c openssl-3.0.17/apps/cms.c
--- openssl-3.0.16/apps/cms.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/apps/cms.c 2025-07-01 14:11:11.000000000 +0200
@@ -983,7 +983,7 @@
goto end;
pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
- if (kparam != NULL) {
+ if (pctx != NULL && kparam != NULL) {
if (!cms_set_pkey_param(pctx, kparam->param))
goto end;
}
diff -Nru -w openssl-3.0.16/apps/lib/apps.c openssl-3.0.17/apps/lib/apps.c
--- openssl-3.0.16/apps/lib/apps.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/apps/lib/apps.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1688,6 +1688,9 @@
}
retdb->dbfname = OPENSSL_strdup(dbfile);
+ if (retdb->dbfname == NULL)
+ goto err;
+
#ifndef OPENSSL_NO_POSIX_IO
retdb->dbst = dbst;
#endif
diff -Nru -w openssl-3.0.16/apps/lib/http_server.c openssl-3.0.17/apps/lib/http_server.c
--- openssl-3.0.16/apps/lib/http_server.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/apps/lib/http_server.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -222,7 +222,7 @@
int asock;
char name[40];
- snprintf(name, sizeof(name), "[::]:%s", port); /* port may be "0" */
+ BIO_snprintf(name, sizeof(name), "[::]:%s", port); /* port may be "0" */
bufbio = BIO_new(BIO_f_buffer());
if (bufbio == NULL)
goto err;
diff -Nru -w openssl-3.0.16/apps/ocsp.c openssl-3.0.17/apps/ocsp.c
--- openssl-3.0.16/apps/ocsp.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/apps/ocsp.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1049,6 +1049,10 @@
}
bs = OCSP_BASICRESP_new();
+ if (bs == NULL) {
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
+ goto end;
+ }
thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1)
nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
diff -Nru -w openssl-3.0.16/apps/pkeyutl.c openssl-3.0.17/apps/pkeyutl.c
--- openssl-3.0.16/apps/pkeyutl.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/apps/pkeyutl.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -371,6 +371,7 @@
if (EVP_PKEY_CTX_ctrl_str(ctx, opt, passwd) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
prog, opt);
+ OPENSSL_free(passwd);
goto end;
}
OPENSSL_free(passwd);
diff -Nru -w openssl-3.0.16/apps/s_time.c openssl-3.0.17/apps/s_time.c
--- openssl-3.0.16/apps/s_time.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/apps/s_time.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -325,8 +325,10 @@
*/
next:
- if (!(perform & 2))
+ if (!(perform & 2)) {
+ ret = 0;
goto end;
+ }
printf("\n\nNow timing with session id reuse.\n");
/* Get an SSL object so we can reuse the session id */
diff -Nru -w openssl-3.0.16/apps/storeutl.c openssl-3.0.17/apps/storeutl.c
--- openssl-3.0.16/apps/storeutl.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/apps/storeutl.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -198,9 +198,7 @@
}
break;
case OPT_CRITERION_FINGERPRINT:
- if (criterion != 0
- || (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
- && fingerprint != NULL)) {
+ if (criterion != 0) {
BIO_printf(bio_err, "%s: criterion already given.\n",
prog);
goto end;
diff -Nru -w openssl-3.0.16/CHANGES.md openssl-3.0.17/CHANGES.md
--- openssl-3.0.16/CHANGES.md 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/CHANGES.md 2025-07-01 14:11:11.000000000 +0200
@@ -28,6 +28,10 @@
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
+### Changes between 3.0.16 and 3.0.17 [1 Jul 2025]
+
+ * none yet
+
### Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
* Fixed timing side-channel in ECDSA signature computation.
@@ -3273,7 +3277,7 @@
* Support for TLSv1.3 added. Note that users upgrading from an earlier
version of OpenSSL should review their configuration settings to ensure
that they are still appropriate for TLSv1.3. For further information see:
- <https://wiki.openssl.org/index.php/TLS1.3>
+ <https://github.com/openssl/openssl/wiki/TLS1.3>
*Matt Caswell*
@@ -4561,7 +4565,7 @@
* The GOST engine was out of date and therefore it has been removed. An up
to date GOST engine is now being maintained in an external repository.
- See: <https://wiki.openssl.org/index.php/Binaries>. Libssl still retains
+ See: <https://github.com/openssl/openssl/wiki/Binaries>. Libssl still retains
support for GOST ciphersuites (these are only activated if a GOST engine
is present).
@@ -5340,6 +5344,11 @@
*Rob Percival <robpercival@google.com>*
+ * SSLv3 is by default disabled at build-time. Builds that are not
+ configured with "enable-ssl3" will not support SSLv3.
+
+ *Kurt Roeckx*
+
OpenSSL 1.0.2
-------------
diff -Nru -w openssl-3.0.16/Configure openssl-3.0.17/Configure
--- openssl-3.0.16/Configure 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/Configure 2025-07-01 14:11:11.000000000 +0200
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -157,6 +157,7 @@
-Wextra
-Wno-unused-parameter
-Wno-missing-field-initializers
+ -Wno-unterminated-string-initialization
-Wswitch
-Wsign-compare
-Wshadow
diff -Nru -w openssl-3.0.16/crypto/asn1/asn_mime.c openssl-3.0.17/crypto/asn1/asn_mime.c
--- openssl-3.0.16/crypto/asn1/asn_mime.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/asn1/asn_mime.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -96,7 +96,7 @@
* internally
*/
else
- ASN1_item_i2d_bio(it, out, val);
+ rv = ASN1_item_i2d_bio(it, out, val);
return rv;
}
diff -Nru -w openssl-3.0.16/crypto/asn1/tasn_enc.c openssl-3.0.17/crypto/asn1/tasn_enc.c
--- openssl-3.0.16/crypto/asn1/tasn_enc.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/asn1/tasn_enc.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -571,6 +571,9 @@
return -1;
break;
+ case V_ASN1_UNDEF:
+ return -2;
+
case V_ASN1_NULL:
cont = NULL;
len = 0;
diff -Nru -w openssl-3.0.16/crypto/bio/bio_dump.c openssl-3.0.17/crypto/bio/bio_dump.c
--- openssl-3.0.16/crypto/bio/bio_dump.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/bio/bio_dump.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,6 +47,8 @@
for (i = 0; i < rows; i++) {
n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "",
i * dump_width);
+ if (n < 0)
+ return -1;
for (j = 0; j < dump_width; j++) {
if (SPACE(buf, n, 3)) {
if (((i * dump_width) + j) >= len) {
diff -Nru -w openssl-3.0.16/crypto/bio/bio_print.c openssl-3.0.17/crypto/bio/bio_print.c
--- openssl-3.0.16/crypto/bio/bio_print.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/bio/bio_print.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -535,6 +535,10 @@
LDOUBLE result = value;
if (value < 0)
result = -value;
+ if (result > 0 && result / 2 == result) /* INF */
+ result = 0;
+ else if (result != result) /* NAN */
+ result = 0;
return result;
}
@@ -590,6 +594,9 @@
signvalue = '+';
else if (flags & DP_F_SPACE)
signvalue = ' ';
+ ufvalue = abs_val(fvalue);
+ if (ufvalue == 0 && fvalue != 0) /* INF or NAN? */
+ signvalue = '?';
/*
* G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
@@ -597,12 +604,12 @@
* that from here on.
*/
if (style == G_FORMAT) {
- if (fvalue == 0.0) {
+ if (ufvalue == 0.0) {
realstyle = F_FORMAT;
- } else if (fvalue < 0.0001) {
+ } else if (ufvalue < 0.0001) {
realstyle = E_FORMAT;
- } else if ((max == 0 && fvalue >= 10)
- || (max > 0 && fvalue >= pow_10(max))) {
+ } else if ((max == 0 && ufvalue >= 10)
+ || (max > 0 && ufvalue >= pow_10(max))) {
realstyle = E_FORMAT;
} else {
realstyle = F_FORMAT;
@@ -612,9 +619,9 @@
}
if (style != F_FORMAT) {
- tmpvalue = fvalue;
+ tmpvalue = ufvalue;
/* Calculate the exponent */
- if (fvalue != 0.0) {
+ if (ufvalue != 0.0) {
while (tmpvalue < 1) {
tmpvalue *= 10;
exp--;
@@ -651,9 +658,9 @@
}
}
if (realstyle == E_FORMAT)
- fvalue = tmpvalue;
+ ufvalue = tmpvalue;
}
- ufvalue = abs_val(fvalue);
+
/*
* By subtracting 65535 (2^16-1) we cancel the low order 15 bits
* of ULONG_MAX to avoid using imprecise floating point values.
diff -Nru -w openssl-3.0.16/crypto/bn/README.pod openssl-3.0.17/crypto/bn/README.pod
--- openssl-3.0.16/crypto/bn/README.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/bn/README.pod 1970-01-01 01:00:00.000000000 +0100
@@ -1,241 +0,0 @@
-=pod
-
-=head1 NAME
-
-bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
-bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
-bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
-bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
-bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive,
-bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
-bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
-library internal functions
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
- BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
- BN_ULONG w);
- void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
- BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
- BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
- int num);
- BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
- int num);
-
- void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
- void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
- void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
- void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
-
- int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
-
- void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
- int nb);
- void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
- void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- int dna, int dnb, BN_ULONG *tmp);
- void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
- int n, int tna, int tnb, BN_ULONG *tmp);
- void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
- int n2, BN_ULONG *tmp);
-
- void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
- void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
-
- void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
- void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
- void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
-
- BIGNUM *bn_expand(BIGNUM *a, int bits);
- BIGNUM *bn_wexpand(BIGNUM *a, int n);
- BIGNUM *bn_expand2(BIGNUM *a, int n);
- void bn_fix_top(BIGNUM *a);
-
- void bn_check_top(BIGNUM *a);
- void bn_print(BIGNUM *a);
- void bn_dump(BN_ULONG *d, int n);
- void bn_set_max(BIGNUM *a);
- void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
- void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
-
-=head1 DESCRIPTION
-
-This page documents the internal functions used by the OpenSSL
-B<BIGNUM> implementation. They are described here to facilitate
-debugging and extending the library. They are I<not> to be used by
-applications.
-
-=head2 The BIGNUM structure
-
- typedef struct bignum_st BIGNUM;
-
- struct bignum_st
- {
- BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
- int top; /* Index of last used d +1. */
- /* The next are internal book keeping for bn_expand. */
- int dmax; /* Size of the d array. */
- int neg; /* one if the number is negative */
- int flags;
- };
-
-
-The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
-least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
-in size, depending on the 'number of bits' (B<BITS2>) specified in
-C<openssl/bn.h>.
-
-B<dmax> is the size of the B<d> array that has been allocated. B<top>
-is the number of words being used, so for a value of 4, bn.d[0]=4 and
-bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is
-B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
-
-B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
-flags begin with B<BN_FLG_>. The macros BN_set_flags(b, n) and
-BN_get_flags(b, n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
-structure B<b>.
-
-Various routines in this library require the use of temporary
-B<BIGNUM> variables during their execution. Since dynamic memory
-allocation to create B<BIGNUM>s is rather expensive when used in
-conjunction with repeated subroutine calls, the B<BN_CTX> structure is
-used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
-L<BN_CTX_start(3)>.
-
-=head2 Low-level arithmetic operations
-
-These functions are implemented in C and for several platforms in
-assembly language:
-
-bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
-arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result
-in B<rp>, and returns the high word (carry).
-
-bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
-word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places
-the result in B<rp>, and returns the high word (carry).
-
-bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
-B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
-word-wise, and places the low and high bytes of the result in B<rp>.
-
-bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>, B<l>)
-by B<d> and returns the result.
-
-bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
-arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the
-result in B<rp>, and returns the high word (carry).
-
-bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
-arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the
-result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
-otherwise).
-
-bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
-B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the
-result in B<r>.
-
-bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
-B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the
-result in B<r>.
-
-bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
-B<b> and the 8 word array B<r>.
-
-bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
-B<b> and the 16 word array B<r>.
-
-The following functions are implemented in C:
-
-bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
-and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and
-less than B<b>.
-
-bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
-word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
-array B<r>. It computes B<a>*B<b> and places the result in B<r>.
-
-bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
-arrays B<r>, B<a> and B<b>. It computes the B<n> low words of
-B<a>*B<b> and places the result in B<r>.
-
-bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
-on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
-(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
-word arrays B<r> and B<t>. B<n2> must be a power of 2. It computes
-B<a>*B<b> and places the result in B<r>.
-
-bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
-operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
-B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
-
-bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
-B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
-and B<b>.
-
-BN_mul() calls bn_mul_normal(), or an optimized implementation if the
-factors have the same size: bn_mul_comba8() is used if they are 8
-words long, bn_mul_recursive() if they are larger than
-B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
-size, and bn_mul_part_recursive() for others that are larger than
-B<BN_MULL_SIZE_NORMAL>.
-
-bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
-B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
-
-The implementations use the following macros which, depending on the
-architecture, may use "long long" C operations or inline assembler.
-They are defined in C<bn_local.h>.
-
-mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
-low word of the result in B<r> and the high word in B<c>.
-
-mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
-places the low word of the result in B<r> and the high word in B<c>.
-
-sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
-of the result in B<r0> and the high word in B<r1>.
-
-=head2 Size changes
-
-bn_expand() ensures that B<b> has enough space for a B<bits> bit
-number. bn_wexpand() ensures that B<b> has enough space for an
-B<n> word number. If the number has to be expanded, both macros
-call bn_expand2(), which allocates a new B<d> array and copies the
-data. They return B<NULL> on error, B<b> otherwise.
-
-The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
-significant non-zero word plus one when B<a> has shrunk.
-
-=head2 Debugging
-
-bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
-E<lt>= (a)-E<gt>dmax)>. A violation will cause the program to abort.
-
-bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
-(in reverse order, i.e. most significant word first) to stderr.
-
-bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
-This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
-B<BIGNUM> that contains the B<n> low or high words of B<a>.
-
-If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
-and bn_set_max() are defined as empty macros.
