Version in base suite: 3.0.17-1~deb12u2 Version in overlay suite: 3.0.17-1~deb12u3 Base version: openssl_3.0.17-1~deb12u3 Target version: openssl_3.0.18-1~deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openssl/openssl_3.0.17-1~deb12u3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openssl/openssl_3.0.18-1~deb12u1.dsc /srv/release.debian.org/tmp/0aVBoXcyum/openssl-3.0.18/test/recipes/90-test_store_cases_data/test-BER.p12 |binary openssl-3.0.18/CHANGES.md | 70 +++ openssl-3.0.18/Configurations/50-nonstop.conf | 2 openssl-3.0.18/Configurations/unix-Makefile.tmpl | 14 openssl-3.0.18/NEWS.md | 16 openssl-3.0.18/VERSION.dat | 4 openssl-3.0.18/apps/asn1parse.c | 2 openssl-3.0.18/apps/cms.c | 1 openssl-3.0.18/apps/ecparam.c | 14 openssl-3.0.18/apps/enc.c | 4 openssl-3.0.18/apps/include/apps.h | 3 openssl-3.0.18/apps/lib/apps.c | 48 -- openssl-3.0.18/apps/ocsp.c | 21 - openssl-3.0.18/apps/storeutl.c | 16 openssl-3.0.18/crypto/aes/asm/aes-s390x.pl | 5 openssl-3.0.18/crypto/asn1/asn_mime.c | 22 - openssl-3.0.18/crypto/bio/bss_dgram.c | 25 - openssl-3.0.18/crypto/bio/bss_file.c | 4 openssl-3.0.18/crypto/cms/cms_pwri.c | 2 openssl-3.0.18/crypto/dh/dh_key.c | 14 openssl-3.0.18/crypto/dh/dh_pmeth.c | 2 openssl-3.0.18/crypto/evp/bio_ok.c | 25 - openssl-3.0.18/crypto/evp/ctrl_params_translate.c | 2 openssl-3.0.18/crypto/evp/p_lib.c | 19 openssl-3.0.18/crypto/evp/p_seal.c | 7 openssl-3.0.18/crypto/http/http_lib.c | 1 openssl-3.0.18/crypto/info.c | 14 openssl-3.0.18/crypto/modes/siv128.c | 5 openssl-3.0.18/crypto/pkcs7/pk7_doit.c | 7 openssl-3.0.18/crypto/property/property_parse.c | 4 openssl-3.0.18/crypto/rand/randfile.c | 6 openssl-3.0.18/crypto/sm2/sm2_sign.c | 6 openssl-3.0.18/crypto/store/store_lib.c | 27 - openssl-3.0.18/crypto/threads_pthread.c | 8 openssl-3.0.18/crypto/x509/by_store.c | 34 + openssl-3.0.18/crypto/x509/t_req.c | 6 openssl-3.0.18/crypto/x509/t_x509.c | 5 openssl-3.0.18/crypto/x509/x509_ext.c | 20 - openssl-3.0.18/crypto/x509/x509_lu.c | 3 openssl-3.0.18/crypto/x509/x509_vpm.c | 7 openssl-3.0.18/debian/changelog | 6 openssl-3.0.18/debian/patches/Revert-Add-test_verify-tests.patch | 82 ---- openssl-3.0.18/debian/patches/Revert-Drop-by-store-s-by_store_subject_ex.patch | 66 --- openssl-3.0.18/debian/patches/Revert-Rework-the-by-store-X509_LOOKUP-method-to-open-the.patch | 200 ---------- openssl-3.0.18/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch | 25 - openssl-3.0.18/debian/patches/man-section.patch | 10 openssl-3.0.18/debian/patches/series | 5 openssl-3.0.18/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch | 24 - openssl-3.0.18/demos/bio/saccept.c | 7 openssl-3.0.18/demos/bio/server-arg.c | 7 openssl-3.0.18/demos/bio/server-cmod.c | 7 openssl-3.0.18/demos/bio/server-conf.c | 7 openssl-3.0.18/demos/cms/cms_ddec.c | 4 openssl-3.0.18/demos/cms/cms_denc.c | 4 openssl-3.0.18/demos/pkey/EVP_PKEY_RSA_keygen.c | 4 openssl-3.0.18/doc/man1/openssl-enc.pod.in | 9 openssl-3.0.18/doc/man3/BN_generate_prime.pod | 6 openssl-3.0.18/doc/man3/EVP_EncryptInit.pod | 4 openssl-3.0.18/doc/man3/EVP_PKEY_new.pod | 16 openssl-3.0.18/doc/man3/EVP_aes_128_gcm.pod | 4 openssl-3.0.18/doc/man3/EVP_aria_128_gcm.pod | 4 openssl-3.0.18/doc/man3/EVP_chacha20.pod | 4 openssl-3.0.18/doc/man3/OPENSSL_secure_malloc.pod | 9 openssl-3.0.18/doc/man3/OpenSSL_version.pod | 9 openssl-3.0.18/doc/man3/PEM_read_CMS.pod | 8 openssl-3.0.18/doc/man3/RAND_load_file.pod | 8 openssl-3.0.18/doc/man3/SSL_CIPHER_get_name.pod | 4 openssl-3.0.18/doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 10 openssl-3.0.18/doc/man3/SSL_SESSION_get0_hostname.pod | 10 openssl-3.0.18/doc/man3/d2i_X509.pod | 7 openssl-3.0.18/doc/man7/EVP_PKEY-DSA.pod | 4 openssl-3.0.18/doc/man7/EVP_PKEY-FFC.pod | 4 openssl-3.0.18/include/openssl/opensslv.h.in | 11 openssl-3.0.18/include/openssl/pem.h | 4 openssl-3.0.18/providers/decoders.inc | 3 openssl-3.0.18/providers/fips-sources.checksums | 14 openssl-3.0.18/providers/fips.checksum | 2 openssl-3.0.18/providers/implementations/asymciphers/rsa_enc.c | 19 openssl-3.0.18/providers/implementations/encode_decode/decode_der2key.c | 3 openssl-3.0.18/providers/implementations/encode_decode/decode_pem2der.c | 4 openssl-3.0.18/providers/implementations/encode_decode/encode_key2text.c | 10 openssl-3.0.18/providers/implementations/include/prov/implementations.h | 3 openssl-3.0.18/providers/implementations/kdfs/krb5kdf.c | 7 openssl-3.0.18/providers/implementations/macs/hmac_prov.c | 18 openssl-3.0.18/test/evp_extra_test.c | 43 ++ openssl-3.0.18/test/fake_rsaprov.c | 6 openssl-3.0.18/test/fake_rsaprov.h | 11 openssl-3.0.18/test/property_test.c | 17 openssl-3.0.18/test/provider_pkey_test.c | 74 +++ openssl-3.0.18/test/recipes/15-test_ec.t | 14 openssl-3.0.18/test/recipes/15-test_ecparam.t | 6 openssl-3.0.18/test/recipes/15-test_ecparam_data/valid/sm2-explicit.pem | 7 openssl-3.0.18/test/recipes/15-test_ecparam_data/valid/sm2-named.pem | 3 openssl-3.0.18/test/recipes/25-test_verify.t | 5 openssl-3.0.18/test/recipes/30-test_evp_data/evpkdf_krb5.txt | 10 openssl-3.0.18/test/recipes/80-test_cms.t | 17 openssl-3.0.18/test/recipes/90-test_store_cases.t | 26 + openssl-3.0.18/test/recipes/90-test_threads_data/store/8489a545.0 | 19 openssl-3.0.18/test/testec-sm2.pem | 5 openssl-3.0.18/test/threadstest.c | 70 +++ 100 files changed, 805 insertions(+), 699 deletions(-) diff -Nru openssl-3.0.17/CHANGES.md openssl-3.0.18/CHANGES.md --- openssl-3.0.17/CHANGES.md 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/CHANGES.md 2025-09-30 13:12:07.000000000 +0000 @@ -28,6 +28,74 @@ [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.17 and 3.0.18 [30 Sep 2025] + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap + + Issue summary: An application trying to decrypt CMS messages encrypted using + password based encryption can trigger an out-of-bounds read and write. + + Impact summary: This out-of-bounds read may trigger a crash which leads to + Denial of Service for an application. The out-of-bounds write can cause + a memory corruption which can have various consequences including + a Denial of Service or Execution of attacker-supplied code. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9230]) + + *Viktor Dukhovni* + + * Fix Out-of-bounds read in HTTP client no_proxy handling + + Issue summary: An application using the OpenSSL HTTP client API functions + may trigger an out-of-bounds read if the "no_proxy" environment variable is + set and the host portion of the authority component of the HTTP URL is an + IPv6 address. + + Impact summary: An out-of-bounds read can trigger a crash which leads to + Denial of Service for an application. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9232]) + + *Stanislav Fort* + + * Avoided a potential race condition introduced in 3.0.17, where + `OSSL_STORE_CTX` kept open during lookup while potentially being used + by multiple threads simultaneously, that could lead to potential crashes + when multiple concurrent TLS connections are served. + + *Matt Caswell* + + * Secure memory allocation calls are no longer used for HMAC keys. + + *Dr Paul Dale* + + * `openssl req` no longer generates certificates with an empty extension list + when SKID/AKID are set to `none` during generation. + + *David Benjamin* + + * The man page date is now derived from the release date provided + in `VERSION.dat` and not the current date for the released builds. + + *Enji Cooper* + + * Hardened the provider implementation of the RSA public key "encrypt" + operation to add a missing check that the caller-indicated output buffer + size is at least as large as the byte count of the RSA modulus. The issue + was reported by Arash Ale Ebrahim from SYSPWN. + + This operation is typically invoked via `EVP_PKEY_encrypt(3)`. Callers that + in fact provide a sufficiently large buffer, but fail to correctly indicate + its size may now encounter unexpected errors. In applications that attempt + RSA public encryption into a buffer that is too small, an out-of-bounds + write is now avoided and an error is reported instead. + + *Viktor Dukhovni* + ### Changes between 3.0.16 and 3.0.17 [1 Jul 2025] * none yet @@ -19962,6 +20030,8 @@ +[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 +[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 diff -Nru openssl-3.0.17/Configurations/50-nonstop.conf openssl-3.0.18/Configurations/50-nonstop.conf --- openssl-3.0.17/Configurations/50-nonstop.conf 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/Configurations/50-nonstop.conf 2025-09-30 13:12:07.000000000 +0000 @@ -167,12 +167,14 @@ # Build models 'nonstop-model-put' => { template => 1, + disable => [ 'secure-memory' ], defines => ['_PUT_MODEL_', '_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'], ex_libs => '-lput', }, 'nonstop-model-spt' => { template => 1, + disable => [ 'secure-memory' ], defines => ['_SPT_MODEL_', '_REENTRANT', '_ENABLE_FLOSS_THREADS'], ex_libs => '-lspt', diff -Nru openssl-3.0.17/Configurations/unix-Makefile.tmpl openssl-3.0.18/Configurations/unix-Makefile.tmpl --- openssl-3.0.17/Configurations/unix-Makefile.tmpl 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/Configurations/unix-Makefile.tmpl 2025-09-30 13:12:07.000000000 +0000 @@ -3,6 +3,8 @@ ## ## {- join("\n## ", @autowarntext) -} {- + use Time::Piece; + use OpenSSL::Util; our $makedep_scheme = $config{makedep_scheme}; @@ -68,6 +70,15 @@ VERSION={- "$config{full_version}" -} VERSION_NUMBER={- "$config{version}" -} +RELEASE_DATE={- my $t = localtime; + if ($config{"release_date"}) { + # Provide the user with a more meaningful error message + # than the default internal parsing error from + # `Time::Piece->strptime(..)`. + eval { $t = Time::Piece->strptime($config{"release_date"}, "%d %b %Y"); } || + die "Parsing \$config{release_date} ('$config{release_date}') failed: $@"; + } + $t->strftime("%Y-%m-%d") -} MAJOR={- $config{major} -} MINOR={- $config{minor} -} SHLIB_VERSION_NUMBER={- $config{shlib_version} -} @@ -1540,7 +1551,8 @@ return <<"EOF"; $args{src}: $pod pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\ - --release=\$(VERSION) $pod >\$\@ + --date=\$(RELEASE_DATE) --release=\$(VERSION) \\ + $pod >\$\@ EOF } elsif (platform->isdef($args{src})) { # diff -Nru openssl-3.0.17/NEWS.md openssl-3.0.18/NEWS.md --- openssl-3.0.17/NEWS.md 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/NEWS.md 2025-09-30 13:12:07.000000000 +0000 @@ -18,6 +18,19 @@ OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.17 and OpenSSL 3.0.18 [30 Sep 2025] + +OpenSSL 3.0.18 is a security patch release. The most severe CVE fixed in this +release is Moderate. + +This release incorporates the following bug fixes and mitigations: + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. + ([CVE-2025-9230]) + + * Fix Out-of-bounds read in HTTP client no_proxy handling. + ([CVE-2025-9232]) + ### Major changes between OpenSSL 3.0.16 and OpenSSL 3.0.17 [1 Jul 2025] OpenSSL 3.0.17 is a bug fix release. @@ -1516,7 +1529,8 @@ * Support for various new platforms - +[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 +[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 diff -Nru openssl-3.0.17/VERSION.dat openssl-3.0.18/VERSION.dat --- openssl-3.0.17/VERSION.dat 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/VERSION.dat 2025-09-30 13:12:07.000000000 +0000 @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=17 +PATCH=18 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="1 Jul 2025" +RELEASE_DATE="30 Sep 2025" SHLIB_VERSION=3 diff -Nru openssl-3.0.17/apps/asn1parse.c openssl-3.0.18/apps/asn1parse.c --- openssl-3.0.17/apps/asn1parse.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/apps/asn1parse.c 2025-09-30 13:12:07.000000000 +0000 @@ -40,8 +40,8 @@ {"length", OPT_LENGTH, 'p', "length of section in file"}, {"strparse", OPT_STRPARSE, 'p', "offset; a series of these can be used to 'dig'"}, - {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, + {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"}, {"strictpem", OPT_STRICTPEM, 0, "do not attempt base64 decode outside PEM markers"}, diff -Nru openssl-3.0.17/apps/cms.c openssl-3.0.18/apps/cms.c --- openssl-3.0.17/apps/cms.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/apps/cms.c 2025-09-30 13:12:07.000000000 +0000 @@ -1246,6 +1246,7 @@ goto end; } if (ret <= 0) { + BIO_printf(bio_err, "Error writing CMS output\n"); ret = 6; goto end; } diff -Nru openssl-3.0.17/apps/ecparam.c openssl-3.0.18/apps/ecparam.c --- openssl-3.0.17/apps/ecparam.