system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-03 08:49:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

OpenSSL: update to 3.0.12

Browse Source 
OpenSSL 3.0.12 addresses:

 * Fix incorrect key and IV resizing issues when calling
   EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
   with OSSL_PARAM parameters that alter the key or IV length
   ([CVE-2023-5363]).

Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Ed Maste 2023-10-24 14:55:56 -04:00
commit ad991e4c14
88 changed files with 443 additions and 248 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/openssl/CHANGES.md
View File

@ -28,6 +28,14 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
### Changes between 3.0.11 and 3.0.12 [24 Oct 2023]
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
that alter the key or IV length ([CVE-2023-5363]).
*Paul Dale*
### Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
@ -19732,6 +19740,7 @@ ndif
<!-- Links -->
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446

4
crypto/openssl/INSTALL.md
View File

@ -2,8 +2,8 @@ Build and Install
=================
This document describes installation on all supported operating
systems (the Unix/Linux family, including macOS), OpenVMS,
and Windows).
systems: the Unix/Linux family (including macOS), OpenVMS,
and Windows.
Table of Contents
=================

6
crypto/openssl/NEWS.md
View File

@ -18,6 +18,11 @@ OpenSSL Releases
OpenSSL 3.0
-----------
### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs.
([CVE-2023-5363])
### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows
@ -1453,6 +1458,7 @@ OpenSSL 0.9.x
<!-- Links -->
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446

4
crypto/openssl/VERSION.dat
View File

@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
PATCH=11
PATCH=12
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="19 Sep 2023"
RELEASE_DATE="24 Oct 2023"
SHLIB_VERSION=3

2
crypto/openssl/apps/dgst.c
View File

@ -320,6 +320,8 @@ int dgst_main(int argc, char **argv)
sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
/* Verbose output would make external-tests gost-engine fail */
EVP_PKEY_CTX_free(mac_ctx);
if (sigkey == NULL)
goto end;
}
if (hmac_key != NULL) {

4
crypto/openssl/apps/dhparam.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -222,6 +222,8 @@ int dhparam_main(int argc, char **argv)
}
tmppkey = app_paramgen(ctx, alg);
if (tmppkey == NULL)
goto end;
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
if (dsaparam) {

4
crypto/openssl/apps/dsaparam.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -218,6 +218,8 @@ int dsaparam_main(int argc, char **argv)
goto end;
}
pkey = app_keygen(ctx, "DSA", numbits, verbose);
if (pkey == NULL)
goto end;
assert(private);
if (outformat == FORMAT_ASN1)
i = i2d_PrivateKey_bio(out, pkey);

5
crypto/openssl/apps/enc.c
View File

@ -624,7 +624,10 @@ int enc_main(int argc, char **argv)
}
}
if (!BIO_flush(wbio)) {
BIO_printf(bio_err, "bad decrypt\n");
if (enc)
BIO_printf(bio_err, "bad encrypt\n");
else
BIO_printf(bio_err, "bad decrypt\n");
goto end;
}

4
crypto/openssl/apps/gendsa.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -146,6 +146,8 @@ int gendsa_main(int argc, char **argv)
goto end;
}
pkey = app_keygen(ctx, "DSA", nbits, verbose);
if (pkey == NULL)
goto end;
assert(private);
if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) {

4
crypto/openssl/apps/genpkey.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -183,6 +183,8 @@ int genpkey_main(int argc, char **argv)
pkey = do_param ? app_paramgen(ctx, algname)
: app_keygen(ctx, algname, 0, 0 /* not verbose */);
if (pkey == NULL)
goto end;
if (do_param) {
rv = PEM_write_bio_Parameters(out, pkey);

4
crypto/openssl/apps/genrsa.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -203,6 +203,8 @@ int genrsa_main(int argc, char **argv)
goto end;
}
pkey = app_keygen(ctx, "RSA", num, verbose);
if (pkey == NULL)
goto end;
if (verbose) {
BIGNUM *e = NULL;

16
crypto/openssl/apps/lib/apps.c
View File

@ -960,10 +960,14 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
params, NULL, NULL);
}
if (ctx == NULL)
if (ctx == NULL) {
BIO_printf(bio_err, "Could not open file or uri for loading");
goto end;
if (expect > 0 && !OSSL_STORE_expect(ctx, expect))
}
if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) {
BIO_printf(bio_err, "Internal error trying to load");
goto end;
}
failed = NULL;
while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) {
@ -3359,8 +3363,8 @@ EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose)
BIO_printf(bio_err, "Warning: generating random key material may take a long time\n"
"if the system has a poor entropy source\n");
if (EVP_PKEY_keygen(ctx, &res) <= 0)
app_bail_out("%s: Error generating %s key\n", opt_getprog(),
alg != NULL ? alg : "asymmetric");
BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(),
alg != NULL ? alg : "asymmetric");
return res;
}
@ -3372,8 +3376,8 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n"
"if the system has a poor entropy source\n");
if (EVP_PKEY_paramgen(ctx, &res) <= 0)
app_bail_out("%s: Generating %s key parameters failed\n",
opt_getprog(), alg != NULL ? alg : "asymmetric");
BIO_printf(bio_err, "%s: Generating %s key parameters failed\n",
opt_getprog(), alg != NULL ? alg : "asymmetric");
return res;
}

2
crypto/openssl/apps/req.c
View File

@ -685,6 +685,8 @@ int req_main(int argc, char **argv)
EVP_PKEY_CTX_set_app_data(genctx, bio_err);
pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose);
if (pkey == NULL)
goto end;
EVP_PKEY_CTX_free(genctx);
genctx = NULL;

3
crypto/openssl/apps/speed.c
View File

@ -3700,7 +3700,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
} else {
int pad;
RAND_bytes(out, 16);
if (RAND_bytes(inp, 16) <= 0)
app_bail_out("error setting random bytes\n");
len += 16;
aad[11] = (unsigned char)(len >> 8);
aad[12] = (unsigned char)(len);

3
crypto/openssl/crypto/aes/asm/aesv8-armx.pl
View File

@ -3675,6 +3675,9 @@ if ($flavour =~ /64/) { ######## 64-bit code
s/\.[ui]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
# Switch preprocessor checks to aarch64 versions.
s/__ARME([BL])__/__AARCH64E$1__/go;
print $_,"\n";
}
} else { ######## 32-bit code

7
crypto/openssl/crypto/arm_arch.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -21,11 +21,6 @@
# elif defined(__GNUC__)
# if defined(__aarch64__)
# define __ARM_ARCH__ 8
# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
# define __ARMEB__
# else
# define __ARMEL__
# endif
/*
* Why doesn't gcc define __ARM_ARCH__? Instead it defines
* bunch of below macros. See all_architectures[] table in

8
crypto/openssl/crypto/bn/bn_gcd.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -611,9 +611,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
for (i = 0; i < m; i++) {
/* conditionally flip signs if delta is positive and g is odd */
cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1)));
& (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1)));
delta = (-cond & -delta) | ((cond - 1) & delta);
r->neg ^= cond;
/* swap */
@ -625,7 +625,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
goto err;
BN_consttime_swap(g->d[0] & 1 /* g is odd */
/* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
& (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))),
& (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))),
g, temp, top);
if (!BN_rshift1(g, g))
goto err;