-
-=head1 SEE ALSO
-
-L<bn(3)>
-
-=head1 COPYRIGHT
-
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff -Nru -w openssl-3.0.16/crypto/cmp/cmp_client.c openssl-3.0.17/crypto/cmp/cmp_client.c
--- openssl-3.0.16/crypto/cmp/cmp_client.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/cmp/cmp_client.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -611,8 +611,10 @@
ERR_add_error_data(1, "; cannot extract certificate from response");
return 0;
}
- if (!ossl_cmp_ctx_set0_newCert(ctx, cert))
+ if (!ossl_cmp_ctx_set0_newCert(ctx, cert)) {
+ X509_free(cert);
return 0;
+ }
/*
* if the CMP server returned certificates in the caPubs field, copy them
diff -Nru -w openssl-3.0.16/crypto/cms/cms_pwri.c openssl-3.0.17/crypto/cms/cms_pwri.c
--- openssl-3.0.16/crypto/cms/cms_pwri.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/cms/cms_pwri.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -157,7 +157,8 @@
/* Setup PBE algorithm */
- pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
+ pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set_ex(iter, NULL, 0, -1, -1,
+ cms_ctx->libctx);
if (pwri->keyDerivationAlgorithm == NULL)
goto err;
@@ -351,9 +352,10 @@
/* Finish password based key derivation to setup key in "ctx" */
- if (EVP_PBE_CipherInit(algtmp->algorithm,
+ if (EVP_PBE_CipherInit_ex(algtmp->algorithm,
(char *)pwri->pass, pwri->passlen,
- algtmp->parameter, kekctx, en_de) < 0) {
+ algtmp->parameter, kekctx, en_de,
+ cms_ctx->libctx, cms_ctx->propq) < 0) {
ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
goto err;
}
diff -Nru -w openssl-3.0.16/crypto/dh/dh_pmeth.c openssl-3.0.17/crypto/dh/dh_pmeth.c
--- openssl-3.0.16/crypto/dh/dh_pmeth.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/dh/dh_pmeth.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -424,7 +424,7 @@
ret = DH_compute_key_padded(key, dhpubbn, dh);
else
ret = DH_compute_key(key, dhpubbn, dh);
- if (ret < 0)
+ if (ret <= 0)
return ret;
*keylen = ret;
return 1;
diff -Nru -w openssl-3.0.16/crypto/encode_decode/encoder_pkey.c openssl-3.0.17/crypto/encode_decode/encoder_pkey.c
--- openssl-3.0.16/crypto/encode_decode/encoder_pkey.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/encode_decode/encoder_pkey.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -207,6 +207,7 @@
static void encoder_destruct_pkey(void *arg)
{
struct construct_data_st *data = arg;
+ int match = (data->obj == data->constructed_obj);
if (data->encoder_inst != NULL) {
OSSL_ENCODER *encoder =
@@ -215,6 +216,8 @@
encoder->free_object(data->constructed_obj);
}
data->constructed_obj = NULL;
+ if (match)
+ data->obj = NULL;
}
/*
diff -Nru -w openssl-3.0.16/crypto/evp/bio_enc.c openssl-3.0.17/crypto/evp/bio_enc.c
--- openssl-3.0.16/crypto/evp/bio_enc.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/evp/bio_enc.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -159,6 +159,7 @@
/* Should be continue next time we are called? */
if (!BIO_should_retry(next)) {
ctx->cont = i;
+ ctx->finished = 1;
i = EVP_CipherFinal_ex(ctx->cipher,
ctx->buf, &(ctx->buf_len));
ctx->ok = i;
diff -Nru -w openssl-3.0.16/crypto/evp/ctrl_params_translate.c openssl-3.0.17/crypto/evp/ctrl_params_translate.c
--- openssl-3.0.16/crypto/evp/ctrl_params_translate.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/evp/ctrl_params_translate.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2827,11 +2827,15 @@
int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
{
+ if (ctx->keymgmt != NULL)
+ return 0;
return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params);
}
int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
{
+ if (ctx->keymgmt != NULL)
+ return 0;
return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params);
}
diff -Nru -w openssl-3.0.16/crypto/evp/evp_pbe.c openssl-3.0.17/crypto/evp/evp_pbe.c
--- openssl-3.0.16/crypto/evp/evp_pbe.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/evp/evp_pbe.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -40,7 +40,8 @@
{EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
- {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+ {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen,
+ PKCS5_v2_PBKDF2_keyivgen_ex},
{EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
NID_rc4, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex},
diff -Nru -w openssl-3.0.16/crypto/evp/evp_rand.c openssl-3.0.17/crypto/evp/evp_rand.c
--- openssl-3.0.16/crypto/evp/evp_rand.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/evp/evp_rand.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -634,10 +634,8 @@
{
unsigned int str = evp_rand_strength_locked(ctx);
- if (ctx->meth->nonce == NULL)
- return 0;
- if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
- return 1;
+ if (ctx->meth->nonce != NULL)
+ return ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen) > 0;
return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
}
diff -Nru -w openssl-3.0.16/crypto/evp/exchange.c openssl-3.0.17/crypto/evp/exchange.c
--- openssl-3.0.16/crypto/evp/exchange.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/evp/exchange.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -430,7 +430,13 @@
*/
if (provkey == NULL)
goto legacy;
- return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+ ret = ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+ if (ret <= 0)
+ return ret;
+ EVP_PKEY_free(ctx->peerkey);
+ ctx->peerkey = peer;
+ EVP_PKEY_up_ref(peer);
+ return 1;
legacy:
#ifdef FIPS_MODULE
diff -Nru -w openssl-3.0.16/crypto/evp/legacy_sha.c openssl-3.0.17/crypto/evp/legacy_sha.c
--- openssl-3.0.16/crypto/evp/legacy_sha.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/evp/legacy_sha.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -215,7 +215,7 @@
NID_shake##bitlen, \
0, \
bitlen / 8, \
- EVP_MD_FLAG_XOF, \
+ EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT, \
EVP_ORIG_GLOBAL, \
LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \
shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8), \
diff -Nru -w openssl-3.0.16/crypto/evp/pmeth_lib.c openssl-3.0.17/crypto/evp/pmeth_lib.c
--- openssl-3.0.16/crypto/evp/pmeth_lib.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/evp/pmeth_lib.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -501,6 +501,12 @@
}
rctx->legacy_keytype = pctx->legacy_keytype;
+ if (pctx->keymgmt != NULL) {
+ if (!EVP_KEYMGMT_up_ref(pctx->keymgmt))
+ goto err;
+ rctx->keymgmt = pctx->keymgmt;
+ }
+
if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
if (pctx->op.kex.exchange != NULL) {
rctx->op.kex.exchange = pctx->op.kex.exchange;
@@ -604,6 +610,9 @@
EVP_KEYMGMT *tmp_keymgmt = pctx->keymgmt;
void *provkey;
+ if (pctx->pkey == NULL)
+ return rctx;
+
provkey = evp_pkey_export_to_provider(pctx->pkey, pctx->libctx,
&tmp_keymgmt, pctx->propquery);
if (provkey == NULL)
@@ -721,8 +730,9 @@
ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx,
params);
break;
-#ifndef FIPS_MODULE
case EVP_PKEY_STATE_UNKNOWN:
+ break;
+#ifndef FIPS_MODULE
case EVP_PKEY_STATE_LEGACY:
return evp_pkey_ctx_set_params_to_ctrl(ctx, params);
#endif
@@ -759,8 +769,9 @@
ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx,
params);
break;
-#ifndef FIPS_MODULE
case EVP_PKEY_STATE_UNKNOWN:
+ break;
+#ifndef FIPS_MODULE
case EVP_PKEY_STATE_LEGACY:
return evp_pkey_ctx_get_params_to_ctrl(ctx, params);
#endif
diff -Nru -w openssl-3.0.16/crypto/http/http_client.c openssl-3.0.17/crypto/http/http_client.c
--- openssl-3.0.16/crypto/http/http_client.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/http/http_client.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2018-2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -1138,13 +1138,12 @@
const char *expected_ct, int expect_asn1,
size_t max_resp_len, int timeout)
{
- char *current_url, *redirection_url = NULL;
+ char *current_url;
int n_redirs = 0;
char *host;
char *port;
char *path;
int use_ssl;
- OSSL_HTTP_REQ_CTX *rctx = NULL;
BIO *resp = NULL;
time_t max_time = timeout > 0 ? time(NULL) + timeout : 0;
@@ -1156,6 +1155,9 @@
return NULL;
for (;;) {
+ char *redirection_url;
+ OSSL_HTTP_REQ_CTX *rctx;
+
if (!OSSL_HTTP_parse_url(current_url, &use_ssl, NULL /* user */, &host,
&port, NULL /* port_num */, &path, NULL, NULL))
break;
@@ -1164,6 +1166,7 @@
use_ssl, bio, rbio, bio_update_fn, arg,
buf_size, timeout);
new_rpath:
+ redirection_url = NULL;
if (rctx != NULL) {
if (!OSSL_HTTP_set1_request(rctx, path, headers,
NULL /* content_type */,
@@ -1190,7 +1193,6 @@
OPENSSL_free(host);
OPENSSL_free(port);
(void)OSSL_HTTP_close(rctx, 1);
- rctx = NULL;
BIO_free(resp);
OPENSSL_free(current_url);
return NULL;
@@ -1200,7 +1202,6 @@
OPENSSL_free(host);
OPENSSL_free(port);
(void)OSSL_HTTP_close(rctx, 1);
- rctx = NULL;
continue;
}
/* if redirection not allowed, ignore it */
@@ -1210,7 +1211,6 @@
OPENSSL_free(port);
if (!OSSL_HTTP_close(rctx, resp != NULL)) {
BIO_free(resp);
- rctx = NULL;
resp = NULL;
}
break;
diff -Nru -w openssl-3.0.16/crypto/params_dup.c openssl-3.0.17/crypto/params_dup.c
--- openssl-3.0.16/crypto/params_dup.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/params_dup.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -189,18 +189,18 @@
while (1) {
/* If list1 is finished just tack list2 onto the end */
if (*p1cur == NULL) {
- do {
+ while (*p2cur != NULL) {
*dst++ = **p2cur;
p2cur++;
- } while (*p2cur != NULL);
+ }
break;
}
/* If list2 is finished just tack list1 onto the end */
if (*p2cur == NULL) {
- do {
+ while (*p1cur != NULL) {
*dst++ = **p1cur;
p1cur++;
- } while (*p1cur != NULL);
+ }
break;
}
/* consume the list element with the smaller key */
diff -Nru -w openssl-3.0.16/crypto/perlasm/sparcv9_modes.pl openssl-3.0.17/crypto/perlasm/sparcv9_modes.pl
--- openssl-3.0.16/crypto/perlasm/sparcv9_modes.pl 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/perlasm/sparcv9_modes.pl 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -46,8 +46,8 @@
.align 32
${alg}${bits}_t4_cbc_encrypt:
save %sp, -$::frame, %sp
- cmp $len, 0
- be,pn $::size_t_cc, .L${bits}_cbc_enc_abort
+ cmp $len, 15
+ bleu,pn $::size_t_cc, .L${bits}_cbc_enc_abort
srln $len, 0, $len ! needed on v8+, "nop" on v9
sub $inp, $out, $blk_init ! $inp!=$out
___
@@ -264,8 +264,8 @@
.align 32
${alg}${bits}_t4_cbc_decrypt:
save %sp, -$::frame, %sp
- cmp $len, 0
- be,pn $::size_t_cc, .L${bits}_cbc_dec_abort
+ cmp $len, 15
+ bleu,pn $::size_t_cc, .L${bits}_cbc_dec_abort
srln $len, 0, $len ! needed on v8+, "nop" on v9
sub $inp, $out, $blk_init ! $inp!=$out
___
diff -Nru -w openssl-3.0.16/crypto/pkcs7/pk7_smime.c openssl-3.0.17/crypto/pkcs7/pk7_smime.c
--- openssl-3.0.16/crypto/pkcs7/pk7_smime.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/pkcs7/pk7_smime.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -347,10 +347,8 @@
if (flags & PKCS7_TEXT) {
if (!SMIME_text(tmpout, out)) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR);
- BIO_free(tmpout);
goto err;
}
- BIO_free(tmpout);
}
/* Now Verify All Signatures */
@@ -368,6 +366,8 @@
ret = 1;
err:
+ if (flags & PKCS7_TEXT)
+ BIO_free(tmpout);
X509_STORE_CTX_free(cert_ctx);
OPENSSL_free(buf);
if (tmpin == indata) {
diff -Nru -w openssl-3.0.16/crypto/property/property.c openssl-3.0.17/crypto/property/property.c
--- openssl-3.0.16/crypto/property/property.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/property/property.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -329,7 +329,7 @@
/* Insert into the hash table if required */
if (!ossl_property_write_lock(store)) {
- OPENSSL_free(impl);
+ impl_free(impl);
return 0;
}
ossl_method_cache_flush(store, nid);
diff -Nru -w openssl-3.0.16/crypto/provider_conf.c openssl-3.0.17/crypto/provider_conf.c
--- openssl-3.0.16/crypto/provider_conf.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/provider_conf.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -331,7 +331,7 @@
ok = provider_conf_params(NULL, &entry, NULL, value, cnf);
if (ok >= 1 && (entry.path != NULL || entry.parameters != NULL)) {
ok = ossl_provider_info_add_to_store(libctx, &entry);
- added = 1;
+ added = ok;
}
if (added == 0)
ossl_provider_info_clear(&entry);
diff -Nru -w openssl-3.0.16/crypto/threads_pthread.c openssl-3.0.17/crypto/threads_pthread.c
--- openssl-3.0.16/crypto/threads_pthread.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/threads_pthread.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -250,7 +250,7 @@
int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock)
{
-# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS)
+# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS)
if (__atomic_is_lock_free(sizeof(*val), val)) {
__atomic_load(val, ret, __ATOMIC_ACQUIRE);
return 1;
diff -Nru -w openssl-3.0.16/crypto/ts/ts_rsp_sign.c openssl-3.0.17/crypto/ts/ts_rsp_sign.c
--- openssl-3.0.16/crypto/ts/ts_rsp_sign.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/ts/ts_rsp_sign.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -645,8 +645,12 @@
}
OPENSSL_free(pp);
- return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
- V_ASN1_SEQUENCE, seq);
+ if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
+ V_ASN1_SEQUENCE, seq)) {
+ ASN1_STRING_free(seq);
+ return 0;
+ }
+ return 1;
}
static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
@@ -668,8 +672,12 @@
}
OPENSSL_free(pp);
- return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
- V_ASN1_SEQUENCE, seq);
+ if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
+ V_ASN1_SEQUENCE, seq)) {
+ ASN1_STRING_free(seq);
+ return 0;
+ }
+ return 1;
}
static int ts_RESP_sign(TS_RESP_CTX *ctx)
diff -Nru -w openssl-3.0.16/crypto/ui/ui_lib.c openssl-3.0.17/crypto/ui/ui_lib.c
--- openssl-3.0.16/crypto/ui/ui_lib.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/ui/ui_lib.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -207,6 +207,7 @@
char *result_buf, int minsize, int maxsize)
{
char *prompt_copy = NULL;
+ int ret;
if (prompt != NULL) {
prompt_copy = OPENSSL_strdup(prompt);
@@ -216,9 +217,13 @@
}
}
- return general_allocate_string(ui, prompt_copy, 1,
+ ret = general_allocate_string(ui, prompt_copy, 1,
UIT_PROMPT, flags, result_buf, minsize,
maxsize, NULL);
+ if (ret <= 0)
+ OPENSSL_free(prompt_copy);
+
+ return ret;
}
int UI_add_verify_string(UI *ui, const char *prompt, int flags,
@@ -235,6 +240,7 @@
const char *test_buf)
{
char *prompt_copy = NULL;
+ int ret;
if (prompt != NULL) {
prompt_copy = OPENSSL_strdup(prompt);
@@ -244,9 +250,12 @@
}
}
- return general_allocate_string(ui, prompt_copy, 1,
+ ret = general_allocate_string(ui, prompt_copy, 1,
UIT_VERIFY, flags, result_buf, minsize,
maxsize, test_buf);
+ if (ret <= 0)
+ OPENSSL_free(prompt_copy);
+ return ret;
}
int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
@@ -266,6 +275,7 @@
char *action_desc_copy = NULL;
char *ok_chars_copy = NULL;
char *cancel_chars_copy = NULL;
+ int ret;
if (prompt != NULL) {
prompt_copy = OPENSSL_strdup(prompt);
@@ -299,9 +309,14 @@
}
}
- return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+ ret = general_allocate_boolean(ui, prompt_copy, action_desc_copy,
ok_chars_copy, cancel_chars_copy, 1,
UIT_BOOLEAN, flags, result_buf);
+ if (ret <= 0)
+ goto err;
+
+ return ret;
+
err:
OPENSSL_free(prompt_copy);
OPENSSL_free(action_desc_copy);
@@ -319,6 +334,7 @@
int UI_dup_info_string(UI *ui, const char *text)
{
char *text_copy = NULL;
+ int ret;
if (text != NULL) {
text_copy = OPENSSL_strdup(text);
@@ -328,8 +344,11 @@
}
}
- return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+ ret = general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
0, 0, NULL);
+ if (ret <= 0)
+ OPENSSL_free(text_copy);
+ return ret;
}
int UI_add_error_string(UI *ui, const char *text)
@@ -341,6 +360,7 @@
int UI_dup_error_string(UI *ui, const char *text)
{
char *text_copy = NULL;
+ int ret;
if (text != NULL) {
text_copy = OPENSSL_strdup(text);
@@ -349,8 +369,12 @@
return -1;
}
}
- return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+
+ ret = general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
0, 0, NULL);
+ if (ret <= 0)
+ OPENSSL_free(text_copy);
+ return ret;
}
char *UI_construct_prompt(UI *ui, const char *phrase_desc,
diff -Nru -w openssl-3.0.16/crypto/x509/by_store.c openssl-3.0.17/crypto/x509/by_store.c
--- openssl-3.0.16/crypto/x509/by_store.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/x509/by_store.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,23 +7,34 @@
* https://www.openssl.org/source/license.html
*/
+#include <openssl/safestack.h>
#include <openssl/store.h>
#include "internal/cryptlib.h"
#include "crypto/x509.h"
#include "x509_local.h"
+typedef struct cached_store_st {
+ char *uri;
+ OSSL_LIB_CTX *libctx;
+ char *propq;
+ OSSL_STORE_CTX *ctx;
+} CACHED_STORE;
+
+DEFINE_STACK_OF(CACHED_STORE)
+
/* Generic object loader, given expected type and criterion */
-static int cache_objects(X509_LOOKUP *lctx, const char *uri,
- const OSSL_STORE_SEARCH *criterion,
- int depth, OSSL_LIB_CTX *libctx, const char *propq)
+static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store,
+ const OSSL_STORE_SEARCH *criterion, int depth)
{
int ok = 0;
- OSSL_STORE_CTX *ctx = NULL;
+ OSSL_STORE_CTX *ctx = store->ctx;
X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
- if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL,
- NULL, NULL)) == NULL)
+ if (ctx == NULL
+ && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq,
+ NULL, NULL, NULL, NULL, NULL)) == NULL)
return 0;
+ store->ctx = ctx;
/*
* We try to set the criterion, but don't care if it was valid or not.
@@ -62,9 +73,15 @@
* This is an entry in the "directory" represented by the current
* uri. if |depth| allows, dive into it.
*/
- if (depth > 0)
- ok = cache_objects(lctx, OSSL_STORE_INFO_get0_NAME(info),
- criterion, depth - 1, libctx, propq);
+ if (depth > 0) {
+ CACHED_STORE substore;
+
+ substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info);
+ substore.libctx = store->libctx;
+ substore.propq = store->propq;
+ substore.ctx = NULL;
+ ok = cache_objects(lctx, &substore, criterion, depth - 1);
+ }
} else {
/*
* We know that X509_STORE_add_{cert|crl} increments the object's
@@ -88,27 +105,38 @@
break;
}
OSSL_STORE_close(ctx);
+ store->ctx = NULL;
return ok;
}
-/* Because OPENSSL_free is a macro and for C type match */
-static void free_uri(OPENSSL_STRING data)
+static void free_store(CACHED_STORE *store)
{
- OPENSSL_free(data);
+ if (store != NULL) {
+ OSSL_STORE_close(store->ctx);
+ OPENSSL_free(store->uri);
+ OPENSSL_free(store->propq);
+ OPENSSL_free(store);
+ }
}
static void by_store_free(X509_LOOKUP *ctx)
{
- STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
- sk_OPENSSL_STRING_pop_free(uris, free_uri);
+ STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
+ sk_CACHED_STORE_pop_free(stores, free_store);
}
static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
long argl, char **retp, OSSL_LIB_CTX *libctx,
const char *propq)
{
+ /*
+ * In some cases below, failing to use the defaults shouldn't result in
+ * an error. |use_default| is used as the return code in those cases.