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/apps/ecparam.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -243,9 +243,17 @@ goto end; } } else { - params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters"); - if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC")) + params_key = load_keyparams_suppress(infile, informat, 1, "EC", + "EC parameters", 1); + if (params_key == NULL) + params_key = load_keyparams_suppress(infile, informat, 1, "SM2", + "SM2 parameters", 1); + + if (params_key == NULL) { + BIO_printf(bio_err, "Unable to load parameters from %s\n", infile); goto end; + } + if (point_format && !EVP_PKEY_set_utf8_string_param( params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, diff -Nru openssl-3.0.17/apps/enc.c openssl-3.0.18/apps/enc.c --- openssl-3.0.17/apps/enc.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/apps/enc.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -234,6 +234,8 @@ goto opthelp; if (k) n *= 1024; + if (n > INT_MAX) + goto opthelp; bsize = (int)n; break; case OPT_K: diff -Nru openssl-3.0.17/apps/include/apps.h openssl-3.0.18/apps/include/apps.h --- openssl-3.0.17/apps/include/apps.h 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/apps/include/apps.h 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -94,7 +94,6 @@ /* We need both wrap and the "real" function because libcrypto uses both. */ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); -int chopup_args(ARGS *arg, char *buf); void dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, const X509_NAME *nm); void print_bignum_var(BIO *, const BIGNUM *, const char*, diff -Nru openssl-3.0.17/apps/lib/apps.c openssl-3.0.18/apps/lib/apps.c --- openssl-3.0.17/apps/lib/apps.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/apps/lib/apps.c 2025-09-30 13:12:07.000000000 +0000 @@ -90,54 +90,6 @@ int app_init(long mesgwin); -int chopup_args(ARGS *arg, char *buf) -{ - int quoted; - char c = '\0', *p = NULL; - - arg->argc = 0; - if (arg->size == 0) { - arg->size = 20; - arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); - } - - for (p = buf;;) { - /* Skip whitespace. */ - while (*p && isspace(_UC(*p))) - p++; - if (*p == '\0') - break; - - /* The start of something good :-) */ - if (arg->argc >= arg->size) { - char **tmp; - arg->size += 20; - tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size); - if (tmp == NULL) - return 0; - arg->argv = tmp; - } - quoted = *p == '\'' || *p == '"'; - if (quoted) - c = *p++; - arg->argv[arg->argc++] = p; - - /* now look for the end of this */ - if (quoted) { - while (*p && *p != c) - p++; - *p++ = '\0'; - } else { - while (*p && !isspace(_UC(*p))) - p++; - if (*p) - *p++ = '\0'; - } - } - arg->argv[arg->argc] = NULL; - return 1; -} - #ifndef APP_INIT int app_init(long mesgwin) { diff -Nru openssl-3.0.17/apps/ocsp.c openssl-3.0.18/apps/ocsp.c --- openssl-3.0.17/apps/ocsp.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/apps/ocsp.c 2025-09-30 13:12:07.000000000 +0000 @@ -666,7 +666,8 @@ resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); - send_ocsp_response(cbio, resp); + if (resp != NULL) + send_ocsp_response(cbio, resp); } goto done_resp; } @@ -764,16 +765,18 @@ BIO_free(derbio); } - i = OCSP_response_status(resp); - if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%d)\n", - OCSP_response_status_str(i), i); - if (!ignore_err) + if (resp != NULL) { + i = OCSP_response_status(resp); + if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { + BIO_printf(out, "Responder Error: %s (%d)\n", + OCSP_response_status_str(i), i); + if (!ignore_err) goto end; - } + } - if (resp_text) - OCSP_RESPONSE_print(out, resp, 0); + if (resp_text) + OCSP_RESPONSE_print(out, resp, 0); + } /* If running as responder don't verify our own response */ if (cbio != NULL) { diff -Nru openssl-3.0.17/apps/storeutl.c openssl-3.0.18/apps/storeutl.c --- openssl-3.0.17/apps/storeutl.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/apps/storeutl.c 2025-09-30 13:12:07.000000000 +0000 @@ -335,14 +335,22 @@ static int indent_printf(int indent, BIO *bio, const char *format, ...) { va_list args; - int ret; + int ret, vret; + + ret = BIO_printf(bio, "%*s", indent, ""); + if (ret < 0) + return ret; va_start(args, format); + vret = BIO_vprintf(bio, format, args); + va_end(args); - ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args); + if (vret < 0) + return vret; + if (vret > INT_MAX - ret) + return INT_MAX; - va_end(args); - return ret; + return ret + vret; } static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, diff -Nru openssl-3.0.17/crypto/aes/asm/aes-s390x.pl openssl-3.0.18/crypto/aes/asm/aes-s390x.pl --- openssl-3.0.17/crypto/aes/asm/aes-s390x.pl 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/aes/asm/aes-s390x.pl 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1431,6 +1431,9 @@ st${g} $s3,0($sp) # backchain la %r1,$stdframe($sp) + xc $stdframe+0(64,$sp),$stdframe+0($sp) # clear reserved/unused + # in parameter block + lmg $s2,$s3,0($key) # copy key stg $s2,$stdframe+80($sp) stg $s3,$stdframe+88($sp) diff -Nru openssl-3.0.17/crypto/asn1/asn_mime.c openssl-3.0.18/crypto/asn1/asn_mime.c --- openssl-3.0.17/crypto/asn1/asn_mime.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/asn1/asn_mime.c 2025-09-30 13:12:07.000000000 +0000 @@ -168,6 +168,19 @@ BIO_write(out, ",", 1); write_comma = 1; md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); + + /* RFC 8702 does not define a micalg for SHAKE, assuming "shake-" */ + if (md_nid == NID_shake128) { + if (BIO_puts(out, "shake-128") < 0) + goto err; + continue; + } + if (md_nid == NID_shake256) { + if (BIO_puts(out, "shake-256") < 0) + goto err; + continue; + } + md = EVP_get_digestbynid(md_nid); if (md && md->md_ctrl) { int rv; @@ -204,15 +217,15 @@ case NID_id_GostR3411_94: BIO_puts(out, "gostr3411-94"); - goto err; + break; case NID_id_GostR3411_2012_256: BIO_puts(out, "gostr3411-2012-256"); - goto err; + break; case NID_id_GostR3411_2012_512: BIO_puts(out, "gostr3411-2012-512"); - goto err; + break; default: if (have_unknown) { @@ -272,7 +285,8 @@ BIO_printf(bio, "Content-Type: multipart/signed;"); BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); BIO_puts(bio, " micalg=\""); - asn1_write_micalg(bio, mdalgs); + if (!asn1_write_micalg(bio, mdalgs)) + return 0; BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", bound, mime_eol, mime_eol); BIO_printf(bio, "This is an S/MIME signed message%s%s", diff -Nru openssl-3.0.17/crypto/bio/bss_dgram.c openssl-3.0.18/crypto/bio/bss_dgram.c --- openssl-3.0.17/crypto/bio/bss_dgram.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/bio/bss_dgram.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -349,11 +349,11 @@ return ret; } -static long dgram_get_mtu_overhead(bio_dgram_data *data) +static long dgram_get_mtu_overhead(BIO_ADDR *addr) { long ret; - switch (BIO_ADDR_family(&data->peer)) { + switch (BIO_ADDR_family(addr)) { case AF_INET: /* * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP @@ -365,7 +365,8 @@ { # ifdef IN6_IS_ADDR_V4MAPPED struct in6_addr tmp_addr; - if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) + + if (BIO_ADDR_rawaddress(addr, &tmp_addr, NULL) && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) /* * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP @@ -492,11 +493,7 @@ &sockopt_len)) < 0 || sockopt_val < 0) { ret = 0; } else { - /* - * we assume that the transport protocol is UDP and no IP - * options are used. - */ - data->mtu = sockopt_val - 8 - 20; + data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); ret = data->mtu; } break; @@ -508,11 +505,7 @@ || sockopt_val < 0) { ret = 0; } else { - /* - * we assume that the transport protocol is UDP and no IPV6 - * options are used. - */ - data->mtu = sockopt_val - 8 - 40; + data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); ret = data->mtu; } break; @@ -526,7 +519,7 @@ # endif break; case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: - ret = -dgram_get_mtu_overhead(data); + ret = -dgram_get_mtu_overhead(&data->peer); switch (BIO_ADDR_family(&data->peer)) { case AF_INET: ret += 576; @@ -760,7 +753,7 @@ } break; case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: - ret = dgram_get_mtu_overhead(data); + ret = dgram_get_mtu_overhead(&data->peer); break; /* diff -Nru openssl-3.0.17/crypto/bio/bss_file.c openssl-3.0.18/crypto/bio/bss_file.c --- openssl-3.0.17/crypto/bio/bss_file.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/bio/bss_file.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -296,7 +296,7 @@ if (fp == NULL) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), "calling fopen(%s, %s)", - ptr, p); + (const char *)ptr, p); ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); ret = 0; break; diff -Nru openssl-3.0.17/crypto/cms/cms_pwri.c openssl-3.0.18/crypto/cms/cms_pwri.c --- openssl-3.0.17/crypto/cms/cms_pwri.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/cms/cms_pwri.c 2025-09-30 13:12:07.000000000 +0000 @@ -229,7 +229,7 @@ /* Check byte failure */ goto err; } - if (inlen < (size_t)(tmp[0] - 4)) { + if (inlen < 4 + (size_t)tmp[0]) { /* Invalid length value */ goto err; } diff -Nru openssl-3.0.17/crypto/dh/dh_key.c openssl-3.0.18/crypto/dh/dh_key.c --- openssl-3.0.17/crypto/dh/dh_key.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/dh/dh_key.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -263,7 +263,7 @@ int ok = 0; int generate_new_key = 0; #ifndef FIPS_MODULE - unsigned l; + int l; #endif BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -323,11 +323,13 @@ goto err; #else if (dh->params.q == NULL) { - /* secret exponent length, must satisfy 2^(l-1) <= p */ - if (dh->length != 0 - && dh->length >= BN_num_bits(dh->params.p)) + /* secret exponent length, must satisfy 2^l < (p-1)/2 */ + l = BN_num_bits(dh->params.p); + if (dh->length >= l) goto err; - l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1; + l -= 2; + if (dh->length != 0 && dh->length < l) + l = dh->length; if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; diff -Nru openssl-3.0.17/crypto/dh/dh_pmeth.c openssl-3.0.18/crypto/dh/dh_pmeth.c --- openssl-3.0.17/crypto/dh/dh_pmeth.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/dh/dh_pmeth.c 2025-09-30 13:12:07.000000000 +0000 @@ -410,7 +410,7 @@ } dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey); dhpub = EVP_PKEY_get0_DH(ctx->peerkey); - if (dhpub == NULL) { + if (dhpub == NULL || dh == NULL) { ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET); return 0; } diff -Nru openssl-3.0.17/crypto/evp/bio_ok.c openssl-3.0.18/crypto/evp/bio_ok.c --- openssl-3.0.17/crypto/evp/bio_ok.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/evp/bio_ok.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -557,7 +557,7 @@ { BIO_OK_CTX *ctx; EVP_MD_CTX *md; - unsigned long tl = 0; + size_t tl = 0; unsigned char tmp[EVP_MAX_MD_SIZE]; int md_size; @@ -568,15 +568,18 @@ goto berr; assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ - tl = ctx->buf[0]; - tl <<= 8; - tl |= ctx->buf[1]; - tl <<= 8; - tl |= ctx->buf[2]; - tl <<= 8; - tl |= ctx->buf[3]; + tl = ((size_t)ctx->buf[0] << 24) + | ((size_t)ctx->buf[1] << 16) + | ((size_t)ctx->buf[2] << 8) + | ((size_t)ctx->buf[3]); - if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) + if (tl > OK_BLOCK_SIZE) + goto berr; + + if (tl > SIZE_MAX - OK_BLOCK_BLOCK - (size_t)md_size) + goto berr; + + if (ctx->buf_len < tl + OK_BLOCK_BLOCK + (size_t)md_size) return 1; if (!EVP_DigestUpdate(md, @@ -584,7 +587,7 @@ goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { + if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, (size_t)md_size) == 0) { /* there might be parts from next block lurking around ! */ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; ctx->buf_len_save = ctx->buf_len; diff -Nru openssl-3.0.17/crypto/evp/ctrl_params_translate.c openssl-3.0.18/crypto/evp/ctrl_params_translate.c --- openssl-3.0.17/crypto/evp/ctrl_params_translate.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/evp/ctrl_params_translate.c 2025-09-30 13:12:07.000000000 +0000 @@ -1355,7 +1355,7 @@ if (i == OSSL_NELEM(str_value_map)) { ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE, "[action:%d, state:%d] padding name %s", - ctx->action_type, state, ctx->p1); + ctx->action_type, state, (const char *)ctx->p2); ctx->p1 = ret = -2; } else if (state == POST_CTRL_TO_PARAMS) { /* EVP_PKEY_CTRL_GET_RSA_PADDING weirdness explained further up */ diff -Nru openssl-3.0.17/crypto/evp/p_lib.c openssl-3.0.18/crypto/evp/p_lib.c --- openssl-3.0.17/crypto/evp/p_lib.