2
crypto/openssl/crypto/build.info
View File

@ -97,8 +97,6 @@ $UTIL_COMMON=\
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
param_build_set.c der_writer.c threads_lib.c params_dup.c
SHARED_SOURCE[../libssl]=sparse_array.c
SOURCE[../libcrypto]=$UTIL_COMMON \
mem.c mem_sec.c \
cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \

5
crypto/openssl/crypto/cms/cms_enc.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -15,6 +15,7 @@
#include <openssl/cms.h>
#include <openssl/rand.h>
#include "crypto/evp.h"
#include "crypto/asn1.h"
#include "cms_local.h"
/* CMS EncryptedData Utilities */
@ -81,7 +82,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
if (enc) {
calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
if (calg->algorithm == NULL) {
if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) {
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
goto err;
}

4
crypto/openssl/crypto/cms/cms_err.c
View File

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -154,6 +154,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
"unsupported recipientinfo type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
"unsupported recipient type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM),
"unsupported signature algorithm"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},

14
crypto/openssl/crypto/cms/cms_sd.c
View File

@ -354,11 +354,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (md == NULL) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) {
ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
"pkey nid=%d", EVP_PKEY_get_id(pk));
goto err;
}
md = EVP_get_digestbynid(def_nid);
if (md == NULL) {
ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST);
ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
"default md nid=%d", def_nid);
goto err;
}
}
@ -398,8 +403,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
}
}
if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) {
ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM,
"pkey nid=%d", EVP_PKEY_get_id(pk));
goto err;
}
if (!(flags & CMS_NOATTR)) {
/*
* Initialize signed attributes structure so other attributes

3
crypto/openssl/crypto/dh/dh_check.c
View File

@ -259,7 +259,8 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
*/
int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret);
return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret)
&& *ret == 0;
}
int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)

3
crypto/openssl/crypto/dh/dh_key.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
static int dh_init(DH *dh)
{
dh->flags |= DH_FLAG_CACHE_MONT_P;
ossl_ffc_params_init(&dh->params);
dh->dirty_cnt++;
return 1;
}

4
crypto/openssl/crypto/dh/dh_lib.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -116,6 +116,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
goto err;
#endif /* FIPS_MODULE */
ossl_ffc_params_init(&ret->params);
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL);
goto err;

8
crypto/openssl/crypto/dsa/dsa_check.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -39,7 +39,8 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
*/
int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
&& *ret == 0;
}
/*
@ -49,7 +50,8 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
*/
int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
{
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
&& *ret == 0;
}
int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)

4
crypto/openssl/crypto/dsa/dsa_lib.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -176,6 +176,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
goto err;
#endif
ossl_ffc_params_init(&ret->params);
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL);
goto err;

1
crypto/openssl/crypto/dsa/dsa_ossl.c
View File

@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
static int dsa_init(DSA *dsa)
{
dsa->flags |= DSA_FLAG_CACHE_MONT_P;
ossl_ffc_params_init(&dsa->params);
dsa->dirty_cnt++;
return 1;
}

44
crypto/openssl/crypto/engine/eng_pkey.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
return NULL;
}
/* We enforce check for legacy key */
switch (EVP_PKEY_get_id(pkey)) {
case EVP_PKEY_RSA:
{
RSA *rsa = EVP_PKEY_get1_RSA(pkey);
EVP_PKEY_set1_RSA(pkey, rsa);
RSA_free(rsa);
}
break;
# ifndef OPENSSL_NO_EC
case EVP_PKEY_SM2:
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_set1_EC_KEY(pkey, ec);
EC_KEY_free(ec);
}
break;
# endif
# ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
{
DSA *dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_set1_DSA(pkey, dsa);
DSA_free(dsa);
}
break;
#endif
# ifndef OPENSSL_NO_DH
case EVP_PKEY_DH:
{
DH *dh = EVP_PKEY_get1_DH(pkey);
EVP_PKEY_set1_DH(pkey, dh);
DH_free(dh);
}
break;
#endif
default:
/*Do nothing */
break;
}
return pkey;
}

1
crypto/openssl/crypto/engine/eng_table.c
View File

@ -97,6 +97,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
if (added && !engine_cleanup_add_first(cleanup)) {
lh_ENGINE_PILE_free(&(*table)->piles);
*table = NULL;
goto end;
}
while (num_nids--) {
tmplate.nid = *nids;

1
crypto/openssl/crypto/err/openssl.txt
View File

@ -375,6 +375,7 @@ CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\
CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source
CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type
CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type
CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM:195:unsupported signature algorithm
CMS_R_UNSUPPORTED_TYPE:156:unsupported type
CMS_R_UNWRAP_ERROR:157:unwrap error
CMS_R_UNWRAP_FAILURE:180:unwrap failure

45
crypto/openssl/crypto/evp/evp_enc.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -192,7 +192,12 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
#endif
}
if (cipher->prov != NULL) {
if (!ossl_assert(cipher->prov != NULL)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return 0;
}
if (cipher != ctx->fetched_cipher) {
if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return 0;
@ -218,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
return 0;
}
#ifndef FIPS_MODULE
/*
* Fix for CVE-2023-5363
* Passing in a size as part of the init call takes effect late
* so, force such to occur before the initialisation.
*
* The FIPS provider's internal library context is used in a manner
* such that this is not an issue.
*/
if (params != NULL) {
OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
OSSL_PARAM_END };
OSSL_PARAM *q = param_lens;
const OSSL_PARAM *p;
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN);
if (p != NULL)
memcpy(q++, p, sizeof(*q));
/*
* Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for
* OSSL_CIPHER_PARAM_IVLEN so both are covered here.
*/
p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
if (p != NULL)
memcpy(q++, p, sizeof(*q));
if (q != param_lens) {
if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
return 0;
}
}
}
#endif
if (enc) {
if (ctx->cipher->einit == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);

8
crypto/openssl/crypto/evp/legacy_sha.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -71,7 +71,11 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
{
KECCAK1600_CTX *ctx = evp_ctx->md_data;
KECCAK1600_CTX *ctx;
if (evp_ctx == NULL)
return 0;
ctx = evp_ctx->md_data;
switch (cmd) {
case EVP_MD_CTRL_XOF_LEN:

2
crypto/openssl/crypto/evp/p_lib.c
View File

@ -1201,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
int indent, ASN1_PCTX *pctx)
{
return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL,
return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL,
(pkey->ameth != NULL ? pkey->ameth->priv_print : NULL),
pctx);
}

5
crypto/openssl/crypto/evp/pmeth_lib.c
View File

@ -251,10 +251,11 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
*/
if (e != NULL)
pmeth = ENGINE_get_pkey_meth(e, id);
else if (pkey != NULL && pkey->foreign)
else
# endif /* OPENSSL_NO_ENGINE */
if (pkey != NULL && pkey->foreign)
pmeth = EVP_PKEY_meth_find(id);
else
# endif
app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id);
/* END legacy */