+ */
+ int use_default = argp == NULL;
+
switch (cmd) {
case X509_L_ADD_STORE:
/* If no URI is given, use the default cert dir as default URI */
@@ -118,21 +146,50 @@
argp = X509_get_default_cert_dir();
{
- STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
- char *data = OPENSSL_strdup(argp);
+ STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
+ CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store));
- if (data == NULL) {
+ if (store == NULL) {
return 0;
}
- if (uris == NULL) {
- uris = sk_OPENSSL_STRING_new_null();
- X509_LOOKUP_set_method_data(ctx, uris);
+
+ store->uri = OPENSSL_strdup(argp);
+ store->libctx = libctx;
+ if (propq != NULL)
+ store->propq = OPENSSL_strdup(propq);
+ store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL,
+ NULL, NULL, NULL);
+ if (store->ctx == NULL
+ || (propq != NULL && store->propq == NULL)
+ || store->uri == NULL) {
+ free_store(store);
+ return use_default;
+ }
+
+ if (stores == NULL) {
+ stores = sk_CACHED_STORE_new_null();
+ if (stores != NULL)
+ X509_LOOKUP_set_method_data(ctx, stores);
+ }
+ if (stores == NULL || sk_CACHED_STORE_push(stores, store) <= 0) {
+ free_store(store);
+ return 0;
}
- return sk_OPENSSL_STRING_push(uris, data) > 0;
+ return 1;
}
- case X509_L_LOAD_STORE:
+ case X509_L_LOAD_STORE: {
/* This is a shortcut for quick loading of specific containers */
- return cache_objects(ctx, argp, NULL, 0, libctx, propq);
+ CACHED_STORE store;
+
+ store.uri = (char *)argp;
+ store.libctx = libctx;
+ store.propq = (char *)propq;
+ store.ctx = NULL;
+ return cache_objects(ctx, &store, NULL, 0);
+ }
+ default:
+ /* Unsupported command */
+ return 0;
}
return 0;
@@ -145,16 +202,15 @@
}
static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret,
- OSSL_LIB_CTX *libctx, const char *propq)
+ const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret)
{
- STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
+ STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
int i;
int ok = 0;
- for (i = 0; i < sk_OPENSSL_STRING_num(uris); i++) {
- ok = cache_objects(ctx, sk_OPENSSL_STRING_value(uris, i), criterion,
- 1 /* depth */, libctx, propq);
+ for (i = 0; i < sk_CACHED_STORE_num(stores); i++) {
+ ok = cache_objects(ctx, sk_CACHED_STORE_value(stores, i), criterion,
+ 1 /* depth */);
if (ok)
break;
@@ -162,13 +218,12 @@
return ok;
}
-static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- const X509_NAME *name, X509_OBJECT *ret,
- OSSL_LIB_CTX *libctx, const char *propq)
+static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+ const X509_NAME *name, X509_OBJECT *ret)
{
OSSL_STORE_SEARCH *criterion =
OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */
- int ok = by_store(ctx, type, criterion, ret, libctx, propq);
+ int ok = by_store(ctx, type, criterion, ret);
STACK_OF(X509_OBJECT) *store_objects =
X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx));
X509_OBJECT *tmp = NULL;
@@ -216,12 +271,6 @@
return ok;
}
-static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
- const X509_NAME *name, X509_OBJECT *ret)
-{
- return by_store_subject_ex(ctx, type, name, ret, NULL, NULL);
-}
-
/*
* We lack the implementations for get_by_issuer_serial, get_by_fingerprint
* and get_by_alias. There's simply not enough support in the X509_LOOKUP
@@ -239,7 +288,7 @@
NULL, /* get_by_issuer_serial */
NULL, /* get_by_fingerprint */
NULL, /* get_by_alias */
- by_store_subject_ex,
+ NULL, /* get_by_subject_ex */
by_store_ctrl_ex
};
diff -Nru -w openssl-3.0.16/crypto/x509/v3_lib.c openssl-3.0.17/crypto/x509/v3_lib.c
--- openssl-3.0.16/crypto/x509/v3_lib.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/crypto/x509/v3_lib.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -99,7 +99,11 @@
*tmpext = *ext;
tmpext->ext_nid = nid_to;
tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
- return X509V3_EXT_add(tmpext);
+ if (!X509V3_EXT_add(tmpext)) {
+ OPENSSL_free(tmpext);
+ return 0;
+ }
+ return 1;
}
void X509V3_EXT_cleanup(void)
diff -Nru -w openssl-3.0.16/debian/changelog openssl-3.0.17/debian/changelog
--- openssl-3.0.16/debian/changelog 2025-04-15 21:59:18.000000000 +0200
+++ openssl-3.0.17/debian/changelog 2025-07-13 14:39:08.000000000 +0200
@@ -1,6 +1,12 @@
+openssl (3.0.17-1~deb12u1) bookworm; urgency=medium
+
+ * Import 3.0.17
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Sun, 13 Jul 2025 14:39:08 +0200
+
openssl (3.0.16-1~deb12u1) bookworm; urgency=medium
- * Import 3.0.15
+ * Import 3.0.16
- CVE-2024-13176 (Timing side-channel in ECDSA signature computation)
(Closes: #1094027).
diff -Nru -w openssl-3.0.16/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch openssl-3.0.17/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch
--- openssl-3.0.16/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2025-04-15 21:55:42.000000000 +0200
+++ openssl-3.0.17/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2025-07-13 14:23:43.000000000 +0200
@@ -36,10 +36,10 @@
"linux-latomic" => {
inherit_from => [ "linux-generic32" ],
diff --git a/Configure b/Configure
-index 0c60d1da1659..c9cc885e1f71 100755
+index 77bf0cfb96f2..5ba500baee3d 100755
--- a/Configure
+++ b/Configure
-@@ -1715,7 +1715,7 @@ unless ($disabled{devcryptoeng}) {
+@@ -1716,7 +1716,7 @@ unless ($disabled{devcryptoeng}) {
unless ($disabled{ktls}) {
$config{ktls}="";
my $cc = $config{CROSS_COMPILE}.$config{CC};
diff -Nru -w openssl-3.0.16/debian/patches/c_rehash-compat.patch openssl-3.0.17/debian/patches/c_rehash-compat.patch
--- openssl-3.0.16/debian/patches/c_rehash-compat.patch 2025-04-15 21:55:42.000000000 +0200
+++ openssl-3.0.17/debian/patches/c_rehash-compat.patch 2025-07-13 14:23:43.000000000 +0200
@@ -7,7 +7,7 @@
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index 343cdc1e7575..229a37f3b608 100644
+index c056001ea378..450594ccf2c2 100644
--- a/tools/c_rehash.in
+++ b/tools/c_rehash.in
@@ -17,8 +17,6 @@ my $prefix = {- quotify1($config{prefix}) -};
diff -Nru -w openssl-3.0.16/debian/patches/Fix-tests-for-new-default-security-level.patch openssl-3.0.17/debian/patches/Fix-tests-for-new-default-security-level.patch
--- openssl-3.0.16/debian/patches/Fix-tests-for-new-default-security-level.patch 2025-04-15 21:55:43.000000000 +0200
+++ openssl-3.0.17/debian/patches/Fix-tests-for-new-default-security-level.patch 2025-07-13 14:23:43.000000000 +0200
@@ -1407,7 +1407,7 @@
},
test => {
diff --git a/test/sslapitest.c b/test/sslapitest.c
-index 368b15f22b72..83bf955222d8 100644
+index a26b78907424..61f308297400 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -9762,7 +9762,8 @@ static int test_set_tmp_dh(int idx)
diff -Nru -w openssl-3.0.16/demos/bio/sconnect.c openssl-3.0.17/demos/bio/sconnect.c
--- openssl-3.0.16/demos/bio/sconnect.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/demos/bio/sconnect.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,8 +69,10 @@
/* The BIO has parsed the host:port and even IPv6 literals in [] */
hostname = BIO_get_conn_hostname(out);
- if (!hostname || SSL_set1_host(ssl, hostname) <= 0)
+ if (!hostname || SSL_set1_host(ssl, hostname) <= 0) {
+ BIO_free(ssl_bio);
goto err;
+ }
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);
diff -Nru -w openssl-3.0.16/doc/internal/man3/bn_mul_words.pod openssl-3.0.17/doc/internal/man3/bn_mul_words.pod
--- openssl-3.0.16/doc/internal/man3/bn_mul_words.pod 1970-01-01 01:00:00.000000000 +0100
+++ openssl-3.0.17/doc/internal/man3/bn_mul_words.pod 2025-07-01 14:11:11.000000000 +0200
@@ -0,0 +1,231 @@
+=pod
+
+=head1 NAME
+
+bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
+bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
+bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
+bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive,
+bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
+mul, mul_add, sqr - BIGNUM
+library internal functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
+ BN_ULONG w);
+ void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+ BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+ int num);
+ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+ int num);
+
+ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
+ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
+
+ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
+
+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
+ int nb);
+ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ int dna, int dnb, BN_ULONG *tmp);
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int n, int tna, int tnb, BN_ULONG *tmp);
+ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int n2, BN_ULONG *tmp);
+
+ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+ void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
+
+ BIGNUM *bn_expand(BIGNUM *a, int bits);
+ BIGNUM *bn_wexpand(BIGNUM *a, int n);
+ BIGNUM *bn_expand2(BIGNUM *a, int n);
+ void bn_fix_top(BIGNUM *a);
+
+The following are macros:
+
+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+
+ void bn_check_top(BIGNUM *a);
+
+=head1 DESCRIPTION
+
+This page documents the internal functions used by the OpenSSL
+B<BIGNUM> implementation. They are described here to facilitate
+debugging and extending the library. They are I<not> to be used by
+applications.
+
+=head2 The BIGNUM structure
+
+ typedef struct bignum_st BIGNUM;
+
+ struct bignum_st
+ {
+ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
+ int top; /* Index of last used d +1. */
+ /* The next are internal book keeping for bn_expand. */
+ int dmax; /* Size of the d array. */
+ int neg; /* one if the number is negative */
+ int flags;
+ };
+
+
+The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
+least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
+in size, depending on the 'number of bits' (B<BITS2>) specified in
+C<openssl/bn.h>.
+
+B<dmax> is the size of the B<d> array that has been allocated. B<top>
+is the number of words being used, so for a value of 4, bn.d[0]=4 and
+bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is
+B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+
+B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
+flags begin with B<BN_FLG_>. The macros BN_set_flags(b, n) and
+BN_get_flags(b, n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
+structure B<b>.
+
+Various routines in this library require the use of temporary
+B<BIGNUM> variables during their execution. Since dynamic memory
+allocation to create B<BIGNUM>s is rather expensive when used in
+conjunction with repeated subroutine calls, the B<BN_CTX> structure is
+used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
+L<BN_CTX_start(3)>.
+
+=head2 Low-level arithmetic operations
+
+These functions are implemented in C and for several platforms in
+assembly language:
+
+bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
+arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result
+in B<rp>, and returns the high word (carry).
+
+bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
+word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places
+the result in B<rp>, and returns the high word (carry).
+
+bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
+B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
+word-wise, and places the low and high bytes of the result in B<rp>.
+
+bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>, B<l>)
+by B<d> and returns the result.
+
+bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the
+result in B<rp>, and returns the high word (carry).
+
+bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the
+result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
+otherwise).
+
+bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.
+
+bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.
+
+The following functions are implemented in C:
+
+bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
+and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and
+less than B<b>.
+
+bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
+word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
+array B<r>. It computes B<a>*B<b> and places the result in B<r>.
+
+bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
+arrays B<r>, B<a> and B<b>. It computes the B<n> low words of
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
+on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
+(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
+word arrays B<r> and B<t>. B<n2> must be a power of 2. It computes
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
+operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
+B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
+
+bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
+and B<b>.
+
+BN_mul() calls bn_mul_normal(), or an optimized implementation if the
+factors have the same size: bn_mul_comba8() is used if they are 8
+words long, bn_mul_recursive() if they are larger than
+B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
+size, and bn_mul_part_recursive() for others that are larger than
+B<BN_MULL_SIZE_NORMAL>.
+
+bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
+B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
+
+The implementations use the following macros which, depending on the
+architecture, may use "long long" C operations or inline assembler.
+They are defined in C<bn_local.h>.
+
+mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
+low word of the result in B<r> and the high word in B<c>.
+
+mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
+places the low word of the result in B<r> and the high word in B<c>.
+
+sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
+of the result in B<r0> and the high word in B<r1>.
+
+=head2 Size changes
+
+bn_expand() ensures that B<b> has enough space for a B<bits> bit
+number. bn_wexpand() ensures that B<b> has enough space for an
+B<n> word number. If the number has to be expanded, both macros
+call bn_expand2(), which allocates a new B<d> array and copies the
+data. They return B<NULL> on error, B<b> otherwise.
+
+The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
+significant nonzero word plus one when B<a> has shrunk.
+
+=head2 Debugging
+
+bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
+E<lt>= (a)-E<gt>dmax)>. A violation will cause the program to abort.
+
+If B<BN_DEBUG> is not defined, bn_check_top() is
+defined as an empty macro.
+
+=head1 RETURN VALUES
+
+Described above.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff -Nru -w openssl-3.0.16/doc/man1/openssl-s_client.pod.in openssl-3.0.17/doc/man1/openssl-s_client.pod.in
--- openssl-3.0.16/doc/man1/openssl-s_client.pod.in 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man1/openssl-s_client.pod.in 2025-07-01 14:11:11.000000000 +0200
@@ -499,12 +499,12 @@
=item B<-ign_eof>
Inhibit shutting down the connection when end of file is reached in the
-input.
+input. This implicitly turns on B<-nocommands> as well.
=item B<-quiet>
Inhibit printing of session and certificate information. This implicitly
-turns on B<-ign_eof> as well.
+turns on B<-ign_eof> and B<-nocommands> as well.
=item B<-no_ign_eof>
@@ -971,7 +971,7 @@
=head1 COPYRIGHT
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/CMS_sign.pod openssl-3.0.17/doc/man3/CMS_sign.pod
--- openssl-3.0.16/doc/man3/CMS_sign.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/CMS_sign.pod 2025-07-01 14:11:11.000000000 +0200
@@ -96,7 +96,7 @@
BIO_new_CMS().
If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
If B<signcert> and B<pkey> are NULL then a certificates only CMS structure is
output.
@@ -132,7 +132,7 @@
=head1 COPYRIGHT
-Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/DTLS_set_timer_cb.pod openssl-3.0.17/doc/man3/DTLS_set_timer_cb.pod
--- openssl-3.0.16/doc/man3/DTLS_set_timer_cb.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/DTLS_set_timer_cb.pod 2025-07-01 14:11:11.000000000 +0200
@@ -20,6 +20,17 @@
timeout interval on the DTLS protocol. The callback function will be
called by DTLS for every new DTLS packet that is sent.
+The callback should return the timeout interval in micro seconds.
+
+The I<timer_us> parameter of the callback is the last set timeout
+interval returned. On the first invocation of the callback,
+this value will be 0.
+
+At the beginning of the connection, if no timeout callback has been
+set via DTLS_set_timer_cb(), the default timeout value is 1 second.
+For all subsequent timeouts, the default behavior is to double the
+duration up to a maximum of 1 minute.
+
=head1 RETURN VALUES
Returns void.
@@ -30,7 +41,7 @@
=head1 COPYRIGHT
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/EVP_PKEY_CTX_new.pod openssl-3.0.17/doc/man3/EVP_PKEY_CTX_new.pod
--- openssl-3.0.16/doc/man3/EVP_PKEY_CTX_new.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/EVP_PKEY_CTX_new.pod 2025-07-01 14:11:11.000000000 +0200
@@ -49,8 +49,11 @@
for example during parameter generation or key generation for some
algorithms.
-EVP_PKEY_CTX_dup() duplicates the context I<ctx>. It is not supported for a
-keygen operation.
+EVP_PKEY_CTX_dup() duplicates the context I<ctx>.
+It is not supported for a keygen operation.
+It is however possible to duplicate a context freshly created via any of the
+above C<new> functions, provided L<EVP_PKEY_keygen_init(3)> has not yet been
+called on the source context, and then use the copy for key generation.
EVP_PKEY_CTX_free() frees up the context I<ctx>.
If I<ctx> is NULL, nothing is done.
@@ -122,7 +125,7 @@
=head1 COPYRIGHT
-Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/EVP_RAND.pod openssl-3.0.17/doc/man3/EVP_RAND.pod
--- openssl-3.0.16/doc/man3/EVP_RAND.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/EVP_RAND.pod 2025-07-01 14:11:11.000000000 +0200
@@ -151,11 +151,8 @@
from a live source will be sought. This call operates as per NIST SP 800-90A
and SP 800-90C.
-EVP_RAND_nonce() creates a nonce in I<out> of maximum length I<outlen>
-bytes from the RAND I<ctx>. The function returns the length of the generated
-nonce. If I<out> is NULL, the length is still returned but no generation
-takes place. This allows a caller to dynamically allocate a buffer of the
-appropriate size.
+EVP_RAND_nonce() creates a nonce in I<out> of length I<outlen>
+bytes from the RAND I<ctx>.
EVP_RAND_enable_locking() enables locking for the RAND I<ctx> and all of
its parents. After this I<ctx> will operate in a thread safe manner, albeit
@@ -376,7 +373,7 @@
EVP_RAND_CTX_free() does not return a value.
-EVP_RAND_nonce() returns the length of the nonce.
+EVP_RAND_nonce() returns 1 on success, 0 on error.
EVP_RAND_get_strength() returns the strength of the random number generator
in bits.
@@ -406,7 +403,7 @@
=head1 COPYRIGHT
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/OSSL_PARAM_int.pod openssl-3.0.17/doc/man3/OSSL_PARAM_int.pod
--- openssl-3.0.16/doc/man3/OSSL_PARAM_int.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/OSSL_PARAM_int.pod 2025-07-01 14:11:11.000000000 +0200
@@ -393,6 +393,29 @@
if ((p = OSSL_PARAM_locate(params, "cookie")) != NULL)
OSSL_PARAM_set_utf8_ptr(p, "cookie value");
+=head2 Example 3
+
+This example shows a special case where
+I<-Wincompatible-pointer-types-discards-qualifiers> may be set during
+compilation. The value for I<buf> cannot be a I<const char *> type string. An
+alternative in this case would be to use B<OSSL_PARAM> macro abbreviated calls
+rather than the specific callers which allows you to define the sha1 argument
+as a standard character array (I<char[]>).
+
+For example, this code:
+
+ OSSL_PARAM params[2];
+ params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA1", 0);
+ params[1] = OSSL_PARAM_construct_end();
+
+Can be made compatible with the following version:
+
+ char sha1[] = "SHA1"; /* sha1 is defined as char[] in this case */
+ OSSL_PARAM params[2];
+
+ params[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0);
+ params[1] = OSSL_PARAM_construct_end();
+
=head1 SEE ALSO
L<openssl-core.h(7)>, L<OSSL_PARAM(3)>
@@ -403,7 +426,7 @@
=head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/OSSL_PARAM.pod openssl-3.0.17/doc/man3/OSSL_PARAM.pod
--- openssl-3.0.16/doc/man3/OSSL_PARAM.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/OSSL_PARAM.pod 2025-07-01 14:11:11.000000000 +0200
@@ -356,7 +356,7 @@
=head1 SEE ALSO
-L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>
+L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>, L<OSSL_PARAM_construct_utf8_string(3)>
=head1 HISTORY
@@ -364,7 +364,7 @@
=head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/PKCS7_sign.pod openssl-3.0.17/doc/man3/PKCS7_sign.pod
--- openssl-3.0.16/doc/man3/PKCS7_sign.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/PKCS7_sign.pod 2025-07-01 14:11:11.000000000 +0200
@@ -80,7 +80,7 @@
BIO_new_PKCS7().
If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
The I<certs>, I<signcert> and I<pkey> parameters can all be
NULL if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
@@ -122,7 +122,7 @@
=head1 COPYRIGHT
-Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/SSL_CONF_cmd.pod openssl-3.0.17/doc/man3/SSL_CONF_cmd.pod
--- openssl-3.0.16/doc/man3/SSL_CONF_cmd.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/SSL_CONF_cmd.pod 2025-07-01 14:11:11.000000000 +0200
@@ -71,7 +71,7 @@
=item B<-no_renegotiation>
-Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
+Disables all attempts at renegotiation in (D)TLSv1.2 and earlier, same as setting
B<SSL_OP_NO_RENEGOTIATION>.
=item B<-no_resumption_on_reneg>
@@ -735,7 +735,7 @@
=head1 COPYRIGHT
-Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/SSL_CTX_set_min_proto_version.pod openssl-3.0.17/doc/man3/SSL_CTX_set_min_proto_version.pod
--- openssl-3.0.16/doc/man3/SSL_CTX_set_min_proto_version.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/SSL_CTX_set_min_proto_version.pod 2025-07-01 14:11:11.000000000 +0200
@@ -31,9 +31,10 @@
specific protocol versions.
Use these functions instead of disabling specific protocol versions.
-Setting the minimum or maximum version to 0, will enable protocol
+Setting the minimum or maximum version to 0 (default), will enable protocol
versions down to the lowest version, or up to the highest version
-supported by the library, respectively.
+supported by the library, respectively. The supported versions might be
+controlled by system configuration.