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/evp/p_lib.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1095,15 +1095,14 @@ } else { const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - const char *supported_sig = - pkey->keymgmt->query_operation_name != NULL - ? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE) - : EVP_KEYMGMT_get0_name(pkey->keymgmt); - EVP_SIGNATURE *signature = NULL; - - signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL); - if (signature != NULL) { - EVP_SIGNATURE_free(signature); + EVP_SIGNATURE *sig; + const char *name; + + name = evp_keymgmt_util_query_operation_name(pkey->keymgmt, + OSSL_OP_SIGNATURE); + sig = EVP_SIGNATURE_fetch(libctx, name, NULL); + if (sig != NULL) { + EVP_SIGNATURE_free(sig); return 1; } } diff -Nru openssl-3.0.17/crypto/evp/p_seal.c openssl-3.0.18/crypto/evp/p_seal.c --- openssl-3.0.17/crypto/evp/p_seal.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/evp/p_seal.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,6 +56,7 @@ for (i = 0; i < npubk; i++) { size_t keylen = len; + size_t outlen = EVP_PKEY_get_size(pubk[i]); pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pubk[i], NULL); if (pctx == NULL) { @@ -64,9 +65,9 @@ } if (EVP_PKEY_encrypt_init(pctx) <= 0 - || EVP_PKEY_encrypt(pctx, ek[i], &keylen, key, keylen) <= 0) + || EVP_PKEY_encrypt(pctx, ek[i], &outlen, key, keylen) <= 0) goto err; - ekl[i] = (int)keylen; + ekl[i] = (int)outlen; EVP_PKEY_CTX_free(pctx); } pctx = NULL; diff -Nru openssl-3.0.17/crypto/http/http_lib.c openssl-3.0.18/crypto/http/http_lib.c --- openssl-3.0.17/crypto/http/http_lib.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/http/http_lib.c 2025-09-30 13:12:07.000000000 +0000 @@ -267,6 +267,7 @@ /* strip leading '[' and trailing ']' from escaped IPv6 address */ sl -= 2; strncpy(host, server + 1, sl); + host[sl] = '\0'; server = host; } diff -Nru openssl-3.0.17/crypto/info.c openssl-3.0.18/crypto/info.c --- openssl-3.0.17/crypto/info.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/info.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,6 +18,9 @@ #if defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" # define CPU_INFO_STR_LEN 128 +#elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC) +# include "crypto/ppc_arch.h" +# define CPU_INFO_STR_LEN 128 #elif defined(__s390__) || defined(__s390x__) # include "s390x_arch.h" # define CPU_INFO_STR_LEN 2048 @@ -62,6 +65,15 @@ BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), " env:%s", env); +# elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC) + const char *env; + + BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), + CPUINFO_PREFIX "OPENSSL_ppccap=0x%x", OPENSSL_ppccap_P); + if ((env = getenv("OPENSSL_ppccap")) != NULL) + BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); # elif defined(__s390__) || defined(__s390x__) const char *env; diff -Nru openssl-3.0.17/crypto/modes/siv128.c openssl-3.0.18/crypto/modes/siv128.c --- openssl-3.0.17/crypto/modes/siv128.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/modes/siv128.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -202,9 +202,12 @@ || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, sizeof(ctx->d.byte))) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); + ctx->cipher_ctx = NULL; EVP_MAC_CTX_free(ctx->mac_ctx_init); + ctx->mac_ctx_init = NULL; EVP_MAC_CTX_free(mac_ctx); EVP_MAC_free(ctx->mac); + ctx->mac = NULL; return 0; } EVP_MAC_CTX_free(mac_ctx); diff -Nru openssl-3.0.17/crypto/pkcs7/pk7_doit.c openssl-3.0.18/crypto/pkcs7/pk7_doit.c --- openssl-3.0.17/crypto/pkcs7/pk7_doit.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/pkcs7/pk7_doit.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -334,8 +334,11 @@ if (xalg->parameter == NULL) goto err; } - if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) + if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) { + ASN1_TYPE_free(xalg->parameter); + xalg->parameter = NULL; goto err; + } } /* Lets do the pub key stuff :-) */ diff -Nru openssl-3.0.17/crypto/property/property_parse.c openssl-3.0.18/crypto/property/property_parse.c --- openssl-3.0.17/crypto/property/property_parse.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/property/property_parse.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -642,7 +642,7 @@ } quotes = quote != '\0'; - if (*remain == 0) { + if (*remain <= (size_t)quotes) { *needed += 2 * quotes; return; } diff -Nru openssl-3.0.17/crypto/rand/randfile.c openssl-3.0.18/crypto/rand/randfile.c --- openssl-3.0.17/crypto/rand/randfile.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/rand/randfile.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -167,6 +167,10 @@ /* If given a bytecount, and we did it, break. */ if (bytes > 0 && (bytes -= i) <= 0) break; + + /* We can hit a signed integer overflow on the next iteration */ + if (ret > INT_MAX - RAND_LOAD_BUF_SIZE) + break; } OPENSSL_cleanse(buf, sizeof(buf)); diff -Nru openssl-3.0.17/crypto/sm2/sm2_sign.c openssl-3.0.18/crypto/sm2/sm2_sign.c --- openssl-3.0.17/crypto/sm2/sm2_sign.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/sm2/sm2_sign.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -217,6 +217,10 @@ BIGNUM *tmp = NULL; OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); + if (dA == NULL) { + ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY); + goto done; + } kG = EC_POINT_new(group); ctx = BN_CTX_new_ex(libctx); if (kG == NULL || ctx == NULL) { diff -Nru openssl-3.0.17/crypto/store/store_lib.c openssl-3.0.18/crypto/store/store_lib.c --- openssl-3.0.17/crypto/store/store_lib.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/store/store_lib.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -410,12 +410,6 @@ if (ctx->loader != NULL) OSSL_TRACE(STORE, "Loading next object\n"); - if (ctx->cached_info != NULL - && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { - sk_OSSL_STORE_INFO_free(ctx->cached_info); - ctx->cached_info = NULL; - } - if (ctx->cached_info != NULL) { v = sk_OSSL_STORE_INFO_shift(ctx->cached_info); } else { @@ -491,14 +485,23 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) { - int ret = 1; + int ret = 0; - if (ctx->fetched_loader != NULL) - ret = ctx->loader->p_eof(ctx->loader_ctx); + if (ctx->cached_info != NULL + && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { + sk_OSSL_STORE_INFO_free(ctx->cached_info); + ctx->cached_info = NULL; + } + + if (ctx->cached_info == NULL) { + ret = 1; + if (ctx->fetched_loader != NULL) + ret = ctx->loader->p_eof(ctx->loader_ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) - ret = ctx->loader->eof(ctx->loader_ctx); + if (ctx->fetched_loader == NULL) + ret = ctx->loader->eof(ctx->loader_ctx); #endif + } return ret != 0; } diff -Nru openssl-3.0.17/crypto/threads_pthread.c openssl-3.0.18/crypto/threads_pthread.c --- openssl-3.0.17/crypto/threads_pthread.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/threads_pthread.c 2025-09-30 13:12:07.000000000 +0000 @@ -38,7 +38,13 @@ # include -# ifdef PTHREAD_RWLOCK_INITIALIZER +/* + * The Non-Stop KLT thread model currently seems broken in its rwlock + * implementation + * Likewise is there a problem with the glibc implementation on riscv. + */ +# if defined(PTHREAD_RWLOCK_INITIALIZER) && !defined(_KLT_MODEL_) \ + && !defined(__riscv) # define USE_RWLOCK # endif diff -Nru openssl-3.0.17/crypto/x509/by_store.c openssl-3.0.18/crypto/x509/by_store.c --- openssl-3.0.17/crypto/x509/by_store.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/x509/by_store.c 2025-09-30 13:12:07.000000000 +0000 @@ -17,7 +17,6 @@ char *uri; OSSL_LIB_CTX *libctx; char *propq; - OSSL_STORE_CTX *ctx; } CACHED_STORE; DEFINE_STACK_OF(CACHED_STORE) @@ -27,14 +26,12 @@ const OSSL_STORE_SEARCH *criterion, int depth) { int ok = 0; - OSSL_STORE_CTX *ctx = store->ctx; + OSSL_STORE_CTX *ctx; X509_STORE *xstore = X509_LOOKUP_get_store(lctx); - if (ctx == NULL - && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq, - NULL, NULL, NULL, NULL, NULL)) == NULL) + if ((ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq, + NULL, NULL, NULL, NULL, NULL)) == NULL) return 0; - store->ctx = ctx; /* * We try to set the criterion, but don't care if it was valid or not. @@ -79,7 +76,6 @@ substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info); substore.libctx = store->libctx; substore.propq = store->propq; - substore.ctx = NULL; ok = cache_objects(lctx, &substore, criterion, depth - 1); } } else { @@ -105,7 +101,6 @@ break; } OSSL_STORE_close(ctx); - store->ctx = NULL; return ok; } @@ -114,7 +109,6 @@ static void free_store(CACHED_STORE *store) { if (store != NULL) { - OSSL_STORE_close(store->ctx); OPENSSL_free(store->uri); OPENSSL_free(store->propq); OPENSSL_free(store); @@ -148,6 +142,7 @@ { STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store)); + OSSL_STORE_CTX *sctx; if (store == NULL) { return 0; @@ -157,14 +152,20 @@ store->libctx = libctx; if (propq != NULL) store->propq = OPENSSL_strdup(propq); - store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL, - NULL, NULL, NULL); - if (store->ctx == NULL + /* + * We open this to check for errors now - so we can report those + * errors early. + */ + sctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL, + NULL, NULL, NULL); + if (sctx == NULL || (propq != NULL && store->propq == NULL) || store->uri == NULL) { + OSSL_STORE_close(sctx); free_store(store); return use_default; } + OSSL_STORE_close(sctx); if (stores == NULL) { stores = sk_CACHED_STORE_new_null(); @@ -184,7 +185,6 @@ store.uri = (char *)argp; store.libctx = libctx; store.propq = (char *)propq; - store.ctx = NULL; return cache_objects(ctx, &store, NULL, 0); } default: @@ -230,8 +230,14 @@ OSSL_STORE_SEARCH_free(criterion); - if (ok) + if (ok) { + X509_STORE *store = X509_LOOKUP_get_store(ctx); + + if (!X509_STORE_lock(store)) + return 0; tmp = X509_OBJECT_retrieve_by_subject(store_objects, type, name); + X509_STORE_unlock(store); + } ok = 0; if (tmp != NULL) { diff -Nru openssl-3.0.17/crypto/x509/t_req.c openssl-3.0.18/crypto/x509/t_req.c --- openssl-3.0.17/crypto/x509/t_req.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/x509/t_req.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,7 +40,7 @@ long l; int i; EVP_PKEY *pkey; - STACK_OF(X509_EXTENSION) *exts; + STACK_OF(X509_EXTENSION) *exts = NULL; char mlch = ' '; int nmindent = 0, printok = 0; @@ -191,6 +191,7 @@ goto err; } sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + exts = NULL; } } @@ -204,6 +205,7 @@ return 1; err: + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); return 0; } diff -Nru openssl-3.0.17/crypto/x509/t_x509.c openssl-3.0.18/crypto/x509/t_x509.c --- openssl-3.0.17/crypto/x509/t_x509.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/x509/t_x509.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -243,7 +243,8 @@ goto err; if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL) goto err; - i2d_X509_NAME(subj, &dertmp); + if (i2d_X509_NAME(subj, &dertmp) < 0) + goto err; md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq); if (md == NULL) diff -Nru openssl-3.0.17/crypto/x509/x509_ext.c openssl-3.0.18/crypto/x509/x509_ext.c --- openssl-3.0.17/crypto/x509/x509_ext.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/x509/x509_ext.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,9 +42,21 @@ return X509v3_get_ext(x->crl.extensions, loc); } +static X509_EXTENSION *delete_ext(STACK_OF(X509_EXTENSION) **sk, int loc) +{ + X509_EXTENSION *ret = X509v3_delete_ext(*sk, loc); + + /* Empty extension lists are omitted. */ + if (*sk != NULL && sk_X509_EXTENSION_num(*sk) == 0) { + sk_X509_EXTENSION_pop_free(*sk, X509_EXTENSION_free); + *sk = NULL; + } + return ret; +} + X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) { - return X509v3_delete_ext(x->crl.extensions, loc); + return delete_ext(&x->crl.extensions, loc); } void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) @@ -91,7 +103,7 @@ X509_EXTENSION *X509_delete_ext(X509 *x, int loc) { - return X509v3_delete_ext(x->cert_info.extensions, loc); + return delete_ext(&x->cert_info.extensions, loc); } int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) @@ -139,7 +151,7 @@ X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) { - return X509v3_delete_ext(x->extensions, loc); + return delete_ext(&x->extensions, loc); } int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) diff -Nru openssl-3.0.17/crypto/x509/x509_lu.c openssl-3.0.18/crypto/x509/x509_lu.c --- openssl-3.0.17/crypto/x509/x509_lu.