4
crypto/openssl/crypto/ex_data.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -163,6 +163,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
* "app_data" routines use ex_data index zero. See RT 3710. */
if (ip->meth == NULL
|| !sk_EX_CALLBACK_push(ip->meth, NULL)) {
sk_EX_CALLBACK_free(ip->meth);
ip->meth = NULL;
ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
goto err;
}

16
crypto/openssl/crypto/ffc/ffc_key_validate.c
View File

@ -26,7 +26,7 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
*ret = 0;
if (params == NULL || pub_key == NULL || params->p == NULL) {
*ret = FFC_ERROR_PASSED_NULL_PARAM;
return 0;
return 1;
}
ctx = BN_CTX_new_ex(NULL);
@ -39,18 +39,14 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
if (tmp == NULL
|| !BN_set_word(tmp, 1))
goto err;
if (BN_cmp(pub_key, tmp) <= 0) {
if (BN_cmp(pub_key, tmp) <= 0)
*ret |= FFC_ERROR_PUBKEY_TOO_SMALL;
goto err;
}
/* Step(1): Verify pub_key <= p-2 */
if (BN_copy(tmp, params->p) == NULL
|| !BN_sub_word(tmp, 1))
goto err;
if (BN_cmp(pub_key, tmp) >= 0) {
if (BN_cmp(pub_key, tmp) >= 0)
*ret |= FFC_ERROR_PUBKEY_TOO_LARGE;
goto err;
}
ok = 1;
err:
if (ctx != NULL) {
@ -73,7 +69,7 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret))
return 0;
if (params->q != NULL) {
if (*ret == 0 && params->q != NULL) {
ctx = BN_CTX_new_ex(NULL);
if (ctx == NULL)
goto err;
@ -84,10 +80,8 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
if (tmp == NULL
|| !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx))
goto err;
if (!BN_is_one(tmp)) {
if (!BN_is_one(tmp))
*ret |= FFC_ERROR_PUBKEY_INVALID;
goto err;
}
}
ok = 1;

6
crypto/openssl/crypto/lhash/lhash.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -266,12 +266,12 @@ static void contract(OPENSSL_LHASH *lh)
if (n == NULL) {
/* fputs("realloc error in lhash",stderr); */
lh->error++;
return;
} else {
lh->b = n;
}
lh->num_alloc_nodes /= 2;
lh->pmax /= 2;
lh->p = lh->pmax - 1;
lh->b = n;
} else
lh->p--;

12
crypto/openssl/crypto/mem.c
View File

@ -100,6 +100,9 @@ void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
* or 100;100@25;0
* This means 100 mallocs succeed, then next 100 fail 25% of the time, and
* all remaining (count is zero) succeed.
* The failure percentge can have 2 digits after the comma. For example:
* 0@0.01
* This means 0.01% of all allocations will fail.
*/
static void parseit(void)
{
@ -112,26 +115,27 @@ static void parseit(void)
/* Get the count (atol will stop at the @ if there), and percentage */
md_count = atol(md_failstring);
atsign = strchr(md_failstring, '@');
md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);
md_fail_percent = atsign == NULL ? 0 : (int)(atof(atsign + 1) * 100 + 0.5);
if (semi != NULL)
md_failstring = semi;
}
/*
* Windows doesn't have random(), but it has rand()
* Windows doesn't have random() and srandom(), but it has rand() and srand().
* Some rand() implementations aren't good, but we're not
* dealing with secure randomness here.
*/
# ifdef _WIN32
# define random() rand()
# define srandom(seed) srand(seed)
# endif
/*
* See if the current malloc should fail.
*/
static int shouldfail(void)
{
int roll = (int)(random() % 100);
int roll = (int)(random() % 10000);
int shoulditfail = roll < md_fail_percent;
# ifndef _WIN32
/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
@ -165,6 +169,8 @@ void ossl_malloc_setup_failures(void)
parseit();
if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
md_tracefd = atoi(cp);
if ((cp = getenv("OPENSSL_MALLOC_SEED")) != NULL)
srandom(atoi(cp));
}
#endif

5
crypto/openssl/crypto/modes/asm/ghashv8-armx.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -755,6 +755,9 @@ if ($flavour =~ /64/) { ######## 64-bit code
s/\.[uisp]?64//o and s/\.16b/\.2d/go;
s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
# Switch preprocessor checks to aarch64 versions.
s/__ARME([BL])__/__AARCH64E$1__/go;
print $_,"\n";
}
} else { ######## 32-bit code

7
crypto/openssl/crypto/objects/obj_dat.c
View File

@ -642,13 +642,14 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
if (p == NULL) {
const char *base_ = base;
int l, h, i = 0, c = 0;
char *p1;
for (i = 0; i < num; ++i) {
p = &(base_[i * size]);
c = (*cmp) (key, p);
p1 = &(base_[i * size]);
c = (*cmp) (key, p1);
if (c == 0
|| (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
return p;
return p1;
}
}
#endif

13
crypto/openssl/crypto/param_build_set.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -99,21 +99,22 @@ int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *params,
{
int i, sz = sk_BIGNUM_const_num(stk);
OSSL_PARAM *p;
const BIGNUM *bn;
if (bld != NULL) {
for (i = 0; i < sz && names[i] != NULL; ++i) {
if (!OSSL_PARAM_BLD_push_BN(bld, names[i],
sk_BIGNUM_const_value(stk, i)))
bn = sk_BIGNUM_const_value(stk, i);
if (bn != NULL && !OSSL_PARAM_BLD_push_BN(bld, names[i], bn))
return 0;
}
return 1;
}
for (i = 0; i < sz && names[i] != NULL; ++i) {
bn = sk_BIGNUM_const_value(stk, i);
p = OSSL_PARAM_locate(params, names[i]);
if (p != NULL) {
if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(stk, i)))
if (p != NULL && bn != NULL) {
if (!OSSL_PARAM_set_BN(p, bn))
return 0;
}
}