Getters return 0 in case B<ctx> or B<ssl> have been configured to
automatically use the lowest or highest version supported by the library.
@@ -64,7 +65,7 @@
=head1 COPYRIGHT
-Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/SSL_CTX_set_options.pod openssl-3.0.17/doc/man3/SSL_CTX_set_options.pod
--- openssl-3.0.16/doc/man3/SSL_CTX_set_options.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/SSL_CTX_set_options.pod 2025-07-01 14:11:11.000000000 +0200
@@ -241,7 +241,7 @@
=item SSL_OP_NO_RENEGOTIATION
-Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
+Disable all renegotiation in (D)TLSv1.2 and earlier. Do not send HelloRequest
messages, and ignore renegotiation requests via ClientHello.
=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
@@ -456,7 +456,7 @@
=head1 COPYRIGHT
-Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/SSL_key_update.pod openssl-3.0.17/doc/man3/SSL_key_update.pod
--- openssl-3.0.16/doc/man3/SSL_key_update.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/SSL_key_update.pod 2025-07-01 14:11:11.000000000 +0200
@@ -53,7 +53,9 @@
will be performed to confirm that it is a suitable time to start a
renegotiation. If so, then it will be initiated immediately. OpenSSL will not
attempt to resume any session associated with the connection in the new
-handshake.
+handshake. Note that some servers will respond to reneogitation attempts with
+a "no_renegotiation" alert. An OpenSSL will immediately fail the connection in
+this case.
When called from the client side, SSL_renegotiate_abbreviated() works in the
same was as SSL_renegotiate() except that OpenSSL will attempt to resume the
@@ -101,7 +103,7 @@
=head1 COPYRIGHT
-Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/SSL_SESSION_get0_hostname.pod openssl-3.0.17/doc/man3/SSL_SESSION_get0_hostname.pod
--- openssl-3.0.16/doc/man3/SSL_SESSION_get0_hostname.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/SSL_SESSION_get0_hostname.pod 2025-07-01 14:11:11.000000000 +0200
@@ -24,10 +24,8 @@
=head1 DESCRIPTION
SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the
-client when the session was created if it was accepted by the server and TLSv1.2
-or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the
-SNI hostname is negotiated with each handshake including resumption handshakes
-and is therefore never associated with the session.
+client when the session was created if it was accepted by the server. Otherwise
+NULL is returned.
The value returned is a pointer to memory maintained within B<s> and
should not be free'd.
@@ -67,7 +65,7 @@
=head1 COPYRIGHT
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man3/X509_VERIFY_PARAM_set_flags.pod openssl-3.0.17/doc/man3/X509_VERIFY_PARAM_set_flags.pod
--- openssl-3.0.16/doc/man3/X509_VERIFY_PARAM_set_flags.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man3/X509_VERIFY_PARAM_set_flags.pod 2025-07-01 14:11:11.000000000 +0200
@@ -248,8 +248,8 @@
B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
certificate. An error occurs if a suitable CRL cannot be found.
-B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
-chain.
+B<X509_V_FLAG_CRL_CHECK_ALL> expands CRL checking to the entire certificate
+chain if B<X509_V_FLAG_CRL_CHECK> has also been enabled, and is otherwise ignored.
B<X509_V_FLAG_IGNORE_CRITICAL> disables critical extension checking. By default
any unhandled critical extensions in certificates or (if checked) CRLs result
@@ -407,7 +407,7 @@
=head1 COPYRIGHT
-Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man7/migration_guide.pod openssl-3.0.17/doc/man7/migration_guide.pod
--- openssl-3.0.16/doc/man7/migration_guide.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man7/migration_guide.pod 2025-07-01 14:11:11.000000000 +0200
@@ -596,13 +596,13 @@
Support for TLSv1.3 has been added.
This has a number of implications for SSL/TLS applications. See the
-L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
+L<TLS1.3 page|https://github.com/openssl/openssl/wiki/TLS1.3> for further details.
=back
More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
can be found on the
-L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
+L<OpenSSL 1.1.0 Changes page|https://github.com/openssl/openssl/wiki/OpenSSL_1.1.0_Changes>.
=head3 Upgrading from the OpenSSL 2.0 FIPS Object Module
@@ -2484,7 +2484,7 @@
=head1 COPYRIGHT
-Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man7/OSSL_PROVIDER-FIPS.pod openssl-3.0.17/doc/man7/OSSL_PROVIDER-FIPS.pod
--- openssl-3.0.16/doc/man7/OSSL_PROVIDER-FIPS.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man7/OSSL_PROVIDER-FIPS.pod 2025-07-01 14:11:11.000000000 +0200
@@ -421,6 +421,19 @@
release within the same major release series. This flexibility enables
you to address bug fixes and CVEs that fall outside the FIPS boundary.
+You can load the FIPS provider into multiple library contexts as any other
+provider. However the following restriction applies. The FIPS provider cannot
+be used by multiple copies of OpenSSL libcrypto in a single process.
+
+As the provider saves core callbacks to the libcrypto obtained in the
+OSSL_provider_init() call to global data it will fail if subsequent
+invocations of its OSSL_provider_init() function yield different addresses
+of these callbacks than in the initial call. This happens when different
+copies of libcrypto are present in the memory of the process and both try
+to load the same FIPS provider. A workaround is to have a different copy
+of the FIPS provider loaded for each of the libcrypto instances in the
+process.
+
=head1 SEE ALSO
L<openssl-fipsinstall(1)>,
@@ -439,7 +452,7 @@
=head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man7/provider-cipher.pod openssl-3.0.17/doc/man7/provider-cipher.pod
--- openssl-3.0.16/doc/man7/provider-cipher.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man7/provider-cipher.pod 2025-07-01 14:11:11.000000000 +0200
@@ -103,8 +103,8 @@
In order to be a consistent set of functions there must at least be a complete
set of "encrypt" functions, or a complete set of "decrypt" functions, or a
single "cipher" function.
-In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be
-present.
+In all cases the OSSL_FUNC_cipher_get_params and both OSSL_FUNC_cipher_newctx
+and OSSL_FUNC_cipher_freectx functions must be present.
All other functions are optional.
=head2 Context Management Functions
@@ -241,7 +241,7 @@
=head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man7/provider-decoder.pod openssl-3.0.17/doc/man7/provider-decoder.pod
--- openssl-3.0.16/doc/man7/provider-decoder.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man7/provider-decoder.pod 2025-07-01 14:11:11.000000000 +0200
@@ -110,7 +110,9 @@
should be named "RSA". Likewise, an implementation that decodes DER data
from PEM input should be named "DER".
-Properties can be used to further specify details about an implementation:
+Properties, as defined in the L<OSSL_ALGORITHM(3)> array element of each
+decoder implementation, can be used to further specify details about an
+implementation:
=over 4
@@ -302,7 +304,7 @@
=head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man7/provider-encoder.pod openssl-3.0.17/doc/man7/provider-encoder.pod
--- openssl-3.0.16/doc/man7/provider-encoder.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man7/provider-encoder.pod 2025-07-01 14:11:11.000000000 +0200
@@ -127,7 +127,9 @@
For example, an implementation that encodes an RSA key should be named "RSA".
Likewise, an implementation that further encodes DER should be named "DER".
-Properties can be used to further specify details about an implementation:
+Properties, as defined in the L<OSSL_ALGORITHM(3)> array element of each
+decoder implementation, can be used to further specify details about an
+implementation:
=over 4
@@ -321,7 +323,7 @@
=head1 COPYRIGHT
-Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man7/provider-keymgmt.pod openssl-3.0.17/doc/man7/provider-keymgmt.pod
--- openssl-3.0.16/doc/man7/provider-keymgmt.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man7/provider-keymgmt.pod 2025-07-01 14:11:11.000000000 +0200
@@ -29,7 +29,7 @@
void OSSL_FUNC_keymgmt_gen_cleanup(void *genctx);
/* Key loading by object reference, also a constructor */
- void *OSSL_FUNC_keymgmt_load(const void *reference, size_t *reference_sz);
+ void *OSSL_FUNC_keymgmt_load(const void *reference, size_t reference_sz);
/* Key object information */
int OSSL_FUNC_keymgmt_get_params(void *keydata, OSSL_PARAM params[]);
@@ -442,7 +442,7 @@
=head1 COPYRIGHT
-Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/man7/provider-signature.pod openssl-3.0.17/doc/man7/provider-signature.pod
--- openssl-3.0.16/doc/man7/provider-signature.pod 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/man7/provider-signature.pod 2025-07-01 14:11:11.000000000 +0200
@@ -284,7 +284,7 @@
the signature should be written to I<*siglen>.
OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation
-previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously
+previously started through OSSL_FUNC_signature_digest_sign_init(). A previously
initialised signature context is passed in the I<ctx> parameter. The data to be
signed is in I<tbs> which should be I<tbslen> bytes long. Unless I<sig> is NULL,
the signature should be written to the location pointed to by the I<sig>
@@ -294,7 +294,7 @@
=head2 Digest Verify Functions
-OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a
+OSSL_FUNC_signature_digest_verify_init() initialises a context for verifying given a
provider side verification context in the I<ctx> parameter, and a pointer to a
provider key object in the I<provkey> parameter.
The I<params>, if not NULL, should be set on the context in a manner similar to
@@ -318,7 +318,7 @@
verified is in I<sig> which is I<siglen> bytes long.
OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation
-previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously
+previously started through OSSL_FUNC_signature_digest_verify_init(). A previously
initialised verification context is passed in the I<ctx> parameter. The data to be
verified is in I<tbs> which should be I<tbslen> bytes long. The signature to be
verified is in I<sig> which is I<siglen> bytes long.
@@ -360,8 +360,13 @@
=item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
-Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of
-signature algorithm and digest algorithm for the signature operation.
+Gets the DER-encoded AlgorithmIdentifier for the signature operation.
+This typically corresponds to the combination of a digest algorithm
+with a purely asymmetric signature algorithm, such as SHA256WithECDSA.
+
+The L<ASN1_item_sign_ctx(3)> relies on this operation and is used by
+many other functions signing ASN.1 structures such as X.509 certificates,
+certificate requests, and CRLs, as well as OCSP, CMP, and CMS messages.
=item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
@@ -421,7 +426,8 @@
=head1 SEE ALSO
-L<provider(7)>
+L<provider(7)>,
+L<ASN1_item_sign_ctx(3)>
=head1 HISTORY
@@ -429,7 +435,7 @@
=head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -Nru -w openssl-3.0.16/doc/README.md openssl-3.0.17/doc/README.md
--- openssl-3.0.16/doc/README.md 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/doc/README.md 2025-07-01 14:11:11.000000000 +0200
@@ -6,10 +6,6 @@
[fingerprints.txt](fingerprints.txt)
PGP fingerprints of authorised release signers
-standards.txt
-standards.txt
- Moved to the web, <https://www.openssl.org/docs/standards.html>
-
[HOWTO/](HOWTO/)
A few how-to documents; not necessarily up-to-date
@@ -27,4 +23,4 @@
Algorithm specific EVP_PKEY documentation.
Formatted versions of the manpages (apps,ssl,crypto) can be found at
- <https://www.openssl.org/docs/manpages.html>
+ <https://docs.openssl.org/master/>
diff -Nru -w openssl-3.0.16/e_os.h openssl-3.0.17/e_os.h
--- openssl-3.0.16/e_os.h 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/e_os.h 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -126,17 +126,6 @@
# define EACCES 13
# endif
# include <string.h>
-# ifdef _WIN64
-# define strlen(s) _strlen31(s)
-/* cut strings to 2GB */
-static __inline unsigned int _strlen31(const char *str)
-{
- unsigned int len = 0;
- while (*str && len < 0x80000000U)
- str++, len++;
- return len & 0x7FFFFFFF;
-}
-# endif
# include <malloc.h>
# if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
# if _MSC_VER>=1300 && _MSC_VER<1600
diff -Nru -w openssl-3.0.16/fuzz/x509.c openssl-3.0.17/fuzz/x509.c
--- openssl-3.0.16/fuzz/x509.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/fuzz/x509.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -78,9 +78,13 @@
resp = d2i_OCSP_RESPONSE(NULL, &p, len);
store = X509_STORE_new();
+ if (store == NULL)
+ goto err;
X509_STORE_add_cert(store, x509_2);
param = X509_VERIFY_PARAM_new();
+ if (param == NULL)
+ goto err;
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT);
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);
diff -Nru -w openssl-3.0.16/include/internal/constant_time.h openssl-3.0.17/include/internal/constant_time.h
--- openssl-3.0.16/include/internal/constant_time.h 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/include/internal/constant_time.h 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -296,6 +296,18 @@
return r;
}
+/* Convenience method for unsigned char. */
+static ossl_inline unsigned char value_barrier_8(unsigned char a)
+{
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
+ unsigned char r;
+ __asm__("" : "=r"(r) : "0"(a));
+#else
+ volatile unsigned char r = a;
+#endif
+ return r;
+}
+
static ossl_inline unsigned int constant_time_select(unsigned int mask,
unsigned int a,
unsigned int b)
@@ -356,7 +368,7 @@
{
uint32_t xor = *a ^ *b;
- xor &= mask;
+ xor &= value_barrier_32(mask);
*a ^= xor;
*b ^= xor;
}
@@ -376,7 +388,7 @@
{
uint64_t xor = *a ^ *b;
- xor &= mask;
+ xor &= value_barrier_64(mask);
*a ^= xor;
*b ^= xor;
}
@@ -403,7 +415,7 @@
for (i = 0; i < len; i++) {
tmp = a[i] ^ b[i];
- tmp &= mask;
+ tmp &= value_barrier_8(mask);
a[i] ^= tmp;
b[i] ^= tmp;
}
diff -Nru -w openssl-3.0.16/NEWS.md openssl-3.0.17/NEWS.md
--- openssl-3.0.16/NEWS.md 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/NEWS.md 2025-07-01 14:11:11.000000000 +0200
@@ -18,6 +18,14 @@
OpenSSL 3.0
-----------
+### Major changes between OpenSSL 3.0.16 and OpenSSL 3.0.17 [1 Jul 2025]
+
+OpenSSL 3.0.17 is a bug fix release.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Miscellaneous minor bug fixes.
+
### Major changes between OpenSSL 3.0.15 and OpenSSL 3.0.16 [11 Feb 2025]
OpenSSL 3.0.16 is a security patch release. The most severe CVE fixed in this
@@ -329,7 +337,7 @@
* Rewrite of the packet construction code for "safer" packet handling
* Rewrite of the extension handling code
For further important information, see the [TLS1.3 page](
- https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki.
+ https://github.com/openssl/openssl/wiki/TLS1.3) in the OpenSSL Wiki.