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/x509/x509_lu.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -374,7 +374,6 @@ } if (!X509_STORE_lock(store)) { - obj->type = X509_LU_NONE; X509_OBJECT_free(obj); return 0; } diff -Nru openssl-3.0.17/crypto/x509/x509_vpm.c openssl-3.0.18/crypto/x509/x509_vpm.c --- openssl-3.0.17/crypto/x509/x509_vpm.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/crypto/x509/x509_vpm.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -614,6 +614,11 @@ { int num = OSSL_NELEM(default_table); + if (id < 0) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT); + return NULL; + } + if (id < num) return default_table + id; return sk_X509_VERIFY_PARAM_value(param_table, id - num); diff -Nru openssl-3.0.17/debian/changelog openssl-3.0.18/debian/changelog --- openssl-3.0.17/debian/changelog 2025-09-26 18:59:22.000000000 +0000 +++ openssl-3.0.18/debian/changelog 2025-11-01 11:54:37.000000000 +0000 @@ -1,3 +1,9 @@ +openssl (3.0.18-1~deb12u1) bookworm; urgency=medium + + * Import 3.0.18 + + -- Sebastian Andrzej Siewior Sat, 01 Nov 2025 12:54:37 +0100 + openssl (3.0.17-1~deb12u3) bookworm-security; urgency=medium * CVE-2025-9230 (Out-of-bounds read & write in RFC 3211 KEK Unwrap) diff -Nru openssl-3.0.17/debian/patches/Revert-Add-test_verify-tests.patch openssl-3.0.18/debian/patches/Revert-Add-test_verify-tests.patch --- openssl-3.0.17/debian/patches/Revert-Add-test_verify-tests.patch 2025-09-26 18:59:22.000000000 +0000 +++ openssl-3.0.18/debian/patches/Revert-Add-test_verify-tests.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,82 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Mon, 4 Aug 2025 20:02:54 +0200 -Subject: Revert "Add test_verify tests" - -This reverts commit a468bdb02531e ("Add test_verify tests") - -Avoid crashes in users, see https://bugs.debian.org/1110254 - -Signed-off-by: Sebastian Andrzej Siewior ---- - test/recipes/25-test_verify.t | 39 +++++---------------------------------- - 1 file changed, 5 insertions(+), 34 deletions(-) - -diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index 7bada5186d75..48bd837ec320 100644 ---- a/test/recipes/25-test_verify.t -+++ b/test/recipes/25-test_verify.t -@@ -10,7 +10,6 @@ - use strict; - use warnings; - --use Cwd qw(abs_path); - use File::Spec::Functions qw/canonpath/; - use File::Copy; - use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir ok_nofips with/; -@@ -18,19 +17,19 @@ use OpenSSL::Test::Utils; - - setup("test_verify"); - --my @certspath = qw(test certs); - sub verify { - my ($cert, $purpose, $trusted, $untrusted, @opts) = @_; -+ my @path = qw(test certs); - my @args = qw(openssl verify -auth_level 1); - push(@args, "-purpose", $purpose) if $purpose ne ""; - push(@args, @opts); -- for (@$trusted) { push(@args, "-trusted", srctop_file(@certspath, "$_.pem")) } -- for (@$untrusted) { push(@args, "-untrusted", srctop_file(@certspath, "$_.pem")) } -- push(@args, srctop_file(@certspath, "$cert.pem")); -+ for (@$trusted) { push(@args, "-trusted", srctop_file(@path, "$_.pem")) } -+ for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) } -+ push(@args, srctop_file(@path, "$cert.pem")); - run(app([@args])); - } - --plan tests => 175; -+plan tests => 166; - - # Canonical success - ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), -@@ -528,31 +527,3 @@ ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"], - "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", - "-explicit_policy"), - "Bad certificate policy"); -- --# CAstore option --my $rootcertname = "root-cert"; --my $rootcert = srctop_file(@certspath, "${rootcertname}.pem"); --sub vfy_root { verify($rootcertname, "", [], [], @_) } --ok(vfy_root("-CAfile", $rootcert), "CAfile"); --ok(vfy_root("-CAstore", $rootcert), "CAstore"); --ok(vfy_root("-CAstore", $rootcert, "-CAfile", $rootcert), "CAfile and existing CAstore"); --ok(!vfy_root("-CAstore", "non-existing", "-CAfile", $rootcert), "CAfile and non-existing CAstore"); --SKIP: { -- skip "file names with colons aren't supported on Windows and VMS", 2 -- if $^O =~ /^(MsWin32|VMS)$/; -- my $foo_file = "foo:cert.pem"; -- copy($rootcert, $foo_file); -- ok(vfy_root("-CAstore", $foo_file), "CAstore foo:file"); --} --my $foo_file = "cert.pem"; --copy($rootcert, $foo_file); --ok(vfy_root("-CAstore", $foo_file), "CAstore file"); --my $abs_cert = abs_path($rootcert); --# Windows file: URIs should have a path part starting with a slash, i.e. --# file://authority/C:/what/ever/foo.pem and file:///C:/what/ever/foo.pem --# file://C:/what/ever/foo.pem is non-standard and may not be accepted. --# See RFC 8089 for details. --$abs_cert = "/" . $abs_cert if ($^O eq "MSWin32"); --ok(vfy_root("-CAstore", "file://".$abs_cert), "CAstore file:///path"); --ok(vfy_root("-CAstore", "file://localhost".$abs_cert), "CAstore file://localhost/path"); --ok(!vfy_root("-CAstore", "file://otherhost".$abs_cert), "CAstore file://otherhost/path"); diff -Nru openssl-3.0.17/debian/patches/Revert-Drop-by-store-s-by_store_subject_ex.patch openssl-3.0.18/debian/patches/Revert-Drop-by-store-s-by_store_subject_ex.patch --- openssl-3.0.17/debian/patches/Revert-Drop-by-store-s-by_store_subject_ex.patch 2025-09-26 18:59:22.000000000 +0000 +++ openssl-3.0.18/debian/patches/Revert-Drop-by-store-s-by_store_subject_ex.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,66 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Mon, 4 Aug 2025 20:02:29 +0200 -Subject: Revert "Drop "by store"'s by_store_subject_ex()" - -This reverts commit 7141330fb98ce ("Drop "by store"'s by_store_subject_ex()"). - -Avoid crashes in users, see https://bugs.debian.org/1110254 - -Signed-off-by: Sebastian Andrzej Siewior ---- - crypto/x509/by_store.c | 18 +++++++++++++----- - 1 file changed, 13 insertions(+), 5 deletions(-) - -diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c -index e486fb0a9d94..fc6942a17855 100644 ---- a/crypto/x509/by_store.c -+++ b/crypto/x509/by_store.c -@@ -202,7 +202,8 @@ static int by_store_ctrl(X509_LOOKUP *ctx, int cmd, - } - - static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret) -+ const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret, -+ OSSL_LIB_CTX *libctx, const char *propq) - { - STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); - int i; -@@ -218,12 +219,13 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - return ok; - } - --static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -- const X509_NAME *name, X509_OBJECT *ret) -+static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -+ const X509_NAME *name, X509_OBJECT *ret, -+ OSSL_LIB_CTX *libctx, const char *propq) - { - OSSL_STORE_SEARCH *criterion = - OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */ -- int ok = by_store(ctx, type, criterion, ret); -+ int ok = by_store(ctx, type, criterion, ret, libctx, propq); - STACK_OF(X509_OBJECT) *store_objects = - X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx)); - X509_OBJECT *tmp = NULL; -@@ -271,6 +273,12 @@ static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - return ok; - } - -+static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, -+ const X509_NAME *name, X509_OBJECT *ret) -+{ -+ return by_store_subject_ex(ctx, type, name, ret, NULL, NULL); -+} -+ - /* - * We lack the implementations for get_by_issuer_serial, get_by_fingerprint - * and get_by_alias. There's simply not enough support in the X509_LOOKUP -@@ -288,7 +296,7 @@ static X509_LOOKUP_METHOD x509_store_lookup = { - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ -- NULL, /* get_by_subject_ex */ -+ by_store_subject_ex, - by_store_ctrl_ex - }; - diff -Nru openssl-3.0.17/debian/patches/Revert-Rework-the-by-store-X509_LOOKUP-method-to-open-the.patch openssl-3.0.18/debian/patches/Revert-Rework-the-by-store-X509_LOOKUP-method-to-open-the.patch --- openssl-3.0.17/debian/patches/Revert-Rework-the-by-store-X509_LOOKUP-method-to-open-the.patch 2025-09-26 18:59:22.000000000 +0000 +++ openssl-3.0.18/debian/patches/Revert-Rework-the-by-store-X509_LOOKUP-method-to-open-the.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,200 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Mon, 4 Aug 2025 20:02:43 +0200 -Subject: Revert "Rework the "by store" X509_LOOKUP method to open the given - URI early" - -This reverts commit 340383f5f49f8 ("Rework the "by store" X509_LOOKUP method to open the given URI early") - -Avoid crashes in users, see https://bugs.debian.org/1110254 - -Signed-off-by: Sebastian Andrzej Siewior ---- - crypto/x509/by_store.c | 111 ++++++++++++------------------------------------- - 1 file changed, 27 insertions(+), 84 deletions(-) - -diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c -index fc6942a17855..e538e0f6d1b7 100644 ---- a/crypto/x509/by_store.c -+++ b/crypto/x509/by_store.c -@@ -7,34 +7,23 @@ - * https://www.openssl.org/source/license.html - */ - --#include - #include - #include "internal/cryptlib.h" - #include "crypto/x509.h" - #include "x509_local.h" - --typedef struct cached_store_st { -- char *uri; -- OSSL_LIB_CTX *libctx; -- char *propq; -- OSSL_STORE_CTX *ctx; --} CACHED_STORE; -- --DEFINE_STACK_OF(CACHED_STORE) -- - /* Generic object loader, given expected type and criterion */ --static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store, -- const OSSL_STORE_SEARCH *criterion, int depth) -+static int cache_objects(X509_LOOKUP *lctx, const char *uri, -+ const OSSL_STORE_SEARCH *criterion, -+ int depth, OSSL_LIB_CTX *libctx, const char *propq) - { - int ok = 0; -- OSSL_STORE_CTX *ctx = store->ctx; -+ OSSL_STORE_CTX *ctx = NULL; - X509_STORE *xstore = X509_LOOKUP_get_store(lctx); - -- if (ctx == NULL -- && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq, -- NULL, NULL, NULL, NULL, NULL)) == NULL) -+ if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL, -+ NULL, NULL)) == NULL) - return 0; -- store->ctx = ctx; - - /* - * We try to set the criterion, but don't care if it was valid or not. -@@ -73,15 +62,9 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store, - * This is an entry in the "directory" represented by the current - * uri. if |depth| allows, dive into it. - */ -- if (depth > 0) { -- CACHED_STORE substore; -- -- substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info); -- substore.libctx = store->libctx; -- substore.propq = store->propq; -- substore.ctx = NULL; -- ok = cache_objects(lctx, &substore, criterion, depth - 1); -- } -+ if (depth > 0) -+ ok = cache_objects(lctx, OSSL_STORE_INFO_get0_NAME(info), -+ criterion, depth - 1, libctx, propq); - } else { - /* - * We know that X509_STORE_add_{cert|crl} increments the object's -@@ -105,38 +88,27 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store, - break; - } - OSSL_STORE_close(ctx); -- store->ctx = NULL; - - return ok; - } - - --static void free_store(CACHED_STORE *store) -+/* Because OPENSSL_free is a macro and for C type match */ -+static void free_uri(OPENSSL_STRING data) - { -- if (store != NULL) { -- OSSL_STORE_close(store->ctx); -- OPENSSL_free(store->uri); -- OPENSSL_free(store->propq); -- OPENSSL_free(store); -- } -+ OPENSSL_free(data); - } - - static void by_store_free(X509_LOOKUP *ctx) - { -- STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); -- sk_CACHED_STORE_pop_free(stores, free_store); -+ STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); -+ sk_OPENSSL_STRING_pop_free(uris, free_uri); - } - - static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, - long argl, char **retp, OSSL_LIB_CTX *libctx, - const char *propq) - { -- /* -- * In some cases below, failing to use the defaults shouldn't result in -- * an error. |use_default| is used as the return code in those cases. -- */ -- int use_default = argp == NULL; -- - switch (cmd) { - case X509_L_ADD_STORE: - /* If no URI is given, use the default cert dir as default URI */ -@@ -146,50 +118,21 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, - argp = X509_get_default_cert_dir(); - - { -- STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); -- CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store)); -+ STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); -+ char *data = OPENSSL_strdup(argp); - -- if (store == NULL) { -+ if (data == NULL) { - return 0; - } -- -- store->uri = OPENSSL_strdup(argp); -- store->libctx = libctx; -- if (propq != NULL) -- store->propq = OPENSSL_strdup(propq); -- store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL, -- NULL, NULL, NULL); -- if (store->ctx == NULL -- || (propq != NULL && store->propq == NULL) -- || store->uri == NULL) { -- free_store(store); -- return use_default; -+ if (uris == NULL) { -+ uris = sk_OPENSSL_STRING_new_null(); -+ X509_LOOKUP_set_method_data(ctx, uris); - } -- -- if (stores == NULL) { -- stores = sk_CACHED_STORE_new_null(); -- if (stores != NULL) -- X509_LOOKUP_set_method_data(ctx, stores); -- } -- if (stores == NULL || sk_CACHED_STORE_push(stores, store) <= 0) { -- free_store(store); -- return 0; -- } -- return 1; -+ return sk_OPENSSL_STRING_push(uris, data) > 0; - } -- case X509_L_LOAD_STORE: { -+ case X509_L_LOAD_STORE: - /* This is a shortcut for quick loading of specific containers */ -- CACHED_STORE store; -- -- store.uri = (char *)argp; -- store.libctx = libctx; -- store.propq = (char *)propq; -- store.ctx = NULL; -- return cache_objects(ctx, &store, NULL, 0); -- } -- default: -- /* Unsupported command */ -- return 0; -+ return cache_objects(ctx, argp, NULL, 0, libctx, propq); - } - - return 0; -@@ -205,13 +148,13 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq) - { -- STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); -+ STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); - int i; - int ok = 0; - -- for (i = 0; i < sk_CACHED_STORE_num(stores); i++) { -- ok = cache_objects(ctx, sk_CACHED_STORE_value(stores, i), criterion, -- 1 /* depth */); -+ for (i = 0; i < sk_OPENSSL_STRING_num(uris); i++) { -+ ok = cache_objects(ctx, sk_OPENSSL_STRING_value(uris, i), criterion, -+ 1 /* depth */, libctx, propq); - - if (ok) - break; diff -Nru openssl-3.0.17/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch openssl-3.0.18/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch --- openssl-3.0.17/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch 2025-09-26 18:59:22.000000000 +0000 +++ openssl-3.0.18/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -From: Viktor Dukhovni -Date: Thu, 11 Sep 2025 18:10:12 +0200 -Subject: kek_unwrap_key(): Fix incorrect check of unwrapped key size - -Fixes CVE-2025-9230 - -The check is off by 8 bytes so it is possible to overread by -up to 8 bytes and overwrite up to 4 bytes. ---- - crypto/cms/cms_pwri.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c -index d5c3c8d399df..33a7ccaa76a3 100644 ---- a/crypto/cms/cms_pwri.c -+++ b/crypto/cms/cms_pwri.c -@@ -229,7 +229,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, - /* Check byte failure */ - goto err; - } -- if (inlen < (size_t)(tmp[0] - 4)) { -+ if (inlen < 4 + (size_t)tmp[0]) { - /* Invalid length value */ - goto err; - } diff -Nru openssl-3.0.17/debian/patches/man-section.patch openssl-3.0.18/debian/patches/man-section.patch --- openssl-3.0.17/debian/patches/man-section.patch 2025-09-26 18:59:22.000000000 +0000 +++ openssl-3.0.18/debian/patches/man-section.patch 2025-11-01 11:50:22.000000000 +0000 @@ -7,10 +7,10 @@ 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index d2b0797a7edf..d48a1d541173 100644 +index a68ae9f26fa1..d48105a86cb7 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -318,7 +318,8 @@ HTMLDIR=$(DOCDIR)/html +@@ -329,7 +329,8 @@ HTMLDIR=$(DOCDIR)/html # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. @@ -20,12 +20,12 @@ HTMLSUFFIX=html # For "optional" echo messages, to get "real" silence -@@ -1539,7 +1540,7 @@ EOF +@@ -1550,7 +1551,7 @@ EOF my $pod = $gen0; return <<"EOF"; $args{src}: $pod - pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\ + pod2man --name=$name --section=$section\$(MANSECTION) --center=OpenSSL \\ - --release=\$(VERSION) $pod >\$\@ + --date=\$(RELEASE_DATE) --release=\$(VERSION) \\ + $pod >\$\@ EOF - } elsif (platform->isdef($args{src})) { diff -Nru openssl-3.0.17/debian/patches/series openssl-3.0.18/debian/patches/series --- openssl-3.0.17/debian/patches/series 2025-09-26 18:59:22.000000000 +0000 +++ openssl-3.0.18/debian/patches/series 2025-11-01 11:50:22.000000000 +0000 @@ -7,8 +7,3 @@ Remove-the-provider-section.patch conf-Serialize-allocation-free-of-ssl_names.patch Fix-tests-for-new-default-security-level.patch -Revert-Drop-by-store-s-by_store_subject_ex.patch -Revert-Rework-the-by-store-X509_LOOKUP-method-to-open-the.patch -Revert-Add-test_verify-tests.patch -use_proxy-Add-missing-terminating-NUL-byte.patch -kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch diff -Nru openssl-3.0.17/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch openssl-3.0.18/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch --- openssl-3.0.17/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch 2025-09-26 18:59:22.000000000 +0000 +++ openssl-3.0.18/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -From: Tomas Mraz -Date: Thu, 11 Sep 2025 18:43:55 +0200 -Subject: use_proxy(): Add missing terminating NUL byte - -Fixes CVE-2025-9232 - -There is a missing terminating NUL byte after strncpy() call. -Issue and a proposed fix reported by Stanislav Fort (Aisle Research). ---- - crypto/http/http_lib.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c -index 9c41f57541d7..614fd200b7c0 100644 ---- a/crypto/http/http_lib.c -+++ b/crypto/http/http_lib.c -@@ -267,6 +267,7 @@ static int use_proxy(const char *no_proxy, const char *server) - /* strip leading '[' and trailing ']' from escaped IPv6 address */ - sl -= 2; - strncpy(host, server + 1, sl); -+ host[sl] = '\0'; - server = host; - } - diff -Nru openssl-3.0.17/demos/bio/saccept.c openssl-3.0.18/demos/bio/saccept.c --- openssl-3.0.17/demos/bio/saccept.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/demos/bio/saccept.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,7 +49,8 @@ { char *port = NULL; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; char buf[512]; int ret = EXIT_FAILURE, i; @@ -79,6 +80,7 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; /* Arrange to leave server loop on interrupt */ sigsetup(); @@ -117,5 +119,6 @@ if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff -Nru openssl-3.0.17/demos/bio/server-arg.c openssl-3.0.18/demos/bio/server-arg.c --- openssl-3.0.17/demos/bio/server-arg.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/demos/bio/server-arg.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,8 @@ int main(int argc, char *argv[]) { char *port = "*:4433"; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; SSL_CONF_CTX *cctx; char buf[512]; @@ -105,6 +106,7 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; again: /* @@ -140,5 +142,6 @@ if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff -Nru openssl-3.0.17/demos/bio/server-cmod.c openssl-3.0.18/demos/bio/server-cmod.c --- openssl-3.0.17/demos/bio/server-cmod.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/demos/bio/server-cmod.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,8 @@ unsigned char buf[512]; char *port = "*:4433"; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; int ret = EXIT_FAILURE, i; @@ -52,6 +53,7 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; again: /* @@ -90,5 +92,6 @@ if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff -Nru openssl-3.0.17/demos/bio/server-conf.c openssl-3.0.18/demos/bio/server-conf.c --- openssl-3.0.17/demos/bio/server-conf.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/demos/bio/server-conf.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,8 @@ { char *port = "*:4433"; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; SSL_CONF_CTX *cctx = NULL; CONF *conf = NULL; @@ -97,6 +98,7 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; again: /* @@ -135,5 +137,6 @@ if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff -Nru openssl-3.0.17/demos/cms/cms_ddec.c openssl-3.0.18/demos/cms/cms_ddec.c --- openssl-3.0.17/demos/cms/cms_ddec.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/demos/cms/cms_ddec.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,7 +57,7 @@ /* Open file containing detached content */ dcont = BIO_new_file("smencr.out", "rb"); - if (!in) + if (dcont == NULL) goto err; out = BIO_new_file("encrout.txt", "w"); diff -Nru openssl-3.0.17/demos/cms/cms_denc.c openssl-3.0.18/demos/cms/cms_denc.c --- openssl-3.0.17/demos/cms/cms_denc.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/demos/cms/cms_denc.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,7 +57,7 @@ dout = BIO_new_file("smencr.out", "wb"); - if (!in) + if (in == NULL || dout == NULL) goto err; /* encrypt content */ diff -Nru openssl-3.0.17/demos/pkey/EVP_PKEY_RSA_keygen.c openssl-3.0.18/demos/pkey/EVP_PKEY_RSA_keygen.c --- openssl-3.0.17/demos/pkey/EVP_PKEY_RSA_keygen.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/demos/pkey/EVP_PKEY_RSA_keygen.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /*- - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -254,7 +254,7 @@ if (argc > 1) { bits_i = atoi(argv[1]); - if (bits < 512) { + if (bits_i < 512) { fprintf(stderr, "Invalid RSA key size\n"); return 1; } diff -Nru openssl-3.0.17/doc/man1/openssl-enc.pod.in openssl-3.0.18/doc/man1/openssl-enc.pod.in --- openssl-3.0.17/doc/man1/openssl-enc.pod.in 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man1/openssl-enc.pod.in 2025-09-30 13:12:07.000000000 +0000 @@ -180,9 +180,12 @@ Print out the key and IV used then immediately exit: don't do any encryption or decryption. -=item B<-bufsize> I +=item B<-bufsize> I[B] Set the buffer size for I/O. +The maximum size that can be specified is B<2^31-1> (2147483647) bytes. +The B suffix can be specified to indicate that I is provided +in kibibytes (multiples of 1024 bytes). =item B<-nopad> @@ -251,7 +254,7 @@ implications if not used correctly. A beginner is advised to just use a strong block cipher, such as AES, in CBC mode. -All the block ciphers normally use PKCS#5 padding, also known as standard +All the block ciphers normally use PKCS#7 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. @@ -458,7 +461,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/BN_generate_prime.pod openssl-3.0.18/doc/man3/BN_generate_prime.pod --- openssl-3.0.17/doc/man3/BN_generate_prime.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/BN_generate_prime.pod 2025-09-30 13:12:07.000000000 +0000 @@ -130,7 +130,7 @@ If B

passes all these tests, it is considered a probable prime. The test performed on B