26
crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -86,7 +86,7 @@ poly1305_init:
ldp $r0,$r1,[$inp] // load key
mov $s1,#0xfffffffc0fffffff
movk $s1,#0x0fff,lsl#48
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $r0,$r0 // flip bytes
rev $r1,$r1
#endif
@ -136,7 +136,7 @@ poly1305_blocks:
.Loop:
ldp $t0,$t1,[$inp],#16 // load input
sub $len,$len,#16
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $t0,$t0
rev $t1,$t1
#endif
@ -204,13 +204,13 @@ poly1305_emit:
csel $h0,$h0,$d0,eq
csel $h1,$h1,$d1,eq
#ifdef __ARMEB__
#ifdef __AARCH64EB__
ror $t0,$t0,#32 // flip nonce words
ror $t1,$t1,#32
#endif
adds $h0,$h0,$t0 // accumulate nonce
adc $h1,$h1,$t1
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $h0,$h0 // flip output bytes
rev $h1,$h1
#endif
@ -345,7 +345,7 @@ poly1305_blocks_neon:
adcs $h1,$h1,xzr
adc $h2,$h2,xzr
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $d0,$d0
rev $d1,$d1
#endif
@ -391,7 +391,7 @@ poly1305_blocks_neon:
ldp $d0,$d1,[$inp],#16 // load input
sub $len,$len,#16
add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2)
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $d0,$d0
rev $d1,$d1
#endif
@ -476,7 +476,7 @@ poly1305_blocks_neon:
lsl $padbit,$padbit,#24
add x15,$ctx,#48
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -512,7 +512,7 @@ poly1305_blocks_neon:
ld1 {$S2,$R3,$S3,$R4},[x15],#64
ld1 {$S4},[x15]
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -573,7 +573,7 @@ poly1305_blocks_neon:
umull $ACC1,$IN23_0,${R1}[2]
ldp x9,x13,[$in2],#48
umull $ACC0,$IN23_0,${R0}[2]
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -638,7 +638,7 @@ poly1305_blocks_neon:
umlal $ACC4,$IN01_2,${R2}[0]
umlal $ACC1,$IN01_2,${S4}[0]
umlal $ACC2,$IN01_2,${R0}[0]
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev x8,x8
rev x12,x12
rev x9,x9
@ -922,13 +922,13 @@ poly1305_emit_neon:
csel $h0,$h0,$d0,eq
csel $h1,$h1,$d1,eq
#ifdef __ARMEB__
#ifdef __AARCH64EB__
ror $t0,$t0,#32 // flip nonce words
ror $t1,$t1,#32
#endif
adds $h0,$h0,$t0 // accumulate nonce
adc $h1,$h1,$t1
#ifdef __ARMEB__
#ifdef __AARCH64EB__
rev $h0,$h0 // flip output bytes
rev $h1,$h1
#endif

36
crypto/openssl/crypto/property/property_parse.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -588,15 +588,38 @@ static void put_char(char ch, char **buf, size_t *remain, size_t *needed)
static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
{
size_t olen, len;
size_t olen, len, i;
char quote = '\0';
int quotes;
len = olen = strlen(str);
*needed += len;
if (*remain == 0)
return;
/*
* Check to see if we need quotes or not.
* Characters that are legal in a PropertyName don't need quoting.
* We simply assume all others require quotes.
*/
for (i = 0; i < len; i++)
if (!ossl_isalnum(str[i]) && str[i] != '.' && str[i] != '_') {
/* Default to single quotes ... */
if (quote == '\0')
quote = '\'';
/* ... but use double quotes if a single is present */
if (str[i] == '\'')
quote = '"';
}
if (*remain < len + 1)
quotes = quote != '\0';
if (*remain == 0) {
*needed += 2 * quotes;
return;
}
if (quotes)
put_char(quote, buf, remain, needed);
if (*remain < len + 1 + quotes)
len = *remain - 1;
if (len > 0) {
@ -605,6 +628,9 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
*remain -= len;
}
if (quotes)
put_char(quote, buf, remain, needed);
if (len < olen && *remain == 1) {
**buf = '\0';
++*buf;

14
crypto/openssl/crypto/rsa/rsa_backend.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -141,18 +141,6 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
/* Check private key data integrity */
if (include_private && rsa_d != NULL) {
int numprimes = sk_BIGNUM_const_num(factors);
int numexps = sk_BIGNUM_const_num(exps);
int numcoeffs = sk_BIGNUM_const_num(coeffs);
/*
* It's permissible to have zero primes, i.e. no CRT params.
* Otherwise, there must be at least two, as many exponents,
* and one coefficient less.
*/
if (numprimes != 0
&& (numprimes < 2 || numexps < 2 || numcoeffs < 1))
goto err;
if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
rsa_d)

32
crypto/openssl/crypto/rsa/rsa_lib.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -753,18 +753,22 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
return 0;
pnum = sk_BIGNUM_num(primes);
if (pnum < 2
|| pnum != sk_BIGNUM_num(exps)
|| pnum != sk_BIGNUM_num(coeffs) + 1)
if (pnum < 2)
return 0;
if (!RSA_set0_factors(r, sk_BIGNUM_value(primes, 0),
sk_BIGNUM_value(primes, 1))
|| !RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0),
sk_BIGNUM_value(exps, 1),
sk_BIGNUM_value(coeffs, 0)))
sk_BIGNUM_value(primes, 1)))
return 0;
if (pnum == sk_BIGNUM_num(exps)
&& pnum == sk_BIGNUM_num(coeffs) + 1) {
if (!RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0),
sk_BIGNUM_value(exps, 1),
sk_BIGNUM_value(coeffs, 0)))
return 0;
}
#ifndef FIPS_MODULE
old_infos = r->prime_infos;
#endif
@ -1084,6 +1088,12 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen)
{
OSSL_PARAM rsa_params[2], *p = rsa_params;
const char *empty = "";
/*
* Needed as we swap label with empty if it is NULL, and label is
* freed at the end of this function.
*/
void *plabel = label;
int ret;
if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
@ -1096,9 +1106,13 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen)
if (!EVP_PKEY_CTX_is_a(ctx, "RSA"))
return -1;
/* Accept NULL for backward compatibility */
if (label == NULL && llen == 0)
plabel = (void *)empty;
/* Cast away the const. This is read only so should be safe */
*p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL,
(void *)label, (size_t)llen);
(void *)plabel, (size_t)llen);
*p++ = OSSL_PARAM_construct_end();
ret = evp_pkey_ctx_set_params_strict(ctx, rsa_params);

8
crypto/openssl/doc/man3/CMS_add1_signer.pod
View File

@ -31,8 +31,8 @@ Unless the B<CMS_REUSE_DIGEST> flag is set the returned CMS_ContentInfo
structure is not complete and must be finalized either by streaming (if
applicable) or a call to CMS_final().
The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo
structure, its main use is when B<CMS_REUSE_DIGEST> and B<CMS_PARTIAL> flags
The CMS_SignerInfo_sign() function explicitly signs a CMS_SignerInfo
structure, its main use is when the B<CMS_REUSE_DIGEST> and B<CMS_PARTIAL> flags
are both set.
=head1 NOTES
@ -90,6 +90,8 @@ before it is finalized.
CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo
structure just added or NULL if an error occurs.
CMS_SignerInfo_sign() returns 1 on success, 0 on failure.
=head1 SEE ALSO
L<ERR_get_error(3)>, L<CMS_sign(3)>,
@ -97,7 +99,7 @@ L<CMS_final(3)>,
=head1 COPYRIGHT
Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

6
crypto/openssl/doc/man3/DH_generate_parameters.pod
View File

@ -128,6 +128,10 @@ The parameter B<j> is invalid.
=back
If 0 is returned or B<*codes> is set to a nonzero value the supplied
parameters should not be used for Diffie-Hellman operations otherwise
the security properties of the key exchange are not guaranteed.
DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to
DH_check() and DH_check_params() respectively, but the error reasons are added
to the thread's error queue instead of provided as return values from the
@ -160,7 +164,7 @@ DH_generate_parameters_ex() instead.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man3/DSA_generate_parameters.pod
View File

@ -51,7 +51,7 @@ called as shown below. For information on the BN_GENCB structure and the
BN_GENCB_call function discussed below, refer to
L<BN_generate_prime(3)>.
DSA_generate_prime() is similar to DSA_generate_prime_ex() but
DSA_generate_parameters() is similar to DSA_generate_parameters_ex() but
expects an old-style callback function; see
L<BN_generate_prime(3)> for information on the old-style callback.
@ -126,7 +126,7 @@ DSA_generate_parameters_ex() instead.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