* Complete rewrite of the OpenSSL random number generator to introduce the
following capabilities
diff -Nru -w openssl-3.0.16/NOTES-WINDOWS.md openssl-3.0.17/NOTES-WINDOWS.md
--- openssl-3.0.16/NOTES-WINDOWS.md 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/NOTES-WINDOWS.md 2025-07-01 14:11:11.000000000 +0200
@@ -79,6 +79,11 @@
OpenSSL or
- `perl Configure` to let Configure figure out the platform
+ a. If you don't plan to develop OpenSSL yourself and don't need to rebuild,
+ in other words, if you always do a new build, turning off the build
+ dependency feature can speed up build times by up to 50%:
+ `perl Configure no-makedepend`
+
6. `nmake`
7. `nmake test`
diff -Nru -w openssl-3.0.16/providers/fips.checksum openssl-3.0.17/providers/fips.checksum
--- openssl-3.0.16/providers/fips.checksum 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/fips.checksum 2025-07-01 14:11:11.000000000 +0200
@@ -1 +1 @@
-01b31117f96429fe4c8efbf7f4f10ef32efa2b11c69851fd227e4194db116b6f providers/fips-sources.checksums
+0cbed2adf7acee36e3ef1906e6de0946b423cc9354c878e54bcbc7a363aeec0d providers/fips-sources.checksums
diff -Nru -w openssl-3.0.16/providers/fips-sources.checksums openssl-3.0.17/providers/fips-sources.checksums
--- openssl-3.0.16/providers/fips-sources.checksums 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/fips-sources.checksums 2025-07-01 14:11:11.000000000 +0200
@@ -197,9 +197,9 @@
62c994fd91dc4a5a1a81dfa9391d6eadae62d3549b2e1b22acb2e7c4cd278f27 crypto/evp/evp_fetch.c
ebe32b2895f7f9767710674352c8949efe93b4bbb5e7b71c27bb5d1822339b46 crypto/evp/evp_lib.c
78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h
-117e679d49d2ae87e49d3c942ff0ce768959e8b9713f84a99025cabba462ccd5 crypto/evp/evp_rand.c
+a801c0f785d2089d69872f0874bc91c2f90939839b5a1d76d33994eb5ced4754 crypto/evp/evp_rand.c
2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c
-ca8c6cfd30efd53f2e5d1f19bcf09a3a3d0dff6d8947c3943d07a3f4b354aa86 crypto/evp/exchange.c
+cedb38e16de356c6d3fcd087801db059ab8b5a857b3687ad36ff3e75654cc142 crypto/evp/exchange.c
9e25042581b73e295c059c6217f3ecf809134d518eb79b1b67f34e3ca9145677 crypto/evp/kdf_lib.c
1d72f5506984df1df8606e8c7045f041cf517223e2e1b50c4da8ba8bf1c6c186 crypto/evp/kdf_meth.c
5179624b8e03615dc9caedc9ec16d094fa081495613dd552d71c2c39475bcd83 crypto/evp/kem.c
@@ -211,7 +211,7 @@
546d83abecf8973e2d872102a03bde5a46552909fa9e7d1402e1464a27453801 crypto/evp/p_lib.c
3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c
1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c
-76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c
+59af1ebff5870b531d1e007979ba59ced21c58a5fa481d2a8b24e9e1eb635bd5 crypto/evp/pmeth_lib.c
53058617c153a7676e7ca18c98c23df867a93087d67935907076f3c5bd65c15e crypto/evp/signature.c
f2acfb82aac20251d05a9c252cc6c282bd44e43feac4ac2e0faf68b9a38aef57 crypto/ex_data.c
1c8389c5d49616d491978f0f2b2a54ba82d805ec41c8f75c67853216953cf46a crypto/ffc/ffc_backend.c
@@ -254,12 +254,12 @@
c698d5166d091d6bb6e9df3c211fe1cc916fd43a26ec844f28f547cd708f9c55 crypto/param_build.c
2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d crypto/param_build_set.c
0e4a5388a92fabbe5a540176c0b4c5ce258b78dc9168ecc2e805352a06aaf0ba crypto/params.c
-4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c
+9121f614b65e471ddf944192015c8d19c34032629cfc284ebcc277469a9164dd crypto/params_dup.c
b6cbfc8791b31587f32a3f9e4c117549793528ebddc34a361bad1ad8cf8d4c42 crypto/params_from_text.c
97cb7414dc2f165d5849ee3b46cdfff0afb067729435d9c01a747e0ca41e230c crypto/ppccap.c
3ca43596a7528dec8ff9d1a3cd0d68b62640f84b1d6a8b5e4842cfd0be1133ad crypto/ppccpuid.pl
b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c
-c3709986fd2ab18f3c6136d8dd7705a4538986aa789ceafe770c3a376db3c569 crypto/property/property.c
+9b5fbefe6b18f665b44f79d1d08a977b484064a9fba46506ed8e812e581e9d97 crypto/property/property.c
66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h
b0b382ce829192d2537561cfb0fb5c7afb04305f321f7b3c91441b4ba99b9c92 crypto/property/property_parse.c
a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c
@@ -344,11 +344,11 @@
8da78169fa8c09dc3c29c9bf1602b22e88c5eac4815e274ba1864c166e31584b crypto/stack/stack.c
7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c
a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c
-3729e2bd36f945808b578e0d89fac0fcb3114e4fc9381614bcbd8a9869991716 crypto/threads_pthread.c
+0a085bd6a70d449c79783c7b11383ae427df28a19fd4651571003306079bb72f crypto/threads_pthread.c
f82715745b668297d71b66d05e6bfc3c817bf80bd967c0f33ca7ffbb6e347645 crypto/threads_win.c
fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl
bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16 crypto/x86cpuid.pl
-acbb841170d4d3eb91d969be1c0e4973b1babfd5fcd76440b0628f509f82fd76 e_os.h
+4a61cecc1d1d547cb414404c73efe71cac8ab7885a03780a55c3ff8a74b1de26 e_os.h
249a0e58e9692920eddc1ada2ac772a0cfd749cfbf618f2f5da08280df545d8f include/crypto/aes_platform.h
8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h
3bded0eaa7ccdebd0b4217b7fdb82676d5c0762a88aca462dbceaef851fafa99 include/crypto/bn.h
@@ -373,7 +373,7 @@
7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h
7ad02c7de77304c3b298deeb038ab2550cf8b2bce03021994477c6c43dbcf86e include/crypto/types.h
782a83d4e489fd865e2768a20bfa31e78c2071fd0ceeb9eb077276ae2bcc6590 include/internal/bio.h
-8e984890c7c62cdd6356963f034831831f7167c65096cb4d23bc765d84d2c598 include/internal/constant_time.h
+c64d5338564a30577c86347d99763f1a3321ec12a65c7d61298ea78a3f136a83 include/internal/constant_time.h
c5bb97f654984130c8b44c09a52395bce0b22985d5dbc9c4d9377d86283f11f8 include/internal/core.h
0b572801dfb8a41cc239e3439f8097a0ad11bbdf5d54811d10ceba3175cf2f17 include/internal/cryptlib.h
9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h
@@ -542,7 +542,7 @@
c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666 providers/implementations/ciphers/ciphercommon_local.h
39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d providers/implementations/digests/digestcommon.c
80551b53302d95faea257df3edbdbd02d48427ce42da2c4335f998456400d057 providers/implementations/digests/sha2_prov.c
-de342d04be6af69037922d5c97bdc40c0c27f6740636e72786a765d0d8ad9173 providers/implementations/digests/sha3_prov.c
+52608810d317b4cfe358d5a668369f834f845bc5f82e475d7ecaae5ca0144293 providers/implementations/digests/sha3_prov.c
b5f94d597df72ca58486c59b2a70b4057d13f09528f861ed41a84b7125b54a82 providers/implementations/exchange/dh_exch.c
9c46dc0d859875fcc0bc3d61a7b610cd3520b1bf63718775c1124f54a1fe5f24 providers/implementations/exchange/ecdh_exch.c
9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c
@@ -557,7 +557,7 @@
c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h
29d1a112b799e1f45fdf8bcee8361c2ed67428c250c1cdf408a9fbb7ebf4cce1 providers/implementations/include/prov/names.h
2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda providers/implementations/include/prov/seeding.h
-6091dd22e716fbe6c7c94524cdee6ad4432a572f2d3c4d360dcafafa3902d692 providers/implementations/kdfs/hkdf.c
+9d84007b7d13c70ceef8709ba8c92bfffa894aabfe1802993f33f1268c18aab0 providers/implementations/kdfs/hkdf.c
a62e3af09f5af84dcf36f951ba4ac90ca1694adaf3747126186020b155f94186 providers/implementations/kdfs/kbkdf.c
e0644e727aacfea4da3cf2c4d2602d7ef0626ebb760b6467432ffd54d5fbb24d providers/implementations/kdfs/pbkdf2.c
c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h
@@ -571,9 +571,9 @@
9316fc619e8d8a1d841aa0936fc62c28eb2b4c60cc6c9b2d64b72f8641f28abb providers/implementations/keymgmt/dsa_kmgmt.c
9bc88451d3ae110c7a108ee73d3b3b6bda801ec3494d2dfb9c9970b85c2d34fe providers/implementations/keymgmt/ec_kmgmt.c
258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc
-d0c67b7fbddd51dcfebd96bf99794ca3bc437d50974ebcd56968fb8dd3627b0f providers/implementations/keymgmt/ecx_kmgmt.c
+5f76cf9d17e14f471f90ebadcd94fca654c806f4356b84d5b9363e8be4599bcb providers/implementations/keymgmt/ecx_kmgmt.c
053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c
-37e2f9f904eeabf94b1e4152b67ac236f872aa78dd7e47bf0de1b8f50ac19b6c providers/implementations/keymgmt/mac_legacy_kmgmt.c
+e0450f253ca54624587046edd28f071f55bf3088847dc8a4de79491079ad475d providers/implementations/keymgmt/mac_legacy_kmgmt.c
19f22fc70a6321441e56d5bd4aab3d01d52d17069d4e4b5cefce0f411ecece75 providers/implementations/keymgmt/rsa_kmgmt.c
5eb96ea2df635cf79c5aeccae270fbe896b5e6384a5b3e4b187ce8c10fe8dfc7 providers/implementations/macs/cmac_prov.c
e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c
@@ -581,11 +581,11 @@
8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c
bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c
f9457255fc57ef5739aa2584e535195e38cc947e31fd044d28d64c28c8a946ce providers/implementations/rands/drbg.c
-7e8fa6333845778474ed1313a66867512512372c9397f699a8f68fa6d5fc05fa providers/implementations/rands/drbg_ctr.c
+42e895fe255d90f9135eada30466811e3909ea4fd07fb968435dc5feee94ebf8 providers/implementations/rands/drbg_ctr.c
8337994f4bc95e421d6d2833bb4481ad9d84deb3913d0faec6e1791ea372a793 providers/implementations/rands/drbg_hash.c
1f040090f596f88cb64d6eb89109a8b75e66caee113708fb59335ad2547027fc providers/implementations/rands/drbg_hmac.c
7a1b8516f891f25f3dc07ffe0455200f20d3a1f0345a917f00c7d9afe900bb0a providers/implementations/rands/drbg_local.h
-04339b66c10017229ef368cb48077f58a252ebfda9ab12b9f919e4149b1036ed providers/implementations/rands/test_rng.c
+66c0a91e23ae4275cc3f5daa8437d1c0addd10ca2e8aefab4573d606c5ba27ba providers/implementations/rands/test_rng.c
cafb9e6f54ad15889fcebddac6df61336bff7d78936f7de3bb5aab8aee5728d2 providers/implementations/signature/dsa_sig.c
a30dc6308de0ca33406e7ce909f3bcf7580fb84d863b0976b275839f866258df providers/implementations/signature/ecdsa_sig.c
09647b736980ac3c762f1e7c10cbfee78e2c6ab327ac62e5039968cea034ff3b providers/implementations/signature/eddsa_sig.c
diff -Nru -w openssl-3.0.16/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc openssl-3.0.17/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc
--- openssl-3.0.16/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -15,10 +15,8 @@
size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
const void *key, unsigned char ivec[16], u64 *Xi)
{
- size_t align_bytes = 0;
- align_bytes = len - len % 16;
-
AES_KEY *aes_key = (AES_KEY *)key;
+ size_t align_bytes = len - len % 16;
switch(aes_key->rounds) {
case 10:
@@ -37,10 +35,8 @@
size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
const void *key, unsigned char ivec[16], u64 *Xi)
{
- size_t align_bytes = 0;
- align_bytes = len - len % 16;
-
AES_KEY *aes_key = (AES_KEY *)key;
+ size_t align_bytes = len - len % 16;
switch(aes_key->rounds) {
case 10:
diff -Nru -w openssl-3.0.16/providers/implementations/ciphers/cipher_chacha20_poly1305.c openssl-3.0.17/providers/implementations/ciphers/cipher_chacha20_poly1305.c
--- openssl-3.0.16/providers/implementations/ciphers/cipher_chacha20_poly1305.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/implementations/ciphers/cipher_chacha20_poly1305.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -32,7 +32,7 @@
static OSSL_FUNC_cipher_cipher_fn chacha20_poly1305_cipher;
static OSSL_FUNC_cipher_final_fn chacha20_poly1305_final;
static OSSL_FUNC_cipher_gettable_ctx_params_fn chacha20_poly1305_gettable_ctx_params;
-#define chacha20_poly1305_settable_ctx_params ossl_cipher_aead_settable_ctx_params
+static OSSL_FUNC_cipher_settable_ctx_params_fn chacha20_poly1305_settable_ctx_params;
#define chacha20_poly1305_gettable_params ossl_cipher_generic_gettable_params
#define chacha20_poly1305_update chacha20_poly1305_cipher
@@ -158,6 +158,21 @@
return chacha20_poly1305_known_gettable_ctx_params;
}
+static const OSSL_PARAM chacha20_poly1305_known_settable_ctx_params[] = {
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+ OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
+ OSSL_PARAM_END
+};
+static const OSSL_PARAM *chacha20_poly1305_settable_ctx_params(
+ ossl_unused void *cctx, ossl_unused void *provctx
+ )
+{
+ return chacha20_poly1305_known_settable_ctx_params;
+}
+
static int chacha20_poly1305_set_ctx_params(void *vctx,
const OSSL_PARAM params[])
{
@@ -238,7 +253,6 @@
return 0;
}
}
- /* ignore OSSL_CIPHER_PARAM_AEAD_MAC_KEY */
return 1;
}
diff -Nru -w openssl-3.0.16/providers/implementations/digests/sha3_prov.c openssl-3.0.17/providers/implementations/digests/sha3_prov.c
--- openssl-3.0.16/providers/implementations/digests/sha3_prov.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/implementations/digests/sha3_prov.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -19,7 +19,7 @@
#include "prov/implementations.h"
#define SHA3_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT
-#define SHAKE_FLAGS PROV_DIGEST_FLAG_XOF
+#define SHAKE_FLAGS (PROV_DIGEST_FLAG_XOF | PROV_DIGEST_FLAG_ALGID_ABSENT)
#define KMAC_FLAGS PROV_DIGEST_FLAG_XOF
/*
diff -Nru -w openssl-3.0.16/providers/implementations/kdfs/hkdf.c openssl-3.0.17/providers/implementations/kdfs/hkdf.c
--- openssl-3.0.16/providers/implementations/kdfs/hkdf.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/implementations/kdfs/hkdf.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -233,14 +233,12 @@
}
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
- if (p->data_size != 0 && p->data != NULL) {
OPENSSL_free(ctx->salt);
ctx->salt = NULL;
if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->salt, 0,
&ctx->salt_len))
return 0;
}
- }
return 1;
}
diff -Nru -w openssl-3.0.16/providers/implementations/keymgmt/ecx_kmgmt.c openssl-3.0.17/providers/implementations/keymgmt/ecx_kmgmt.c
--- openssl-3.0.16/providers/implementations/keymgmt/ecx_kmgmt.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/implementations/keymgmt/ecx_kmgmt.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -344,7 +344,6 @@
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
- OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
ECX_KEY_TYPES(),
OSSL_PARAM_END
@@ -354,6 +353,7 @@
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
ECX_KEY_TYPES(),
OSSL_PARAM_END
};
@@ -485,6 +485,8 @@
gctx->libctx = libctx;
gctx->type = type;
gctx->selection = selection;
+ } else {
+ return NULL;
}
if (!ecx_gen_set_params(gctx, params)) {
ecx_gen_cleanup(gctx);
@@ -694,6 +696,9 @@
{
struct ecx_gen_ctx *gctx = genctx;
+ if (gctx == NULL)
+ return;
+
OPENSSL_free(gctx->propq);
OPENSSL_free(gctx);
}
diff -Nru -w openssl-3.0.16/providers/implementations/keymgmt/mac_legacy_kmgmt.c openssl-3.0.17/providers/implementations/keymgmt/mac_legacy_kmgmt.c
--- openssl-3.0.16/providers/implementations/keymgmt/mac_legacy_kmgmt.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/implementations/keymgmt/mac_legacy_kmgmt.c 2025-07-01 14:11:11.000000000 +0200
@@ -527,6 +527,9 @@
{
struct mac_gen_ctx *gctx = genctx;
+ if (gctx == NULL)
+ return;
+
OPENSSL_secure_clear_free(gctx->priv_key, gctx->priv_key_len);
ossl_prov_cipher_reset(&gctx->cipher);
OPENSSL_free(gctx);
diff -Nru -w openssl-3.0.16/providers/implementations/rands/drbg_ctr.c openssl-3.0.17/providers/implementations/rands/drbg_ctr.c
--- openssl-3.0.16/providers/implementations/rands/drbg_ctr.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/implementations/rands/drbg_ctr.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,6 +20,7 @@
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "drbg_local.h"
+#include "internal/cryptlib.h"
static OSSL_FUNC_rand_newctx_fn drbg_ctr_new_wrapper;
static OSSL_FUNC_rand_freectx_fn drbg_ctr_free;
@@ -80,6 +81,8 @@
* are XORing. So just process however much input we have.
*/
n = inlen < ctr->keylen ? inlen : ctr->keylen;
+ if (!ossl_assert(n <= sizeof(ctr->K)))
+ return;
for (i = 0; i < n; i++)
ctr->K[i] ^= in[i];
if (inlen <= ctr->keylen)
diff -Nru -w openssl-3.0.16/providers/implementations/rands/test_rng.c openssl-3.0.17/providers/implementations/rands/test_rng.c
--- openssl-3.0.16/providers/implementations/rands/test_rng.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/providers/implementations/rands/test_rng.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -125,16 +125,18 @@
static size_t test_rng_nonce(void *vtest, unsigned char *out,
unsigned int strength,
ossl_unused size_t min_noncelen,
- ossl_unused size_t max_noncelen)
+ size_t max_noncelen)
{
PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
+ size_t i;
if (t->nonce == NULL || strength > t->strength)
return 0;
+ i = t->nonce_len > max_noncelen ? max_noncelen : t->nonce_len;
if (out != NULL)
- memcpy(out, t->nonce, t->nonce_len);
- return t->nonce_len;
+ memcpy(out, t->nonce, i);
+ return i;
}
static int test_rng_get_ctx_params(void *vtest, OSSL_PARAM params[])
diff -Nru -w openssl-3.0.16/README.md openssl-3.0.17/README.md
--- openssl-3.0.16/README.md 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/README.md 2025-07-01 14:11:11.000000000 +0200
@@ -128,8 +128,7 @@
Wiki
----
-There is a Wiki at [wiki.openssl.org] which is currently not very active.
-It contains a lot of useful information, not all of which is up to date.
+There is a [GitHub Wiki] which is currently not very active.
License
=======
@@ -178,8 +177,8 @@
<https://github.com/openssl/openssl>
"OpenSSL GitHub Mirror"
-[wiki.openssl.org]:
- <https://wiki.openssl.org>
+[GitHub Wiki]:
+ <https://github.com/openssl/openssl/wiki>
"OpenSSL Wiki"
[migration_guide(7ossl)]:
diff -Nru -w openssl-3.0.16/ssl/record/rec_layer_d1.c openssl-3.0.17/ssl/record/rec_layer_d1.c
--- openssl-3.0.16/ssl/record/rec_layer_d1.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/ssl/record/rec_layer_d1.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -606,6 +606,17 @@
#endif
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
return 0;
+ } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
+ /*
+ * This is a warning but we receive it if we requested
+ * renegotiation and the peer denied it. Terminate with a fatal
+ * alert because if the application tried to renegotiate it
+ * presumably had a good reason and expects it to succeed. In
+ * the future we might have a renegotiation where we don't care
+ * if the peer refused it where we carry on.
+ */
+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION);
+ return -1;
}
} else if (alert_level == SSL3_AL_FATAL) {
s->rwstate = SSL_NOTHING;
diff -Nru -w openssl-3.0.16/ssl/record/rec_layer_s3.c openssl-3.0.17/ssl/record/rec_layer_s3.c
--- openssl-3.0.16/ssl/record/rec_layer_s3.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/ssl/record/rec_layer_s3.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1613,10 +1613,10 @@
/*
* This is a warning but we receive it if we requested
* renegotiation and the peer denied it. Terminate with a fatal
- * alert because if application tried to renegotiate it
+ * alert because if the application tried to renegotiate it
* presumably had a good reason and expects it to succeed. In
- * future we might have a renegotiation where we don't care if
- * the peer refused it where we carry on.
+ * the future we might have a renegotiation where we don't care
+ * if the peer refused it where we carry on.
*/
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_NO_RENEGOTIATION);
return -1;
diff -Nru -w openssl-3.0.16/ssl/s3_lib.c openssl-3.0.17/ssl/s3_lib.c
--- openssl-3.0.16/ssl/s3_lib.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/ssl/s3_lib.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -4820,7 +4820,10 @@
}
if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ /*
+ * the public key was probably a weak key
+ */
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
goto err;
}
@@ -4923,7 +4926,7 @@
}
if (EVP_PKEY_encapsulate(pctx, ct, &ctlen, pms, &pmslen) <= 0) {
- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
goto err;
}
diff -Nru -w openssl-3.0.16/ssl/ssl_cert.c openssl-3.0.17/ssl/ssl_cert.c
--- openssl-3.0.16/ssl/ssl_cert.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/ssl/ssl_cert.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -812,16 +812,17 @@
OSSL_STORE_CTX *ctx = NULL;
X509 *x = NULL;
X509_NAME *xn = NULL;
+ OSSL_STORE_INFO *info = NULL;
if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)
goto err;
while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {
- OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
- int infotype = info == 0 ? 0 : OSSL_STORE_INFO_get_type(info);
+ int infotype;
- if (info == NULL)
+ if ((info = OSSL_STORE_load(ctx)) == NULL)
continue;
+ infotype = OSSL_STORE_INFO_get_type(info);
if (infotype == OSSL_STORE_INFO_NAME) {
/*
@@ -846,6 +847,7 @@
}
OSSL_STORE_INFO_free(info);
+ info = NULL;
}
ERR_clear_error();
@@ -853,6 +855,7 @@
err:
ok = 0;
+ OSSL_STORE_INFO_free(info);
done:
OSSL_STORE_close(ctx);
diff -Nru -w openssl-3.0.16/ssl/ssl_sess.c openssl-3.0.17/ssl/ssl_sess.c
--- openssl-3.0.16/ssl/ssl_sess.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/ssl/ssl_sess.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -612,6 +612,8 @@
SSL_TICKET_STATUS r;
if (SSL_IS_TLS13(s)) {
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
/*
* By default we will send a new ticket. This can be overridden in the
* ticket processing.
@@ -624,6 +626,7 @@
hello->pre_proc_exts, NULL, 0))
return -1;
+ /* If we resumed, s->session will now be set */
ret = s->session;
} else {
/* sets s->ext.ticket_expected */
diff -Nru -w openssl-3.0.16/ssl/statem/extensions_srvr.c openssl-3.0.17/ssl/statem/extensions_srvr.c
--- openssl-3.0.16/ssl/statem/extensions_srvr.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/ssl/statem/extensions_srvr.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -275,7 +275,13 @@
return 0;
}
- if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) {
+ /*
+ * We use this routine on both clients and servers, and when clients
+ * get asked for PHA we need to always save the sigalgs regardless
+ * of whether it was a resumption or not.
+ */
+ if ((!s->server || (s->server && !s->hit))
+ && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
return 0;
}
@@ -294,7 +300,13 @@
return 0;
}
- if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) {
+ /*
+ * We use this routine on both clients and servers, and when clients
+ * get asked for PHA we need to always save the sigalgs regardless
+ * of whether it was a resumption or not.
+ */
+ if ((!s->server || (s->server && !s->hit))
+ && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
return 0;
}
diff -Nru -w openssl-3.0.16/ssl/statem/statem_lib.c openssl-3.0.17/ssl/statem/statem_lib.c
--- openssl-3.0.16/ssl/statem/statem_lib.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/ssl/statem/statem_lib.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -1967,23 +1967,24 @@
real_max = ver_max;
/* Check for downgrades */
- if (s->version == TLS1_2_VERSION && real_max > s->version) {
- if (memcmp(tls12downgrade,
+ if (!SSL_IS_DTLS(s) && real_max > s->version) {
+ /* Signal applies to all versions */
+ if (memcmp(tls11downgrade,
s->s3.server_random + SSL3_RANDOM_SIZE
- - sizeof(tls12downgrade),
- sizeof(tls12downgrade)) == 0) {
+ - sizeof(tls11downgrade),
+ sizeof(tls11downgrade)) == 0) {
s->version = origv;
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_R_INAPPROPRIATE_FALLBACK);
return 0;
}
- } else if (!SSL_IS_DTLS(s)
- && s->version < TLS1_2_VERSION
- && real_max > s->version) {
- if (memcmp(tls11downgrade,
+ /* Only when accepting TLS1.3 */
+ if (real_max == TLS1_3_VERSION
+ && memcmp(tls12downgrade,
s->s3.server_random + SSL3_RANDOM_SIZE
- - sizeof(tls11downgrade),
- sizeof(tls11downgrade)) == 0) {
+ - sizeof(tls12downgrade),
+ sizeof(tls12downgrade)) == 0) {
+
s->version = origv;
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
SSL_R_INAPPROPRIATE_FALLBACK);
diff -Nru -w openssl-3.0.16/test/bio_enc_test.c openssl-3.0.17/test/bio_enc_test.c
--- openssl-3.0.16/test/bio_enc_test.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/bio_enc_test.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -132,7 +132,17 @@
if (!TEST_ptr(mem))
goto err;
BIO_push(b, mem);
+#if 0
+ /*
+ * This is wrong to do, it always fails, and incorrectly ends up
+ * calling `EVP_CipherFinal()` and setting ctx->finished = 1, ...
+ * all of which are unwanted. But just deleting this is less
+ * instructive to future readers of the code. Don't call BIO_flush
+ * until you're done either reading or writing and want to finalise
+ * the state.
+ */
(void)BIO_flush(b);
+#endif
memset(out, 0, sizeof(out));
len = BIO_read(b, out, sizeof(out));
BIO_free_all(b);
@@ -250,6 +260,66 @@
# endif
# endif
+static int test_bio_enc_eof_read_flush(void)
+{
+ /* Length chosen to ensure base64 encoding employs padding */
+ const unsigned char pbuf[] = "Attack at dawn";
+ unsigned char cbuf[16]; /* At least as long as pbuf */
+ const EVP_CIPHER *cipher = EVP_aes_256_gcm();
+ EVP_CIPHER_CTX *ctx = NULL;
+ BIO *mem = NULL, *b64 = NULL, *cbio = NULL;
+ unsigned char tag[16];
+ size_t key_size, iv_size;
+ int n, ret = 0;
+
+ memset(tag, 0, sizeof(tag));
+ if (!TEST_ptr(cipher)
+ || !TEST_int_gt((key_size = EVP_CIPHER_key_length(cipher)), 0)
+ || !TEST_int_gt((iv_size = EVP_CIPHER_iv_length(cipher)), 0)
+ || !TEST_ptr(mem = BIO_new(BIO_s_mem()))
+ || !TEST_ptr(b64 = BIO_new(BIO_f_base64()))
+ || !TEST_ptr(cbio = BIO_new(BIO_f_cipher()))
+ || !TEST_ptr(BIO_push(b64, mem))
+ || !TEST_ptr(BIO_push(cbio, b64))
+ || !TEST_int_gt(BIO_get_cipher_ctx(cbio, &ctx), 0)
+ || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, KEY, IV, ENCRYPT))
+ || !TEST_int_gt(BIO_write(cbio, pbuf, sizeof(pbuf) - 1), 0)
+ || !TEST_int_gt(BIO_flush(cbio), 0)
+ || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
+ sizeof(tag), tag), 0))
+ goto end;
+ BIO_free(cbio);
+ BIO_free(b64);
+ b64 = cbio = NULL;
+
+ BIO_set_mem_eof_return(mem, 0);
+ BIO_set_flags(mem, BIO_FLAGS_NONCLEAR_RST);
+ if (!TEST_int_gt(BIO_reset(mem), 0)
+ || !TEST_ptr(b64 = BIO_new(BIO_f_base64()))
+ || !TEST_ptr(cbio = BIO_new(BIO_f_cipher()))
+ || !TEST_ptr(BIO_push(b64, mem))
+ || !TEST_ptr(BIO_push(cbio, b64))
+ || !TEST_int_gt(BIO_get_cipher_ctx(cbio, &ctx), 0)
+ || !TEST_true(EVP_CipherInit_ex(ctx, cipher, NULL, KEY, IV, DECRYPT))
+ || !TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
+ sizeof(tag), tag), 0)
+ || !TEST_int_gt((n = BIO_read(cbio, cbuf, sizeof(cbuf))), 0)
+ || !TEST_true(BIO_get_cipher_status(cbio))
+ /* Evaluate both and report whether either or both failed */
+ || (!TEST_int_gt(BIO_flush(cbio), 0) +
+ !TEST_true(BIO_get_cipher_status(cbio)))
+ || !TEST_mem_eq(cbuf, n, pbuf, sizeof(pbuf) - 1))
+ goto end;
+
+ ret = 1;
+
+ end:
+ BIO_free(cbio);
+ BIO_free(b64);
+ BIO_free(mem);
+ return ret;
+}
+
int setup_tests(void)
{
ADD_ALL_TESTS(test_bio_enc_aes_128_cbc, 2);
@@ -262,5 +332,6 @@
ADD_ALL_TESTS(test_bio_enc_chacha20_poly1305, 2);
# endif
# endif
+ ADD_TEST(test_bio_enc_eof_read_flush);
return 1;
}
diff -Nru -w openssl-3.0.16/test/bioprinttest.c openssl-3.0.17/test/bioprinttest.c
--- openssl-3.0.16/test/bioprinttest.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/bioprinttest.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,90 +20,97 @@
static int justprint = 0;
-static char *fpexpected[][10][5] = {
+static char *fpexpected[][11][5] = {
{
- /* 00 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" },
- /* 01 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" },
- /* 02 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" },
- /* 03 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" },
- /* 04 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
- /* 05 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" },
- /* 06 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" },
- /* 07 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" },
- /* 08 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" },
- /* 09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
- },
- {
- /* 10 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" },
- /* 11 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" },
- /* 12 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" },
- /* 13 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" },
- /* 14 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" },
- /* 15 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" },
- /* 16 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" },
- /* 17 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" },
- /* 18 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" },
- /* 19 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" },
- },
- {
- /* 20 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" },
- /* 21 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" },
- /* 22 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" },
- /* 23 */ { " 6.6667e-04", " 0.0007", " 0.0006667", " 6.6667E-04", " 0.0006667" },
- /* 24 */ { " 6.6667e-05", " 0.0001", " 6.667e-05", " 6.6667E-05", " 6.667E-05" },
- /* 25 */ { " 6.6667e+00", " 6.6667", " 6.667", " 6.6667E+00", " 6.667" },
- /* 26 */ { " 6.6667e+01", " 66.6667", " 66.67", " 6.6667E+01", " 66.67" },
- /* 27 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" },
- /* 28 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" },
- /* 29 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" },
- },
- {
- /* 30 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" },
- /* 31 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" },
- /* 32 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" },
- /* 33 */ { " 6.66667e-04", " 0.00067", " 0.00066667", " 6.66667E-04", " 0.00066667" },
- /* 34 */ { " 6.66667e-05", " 0.00007", " 6.6667e-05", " 6.66667E-05", " 6.6667E-05" },
- /* 35 */ { " 6.66667e+00", " 6.66667", " 6.6667", " 6.66667E+00", " 6.6667" },
- /* 36 */ { " 6.66667e+01", " 66.66667", " 66.667", " 6.66667E+01", " 66.667" },
- /* 37 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" },
- /* 38 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" },
- /* 39 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" },
- },
- {
- /* 40 */ { "0e+00", "0", "0", "0E+00", "0" },
- /* 41 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
- /* 42 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
- /* 43 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" },
- /* 44 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" },
- /* 45 */ { "7e+00", "7", "7", "7E+00", "7" },
- /* 46 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" },
- /* 47 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" },
- /* 48 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" },
- /* 49 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" },
- },
- {
- /* 50 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" },
- /* 51 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" },
- /* 52 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" },
- /* 53 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" },
- /* 54 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" },
- /* 55 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" },
- /* 56 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" },
- /* 57 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" },
- /* 58 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" },
- /* 59 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" },
- },
- {
- /* 60 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" },
- /* 61 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" },
- /* 62 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" },
- /* 63 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" },
- /* 64 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
- /* 65 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" },
- /* 66 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" },
- /* 67 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" },
- /* 68 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" },
- /* 69 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+ /* 0.00 */ { "0.0000e+00", "0.0000", "0", "0.0000E+00", "0" },
+ /* 0.01 */ { "6.7000e-01", "0.6700", "0.67", "6.7000E-01", "0.67" },
+ /* 0.02 */ { "6.6667e-01", "0.6667", "0.6667", "6.6667E-01", "0.6667" },
+ /* 0.03 */ { "6.6667e-04", "0.0007", "0.0006667", "6.6667E-04", "0.0006667" },
+ /* 0.04 */ { "6.6667e-05", "0.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
+ /* 0.05 */ { "6.6667e+00", "6.6667", "6.667", "6.6667E+00", "6.667" },
+ /* 0.06 */ { "6.6667e+01", "66.6667", "66.67", "6.6667E+01", "66.67" },
+ /* 0.07 */ { "6.6667e+02", "666.6667", "666.7", "6.6667E+02", "666.7" },
+ /* 0.08 */ { "6.6667e+03", "6666.6667", "6667", "6.6667E+03", "6667" },
+ /* 0.09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+ /* 0.10 */ { "-6.6667e+04", "-66666.6667", "-6.667e+04", "-6.6667E+04", "-6.667E+04" },
+ },
+ {
+ /* 1.00 */ { "0.00000e+00", "0.00000", "0", "0.00000E+00", "0" },
+ /* 1.01 */ { "6.70000e-01", "0.67000", "0.67", "6.70000E-01", "0.67" },
+ /* 1.02 */ { "6.66667e-01", "0.66667", "0.66667", "6.66667E-01", "0.66667" },
+ /* 1.03 */ { "6.66667e-04", "0.00067", "0.00066667", "6.66667E-04", "0.00066667" },
+ /* 1.04 */ { "6.66667e-05", "0.00007", "6.6667e-05", "6.66667E-05", "6.6667E-05" },
+ /* 1.05 */ { "6.66667e+00", "6.66667", "6.6667", "6.66667E+00", "6.6667" },
+ /* 1.06 */ { "6.66667e+01", "66.66667", "66.667", "6.66667E+01", "66.667" },
+ /* 1.07 */ { "6.66667e+02", "666.66667", "666.67", "6.66667E+02", "666.67" },
+ /* 1.08 */ { "6.66667e+03", "6666.66667", "6666.7", "6.66667E+03", "6666.7" },
+ /* 1.09 */ { "6.66667e+04", "66666.66667", "66667", "6.66667E+04", "66667" },
+ /* 1.10 */ { "-6.66667e+04", "-66666.66667", "-66667", "-6.66667E+04", "-66667" },
+ },
+ {
+ /* 2.00 */ { " 0.0000e+00", " 0.0000", " 0", " 0.0000E+00", " 0" },
+ /* 2.01 */ { " 6.7000e-01", " 0.6700", " 0.67", " 6.7000E-01", " 0.67" },
+ /* 2.02 */ { " 6.6667e-01", " 0.6667", " 0.6667", " 6.6667E-01", " 0.6667" },
+ /* 2.03 */ { " 6.6667e-04", " 0.0007", " 0.0006667", " 6.6667E-04", " 0.0006667" },
+ /* 2.04 */ { " 6.6667e-05", " 0.0001", " 6.667e-05", " 6.6667E-05", " 6.667E-05" },
+ /* 2.05 */ { " 6.6667e+00", " 6.6667", " 6.667", " 6.6667E+00", " 6.667" },
+ /* 2.06 */ { " 6.6667e+01", " 66.6667", " 66.67", " 6.6667E+01", " 66.67" },
+ /* 2.07 */ { " 6.6667e+02", " 666.6667", " 666.7", " 6.6667E+02", " 666.7" },
+ /* 2.08 */ { " 6.6667e+03", " 6666.6667", " 6667", " 6.6667E+03", " 6667" },
+ /* 2.09 */ { " 6.6667e+04", " 66666.6667", " 6.667e+04", " 6.6667E+04", " 6.667E+04" },
+ /* 2.10 */ { " -6.6667e+04", " -66666.6667", " -6.667e+04", " -6.6667E+04", " -6.667E+04" },
+ },
+ {
+ /* 3.00 */ { " 0.00000e+00", " 0.00000", " 0", " 0.00000E+00", " 0" },
+ /* 3.01 */ { " 6.70000e-01", " 0.67000", " 0.67", " 6.70000E-01", " 0.67" },
+ /* 3.02 */ { " 6.66667e-01", " 0.66667", " 0.66667", " 6.66667E-01", " 0.66667" },
+ /* 3.03 */ { " 6.66667e-04", " 0.00067", " 0.00066667", " 6.66667E-04", " 0.00066667" },
+ /* 3.04 */ { " 6.66667e-05", " 0.00007", " 6.6667e-05", " 6.66667E-05", " 6.6667E-05" },
+ /* 3.05 */ { " 6.66667e+00", " 6.66667", " 6.6667", " 6.66667E+00", " 6.6667" },
+ /* 3.06 */ { " 6.66667e+01", " 66.66667", " 66.667", " 6.66667E+01", " 66.667" },
+ /* 3.07 */ { " 6.66667e+02", " 666.66667", " 666.67", " 6.66667E+02", " 666.67" },
+ /* 3.08 */ { " 6.66667e+03", " 6666.66667", " 6666.7", " 6.66667E+03", " 6666.7" },
+ /* 3.09 */ { " 6.66667e+04", " 66666.66667", " 66667", " 6.66667E+04", " 66667" },
+ /* 3.10 */ { "-6.66667e+04", "-66666.66667", " -66667", "-6.66667E+04", " -66667" },
+ },
+ {
+ /* 4.00 */ { "0e+00", "0", "0", "0E+00", "0" },
+ /* 4.01 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
+ /* 4.02 */ { "7e-01", "1", "0.7", "7E-01", "0.7" },
+ /* 4.03 */ { "7e-04", "0", "0.0007", "7E-04", "0.0007" },
+ /* 4.04 */ { "7e-05", "0", "7e-05", "7E-05", "7E-05" },
+ /* 4.05 */ { "7e+00", "7", "7", "7E+00", "7" },
+ /* 4.06 */ { "7e+01", "67", "7e+01", "7E+01", "7E+01" },
+ /* 4.07 */ { "7e+02", "667", "7e+02", "7E+02", "7E+02" },
+ /* 4.08 */ { "7e+03", "6667", "7e+03", "7E+03", "7E+03" },
+ /* 4.09 */ { "7e+04", "66667", "7e+04", "7E+04", "7E+04" },
+ /* 4.10 */ { "-7e+04", "-66667", "-7e+04", "-7E+04", "-7E+04" },
+ },
+ {
+ /* 5.00 */ { "0.000000e+00", "0.000000", "0", "0.000000E+00", "0" },
+ /* 5.01 */ { "6.700000e-01", "0.670000", "0.67", "6.700000E-01", "0.67" },
+ /* 5.02 */ { "6.666667e-01", "0.666667", "0.666667", "6.666667E-01", "0.666667" },
+ /* 5.03 */ { "6.666667e-04", "0.000667", "0.000666667", "6.666667E-04", "0.000666667" },
+ /* 5.04 */ { "6.666667e-05", "0.000067", "6.66667e-05", "6.666667E-05", "6.66667E-05" },
+ /* 5.05 */ { "6.666667e+00", "6.666667", "6.66667", "6.666667E+00", "6.66667" },
+ /* 5.06 */ { "6.666667e+01", "66.666667", "66.6667", "6.666667E+01", "66.6667" },
+ /* 5.07 */ { "6.666667e+02", "666.666667", "666.667", "6.666667E+02", "666.667" },
+ /* 5.08 */ { "6.666667e+03", "6666.666667", "6666.67", "6.666667E+03", "6666.67" },
+ /* 5.09 */ { "6.666667e+04", "66666.666667", "66666.7", "6.666667E+04", "66666.7" },