are trial division by a number of small primes -and rounds of the of the Miller-Rabin probabilistic primality test. +and rounds of the Miller-Rabin probabilistic primality test. The functions do at least 64 rounds of the Miller-Rabin test giving a maximum false positive rate of 2^-128. @@ -148,7 +148,7 @@ BN_is_prime_fasttest() and BN_is_prime() behave just like BN_is_prime_fasttest_ex() and BN_is_prime_ex() respectively, but with the old -style call back. +style callback. B is a preallocated B (to save the overhead of allocating and freeing the structure in a loop), or B. @@ -246,7 +246,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/EVP_EncryptInit.pod openssl-3.0.18/doc/man3/EVP_EncryptInit.pod --- openssl-3.0.17/doc/man3/EVP_EncryptInit.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/EVP_EncryptInit.pod 2025-09-30 13:12:07.000000000 +0000 @@ -744,7 +744,7 @@ =item "tag" (B) Gets or sets the AEAD tag for the associated cipher context I. -See L. +See L. =item "keybits" (B) @@ -1746,7 +1746,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/EVP_PKEY_new.pod openssl-3.0.18/doc/man3/EVP_PKEY_new.pod --- openssl-3.0.17/doc/man3/EVP_PKEY_new.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/EVP_PKEY_new.pod 2025-09-30 13:12:07.000000000 +0000 @@ -168,7 +168,19 @@ The structure returned by EVP_PKEY_new() is empty. To add a private or public key to this empty structure use the appropriate functions described in L, L, L or -L. +L for legacy key types implemented in internal +OpenSSL providers. + +For fully provider-managed key types (see L), +possibly implemented in external providers, use functions such as +L or L +to populate key data. + +Generally caution is advised for using an B structure across +different library contexts: In order for an B to be shared by +multiple library contexts the providers associated with the library contexts +must have key managers that support the key type and implement the +OSSL_FUNC_keymgmt_import() and OSSL_FUNC_keymgmt_export() functions. =head1 RETURN VALUES @@ -210,7 +222,7 @@ =head1 COPYRIGHT -Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/EVP_aes_128_gcm.pod openssl-3.0.18/doc/man3/EVP_aes_128_gcm.pod --- openssl-3.0.17/doc/man3/EVP_aes_128_gcm.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/EVP_aes_128_gcm.pod 2025-09-30 13:12:07.000000000 +0000 @@ -127,7 +127,7 @@ AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode (GCM) and OCB Mode respectively. These ciphers require additional control -operations to function correctly, see the L +operations to function correctly, see the L section for details. =item EVP_aes_128_wrap(), @@ -184,7 +184,7 @@ =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/EVP_aria_128_gcm.pod openssl-3.0.18/doc/man3/EVP_aria_128_gcm.pod --- openssl-3.0.17/doc/man3/EVP_aria_128_gcm.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/EVP_aria_128_gcm.pod 2025-09-30 13:12:07.000000000 +0000 @@ -88,7 +88,7 @@ ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter Mode (GCM). These ciphers require additional control operations to function -correctly, see the L section for details. +correctly, see the L section for details. =back @@ -113,7 +113,7 @@ =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/EVP_chacha20.pod openssl-3.0.18/doc/man3/EVP_chacha20.pod --- openssl-3.0.17/doc/man3/EVP_chacha20.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/EVP_chacha20.pod 2025-09-30 13:12:07.000000000 +0000 @@ -36,7 +36,7 @@ Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key is 256 bits and the IV is 96 bits. This supports additional authenticated data (AAD) and produces a 128-bit authentication tag. See the -L section for more information. +L section for more information. =back @@ -64,7 +64,7 @@ =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/OPENSSL_secure_malloc.pod openssl-3.0.18/doc/man3/OPENSSL_secure_malloc.pod --- openssl-3.0.17/doc/man3/OPENSSL_secure_malloc.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/OPENSSL_secure_malloc.pod 2025-09-30 13:12:07.000000000 +0000 @@ -45,7 +45,12 @@ information might be stored, OpenSSL supports the concept of a "secure heap." The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your -threat model and concerns. +threat model and concerns. It should be noted that the secure heap +uses a single read/write lock, and therefore any operations +that involve allocation or freeing of secure heap memory are serialised, +blocking other threads. With that in mind, highly concurrent applications +should enable the secure heap with caution and be aware of the performance +implications for multi-threaded code. If a secure heap is used, then private key B values are stored there. This protects long-term storage of private keys, but will not necessarily @@ -135,7 +140,7 @@ =head1 COPYRIGHT -Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/OpenSSL_version.pod openssl-3.0.18/doc/man3/OpenSSL_version.pod --- openssl-3.0.17/doc/man3/OpenSSL_version.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/OpenSSL_version.pod 2025-09-30 13:12:07.000000000 +0000 @@ -238,9 +238,16 @@ The macros and functions described here were added in OpenSSL 3.0, except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num(). +=head1 BUGS + +There was a discrepancy between this manual and commentary + code +in F<< >>, where the latter suggested that the +four least significant bits of B could be +C<0x0f> in released OpenSSL versions. + =head1 COPYRIGHT -Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/PEM_read_CMS.pod openssl-3.0.18/doc/man3/PEM_read_CMS.pod --- openssl-3.0.17/doc/man3/PEM_read_CMS.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/PEM_read_CMS.pod 2025-09-30 13:12:07.000000000 +0000 @@ -84,9 +84,9 @@ =head1 DESCRIPTION -All of the functions described on this page are deprecated. -Applications should use OSSL_ENCODER_to_bio() and OSSL_DECODER_from_bio() -instead. +To replace the deprecated functions listed above, applications should use the +B type and OSSL_DECODER_from_bio() and OSSL_ENCODER_to_bio() to +read and write PEM data containing key parameters or private and public keys. In the description below, B> is used as a placeholder for any of the OpenSSL datatypes, such as B. @@ -142,7 +142,7 @@ =head1 COPYRIGHT -Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/RAND_load_file.pod openssl-3.0.18/doc/man3/RAND_load_file.pod --- openssl-3.0.17/doc/man3/RAND_load_file.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/RAND_load_file.pod 2025-09-30 13:12:07.000000000 +0000 @@ -19,7 +19,11 @@ RAND_load_file() reads a number of bytes from file B and adds them to the PRNG. If B is nonnegative, up to B are read; -if B is -1, the complete file is read. +if B is -1, the complete file is read (unless the file +is not a regular file, in that case a fixed number of bytes, +256 in the current implementation, is attempted to be read). +RAND_load_file() can read less than the complete file or the requested number +of bytes if it doesn't fit in the return value type. Do not load the same file multiple times unless its contents have been updated by RAND_write_file() between reads. Also, note that B should be adequately protected so that an @@ -77,7 +81,7 @@ =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/SSL_CIPHER_get_name.pod openssl-3.0.18/doc/man3/SSL_CIPHER_get_name.pod --- openssl-3.0.17/doc/man3/SSL_CIPHER_get_name.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/SSL_CIPHER_get_name.pod 2025-09-30 13:12:07.000000000 +0000 @@ -37,7 +37,7 @@ int SSL_CIPHER_is_aead(const SSL_CIPHER *c); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); - uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); + uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); =head1 DESCRIPTION @@ -203,7 +203,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/SSL_CTX_set_tmp_dh_callback.pod openssl-3.0.18/doc/man3/SSL_CTX_set_tmp_dh_callback.pod --- openssl-3.0.17/doc/man3/SSL_CTX_set_tmp_dh_callback.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/SSL_CTX_set_tmp_dh_callback.pod 2025-09-30 13:12:07.000000000 +0000 @@ -58,9 +58,11 @@ Typically applications should use well known DH parameters that have built-in support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto() configure OpenSSL to use the default built-in DH parameters for the B -and B objects respectively. Passing a value of 1 in the I parameter -switches the feature on, and passing a value of 0 switches it off. The default -setting is off. +and B objects respectively. Passing a value of 2 or 1 in the I +parameter switches it on. If the I parameter is set to 2, it will force +the DH key size to 1024 if the B or B security level +L is 0 or 1. Passing a value of 0 switches +it off. The default setting is off. If "auto" DH parameters are switched on then the parameters will be selected to be consistent with the size of the key associated with the server's certificate. @@ -112,7 +114,7 @@ =head1 COPYRIGHT -Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man3/SSL_SESSION_get0_hostname.pod openssl-3.0.18/doc/man3/SSL_SESSION_get0_hostname.pod --- openssl-3.0.17/doc/man3/SSL_SESSION_get0_hostname.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/SSL_SESSION_get0_hostname.pod 2025-09-30 13:12:07.000000000 +0000 @@ -23,9 +23,10 @@ =head1 DESCRIPTION -SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the -client when the session was created if it was accepted by the server. Otherwise -NULL is returned. +SSL_SESSION_get0_hostname() retrieves the Server Name Indication (SNI) value +that was sent by the client when the session was created if the server +acknowledged the client's SNI extension by including an empty SNI extension +in response. Otherwise NULL is returned. The value returned is a pointer to memory maintained within B and should not be free'd. @@ -44,8 +45,7 @@ =head1 RETURN VALUES -SSL_SESSION_get0_hostname() returns either a string or NULL based on if there -is the SNI value sent by client. +SSL_SESSION_get0_hostname() returns the SNI string if available, or NULL if not. SSL_SESSION_set1_hostname() returns 1 on success or 0 on error. diff -Nru openssl-3.0.17/doc/man3/d2i_X509.pod openssl-3.0.18/doc/man3/d2i_X509.pod --- openssl-3.0.17/doc/man3/d2i_X509.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man3/d2i_X509.pod 2025-09-30 13:12:07.000000000 +0000 @@ -500,8 +500,9 @@ B>() returns the number of bytes successfully encoded or a negative value if an error occurs. -B_bio>() and B_fp>() return 1 for success and 0 if an -error occurs. +B_bio>() and B_fp>(), +as well as i2d_ASN1_bio_stream(), +return 1 for success and 0 if an error occurs. =head1 EXAMPLES @@ -617,7 +618,7 @@ =head1 COPYRIGHT -Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man7/EVP_PKEY-DSA.pod openssl-3.0.18/doc/man7/EVP_PKEY-DSA.pod --- openssl-3.0.17/doc/man7/EVP_PKEY-DSA.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man7/EVP_PKEY-DSA.pod 2025-09-30 13:12:07.000000000 +0000 @@ -104,7 +104,7 @@ =head1 SEE ALSO L, -L +L, L, L, L, @@ -113,7 +113,7 @@ =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/doc/man7/EVP_PKEY-FFC.pod openssl-3.0.18/doc/man7/EVP_PKEY-FFC.pod --- openssl-3.0.17/doc/man7/EVP_PKEY-FFC.pod 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/doc/man7/EVP_PKEY-FFC.pod 2025-09-30 13:12:07.000000000 +0000 @@ -213,7 +213,7 @@ L, L, L, -L +L, L, L, L, @@ -222,7 +222,7 @@ =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.17/include/openssl/opensslv.h.in openssl-3.0.18/include/openssl/opensslv.h.in --- openssl-3.0.17/include/openssl/opensslv.h.in 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/include/openssl/opensslv.h.in 2025-09-30 13:12:07.000000000 +0000 @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,17 +89,12 @@ # define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}" -/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ -# ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0L -# else -# define _OPENSSL_VERSION_PRE_RELEASE 0xfL -# endif +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PP0L */ # define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) \ |(OPENSSL_VERSION_MINOR<<20) \ |(OPENSSL_VERSION_PATCH<<4) \ - |_OPENSSL_VERSION_PRE_RELEASE ) + |0x0L ) # ifdef __cplusplus } diff -Nru openssl-3.0.17/include/openssl/pem.h openssl-3.0.18/include/openssl/pem.h --- openssl-3.0.17/include/openssl/pem.h 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/include/openssl/pem.h 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -54,6 +54,8 @@ # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" +# define PEM_STRING_SM2PRIVATEKEY "SM2 PRIVATE KEY" +# define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 diff -Nru openssl-3.0.17/providers/decoders.inc openssl-3.0.18/providers/decoders.inc --- openssl-3.0.17/providers/decoders.inc 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/decoders.inc 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,6 +69,7 @@ # ifndef OPENSSL_NO_SM2 DECODER_w_structure("SM2", der, PrivateKeyInfo, sm2, no), DECODER_w_structure("SM2", der, SubjectPublicKeyInfo, sm2, no), +DECODER_w_structure("SM2", der, type_specific_no_pub, sm2, no), # endif #endif DECODER_w_structure("RSA", der, PrivateKeyInfo, rsa, yes), diff -Nru openssl-3.0.17/providers/fips-sources.checksums openssl-3.0.18/providers/fips-sources.checksums --- openssl-3.0.17/providers/fips-sources.checksums 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/fips-sources.checksums 2025-09-30 13:12:07.000000000 +0000 @@ -10,7 +10,7 @@ 88b6f8396cd9d86004743d5c3b0f72b7b8c3d5a2b00b0bbb761ba91ae5a7cdc8 crypto/aes/asm/aes-mips.pl 7ff9c96ef3d591d45d776fa4b244601ea0d9328e289aeab1e1b92436ce7d02ad crypto/aes/asm/aes-parisc.pl f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b crypto/aes/asm/aes-ppc.pl -ecbfe826f4c514810c3ee20e265f4f621149694c298554b2682e5de4f029f14f crypto/aes/asm/aes-s390x.pl +290ae2a09826d24e83763415a021e328d41a163f41cff8c9e3b882e973677f33 crypto/aes/asm/aes-s390x.pl ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1 crypto/aes/asm/aes-sparcv9.pl 2b3b9ac56bf54334d053857a24bdb08592151e8a7a60b89b8195846b7f8ee7b5 crypto/aes/asm/aes-x86_64.pl c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm/aesfx-sparcv9.pl @@ -261,7 +261,7 @@ b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c 9b5fbefe6b18f665b44f79d1d08a977b484064a9fba46506ed8e812e581e9d97 crypto/property/property.c 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h -b0b382ce829192d2537561cfb0fb5c7afb04305f321f7b3c91441b4ba99b9c92 crypto/property/property_parse.c +02ceadd33f54298eb4940cf0c00bea2b6d974d4707ea5e396369ab4d9cd0aac9 crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c dcc44eba5d01dc248c37ec7b394d48660627c0fa4933d2b93993e1f2ac4b71da crypto/provider_core.c @@ -344,7 +344,7 @@ 8da78169fa8c09dc3c29c9bf1602b22e88c5eac4815e274ba1864c166e31584b crypto/stack/stack.c 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c -0a085bd6a70d449c79783c7b11383ae427df28a19fd4651571003306079bb72f crypto/threads_pthread.c +9cdcc15b140141d2646945d9b37c08ab55c31c83b7008a1f8faa55671bd27449 crypto/threads_pthread.c f82715745b668297d71b66d05e6bfc3c817bf80bd967c0f33ca7ffbb6e347645 crypto/threads_win.c fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16 crypto/x86cpuid.pl @@ -443,7 +443,7 @@ 157797b450215f973eb10be96a04e58048ab9c131ad29427e80d0e37e230ed98 include/openssl/objects.h d25537af264684dff033dd8ae62b0348f868fcfec4aa51fa8f07bcfa4bd807ad include/openssl/objectserr.h fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970 include/openssl/opensslconf.h -1bf52d136e94f727a96651c1f48ad040482f35dae152519ccd585efd410b92f0 include/openssl/opensslv.h.in +6c1a8837bbba633db2a8951ff29ccfe09e7d2a24a37ee2af90f2d897c190da9a include/openssl/opensslv.h.in 767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20 include/openssl/param_build.h 30085f4d1b4934bb25ffe7aa9a30859966318a1b4d4dcea937c426e90e6e1984 include/openssl/params.h 097615b849375e2903967521f76c570512e5be47b8159fdbcd31e433f8a4cca7 include/openssl/prov_ssl.h @@ -500,7 +500,7 @@ f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h d3c95c9c6cc4e3b1a5e4b2bfb2ae735a4109d763bcda7b1e9b8f9eb253f79820 providers/fips/self_test_data.inc 629f619ad055723e42624230c08430a3ef53e17ab405dc0fd35499e9ca4e389c providers/fips/self_test_kats.c -99baeec10374301e90352ab637056104a8ea28a6880804f44c640d0c9ee16eba providers/implementations/asymciphers/rsa_enc.c +a4c71215f53775a80a92433a8ad2b949cc54436c5d131286bbc9ec4e97e2e9d5 providers/implementations/asymciphers/rsa_enc.c 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c 6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6 providers/implementations/ciphers/cipher_aes.h aef500281e7cd5a25a806a9bd45ec00a5b73984673202527dac5896fbcc9fa9c providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -552,7 +552,7 @@ dd07797d61988fd4124cfb920616df672938da80649fac5977bfd061c981edc5 providers/implementations/include/prov/ciphercommon_ccm.h 0c1e99d70155402a790e4de65923228c8df8ad970741caccfe8b513837457d7f providers/implementations/include/prov/ciphercommon_gcm.h b9a61ce951c1904d8315b1bb26c0ab0aaadb47e71d4ead5df0a891608c728c4b providers/implementations/include/prov/digestcommon.h -3e2558c36298cdb4fdaebe5a0cfa1dbbc78e0f60a9012f3a34e711cafb09c7b5 providers/implementations/include/prov/implementations.h +5f7ac2239579cf1ad503cf1644e8dae129179ff071abb1a1be1e0a4b69056469 providers/implementations/include/prov/implementations.h 5f09fc71874b00419d71646714f21ebbdcceda277463b6f77d3d3ea6946914e8 providers/implementations/include/prov/kdfexchange.h c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h 29d1a112b799e1f45fdf8bcee8361c2ed67428c250c1cdf408a9fbb7ebf4cce1 providers/implementations/include/prov/names.h @@ -577,7 +577,7 @@ 19f22fc70a6321441e56d5bd4aab3d01d52d17069d4e4b5cefce0f411ecece75 providers/implementations/keymgmt/rsa_kmgmt.c 5eb96ea2df635cf79c5aeccae270fbe896b5e6384a5b3e4b187ce8c10fe8dfc7 providers/implementations/macs/cmac_prov.c e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c -895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c +ba90013acb3a8725630cd71eda55ab735978930b73f2fd8f48a19800f365dfd3 providers/implementations/macs/hmac_prov.c 8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c f9457255fc57ef5739aa2584e535195e38cc947e31fd044d28d64c28c8a946ce providers/implementations/rands/drbg.c diff -Nru openssl-3.0.17/providers/fips.checksum openssl-3.0.18/providers/fips.checksum --- openssl-3.0.17/providers/fips.checksum 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/fips.checksum 2025-09-30 13:12:07.000000000 +0000 @@ -1 +1 @@ -0cbed2adf7acee36e3ef1906e6de0946b423cc9354c878e54bcbc7a363aeec0d providers/fips-sources.checksums +46b5dbc2fdaeae2a41830f026fddc5ec0c9b8c36936d420a7cf42aede2cb139c providers/fips-sources.checksums diff -Nru openssl-3.0.17/providers/implementations/asymciphers/rsa_enc.c openssl-3.0.18/providers/implementations/asymciphers/rsa_enc.c --- openssl-3.0.17/providers/implementations/asymciphers/rsa_enc.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/implementations/asymciphers/rsa_enc.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -136,22 +136,27 @@ size_t outsize, const unsigned char *in, size_t inlen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + size_t len = RSA_size(prsactx->rsa); int ret; if (!ossl_prov_is_running()) return 0; - if (out == NULL) { - size_t len = RSA_size(prsactx->rsa); + if (len == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } - if (len == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); - return 0; - } + if (out == NULL) { *outlen = len; return 1; } + if (outsize < len) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING) { int rsasize = RSA_size(prsactx->rsa); unsigned char *tbuf; diff -Nru openssl-3.0.17/providers/implementations/encode_decode/decode_der2key.c openssl-3.0.18/providers/implementations/encode_decode/decode_der2key.c --- openssl-3.0.17/providers/implementations/encode_decode/decode_der2key.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/implementations/encode_decode/decode_der2key.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -806,6 +806,7 @@ # ifndef OPENSSL_NO_SM2 MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo); MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo); +MAKE_DECODER("SM2", sm2, sm2, type_specific_no_pub); # endif #endif MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo); diff -Nru openssl-3.0.17/providers/implementations/encode_decode/decode_pem2der.c openssl-3.0.18/providers/implementations/encode_decode/decode_pem2der.c --- openssl-3.0.17/providers/implementations/encode_decode/decode_pem2der.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/implementations/encode_decode/decode_pem2der.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -119,6 +119,8 @@ { PEM_STRING_DSAPARAMS, OSSL_OBJECT_PKEY, "DSA", "type-specific" }, { PEM_STRING_ECPRIVATEKEY, OSSL_OBJECT_PKEY, "EC", "type-specific" }, { PEM_STRING_ECPARAMETERS, OSSL_OBJECT_PKEY, "EC", "type-specific" }, + { PEM_STRING_SM2PRIVATEKEY, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, + { PEM_STRING_SM2PARAMETERS, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, { PEM_STRING_RSA, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, { PEM_STRING_RSA_PUBLIC, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, diff -Nru openssl-3.0.17/providers/implementations/encode_decode/encode_key2text.c openssl-3.0.18/providers/implementations/encode_decode/encode_key2text.c --- openssl-3.0.17/providers/implementations/encode_decode/encode_key2text.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/implementations/encode_decode/encode_key2text.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -513,7 +513,8 @@ else if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) type_label = "Public-Key"; else if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) - type_label = "EC-Parameters"; + if (EC_GROUP_get_curve_name(group) != NID_sm2) + type_label = "EC-Parameters"; if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { const BIGNUM *priv_key = EC_KEY_get0_private_key(ec); @@ -539,8 +540,9 @@ goto err; } - if (BIO_printf(out, "%s: (%d bit)\n", type_label, - EC_GROUP_order_bits(group)) <= 0) + if (type_label != NULL + && BIO_printf(out, "%s: (%d bit)\n", type_label, + EC_GROUP_order_bits(group)) <= 0) goto err; if (priv != NULL && !print_labeled_buf(out, "priv:", priv, priv_len)) diff -Nru openssl-3.0.17/providers/implementations/include/prov/implementations.h openssl-3.0.18/providers/implementations/include/prov/implementations.h --- openssl-3.0.17/providers/implementations/include/prov/implementations.h 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/implementations/include/prov/implementations.h 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -498,6 +498,7 @@ #ifndef OPENSSL_NO_SM2 extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_sm2_decoder_functions[]; extern const OSSL_DISPATCH ossl_SubjectPublicKeyInfo_der_to_sm2_decoder_functions[]; +extern const OSSL_DISPATCH ossl_type_specific_no_pub_der_to_sm2_decoder_functions[]; #endif extern const OSSL_DISPATCH ossl_PrivateKeyInfo_der_to_rsa_decoder_functions[]; diff -Nru openssl-3.0.17/providers/implementations/kdfs/krb5kdf.c openssl-3.0.18/providers/implementations/kdfs/krb5kdf.c --- openssl-3.0.17/providers/implementations/kdfs/krb5kdf.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/implementations/kdfs/krb5kdf.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -329,7 +329,7 @@ { int klen, ret; - ret = EVP_EncryptInit_ex(ctx, cipher, engine, key, NULL); + ret = EVP_EncryptInit_ex(ctx, cipher, engine, NULL, NULL); if (!ret) goto out; /* set the key len for the odd variable key len cipher */ @@ -341,6 +341,9 @@ goto out; } } + ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL); + if (!ret) + goto out; /* we never want padding, either the length requested is a multiple of * the cipher block size or we are passed a cipher that can cope with * partial blocks via techniques like cipher text stealing */ diff -Nru openssl-3.0.17/providers/implementations/macs/hmac_prov.c openssl-3.0.18/providers/implementations/macs/hmac_prov.c --- openssl-3.0.17/providers/implementations/macs/hmac_prov.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/providers/implementations/macs/hmac_prov.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -94,7 +94,7 @@ if (macctx != NULL) { HMAC_CTX_free(macctx->ctx); ossl_prov_digest_reset(&macctx->digest); - OPENSSL_secure_clear_free(macctx->key, macctx->keylen); + OPENSSL_clear_free(macctx->key, macctx->keylen); OPENSSL_free(macctx); } } @@ -123,13 +123,13 @@ return NULL; } if (src->key != NULL) { - /* There is no "secure" OPENSSL_memdup */ - dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1); + dst->key = OPENSSL_malloc(src->keylen > 0 ? src->keylen : 1); if (dst->key == NULL) { hmac_free(dst); return 0; } - memcpy(dst->key, src->key, src->keylen); + if (src->keylen > 0) + memcpy(dst->key, src->key, src->keylen); } return dst; } @@ -154,12 +154,14 @@ const EVP_MD *digest; if (macctx->key != NULL) - OPENSSL_secure_clear_free(macctx->key, macctx->keylen); + OPENSSL_clear_free(macctx->key, macctx->keylen); /* Keep a copy of the key in case we need it for TLS HMAC */ - macctx->key = OPENSSL_secure_malloc(keylen > 0 ? keylen : 1); + macctx->key = OPENSSL_malloc(keylen > 0 ? keylen : 1); if (macctx->key == NULL) return 0; - memcpy(macctx->key, key, keylen); + + if (keylen > 0) + memcpy(macctx->key, key, keylen); macctx->keylen = keylen; digest = ossl_prov_digest_md(&macctx->digest); diff -Nru openssl-3.0.17/test/evp_extra_test.c openssl-3.0.18/test/evp_extra_test.c --- openssl-3.0.17/test/evp_extra_test.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/evp_extra_test.c 2025-09-30 13:12:07.000000000 +0000 @@ -3010,6 +3010,48 @@ return ret; } +static int test_RSA_encrypt(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + unsigned char *cbuf = NULL, *pbuf = NULL; + size_t clen = 0, plen = 0; + + if (!TEST_ptr(pkey = load_example_rsa_key()) + || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, + pkey, testpropq)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0) + || !TEST_ptr(cbuf = OPENSSL_malloc(clen)) + || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)) + goto done; + + /* Require failure when the output buffer is too small */ + plen = clen - 1; + if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0)) + goto done; + /* flush error stack */ + TEST_openssl_errors(); + + /* Check decryption of encrypted result */ + if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) + || !TEST_ptr(pbuf = OPENSSL_malloc(plen)) + || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) + || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)) + goto done; + + ret = 1; +done: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(pkey); + OPENSSL_free(cbuf); + OPENSSL_free(pbuf); + return ret; +} + #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) static int test_decrypt_null_chunks(void) { @@ -5464,6 +5506,7 @@ ADD_TEST(test_RSA_get_set_params); ADD_TEST(test_RSA_OAEP_set_get_params); ADD_TEST(test_RSA_OAEP_set_null_label); + ADD_TEST(test_RSA_encrypt); #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) ADD_TEST(test_decrypt_null_chunks); #endif diff -Nru openssl-3.0.17/test/fake_rsaprov.c openssl-3.0.18/test/fake_rsaprov.c --- openssl-3.0.17/test/fake_rsaprov.