8
crypto/openssl/doc/man3/EVP_aes_128_gcm.pod
View File

@ -134,13 +134,7 @@ section for details.
EVP_aes_192_wrap(),
EVP_aes_256_wrap(),
EVP_aes_128_wrap_pad(),
EVP_aes_128_wrap(),
EVP_aes_192_wrap(),
EVP_aes_256_wrap(),
EVP_aes_192_wrap_pad(),
EVP_aes_128_wrap(),
EVP_aes_192_wrap(),
EVP_aes_256_wrap(),
EVP_aes_256_wrap_pad()
AES key wrap with 128, 192 and 256 bit keys, as according to RFC 3394 section
@ -173,7 +167,7 @@ the XTS "tweak" value.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-AES(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_aria_128_gcm.pod
View File

@ -96,7 +96,7 @@ correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> section for details.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-ARIA(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_bf_cbc.pod
View File

@ -41,7 +41,7 @@ Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-BLOWFISH(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_blake2b512.pod
View File

@ -35,7 +35,7 @@ The BLAKE2b algorithm that produces a 512-bit output from a given input.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-BLAKE2(7)> instead.
See L<crypto(7)/Performance> for further information.
While the BLAKE2b and BLAKE2s algorithms supports a variable length digest,

2
crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod
View File

@ -79,7 +79,7 @@ Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-CAMELLIA(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_cast5_cbc.pod
View File

@ -41,7 +41,7 @@ CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-CAST(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_chacha20.pod
View File

@ -44,7 +44,7 @@ L<EVP_EncryptInit(3)/AEAD Interface> section for more information.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-CHACHA(7)> instead.
See L<crypto(7)/Performance> for further information.
L<RFC 7539|https://www.rfc-editor.org/rfc/rfc7539.html#section-2.4>

2
crypto/openssl/doc/man3/EVP_des_cbc.pod
View File

@ -89,7 +89,7 @@ Triple-DES key wrap according to RFC 3217 Section 3.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-DES(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_desx_cbc.pod
View File

@ -31,7 +31,7 @@ implementation.
Developers should be aware of the negative performance implications of
calling this function multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-DES(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_idea_cbc.pod
View File

@ -39,7 +39,7 @@ The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-IDEA(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_md2.pod
View File

@ -28,7 +28,7 @@ The MD2 algorithm which produces a 128-bit output from a given input.
Developers should be aware of the negative performance implications of
calling this function multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-MD2(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_md4.pod
View File

@ -29,7 +29,7 @@ The MD4 algorithm which produces a 128-bit output from a given input.
Developers should be aware of the negative performance implications of
calling this function multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-MD4(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_md5.pod
View File

@ -40,7 +40,7 @@ WARNING: this algorithm is not intended for non-SSL usage.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-MD5(7)> or L<EVP_MD-MD5-SHA1(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_mdc2.pod
View File

@ -30,7 +30,7 @@ The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a
Developers should be aware of the negative performance implications of
calling this function multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-MDC2(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_rc2_cbc.pod
View File

@ -55,7 +55,7 @@ functions to set the key length and effective key length.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-RC2(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_rc4.pod
View File

@ -47,7 +47,7 @@ interface.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-RC4(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod
View File

@ -60,7 +60,7 @@ is an int.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-RC5(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_ripemd160.pod
View File

@ -29,7 +29,7 @@ The RIPEMD-160 algorithm which produces a 160-bit output from a given input.
Developers should be aware of the negative performance implications of
calling this function multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-RIPEMD160(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_seed_cbc.pod
View File

@ -41,7 +41,7 @@ The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-SEED(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_sha1.pod
View File

@ -29,7 +29,7 @@ The SHA-1 algorithm which produces a 160-bit output from a given input.
Developers should be aware of the negative performance implications of
calling this function multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-SHA1(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_sha224.pod
View File

@ -49,7 +49,7 @@ their outputs are of the same size.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-SHA2(7)>instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_sha3_224.pod
View File

@ -54,7 +54,7 @@ B<EVP_shake256> provides that of 256 bits.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-SHA3(7)> or L<EVP_MD-SHAKE(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_sm3.pod
View File

@ -28,7 +28,7 @@ The SM3 hash function.
Developers should be aware of the negative performance implications of
calling this function multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-SM3(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_sm4_cbc.pod
View File

@ -45,7 +45,7 @@ respectively.
Developers should be aware of the negative performance implications of
calling these functions multiple times and should consider using
L<EVP_CIPHER_fetch(3)> instead.
L<EVP_CIPHER_fetch(3)> with L<EVP_CIPHER-SM4(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

2
crypto/openssl/doc/man3/EVP_whirlpool.pod
View File

@ -30,7 +30,7 @@ input.
Developers should be aware of the negative performance implications of
calling this function multiple times and should consider using
L<EVP_MD_fetch(3)> instead.
L<EVP_MD_fetch(3)> with L<EVP_MD-WHIRLPOOL(7)> instead.
See L<crypto(7)/Performance> for further information.
=head1 RETURN VALUES

5
crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod
View File

@ -33,7 +33,8 @@ be NULL terminated.
B<iter> is the iteration count and its value should be greater than or
equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any
B<iter> less than 1 is treated as a single iteration.
B<iter> value less than 1 is invalid; such values will result in failure
and raise the PROV_R_INVALID_ITERATION_COUNT error.
B<digest> is the message digest function used in the derivation.
PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1().
@ -66,7 +67,7 @@ L<passphrase-encoding(7)>
=head1 COPYRIGHT
Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

10
crypto/openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod
View File

@ -2,6 +2,7 @@
=head1 NAME
SSL_CONF_CTX_finish,
SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure
=head1 SYNOPSIS
@ -10,6 +11,7 @@ SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure
void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
=head1 DESCRIPTION
@ -23,6 +25,10 @@ B<SSL> structure B<ssl>. Any previous B<SSL> or B<SSL_CTX> associated with
B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to
B<ssl>.
The function SSL_CONF_CTX_finish() must be called after all configuration
operations have been completed. It is used to finalise any operations
or to process defaults.
=head1 NOTES
The context need not be set or it can be set to B<NULL> in which case only
@ -32,6 +38,8 @@ syntax checking of commands is performed, where possible.
SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value.
SSL_CONF_CTX_finish() returns 1 for success and 0 for failure.
=head1 SEE ALSO
L<ssl(7)>,
@ -47,7 +55,7 @@ These functions were added in OpenSSL 1.0.2.
=head1 COPYRIGHT
Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