+ /* 5.10 */ { "-6.666667e+04", "-66666.666667", "-66666.7", "-6.666667E+04", "-66666.7" },
+ },
+ {
+ /* 6.00 */ { "0.0000e+00", "000.0000", "00000000", "0.0000E+00", "00000000" },
+ /* 6.01 */ { "6.7000e-01", "000.6700", "00000.67", "6.7000E-01", "00000.67" },
+ /* 6.02 */ { "6.6667e-01", "000.6667", "000.6667", "6.6667E-01", "000.6667" },
+ /* 6.03 */ { "6.6667e-04", "000.0007", "0.0006667", "6.6667E-04", "0.0006667" },
+ /* 6.04 */ { "6.6667e-05", "000.0001", "6.667e-05", "6.6667E-05", "6.667E-05" },
+ /* 6.05 */ { "6.6667e+00", "006.6667", "0006.667", "6.6667E+00", "0006.667" },
+ /* 6.06 */ { "6.6667e+01", "066.6667", "00066.67", "6.6667E+01", "00066.67" },
+ /* 6.07 */ { "6.6667e+02", "666.6667", "000666.7", "6.6667E+02", "000666.7" },
+ /* 6.08 */ { "6.6667e+03", "6666.6667", "00006667", "6.6667E+03", "00006667" },
+ /* 6.09 */ { "6.6667e+04", "66666.6667", "6.667e+04", "6.6667E+04", "6.667E+04" },
+ /* 6.10 */ { "-6.6667e+04", "-66666.6667", "-6.667e+04", "-6.6667E+04", "-6.667E+04" },
},
};
@@ -204,7 +211,7 @@
if (justprint) {
if (i == 0)
- printf(" /* %d%d */ { \"%s\"", test, sub, result);
+ printf(" /* %d.%02d */ { \"%s\"", test, sub, result);
else
printf(", \"%s\"", result);
} else if (!TEST_str_eq(fpexpected[test][sub][i], result)) {
@@ -235,7 +242,8 @@
&& TEST_true(dofptest(i, t++, 66.0 + frac, pwp->w, pwp->p))
&& TEST_true(dofptest(i, t++, 666.0 + frac, pwp->w, pwp->p))
&& TEST_true(dofptest(i, t++, 6666.0 + frac, pwp->w, pwp->p))
- && TEST_true(dofptest(i, t++, 66666.0 + frac, pwp->w, pwp->p));
+ && TEST_true(dofptest(i, t++, 66666.0 + frac, pwp->w, pwp->p))
+ && TEST_true(dofptest(i, t++, -66666.0 - frac, pwp->w, pwp->p));
if (justprint)
printf(" },\n");
return r;
diff -Nru -w openssl-3.0.16/test/dhtest.c openssl-3.0.17/test/dhtest.c
--- openssl-3.0.16/test/dhtest.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/dhtest.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -208,17 +208,17 @@
alen = DH_size(a);
if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
- || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
+ || !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0))
goto err3;
blen = DH_size(b);
if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
- || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
+ || !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0))
goto err3;
clen = DH_size(c);
if (!TEST_ptr(cbuf = OPENSSL_malloc(clen))
- || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1))
+ || !TEST_int_gt((cout = DH_compute_key(cbuf, apub_key, c)), 0))
goto err3;
if (!TEST_true(aout >= 20)
@@ -694,12 +694,12 @@
alen = DH_size(a);
if (!TEST_int_gt(alen, 0) || !TEST_ptr(abuf = OPENSSL_malloc(alen))
- || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
+ || !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0))
goto err;
blen = DH_size(b);
if (!TEST_int_gt(blen, 0) || !TEST_ptr(bbuf = OPENSSL_malloc(blen))
- || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
+ || !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0))
goto err;
if (!TEST_true(aout >= 20)
diff -Nru -w openssl-3.0.16/test/ectest.c openssl-3.0.17/test/ectest.c
--- openssl-3.0.16/test/ectest.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/ectest.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -2707,7 +2707,7 @@
int is_prime = 0;
EC_KEY *eckey1 = NULL, *eckey2 = NULL;
EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
- EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL;
+ EVP_PKEY_CTX *pctx1 = NULL, *pctx2 = NULL, *dctx = NULL;
size_t sslen, t;
unsigned char *pub1 = NULL , *pub2 = NULL;
OSSL_PARAM_BLD *param_bld = NULL;
@@ -2930,11 +2930,12 @@
EVP_PKEY_CTX_free(pctx1);
if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
|| !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &t), 1)
+ || !TEST_ptr(dctx = EVP_PKEY_CTX_dup(pctx1))
+ || !TEST_int_eq(EVP_PKEY_derive_set_peer_ex(dctx, pkey2, 1), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(dctx, NULL, &t), 1)
|| !TEST_int_gt(bsize, t)
|| !TEST_int_le(sslen, t)
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &t), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(dctx, buf1, &t), 1)
/* compare with previous result */
|| !TEST_mem_eq(buf1, t, buf2, sslen))
goto err;
@@ -2962,6 +2963,7 @@
EVP_PKEY_free(pkey2);
EVP_PKEY_CTX_free(pctx1);
EVP_PKEY_CTX_free(pctx2);
+ EVP_PKEY_CTX_free(dctx);
return ret;
}
diff -Nru -w openssl-3.0.16/test/endecode_test.c openssl-3.0.17/test/endecode_test.c
--- openssl-3.0.16/test/endecode_test.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/endecode_test.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1241,6 +1241,28 @@
return do_create_ec_explicit_trinomial_params(bld, gen2, sizeof(gen2));
}
# endif /* OPENSSL_NO_EC2M */
+
+/*
+ * Test that multiple calls to OSSL_ENCODER_to_data() do not cause side effects
+ */
+static int ec_encode_to_data_multi(void)
+{
+ int ret;
+ OSSL_ENCODER_CTX *ectx = NULL;
+ EVP_PKEY *key = NULL;
+ uint8_t *enc = NULL;
+ size_t enc_len = 0;
+
+ ret = TEST_ptr(key = EVP_PKEY_Q_keygen(testctx, "", "EC", "P-256"))
+ && TEST_ptr(ectx = OSSL_ENCODER_CTX_new_for_pkey(key, EVP_PKEY_KEYPAIR,
+ "DER", NULL, NULL))
+ && TEST_int_eq(OSSL_ENCODER_to_data(ectx, NULL, &enc_len), 1)
+ && TEST_int_eq(OSSL_ENCODER_to_data(ectx, &enc, &enc_len), 1);
+ OPENSSL_free(enc);
+ EVP_PKEY_free(key);
+ OSSL_ENCODER_CTX_free(ectx);
+ return ret;
+}
#endif /* OPENSSL_NO_EC */
typedef enum OPTION_choice {
@@ -1421,6 +1443,7 @@
# endif
#endif
#ifndef OPENSSL_NO_EC
+ ADD_TEST(ec_encode_to_data_multi);
ADD_TEST_SUITE(EC);
ADD_TEST_SUITE_PARAMS(EC);
ADD_TEST_SUITE_LEGACY(EC);
diff -Nru -w openssl-3.0.16/test/evp_extra_test.c openssl-3.0.17/test/evp_extra_test.c
--- openssl-3.0.16/test/evp_extra_test.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/evp_extra_test.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -716,7 +716,9 @@
if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
goto err;
- if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+ /* Check that premature EVP_PKEY_CTX_set_params() fails gracefully */
+ if (!TEST_int_eq(EVP_PKEY_CTX_set_params(pctx, params), 0)
+ || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
|| !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
params), 0))
goto err;
@@ -2594,6 +2596,7 @@
size_t outlen;
int ret = 0;
unsigned char salt[] = "";
+ unsigned char fake[] = "0123456789";
unsigned char key[] = "012345678901234567890123456789";
unsigned char info[] = "";
const unsigned char expected[] = {
@@ -2610,6 +2613,8 @@
if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
+ || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, fake,
+ sizeof(fake) - 1), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
sizeof(salt) - 1), 0)
|| !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
diff -Nru -w openssl-3.0.16/test/evp_libctx_test.c openssl-3.0.17/test/evp_libctx_test.c
--- openssl-3.0.16/test/evp_libctx_test.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/evp_libctx_test.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -38,6 +38,8 @@
static OSSL_PROVIDER *nullprov = NULL;
static OSSL_PROVIDER *libprov = NULL;
static STACK_OF(OPENSSL_STRING) *cipher_names = NULL;
+static int is_fips = 0;
+static int is_fips_lt_3_5 = 0;
typedef enum OPTION_choice {
OPT_ERR = -1,
@@ -631,9 +633,10 @@
&& TEST_int_eq(EVP_PKEY_decapsulate(pubctx, secret, &secretlen, ct,
sizeof(ct)), 0)
&& TEST_uchar_eq(secret[0], 0)
- /* Test encapsulate fails if the mode is not set */
+ /* Unless newer FIPS, test encapsulate fails when the mode is not set. */
&& TEST_int_eq(EVP_PKEY_encapsulate_init(pubctx, NULL), 1)
- && TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2)
+ && (!is_fips_lt_3_5 ||
+ TEST_int_eq(EVP_PKEY_encapsulate(pubctx, ct, &ctlen, secret, &secretlen), -2))
/* Test setting a bad kem ops fail */
&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, "RSA"), 0)
&& TEST_int_eq(EVP_PKEY_CTX_set_kem_op(pubctx, NULL), 0)
@@ -743,7 +746,13 @@
if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, prov_name))
return 0;
+ if (strcmp(prov_name, "fips") == 0)
+ is_fips = 1;
+
+ is_fips_lt_3_5 = is_fips && fips_provider_version_lt(libctx, 3, 5, 0);
+
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
+ if (!is_fips || fips_provider_version_lt(libctx, 3, 4, 0))
ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
#endif
#ifndef OPENSSL_NO_DH
diff -Nru -w openssl-3.0.16/test/evp_pkey_provided_test.c openssl-3.0.17/test/evp_pkey_provided_test.c
--- openssl-3.0.16/test/evp_pkey_provided_test.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/evp_pkey_provided_test.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1782,6 +1782,53 @@
return ret;
}
+static const char *name_dup_algs[] = {
+#ifndef OPENSSL_NO_ECX
+ "ED25519",
+#endif
+#ifndef OPENSSL_NO_ML_KEM
+ "ML-KEM-512",
+#endif
+#ifndef OPENSSL_NO_ML_DSA
+ "ML-DSA-44",
+#endif
+ NULL
+};
+
+static int test_name_dup(int idx)
+{
+ const char *alg = name_dup_algs[idx];
+ EVP_PKEY *key = NULL;
+ EVP_PKEY_CTX *factory = NULL, *ctx = NULL;
+ int i, ret = 0;
+
+ if (alg == NULL
+ || (factory = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL)) == NULL)
+ return 1;
+ TEST_info("Testing fresh context dup for: %s", alg);
+
+ /* Run twice to check that *repeated* use works */
+ for (i = 0; i < 2; ++i) {
+ EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_free(key);
+ key = NULL;
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_dup(factory))
+ || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
+ || !TEST_int_gt(EVP_PKEY_keygen(ctx, &key), 0)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret = 1;
+
+ end:
+ EVP_PKEY_CTX_free(factory);
+ EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_free(key);
+
+ return ret;
+}
+
int setup_tests(void)
{
if (!test_skip_common_options()) {
@@ -1793,6 +1840,7 @@
return 0;
ADD_TEST(test_evp_pkey_ctx_dup_kdf_fail);
+ ADD_ALL_TESTS(test_name_dup, OSSL_NELEM(name_dup_algs));
ADD_TEST(test_evp_pkey_get_bn_param_large);
ADD_TEST(test_fromdata_rsa);
#ifndef OPENSSL_NO_DH
diff -Nru -w openssl-3.0.16/test/evp_test.c openssl-3.0.17/test/evp_test.c
--- openssl-3.0.16/test/evp_test.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/evp_test.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -352,8 +352,10 @@
if ((digest = fetched_digest = EVP_MD_fetch(libctx, alg, NULL)) == NULL
&& (digest = EVP_get_digestbyname(alg)) == NULL)
return 0;
- if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat))))
+ if (!TEST_ptr(mdat = OPENSSL_zalloc(sizeof(*mdat)))) {
+ EVP_MD_free(fetched_digest);
return 0;
+ }
t->data = mdat;
mdat->digest = digest;
mdat->fetched_digest = fetched_digest;
@@ -3960,7 +3962,9 @@
clear_test(t);
free_key_list(public_keys);
+ public_keys = NULL;
free_key_list(private_keys);
+ private_keys = NULL;
BIO_free(t->s.key);
c = t->s.errors;
OPENSSL_free(t);
diff -Nru -w openssl-3.0.16/test/params_api_test.c openssl-3.0.17/test/params_api_test.c
--- openssl-3.0.16/test/params_api_test.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/params_api_test.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -692,6 +692,33 @@
OSSL_PARAM_free(cp1);
return ret;
}
+static int test_param_merge(void)
+{
+ int val, ret;
+ int values[] = {1, 2, 3, 4};
+ OSSL_PARAM *p = NULL, *cp = NULL;
+ OSSL_PARAM param[3], param1[3];
+
+ param[0] = OSSL_PARAM_construct_int("diff1", &values[0]);
+ param[1] = OSSL_PARAM_construct_int("same", &values[1]);
+ param[2] = OSSL_PARAM_construct_end();
+ param1[0] = OSSL_PARAM_construct_int("diff2", &values[2]);
+ param1[1] = OSSL_PARAM_construct_int("same", &values[3]);
+ param1[2] = OSSL_PARAM_construct_end();
+
+ ret = TEST_ptr(p = OSSL_PARAM_merge(param, param1))
+ && TEST_ptr(cp = OSSL_PARAM_locate(p, "diff1"))
+ && TEST_true(OSSL_PARAM_get_int(p, &val))
+ && TEST_int_eq(val, values[0])
+ && TEST_ptr(cp = OSSL_PARAM_locate(p, "diff2"))
+ && TEST_true(OSSL_PARAM_get_int(cp, &val))
+ && TEST_int_eq(val, values[2])
+ && TEST_ptr(cp = OSSL_PARAM_locate(p, "same"))
+ && TEST_true(OSSL_PARAM_get_int(cp, &val))
+ && TEST_int_eq(val, values[3]);
+ OSSL_PARAM_free(p);
+ return ret;
+}
int setup_tests(void)
{
@@ -710,5 +737,6 @@
ADD_ALL_TESTS(test_param_construct, 4);
ADD_TEST(test_param_modified);
ADD_TEST(test_param_copy_null);
+ ADD_TEST(test_param_merge);
return 1;
}
diff -Nru -w openssl-3.0.16/test/rand_test.c openssl-3.0.17/test/rand_test.c
--- openssl-3.0.16/test/rand_test.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/rand_test.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the >License>). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -19,6 +19,7 @@
OSSL_PARAM params[2], *p = params;
unsigned char entropy1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
unsigned char entropy2[] = { 0xff, 0xfe, 0xfd };
+ unsigned char nonce[] = { 0x00, 0x01, 0x02, 0x03, 0x04 };
unsigned char outbuf[3];
*p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
@@ -41,6 +42,14 @@
|| !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0)
|| !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf)))
return 0;
+
+ *params = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE,
+ nonce, sizeof(nonce));
+ if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params))
+ || !TEST_true(EVP_RAND_nonce(privctx, outbuf, sizeof(outbuf)))
+ || !TEST_mem_eq(outbuf, sizeof(outbuf), nonce, sizeof(outbuf)))
+ return 0;
+
return 1;
}
diff -Nru -w openssl-3.0.16/test/recipes/25-test_verify.t openssl-3.0.17/test/recipes/25-test_verify.t
--- openssl-3.0.16/test/recipes/25-test_verify.t 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/recipes/25-test_verify.t 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -10,6 +10,7 @@
use strict;
use warnings;
+use Cwd qw(abs_path);
use File::Spec::Functions qw/canonpath/;
use File::Copy;
use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/;
@@ -17,19 +18,19 @@
setup("test_verify");
+my @certspath = qw(test certs);
sub verify {
my ($cert, $purpose, $trusted, $untrusted, @opts) = @_;
- my @path = qw(test certs);
my @args = qw(openssl verify -auth_level 1);
push(@args, "-purpose", $purpose) if $purpose ne "";
push(@args, @opts);
- for (@$trusted) { push(@args, "-trusted", srctop_file(@path, "$_.pem")) }
- for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
- push(@args, srctop_file(@path, "$cert.pem"));
+ for (@$trusted) { push(@args, "-trusted", srctop_file(@certspath, "$_.pem")) }
+ for (@$untrusted) { push(@args, "-untrusted", srctop_file(@certspath, "$_.pem")) }
+ push(@args, srctop_file(@certspath, "$cert.pem"));
run(app([@args]));
}
-plan tests => 166;
+plan tests => 175;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -527,3 +528,31 @@
"-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1",
"-explicit_policy"),
"Bad certificate policy");
+
+# CAstore option
+my $rootcertname = "root-cert";
+my $rootcert = srctop_file(@certspath, "${rootcertname}.pem");
+sub vfy_root { verify($rootcertname, "", [], [], @_) }
+ok(vfy_root("-CAfile", $rootcert), "CAfile");
+ok(vfy_root("-CAstore", $rootcert), "CAstore");
+ok(vfy_root("-CAstore", $rootcert, "-CAfile", $rootcert), "CAfile and existing CAstore");
+ok(!vfy_root("-CAstore", "non-existing", "-CAfile", $rootcert), "CAfile and non-existing CAstore");
+SKIP: {
+ skip "file names with colons aren't supported on Windows and VMS", 2
+ if $^O =~ /^(MsWin32|VMS)$/;
+ my $foo_file = "foo:cert.pem";
+ copy($rootcert, $foo_file);
+ ok(vfy_root("-CAstore", $foo_file), "CAstore foo:file");
+}
+my $foo_file = "cert.pem";
+copy($rootcert, $foo_file);
+ok(vfy_root("-CAstore", $foo_file), "CAstore file");
+my $abs_cert = abs_path($rootcert);
+# Windows file: URIs should have a path part starting with a slash, i.e.
+# file://authority/C:/what/ever/foo.pem and file:///C:/what/ever/foo.pem
+# file://C:/what/ever/foo.pem is non-standard and may not be accepted.
+# See RFC 8089 for details.