16
crypto/openssl/doc/man3/SSL_CTX_set_info_callback.pod
View File

@ -12,11 +12,15 @@ SSL_get_info_callback
#include <openssl/ssl.h>
void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
void SSL_CTX_set_info_callback(SSL_CTX *ctx,
void (*callback) (const SSL *ssl, int type, int val));
void SSL_set_info_callback(SSL *ssl, void (*callback)());
void (*SSL_get_info_callback(const SSL *ssl))();
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, int val);
void SSL_set_info_callback(SSL *ssl,
void (*callback) (const SSL *ssl, int type, int val));
void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, int val);
=head1 DESCRIPTION
@ -119,7 +123,7 @@ SSL_get_info_callback() returns the current setting.
The following example callback function prints state strings, information
about alerts being handled and error messages to the B<bio_err> BIO.
void apps_ssl_info_callback(SSL *s, int where, int ret)
void apps_ssl_info_callback(const SSL *s, int where, int ret)
{
const char *str;
int w = where & ~SSL_ST_MASK;
@ -156,7 +160,7 @@ L<SSL_alert_type_string(3)>
=head1 COPYRIGHT
Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
crypto/openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod
View File

@ -8,7 +8,7 @@ i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private
=head1 SYNOPSIS
#include <openssl/evp.h>
#include <openssl/pem.h>
EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
@ -64,7 +64,7 @@ L<passphrase-encoding(7)>
=head1 COPYRIGHT
Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

26
crypto/openssl/doc/man3/d2i_X509.pod
View File

@ -390,10 +390,12 @@ to the returned structure is also written to I<*a>. If an error occurred
then NULL is returned.
On a successful return, if I<*a> is not NULL then it is assumed that I<*a>
contains a valid B<I<TYPE>> structure and an attempt is made to reuse it. This
"reuse" capability is present for historical compatibility but its use is
B<strongly discouraged> (see BUGS below, and the discussion in the RETURN
VALUES section).
contains a valid B<I<TYPE>> structure and an attempt is made to reuse it.
For B<I<TYPE>> structures where it matters it is possible to set up a library
context on the decoded structure this way (see the B<EXAMPLES> section).
However using the "reuse" capability for other purposes is B<strongly
discouraged> (see B<BUGS> below, and the discussion in the B<RETURN VALUES>
section).
B<d2i_I<TYPE>_bio>() is similar to B<d2i_I<TYPE>>() except it attempts
to parse data from BIO I<bp>.
@ -538,6 +540,22 @@ Alternative technique:
if (d2i_X509(&x, &p, len) == NULL)
/* error */
Setting up a library context and property query:
X509 *x;
unsigned char *buf;
const unsigned char *p;
int len;
OSSL_LIB_CTX *libctx = ....;
const char *propq = ....;
/* Set up buf and len to point to the input buffer. */
p = buf;
x = X509_new_ex(libctx, propq);
if (d2i_X509(&x, &p, len) == NULL)
/* error, x was freed and NULL assigned to it (see RETURN VALUES) */
=head1 WARNINGS
Using a temporary variable is mandatory. A common

3
crypto/openssl/include/openssl/cmserr.h
View File

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -113,6 +113,7 @@
# define CMS_R_UNSUPPORTED_LABEL_SOURCE 193
# define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155
# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
# define CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM 195
# define CMS_R_UNSUPPORTED_TYPE 156
# define CMS_R_UNWRAP_ERROR 157
# define CMS_R_UNWRAP_FAILURE 180

4
crypto/openssl/include/openssl/evp.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -85,6 +85,8 @@
/* Easy to use macros for EVP_PKEY related selections */
# define EVP_PKEY_KEY_PARAMETERS \
( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS )
# define EVP_PKEY_PRIVATE_KEY \
( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY )
# define EVP_PKEY_PUBLIC_KEY \
( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY )
# define EVP_PKEY_KEYPAIR \

10
crypto/openssl/include/openssl/opensslv.h
View File

@ -29,7 +29,7 @@ extern "C" {
*/
# define OPENSSL_VERSION_MAJOR 3
# define OPENSSL_VERSION_MINOR 0
# define OPENSSL_VERSION_PATCH 11
# define OPENSSL_VERSION_PATCH 12
/*
* Additional version information
@ -74,21 +74,21 @@ extern "C" {
* longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and
* OPENSSL_VERSION_BUILD_METADATA_STR appended.
*/
# define OPENSSL_VERSION_STR "3.0.11"
# define OPENSSL_FULL_VERSION_STR "3.0.11"
# define OPENSSL_VERSION_STR "3.0.12"
# define OPENSSL_FULL_VERSION_STR "3.0.12"
/*
* SECTION 3: ADDITIONAL METADATA
*
* These strings are defined separately to allow them to be parsable.
*/
# define OPENSSL_RELEASE_DATE "19 Sep 2023"
# define OPENSSL_RELEASE_DATE "24 Oct 2023"
/*
* SECTION 4: BACKWARD COMPATIBILITY
*/
# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.11 19 Sep 2023"
# define OPENSSL_VERSION_TEXT "OpenSSL 3.0.12 24 Oct 2023"
/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
# ifdef OPENSSL_VERSION_PRE_RELEASE

6
crypto/openssl/include/openssl/pkcs7.h.in
View File

@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -57,8 +57,8 @@ typedef struct pkcs7_signer_info_st {
PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
X509_ALGOR *digest_alg;
STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
X509_ALGOR *digest_enc_alg;
ASN1_OCTET_STRING *enc_digest;
X509_ALGOR *digest_enc_alg; /* confusing name, actually used for signing */
ASN1_OCTET_STRING *enc_digest; /* confusing name, actually signature */
STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
/* The private key to sign with */
EVP_PKEY *pkey;