+$abs_cert = "/" . $abs_cert if ($^O eq "MSWin32");
+ok(vfy_root("-CAstore", "file://".$abs_cert), "CAstore file:///path");
+ok(vfy_root("-CAstore", "file://localhost".$abs_cert), "CAstore file://localhost/path");
+ok(!vfy_root("-CAstore", "file://otherhost".$abs_cert), "CAstore file://otherhost/path");
diff -Nru -w openssl-3.0.16/test/recipes/70-test_tls13downgrade.t openssl-3.0.17/test/recipes/70-test_tls13downgrade.t
--- openssl-3.0.16/test/recipes/70-test_tls13downgrade.t 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/recipes/70-test_tls13downgrade.t 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -24,9 +24,8 @@
if disabled("sock");
plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled"
- if disabled("tls1_3")
- || (disabled("ec") && disabled("dh"))
- || disabled("tls1_2");
+ if disabled("tls1_3") || disabled("tls1_2")
+ || (disabled("ec") && disabled("dh"));
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
@@ -41,89 +40,150 @@
DOWNGRADE_TO_TLS_1_2 => 0,
DOWNGRADE_TO_TLS_1_1 => 1,
FALLBACK_FROM_TLS_1_3 => 2,
+ DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL => 3,
+ DOWNGRADE_TO_TLS_1_1_WITH_TLS_1_2_SIGNAL => 4,
};
#Test 1: Downgrade from TLSv1.3 to TLSv1.2
$proxy->filter(\&downgrade_filter);
my $testtype = DOWNGRADE_TO_TLS_1_2;
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 6;
-ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.2");
+plan tests => 8;
+ok(is_illegal_parameter_client_alert(), "Downgrade TLSv1.3 to TLSv1.2");
-#Test 2: Downgrade from TLSv1.3 to TLSv1.1
+#Test 2: Downgrade from TLSv1.3 to TLSv1.2 (server sends TLSv1.1 signal)
$proxy->clear();
-$testtype = DOWNGRADE_TO_TLS_1_1;
-$proxy->start();
-ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.1");
-
-#Test 3: Downgrade from TLSv1.2 to TLSv1.1
-$proxy->clear();
-$proxy->clientflags("-no_tls1_3");
-$proxy->serverflags("-no_tls1_3");
+$testtype = DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL;
$proxy->start();
-ok(TLSProxy::Message->fail(), "Downgrade TLSv1.2 to TLSv1.1");
+ok(is_illegal_parameter_client_alert(),
+ "Downgrade from TLSv1.3 to TLSv1.2 (server sends TLSv1.1 signal)");
-#Test 4: Client falls back from TLSv1.3 (server does not support the fallback
+#Test 3: Client falls back from TLSv1.3 (server does not support the fallback
# SCSV)
$proxy->clear();
$testtype = FALLBACK_FROM_TLS_1_3;
$proxy->clientflags("-fallback_scsv -no_tls1_3");
$proxy->start();
-my $alert = TLSProxy::Message->alert();
-ok(TLSProxy::Message->fail()
- && !$alert->server()
- && $alert->description() == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER,
- "Fallback from TLSv1.3");
+ok(is_illegal_parameter_client_alert(), "Fallback from TLSv1.3");
SKIP: {
- skip "TLSv1.1 disabled", 2 if disabled("tls1_1");
- #Test 5: A client side protocol "hole" should not be detected as a downgrade
+ skip "TLSv1.1 disabled", 5 if disabled("tls1_1");
+
+ my $client_flags = "-min_protocol TLSv1.1 -cipher DEFAULT:\@SECLEVEL=0";
+ my $server_flags = "-min_protocol TLSv1.1";
+ my $ciphers = "AES128-SHA:\@SECLEVEL=0";
+
+ #Test 4: Downgrade from TLSv1.3 to TLSv1.1
+ $proxy->clear();
+ $testtype = DOWNGRADE_TO_TLS_1_1;
+ $proxy->clientflags($client_flags);
+ $proxy->serverflags($server_flags);
+ $proxy->ciphers($ciphers);
+ $proxy->start();
+ ok(is_illegal_parameter_client_alert(), "Downgrade TLSv1.3 to TLSv1.1");
+
+ #Test 5: Downgrade from TLSv1.3 to TLSv1.1 (server sends TLSv1.2 signal)
+ $proxy->clear();
+ $testtype = DOWNGRADE_TO_TLS_1_1_WITH_TLS_1_2_SIGNAL;
+ $proxy->clientflags($client_flags);
+ $proxy->serverflags($server_flags);
+ $proxy->ciphers($ciphers);
+ $proxy->start();
+ ok(is_illegal_parameter_client_alert(),
+ "Downgrade TLSv1.3 to TLSv1.1 (server sends TLSv1.2 signal)");
+
+ #Test 6: Downgrade from TLSv1.2 to TLSv1.1
+ $proxy->clear();
+ $testtype = DOWNGRADE_TO_TLS_1_1;
+ $proxy->clientflags($client_flags." -max_protocol TLSv1.2");
+ $proxy->serverflags($server_flags." -max_protocol TLSv1.2");
+ $proxy->ciphers($ciphers);
+ $proxy->start();
+ ok(is_illegal_parameter_client_alert(), "Downgrade TLSv1.2 to TLSv1.1");
+
+ #Test 7: A client side protocol "hole" should not be detected as a downgrade
$proxy->clear();
$proxy->filter(undef);
- $proxy->clientflags("-no_tls1_2");
- $proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
+ $proxy->clientflags($client_flags." -no_tls1_2");
+ $proxy->serverflags($server_flags);
+ $proxy->ciphers($ciphers);
$proxy->start();
ok(TLSProxy::Message->success(), "TLSv1.2 client-side protocol hole");
- #Test 6: A server side protocol "hole" should not be detected as a downgrade
+ #Test 8: A server side protocol "hole" should not be detected as a downgrade
$proxy->clear();
$proxy->filter(undef);
- $proxy->serverflags("-no_tls1_2");
+ $proxy->clientflags($client_flags);
+ $proxy->serverflags($server_flags." -no_tls1_2");
+ $proxy->ciphers($ciphers);
$proxy->start();
ok(TLSProxy::Message->success(), "TLSv1.2 server-side protocol hole");
}
+# Validate that the exchange fails with an illegal parameter alert from
+# the client
+sub is_illegal_parameter_client_alert
+{
+ return 0 unless TLSProxy::Message->fail();
+ my $alert = TLSProxy::Message->alert();
+ return 1 if !$alert->server()
+ && $alert->description()
+ == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER;
+ return 0;
+}
+
sub downgrade_filter
{
my $proxy = shift;
- # We're only interested in the initial ClientHello
- if ($proxy->flight != 0) {
+ # We're only interested in the initial ClientHello and ServerHello
+ if ($proxy->flight > 1) {
return;
}
- my $message = ${$proxy->message_list}[0];
+ my $message = ${$proxy->message_list}[$proxy->flight];
+
+ # ServerHello
+ if ($proxy->flight == 1 && defined($message)) {
+ # Update the last byte of the downgrade signal
+ if ($testtype == DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL) {
+ $message->random(substr($message->random, 0, 31) . "\0");
+ $message->repack();
+ } elsif ($testtype == DOWNGRADE_TO_TLS_1_1_WITH_TLS_1_2_SIGNAL) {
+ $message->random(substr($message->random, 0, 31) . "\1");
+ $message->repack();
+ }
+
+ return;
+ }
+ # ClientHello
+ if ($proxy->flight == 0) {
my $ext;
if ($testtype == FALLBACK_FROM_TLS_1_3) {
#The default ciphersuite we use for TLSv1.2 without any SCSV
my @ciphersuites = (TLSProxy::Message::CIPHER_RSA_WITH_AES_128_CBC_SHA);
$message->ciphersuite_len(2 * scalar @ciphersuites);
$message->ciphersuites(\@ciphersuites);
- } else {
- if ($testtype == DOWNGRADE_TO_TLS_1_2) {
+ }
+ else {
+ if ($testtype == DOWNGRADE_TO_TLS_1_2
+ || $testtype == DOWNGRADE_TO_TLS_1_2_WITH_TLS_1_1_SIGNAL) {
$ext = pack "C3",
0x02, # Length
0x03, 0x03; #TLSv1.2
- } else {
+ }
+ else {
$ext = pack "C3",
0x02, # Length
0x03, 0x02; #TLSv1.1
}
- $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext);
+ $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ $ext);
}
$message->repack();
}
+}
diff -Nru -w openssl-3.0.16/test/recipes/80-test_ca.t openssl-3.0.17/test/recipes/80-test_ca.t
--- openssl-3.0.16/test/recipes/80-test_ca.t 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/recipes/80-test_ca.t 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -21,9 +21,7 @@
$ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1);
my $cnf = srctop_file("test","ca-and-certs.cnf");
-my $std_openssl_cnf = '"'
- . srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf")
- . '"';
+my $std_openssl_cnf = srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf");
rmtree("demoCA", { safe => 0 });
@@ -33,14 +31,14 @@
$ENV{OPENSSL_CONFIG} = qq(-config "$cnf");
skip "failed creating CA structure", 4
if !ok(run(perlapp(["CA.pl","-newca",
- "-extra-req", "-key $cakey"], stdin => undef)),
+ "-extra-req", qq{-key "$cakey"}], stdin => undef)),
'creating CA structure');
my $eekey = srctop_file("test", "certs", "ee-key.pem");
$ENV{OPENSSL_CONFIG} = qq(-config "$cnf");
skip "failed creating new certificate request", 3
if !ok(run(perlapp(["CA.pl","-newreq",
- '-extra-req', "-outform DER -section userreq -key $eekey"])),
+ '-extra-req', qq{-outform DER -section userreq -key "$eekey"}])),
'creating certificate request');
$ENV{OPENSSL_CONFIG} = qq(-rand_serial -inform DER -config "$std_openssl_cnf");
skip "failed to sign certificate request", 2
@@ -55,7 +53,8 @@
my $eekey2 = srctop_file("test", "certs", "ee-key-3072.pem");
$ENV{OPENSSL_CONFIG} = qq(-config "$cnf");
- ok(run(perlapp(["CA.pl", "-precert", '-extra-req', "-section userreq -key $eekey2"], stderr => undef)),
+ ok(run(perlapp(["CA.pl", "-precert",
+ '-extra-req', qq{-section userreq -key "$eekey2"}], stderr => undef)),
'creating new pre-certificate');
}
diff -Nru -w openssl-3.0.16/test/recipes/80-test_cmp_http.t openssl-3.0.17/test/recipes/80-test_cmp_http.t
--- openssl-3.0.16/test/recipes/80-test_cmp_http.t 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/recipes/80-test_cmp_http.t 2025-07-01 14:11:11.000000000 +0200
@@ -274,6 +274,7 @@
print "Pid is: $pid\n";
if ($server_port == 0) {
# Find out the actual server port
+ my $pid0 = $pid;
while (<$server_fh>) {
print "Server output: $_";
next if m/using section/;
@@ -281,6 +282,11 @@
($server_port, $pid) = ($1, $2) if /^ACCEPT\s.*:(\d+) PID=(\d+)$/;
last; # Do not loop further to prevent hangs on server misbehavior
}
+ if ($pid0 != $pid) {
+ # kill the shell process
+ kill('KILL', $pid0);
+ waitpid($pid0, 0);
+ }
}
unless ($server_port > 0) {
stop_mock_server($pid);
diff -Nru -w openssl-3.0.16/test/recipes/80-test_cms.t openssl-3.0.17/test/recipes/80-test_cms.t
--- openssl-3.0.16/test/recipes/80-test_cms.t 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/recipes/80-test_cms.t 2025-07-01 14:11:11.000000000 +0200
@@ -347,6 +347,16 @@
\&final_compare
],
+ [ "enveloped content test streaming PEM format, AES-128-CBC cipher, password",
+ [ "{cmd1}", @prov, "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
+ "-stream", "-out", "{output}.cms",
+ "-pwri_password", "test" ],
+ [ "{cmd2}", @prov, "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt",
+ "-inform", "PEM",
+ "-pwri_password", "test" ],
+ \&final_compare
+ ],
+
[ "data content test streaming PEM format",
[ "{cmd1}", @prov, "-data_create", "-in", $smcont, "-outform", "PEM",
"-nodetach", "-stream", "-out", "{output}.cms" ],
diff -Nru -w openssl-3.0.16/test/sslapitest.c openssl-3.0.17/test/sslapitest.c
--- openssl-3.0.16/test/sslapitest.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/sslapitest.c 2025-07-01 14:11:11.000000000 +0200
@@ -11127,6 +11127,79 @@
return testresult;
}
+static int test_no_renegotiation(int idx)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ int testresult = 0, ret;
+ int max_proto;
+ const SSL_METHOD *sm, *cm;
+ unsigned char buf[5];
+
+ if (idx == 0) {
+#ifndef OPENSSL_NO_TLS1_2
+ max_proto = TLS1_2_VERSION;
+ sm = TLS_server_method();
+ cm = TLS_client_method();
+#else
+ return TEST_skip("TLSv1.2 is disabled in this build");
+#endif
+ } else {
+#ifndef OPENSSL_NO_DTLS1_2
+ max_proto = DTLS1_2_VERSION;
+ sm = DTLS_server_method();
+ cm = DTLS_client_method();
+#else
+ return TEST_skip("DTLSv1.2 is disabled in this build");
+#endif
+ }
+ if (!TEST_true(create_ssl_ctx_pair(libctx, sm, cm, 0, max_proto,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+
+ SSL_CTX_set_options(sctx, SSL_OP_NO_RENEGOTIATION);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL)))
+ goto end;
+
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_true(SSL_renegotiate(clientssl))
+ || !TEST_int_le(ret = SSL_connect(clientssl), 0)
+ || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
+ goto end;
+
+ /*
+ * We've not sent any application data, so we expect this to fail. It should
+ * also read the renegotiation attempt, and send back a no_renegotiation
+ * warning alert because we have renegotiation disabled.
+ */
+ if (!TEST_int_le(ret = SSL_read(serverssl, buf, sizeof(buf)), 0))
+ goto end;
+ if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_WANT_READ))
+ goto end;
+
+ /*
+ * The client should now see the no_renegotiation warning and fail the
+ * connection
+ */
+ if (!TEST_int_le(ret = SSL_connect(clientssl), 0)
+ || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_SSL)
+ || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_NO_RENEGOTIATION))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
int setup_tests(void)
@@ -11408,6 +11481,7 @@
ADD_ALL_TESTS(test_npn, 5);
#endif
ADD_ALL_TESTS(test_alpn, 4);
+ ADD_ALL_TESTS(test_no_renegotiation, 2);
return 1;
err:
diff -Nru -w openssl-3.0.16/test/testutil/testutil_init.c openssl-3.0.17/test/testutil/testutil_init.c
--- openssl-3.0.16/test/testutil/testutil_init.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/testutil/testutil_init.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -92,6 +92,7 @@
"warning: unable to setup trace callback for category '%s'.\n",
OSSL_trace_get_category_name(category));
+ OPENSSL_free(trace_data);
OSSL_trace_set_callback(category, NULL, NULL);
BIO_free_all(channel);
}
diff -Nru -w openssl-3.0.16/test/tls-provider.c openssl-3.0.17/test/tls-provider.c
--- openssl-3.0.16/test/tls-provider.c 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/test/tls-provider.c 2025-07-01 14:11:11.000000000 +0200
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -594,9 +594,10 @@
| OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
return NULL;
- if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL)
- gctx->selection = selection;
+ if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL)
+ return NULL;
+ gctx->selection = selection;
/* Our provctx is really just an OSSL_LIB_CTX */
gctx->libctx = (OSSL_LIB_CTX *)provctx;
diff -Nru -w openssl-3.0.16/tools/c_rehash.in openssl-3.0.17/tools/c_rehash.in
--- openssl-3.0.16/tools/c_rehash.in 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/tools/c_rehash.in 2025-07-01 14:11:11.000000000 +0200
@@ -1,7 +1,7 @@
#!{- $config{HASHBANGPERL} -}
{- use OpenSSL::Util; -}
# {- join("\n# ", @autowarntext) -}
-# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -63,10 +63,10 @@
my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
-if (! -x $openssl) {
+if (!(-f $openssl && -x $openssl)) {
my $found = 0;
foreach (split /$path_delim/, $ENV{PATH}) {
- if (-x "$_/$openssl") {
+ if (-f "$_/$openssl" && -x "$_/$openssl") {
$found = 1;
$openssl = "$_/$openssl";
last;
@@ -88,7 +88,7 @@
if (-d $dirlist[0]) {
chdir $dirlist[0];
- $openssl="$pwd/$openssl" if (!-x $openssl);
+ $openssl="$pwd/$openssl" if (!(-f $openssl && -x $openssl));
chdir $pwd;
}
diff -Nru -w openssl-3.0.16/util/wrap.pl.in openssl-3.0.17/util/wrap.pl.in
--- openssl-3.0.16/util/wrap.pl.in 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/util/wrap.pl.in 2025-07-01 14:11:11.000000000 +0200
@@ -18,6 +18,38 @@
OpenSSL::Util->import();
}
+sub quote_cmd_win32 {
+ my $cmd = "";
+
+ foreach my $arg (@_) {
+ if ($arg =~ m{\A[\w,-./@]+\z}) {
+ $cmd .= $arg . q{ };;
+ } else {
+ $cmd .= q{"} . quote_arg_win32($arg) . q{" };
+ }
+ }
+ return substr($cmd, 0, -1);
+}
+
+sub quote_arg_win32 {
+ my ($arg) = @_;
+ my $val = "";
+
+ pos($arg) = 0;
+ while (1) {
+ return $val if (pos($arg) == length($arg));
+ if ($arg =~ m{\G((?:(?>[\\]*)[^"\\]+)+)}ogc) {
+ $val .= $1;
+ } elsif ($arg =~ m{\G"}ogc) {
+ $val .= qq{\\"};
+ } elsif ($arg =~ m{\G((?>[\\]+)(?="|\z))}ogc) {
+ $val .= qq{\\} x (2 * length($1));
+ } else {
+ die sprintf("Internal error quoting: '%s'\n", $arg);
+ }
+ }
+}
+
my $there = canonpath(catdir(dirname($0), updir()));
my $std_engines = catdir($there, 'engines');
my $std_providers = catdir($there, 'providers');
@@ -60,7 +92,12 @@
# The exec() statement on MSWin32 doesn't seem to give back the exit code
# from the call, so we resort to using system() instead.
-my $waitcode = system @cmd;
+my $waitcode;
+if ($^O eq 'MSWin32') {
+ $waitcode = system(quote_cmd_win32(@cmd));
+} else {
+ $waitcode = system @cmd;
+}
# According to documentation, -1 means that system() couldn't run the command,
# otherwise, the value is similar to the Unix wait() status value
diff -Nru -w openssl-3.0.16/VERSION.dat openssl-3.0.17/VERSION.dat
--- openssl-3.0.16/VERSION.dat 2025-02-11 15:47:41.000000000 +0100
+++ openssl-3.0.17/VERSION.dat 2025-07-01 14:11:11.000000000 +0200
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
-PATCH=16
+PATCH=17
PRE_RELEASE_TAG=
BUILD_METADATA=
-RELEASE_DATE="11 Feb 2025"
+RELEASE_DATE="1 Jul 2025"
SHLIB_VERSION=3
--- End Message ---