40
crypto/openssl/providers/fips-sources.checksums
View File

@ -21,7 +21,7 @@ c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm
c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl
f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6 crypto/aes/asm/aesp8-ppc.pl
e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl
a097f9d71de7cefa8e93629033ff1986fb01128623ec051d9b5afef55c0e5ebb crypto/aes/asm/aesv8-armx.pl
e3955352a92d56905d63e68937e4758f13190a14a10a3dcb1e5c641c49913c0c crypto/aes/asm/aesv8-armx.pl
5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl
0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl
1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196 crypto/aes/asm/vpaes-armv8.pl
@ -79,7 +79,7 @@ d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_d
74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c
a29b8b7fa8460f11e50f880e3c3c9e0755b93889bcbb5476206c4d938a9c5735 crypto/bn/bn_exp.c
ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c
1abab2cc5466b005b939d156e7d8664a4d42a191c9040dbb83941269d6844f0c crypto/bn/bn_gcd.c
baba7c8ae95af6aa36bc9f4be3a2eed33d500451e568ca4bfc6bc7cb48d4f7ea crypto/bn/bn_gcd.c
4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c
081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c
602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c
@ -122,20 +122,20 @@ eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb
61926e30dd940616e80936d1c94c5f522daf0d475fb3a40a9e589e78f322901e crypto/des/set_key.c
8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h
816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c
d2d0569bea2598bd405f23b60e5283a6ce353f1145a25ff8f28cf15711743156 crypto/dh/dh_check.c
fcbfe5acb73e1b4094efec56a754b803d2c1a53644c78cf6a73ae868e3f3886d crypto/dh/dh_check.c
7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c
6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c
a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c
0afa7dd237f9b21b0cfb0de10505facd57eb07ded905d888d43a1de2356d4002 crypto/dh/dh_key.c
b0046b2c4e1d74ff4e93f2486a00f63728909b8a75cbdd29b9100e607f97995c crypto/dh/dh_lib.c
9e61a0b5017d835b348b15e93760c42d8d899ffae4251455c7b3085cfd25294c crypto/dh/dh_key.c
92345c259ea2a8c09e6d6b069d0942bd6ca4642231580f3e8148ae7a832a1115 crypto/dh/dh_lib.c
8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h
bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c
b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7 crypto/dsa/dsa_check.c
d7e0d87494e3b3f0898a56785a219e87a2ce14416393ec32d8c0b5f539c7bdbf crypto/dsa/dsa_check.c
ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c
b1de1624e590dbf76f76953802ff162cc8de7c5e2eaba897313c866424d6902b crypto/dsa/dsa_key.c
9e436a2e0867920c3a5ac58bc14300cad4ab2c4c8fe5e40b355dfd21bfdfe146 crypto/dsa/dsa_lib.c
9f4837c5abe53613a2dc1c5db81d073d4f42bd28b6a2d1e93a2b350d8e25d52a crypto/dsa/dsa_lib.c
f4d52d3897219786c6046bf76abb2f174655c584caa50272bf5d281720df5022 crypto/dsa/dsa_local.h
38062c6eebdb2f88fa0c6592837a96a49de2ae520d3ad483a3e02921c8adb094 crypto/dsa/dsa_ossl.c
c5c252f205482a71efeabe226d51a1c541a6ba2dfa9b8b8a70901087a9dc1667 crypto/dsa/dsa_ossl.c
d612fd05ff98816ba6cf37f84c0e31443ad9d840ed587a7ab2066027da390325 crypto/dsa/dsa_sign.c
53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c
d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ecp_nistp521-ppc64.pl
@ -193,7 +193,7 @@ b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_
0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c
1af3872164b4a4757bc7896a24b4d2f8eb2cfb4cba0d872a93db69975693e0a6 crypto/evp/digest.c
838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c
1c3d1b1f800b1f1f5adb1fdbdd67cdf37ca7ea93b264d1468c72a63c140873ce crypto/evp/evp_enc.c
61df3942752307b7006f09d7628348a0cc9e5555469a3a8862349067a52824b7 crypto/evp/evp_enc.c
7f10367f9b6191c4a8c01784130d26b2d778485a41cdac5fa17c9a1c4096f132 crypto/evp/evp_fetch.c
ebe32b2895f7f9767710674352c8949efe93b4bbb5e7b71c27bb5d1822339b46 crypto/evp/evp_lib.c
78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h
@ -213,11 +213,11 @@ e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac
1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c
76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c
4b2dbddf0f9ceed34c3822347138be754fb194febca1c21c46bcc3a5cce33674 crypto/evp/signature.c
b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c
f2acfb82aac20251d05a9c252cc6c282bd44e43feac4ac2e0faf68b9a38aef57 crypto/ex_data.c
1c8389c5d49616d491978f0f2b2a54ba82d805ec41c8f75c67853216953cf46a crypto/ffc/ffc_backend.c
a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c
854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c
2695c9c8ad9193a8c1ab53d5d09712d50d12c91eb8d62e8a15cbc78f327afe84 crypto/ffc/ffc_key_validate.c
4e973d956d4ec2087994de8e963be1a512da1441f22e6e7b9cd7ee536e3ff834 crypto/ffc/ffc_key_validate.c
8b72d5a7452b2c15aec6d20027053a83f7df89d49a3b6cfedd77e2b1a29e9fc1 crypto/ffc/ffc_params.c
1a1d227f9a0f427d2ec93bc646c726c9cd49a84a343b4aff0c9c744fa6df05a9 crypto/ffc/ffc_params_generate.c
73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c
@ -225,7 +225,7 @@ a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc
0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h
0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S
f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c
5482c47c266523129980302426d25839fda662f1544f4b684707e6b272a952c9 crypto/lhash/lhash.c
7290d8d7ec31a98b17618f218d4f27b393501c7606c814a43db8af1975ad1d10 crypto/lhash/lhash.c
5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h
f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c
e14f48d4112c0efe3826b4aa390cc24045a85298cc551ec7f3f36ac4236d7d81 crypto/modes/asm/aes-gcm-armv8_64.pl
@ -240,7 +240,7 @@ e472d73d06933667a51a0af973479993eed333c71b43af03095450acb36dbeb4 crypto/modes/a
26f55a57e77f774d17dfba93d757f78edfa3a03f68a71ffa37ccf3bfc468b1e2 crypto/modes/asm/ghash-x86.pl
72744131007d2389c09665a59a862f5f6bb61b64bd3456e9b400985cb56586b8 crypto/modes/asm/ghash-x86_64.pl
a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/asm/ghashp8-ppc.pl
0029b5beb1d4cd4c5ad47164c23f3e7c9d1eaff66ef54af025ee26795b11a1c7 crypto/modes/asm/ghashv8-armx.pl
69a13f423ca74c22543900c14aef4a848e3bc75504b65d2f51c6903aebcc17a7 crypto/modes/asm/ghashv8-armx.pl
65112dfe63cd59487e7bdb1706b44acfcf48ecede12cc3ae51daa5b661f41f06 crypto/modes/cbc128.c
1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c
d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c
@ -252,7 +252,7 @@ e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/w
8aa2504f84a0637b5122f0c963c9d82773ba248bad972ab92be7169995d162b5 crypto/o_str.c
8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c
a20bfd927d69737c86ca95d3cf636afa8cefd8fe23412d1a3897644a0da21211 crypto/param_build.c
c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c
2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d crypto/param_build_set.c
0e4a5388a92fabbe5a540176c0b4c5ce258b78dc9168ecc2e805352a06aaf0ba crypto/params.c
4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c
a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c
@ -261,7 +261,7 @@ a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_
b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c
3c4ade2fed4605e374d85ec1134a98da34e7124f89f44b81a754e8cfe81f14ba crypto/property/property.c
66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h
921305e62749aec22da4843738bee3448b61e7e30d5309beddc7141ad07a8004 crypto/property/property_parse.c
099407e68e705f1458b701b9336f633565fc0843355fedf1ec83794349548a51 crypto/property/property_parse.c
a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c
065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c
0ba5d0297837940c972224c97cbbf3ea4a723c1eed9ce1112538c9bb26208639 crypto/provider_core.c
@ -270,11 +270,11 @@ d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provide
a5a4472636b8b0095ad8d4acd37e275ad79da1a67ecff7b7b5c3e46c9ebc65b7 crypto/rand/rand_lib.c
fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h
f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c
9e7dd6fc91d3266d4aa4f0f41b7986381122b7d98114e63ebf04c5ee298b5fda crypto/rsa/rsa_backend.c
5834d7c518ad53ea0dd3db811c0e51568c81cc6c117012030101d29003d0725c crypto/rsa/rsa_backend.c
38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c
e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c
e995da1c2e5007bd7f5907f369fe45ed15f4e657143a85078c755bd5e6863d0b crypto/rsa/rsa_gen.c
74ed75d1d8e0844800504a137bfd81c3dbcb6c4bd58b5d5fe9d0a362092b6e88 crypto/rsa/rsa_lib.c
f2222f270e57559537d3da8abbeb1390bc5376b73dae59d536af6e73eb48bba0 crypto/rsa/rsa_lib.c
a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b crypto/rsa/rsa_local.h
cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c
5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c
@ -430,7 +430,7 @@ bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openss
61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h
69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h
c6ee8f17d7252bdd0807a124dc6d50a95c32c04e17688b7c2e061998570b7028 include/openssl/err.h.in
12ec111c0e22581e0169be5e1838353a085fb51e3042ef59a7db1cee7da73c5b include/openssl/evp.h
b23bf3e2d0a60fe4d768afbe7aab48b47791e1274ae42b28895255119ae7f61d include/openssl/evp.h
5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h
5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h
b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783 include/openssl/fipskey.h.in
@ -567,7 +567,7 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/impl
589f6133799da80760e8bc3ab0191a341ab6d4d2706e92e6eb4a24b0250fefa6 providers/implementations/kdfs/tls1_prf.c
4d4a6d9a562d2dcfec941d3f113a544663b5ac2fbe4accd89ec70c1cc11751d0 providers/implementations/kdfs/x942kdf.c
6b6c776b12664164f3cb54c21df61e1c4477c7855d89431a16fb338cdae58d43 providers/implementations/kem/rsa_kem.c
9d5eb7e056e790b1b4292ec7af03fbf0b26e34625c70eb36643451965bcfc696 providers/implementations/keymgmt/dh_kmgmt.c
11a0d0fb88ed88e965f10b3a0ef6c880f60341df995128f57ad943053aaf15b2 providers/implementations/keymgmt/dh_kmgmt.c
a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304 providers/implementations/keymgmt/dsa_kmgmt.c
9bc88451d3ae110c7a108ee73d3b3b6bda801ec3494d2dfb9c9970b85c2d34fe providers/implementations/keymgmt/ec_kmgmt.c
258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc
@ -578,7 +578,7 @@ a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304 providers/impl
aeb42590728ca87b916b8a3d337351b1c82ee0747213e5ce740c2350b3db7185 providers/implementations/macs/cmac_prov.c
e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c
895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c
f75fbfe5348f93ad610da7d310f4e8fecf18c0549f27605da25d393c33e0edc2 providers/implementations/macs/kmac_prov.c
8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c
bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c
9d23df7f99beec7392c9d4ed813407050bc2d150098888fe802e2c9705fc33fa providers/implementations/rands/drbg.c
bb5f8161a80d0d1a7ee919af2b167972b00afd62e326252ca6aa93101f315f19 providers/implementations/rands/drbg_ctr.c

2
crypto/openssl/providers/fips.checksum
View File

@ -1 +1 @@
8d97c837eeb1288f74788f0e48cb0cbc8498d4cf7ddc25c89344df7d5309ffc8 providers/fips-sources.checksums
114b59f288ec2d6ddfcd26187f43cad614c6d4e4a7aba24410494f46f627671c providers/fips-sources.checksums

65
crypto/openssl/providers/implementations/encode_decode/encode_key2text.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -241,7 +241,7 @@ static int dh_to_text(BIO *out, const void *key, int selection)
return 0;
}
}
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
pub_key = DH_get0_pub_key(dh);
if (pub_key == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
@ -316,7 +316,7 @@ static int dsa_to_text(BIO *out, const void *key, int selection)
return 0;
}
}
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
pub_key = DSA_get0_pub_key(dsa);
if (pub_key == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
@ -525,7 +525,7 @@ static int ec_to_text(BIO *out, const void *key, int selection)
if (priv_len == 0)
goto err;
}
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
const EC_POINT *pub_pt = EC_KEY_get0_public_key(ec);
if (pub_pt == NULL) {
@ -575,26 +575,31 @@ static int ecx_to_text(BIO *out, const void *key, int selection)
return 0;
}
switch (ecx->type) {
case ECX_KEY_TYPE_X25519:
type_label = "X25519";
break;
case ECX_KEY_TYPE_X448:
type_label = "X448";
break;
case ECX_KEY_TYPE_ED25519:
type_label = "ED25519";
break;
case ECX_KEY_TYPE_ED448:
type_label = "ED448";
break;
}
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
if (ecx->privkey == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
return 0;
}
switch (ecx->type) {
case ECX_KEY_TYPE_X25519:
type_label = "X25519 Private-Key";
break;
case ECX_KEY_TYPE_X448:
type_label = "X448 Private-Key";
break;
case ECX_KEY_TYPE_ED25519:
type_label = "ED25519 Private-Key";
break;
case ECX_KEY_TYPE_ED448:
type_label = "ED448 Private-Key";
break;
}
if (BIO_printf(out, "%s Private-Key:\n", type_label) <= 0)
return 0;
if (!print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen))
return 0;
} else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
/* ecx->pubkey is an array, not a pointer... */
if (!ecx->haspubkey) {
@ -602,29 +607,11 @@ static int ecx_to_text(BIO *out, const void *key, int selection)
return 0;
}
switch (ecx->type) {
case ECX_KEY_TYPE_X25519:
type_label = "X25519 Public-Key";
break;
case ECX_KEY_TYPE_X448:
type_label = "X448 Public-Key";
break;
case ECX_KEY_TYPE_ED25519:
type_label = "ED25519 Public-Key";
break;
case ECX_KEY_TYPE_ED448:
type_label = "ED448 Public-Key";
break;
}
if (BIO_printf(out, "%s Public-Key:\n", type_label) <= 0)
return 0;
}
if (BIO_printf(out, "%s:\n", type_label) <= 0)
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
&& !print_labeled_buf(out, "priv:", ecx->privkey, ecx->keylen))
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0
&& !print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen))
if (!print_labeled_buf(out, "pub:", ecx->pubkey, ecx->keylen))
return 0;
return 1;

2
crypto/openssl/providers/implementations/keymgmt/dh_kmgmt.c
View File

@ -392,7 +392,7 @@ static int dh_validate_public(const DH *dh, int checktype)
&& ossl_dh_is_named_safe_prime_group(dh))
return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
return DH_check_pub_key(dh, pub_key, &res);
return DH_check_pub_key_ex(dh, pub_key);
}
static int dh_validate_private(const DH *dh)

6
crypto/openssl/providers/implementations/macs/kmac_prov.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -249,7 +249,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
if (w < 0) {
if (w <= 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
return 0;
}
@ -289,7 +289,7 @@ static int kmac_init(void *vmacctx, const unsigned char *key,
return 0;
t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest));
if (t < 0) {
if (t <= 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
return 0;
}

4
secure/lib/libcrypto/Makefile.inc
View File

@ -2,8 +2,8 @@
.include <bsd.own.mk>
# OpenSSL version used for manual page generation
OPENSSL_VER= 3.0.11
OPENSSL_DATE= 2023-09-19
OPENSSL_VER= 3.0.12
OPENSSL_DATE= 2023-10-24
LCRYPTO_SRC= ${SRCTOP}/crypto/openssl
LCRYPTO_DOC= ${LCRYPTO_SRC}/doc