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/fake_rsaprov.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,6 +31,8 @@ static int exptypes_selection; static int query_id; +unsigned fake_rsa_query_operation_name = 0; + struct fake_rsa_keydata { int selection; int status; @@ -71,7 +73,7 @@ /* record global for checking */ query_id = id; - return "RSA"; + return fake_rsa_query_operation_name ? NULL: "RSA"; } static int fake_rsa_keymgmt_import(void *keydata, int selection, diff -Nru openssl-3.0.17/test/fake_rsaprov.h openssl-3.0.18/test/fake_rsaprov.h --- openssl-3.0.17/test/fake_rsaprov.h 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/fake_rsaprov.h 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,4 +12,13 @@ /* Fake RSA provider implementation */ OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx); void fake_rsa_finish(OSSL_PROVIDER *p); + OSSL_PARAM *fake_rsa_key_params(int priv); + +/* + * When fake_rsa_query_operation_name is set to a non-zero value, + * query_operation_name() will return NULL. + * + * By default, it is 0, in which case query_operation_name() will return "RSA". + */ +extern unsigned fake_rsa_query_operation_name; diff -Nru openssl-3.0.17/test/property_test.c openssl-3.0.18/test/property_test.c --- openssl-3.0.17/test/property_test.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/property_test.c 2025-09-30 13:12:07.000000000 +0000 @@ -665,6 +665,22 @@ return ret; } +static int test_property_list_to_string_bounds(void) +{ + OSSL_PROPERTY_LIST *pl = NULL; + char buf[16]; + int ret = 0; + + if (!TEST_ptr(pl = ossl_parse_query(NULL, "provider='$1'", 1))) + goto err; + if (!TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf, 10), 14)) + goto err; + ret = 1; + err: + ossl_property_free(pl); + return ret; +} + int setup_tests(void) { ADD_TEST(test_property_string); @@ -679,5 +695,6 @@ ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); + ADD_TEST(test_property_list_to_string_bounds); return 1; } diff -Nru openssl-3.0.17/test/provider_pkey_test.c openssl-3.0.18/test/provider_pkey_test.c --- openssl-3.0.17/test/provider_pkey_test.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/provider_pkey_test.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -237,6 +237,77 @@ return ret; } +static int test_pkey_can_sign(void) +{ + OSSL_PROVIDER *fake_rsa = NULL; + EVP_PKEY *pkey_fake = NULL; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM *params = NULL; + int ret = 0; + + if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx))) + return 0; + + /* + * Ensure other tests did not forget to reset fake_rsa_query_operation_name + * to its default value: 0 + */ + if (!TEST_int_eq(fake_rsa_query_operation_name, 0)) + goto end; + + if (!TEST_ptr(params = fake_rsa_key_params(0)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", + "provider=fake-rsa")) + || !TEST_true(EVP_PKEY_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY, + params)) + || !TEST_true(EVP_PKEY_can_sign(pkey_fake)) + || !TEST_ptr(pkey_fake)) + goto end; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(pkey_fake); + pkey_fake = NULL; + OSSL_PARAM_free(params); + params = NULL; + + /* + * Documented behavior for OSSL_FUNC_keymgmt_query_operation_name() + * allows it to return NULL, in which case the fallback should be to use + * EVP_KEYMGMT_get0_name(). That is exactly the thing we are testing here. + */ + fake_rsa_query_operation_name = 1; + + if (!TEST_ptr(params = fake_rsa_key_params(0)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", + "provider=fake-rsa")) + || !TEST_true(EVP_PKEY_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY, + params)) + || !TEST_true(EVP_PKEY_can_sign(pkey_fake)) + || !TEST_ptr(pkey_fake)) + goto end; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(pkey_fake); + pkey_fake = NULL; + OSSL_PARAM_free(params); + params = NULL; + + ret = 1; +end: + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey_fake); + OSSL_PARAM_free(params); + fake_rsa_query_operation_name = 0; + + fake_rsa_finish(fake_rsa); + return ret; +} + static int test_pkey_store(int idx) { OSSL_PROVIDER *deflt = NULL; @@ -297,6 +368,7 @@ ADD_TEST(test_pkey_sig); ADD_TEST(test_alternative_keygen_init); ADD_TEST(test_pkey_eq); + ADD_TEST(test_pkey_can_sign); ADD_ALL_TESTS(test_pkey_store, 2); return 1; diff -Nru openssl-3.0.17/test/recipes/15-test_ec.t openssl-3.0.18/test/recipes/15-test_ec.t --- openssl-3.0.17/test/recipes/15-test_ec.t 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/recipes/15-test_ec.t 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ plan skip_all => 'EC is not supported in this build' if disabled('ec'); -plan tests => 15; +plan tests => 16; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -33,6 +33,16 @@ tconversion( -type => 'ec', -prefix => 'ec-priv', -in => srctop_file("test","testec-p256.pem") ); }; + +SKIP: { + skip "SM2 is not supported by this OpenSSL build", 1 + if disabled("sm2"); + subtest 'EC conversions -- private key' => sub { + tconversion( -type => 'ec', -prefix => 'sm2-priv', + -in => srctop_file("test","testec-sm2.pem") ); + }; +} + subtest 'EC conversions -- private key PKCS#8' => sub { tconversion( -type => 'ec', -prefix => 'ec-pkcs8', -in => srctop_file("test","testec-p256.pem"), diff -Nru openssl-3.0.17/test/recipes/15-test_ecparam.t openssl-3.0.18/test/recipes/15-test_ecparam.t --- openssl-3.0.17/test/recipes/15-test_ecparam.t 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/recipes/15-test_ecparam.t 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,6 +25,10 @@ my @noncanon = glob(data_file("noncanon", "*.pem")); my @invalid = glob(data_file("invalid", "*.pem")); +if (disabled("sm2")) { + @valid = grep { !/sm2-.*\.pem/} @valid; +} + plan tests => 12; sub checkload { diff -Nru openssl-3.0.17/test/recipes/15-test_ecparam_data/valid/sm2-explicit.pem openssl-3.0.18/test/recipes/15-test_ecparam_data/valid/sm2-explicit.pem --- openssl-3.0.17/test/recipes/15-test_ecparam_data/valid/sm2-explicit.pem 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/test/recipes/15-test_ecparam_data/valid/sm2-explicit.pem 2025-09-30 13:12:07.000000000 +0000 @@ -0,0 +1,7 @@ +-----BEGIN SM2 PARAMETERS----- +MIHgAgEBMCwGByqGSM49AQECIQD////+/////////////////////wAAAAD///// +/////zBEBCD////+/////////////////////wAAAAD//////////AQgKOn6np2f +XjRNWp5Lz2UJp/OXifUVq4+S3by9QU2UDpMEQQQyxK4sHxmBGV+ZBEZqOcmUj+ML +v/JmC+FxWkWJM0x0x7w3NqL09necWb3O42tpIVPQqYd8xipHQALfMuUhOfCgAiEA +/////v///////////////3ID32shxgUrU7v0CTnVQSMCAQE= +-----END SM2 PARAMETERS----- diff -Nru openssl-3.0.17/test/recipes/15-test_ecparam_data/valid/sm2-named.pem openssl-3.0.18/test/recipes/15-test_ecparam_data/valid/sm2-named.pem --- openssl-3.0.17/test/recipes/15-test_ecparam_data/valid/sm2-named.pem 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/test/recipes/15-test_ecparam_data/valid/sm2-named.pem 2025-09-30 13:12:07.000000000 +0000 @@ -0,0 +1,3 @@ +-----BEGIN SM2 PARAMETERS----- +BggqgRzPVQGCLQ== +-----END SM2 PARAMETERS----- diff -Nru openssl-3.0.17/test/recipes/25-test_verify.t openssl-3.0.18/test/recipes/25-test_verify.t --- openssl-3.0.17/test/recipes/25-test_verify.t 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/recipes/25-test_verify.t 2025-09-30 13:12:07.000000000 +0000 @@ -537,9 +537,10 @@ ok(vfy_root("-CAstore", $rootcert), "CAstore"); ok(vfy_root("-CAstore", $rootcert, "-CAfile", $rootcert), "CAfile and existing CAstore"); ok(!vfy_root("-CAstore", "non-existing", "-CAfile", $rootcert), "CAfile and non-existing CAstore"); + SKIP: { - skip "file names with colons aren't supported on Windows and VMS", 2 - if $^O =~ /^(MsWin32|VMS)$/; + skip "file names with colons aren't supported on Windows and VMS", 1 + if $^O =~ /^(MSWin32|VMS)$/; my $foo_file = "foo:cert.pem"; copy($rootcert, $foo_file); ok(vfy_root("-CAstore", $foo_file), "CAstore foo:file"); diff -Nru openssl-3.0.17/test/recipes/30-test_evp_data/evpkdf_krb5.txt openssl-3.0.18/test/recipes/30-test_evp_data/evpkdf_krb5.txt --- openssl-3.0.17/test/recipes/30-test_evp_data/evpkdf_krb5.txt 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/recipes/30-test_evp_data/evpkdf_krb5.txt 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -129,3 +129,11 @@ Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92 Ctrl.hexconstant = hexconstant:0000000155 Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705 + +#Erroneous key size for the cipher as XTS has double key size +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-256-XTS +Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 +Ctrl.hexconstant = hexconstant:0000000255 +Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA +Result = KDF_DERIVE_ERROR diff -Nru openssl-3.0.17/test/recipes/80-test_cms.t openssl-3.0.18/test/recipes/80-test_cms.t --- openssl-3.0.17/test/recipes/80-test_cms.t 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/recipes/80-test_cms.t 2025-09-30 13:12:07.000000000 +0000 @@ -83,6 +83,15 @@ \&final_compare ], + [ "signed text content DER format, RSA key", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-certfile", $smroot, "-signer", $smrsa1, "-text", + "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", + "-text", "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], + [ "signed detached content DER format, RSA key", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -216,6 +225,14 @@ \&final_compare ], + [ "enveloped text content streaming S/MIME format, DES, 1 recipient", + [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, + "-stream", "-text", "-out", "{output}.cms", $smrsa1 ], + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1, + "-in", "{output}.cms", "-text", "-out", "{output}.txt" ], + \&final_compare + ], + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", diff -Nru openssl-3.0.17/test/recipes/90-test_store_cases.t openssl-3.0.18/test/recipes/90-test_store_cases.t --- openssl-3.0.17/test/recipes/90-test_store_cases.t 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/recipes/90-test_store_cases.t 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,9 +18,10 @@ my $test_name = "test_store_cases"; setup($test_name); -plan tests => 2; +plan tests => 3; my $stderr; +my @stdout; # The case of the garbage PKCS#12 DER file where a passphrase was # prompted for. That should not have happened. @@ -34,3 +35,24 @@ close DATA; ok(scalar @match > 0 ? 0 : 1, "checking that storeutl didn't ask for a passphrase"); + + SKIP: { + skip "The objects in test-BER.p12 contain EC keys, which is disabled in this build", 1 + if disabled("ec"); + skip "test-BER.p12 has contents encrypted with DES-EDE3-CBC, which is disabled in this build", 1 + if disabled("des"); + + # The case with a BER-encoded PKCS#12 file, using infinite + EOC + # constructs. There was a bug with those in OpenSSL 3.0 and newer, + # where OSSL_STORE_load() (and by consequence, 'openssl storeutl') + # only extracted the first available object from that file and + # ignored the rest. + # Our test file has a total of four objects, and this should be + # reflected in the total that 'openssl storeutl' outputs + @stdout = run(app(['openssl', 'storeutl', '-passin', 'pass:12345', + data_file('test-BER.p12')]), + capture => 1); + @stdout = map { my $x = $_; $x =~ s/\R$//; $x } @stdout; # Better chomp + ok((grep { $_ eq 'Total found: 4' } @stdout), + "Checking that 'openssl storeutl' with test-BER.p12 returns 4 objects"); +} Binary files /srv/release.debian.org/tmp/dw3rrN43Zv/openssl-3.0.17/test/recipes/90-test_store_cases_data/test-BER.p12 and /srv/release.debian.org/tmp/0aVBoXcyum/openssl-3.0.18/test/recipes/90-test_store_cases_data/test-BER.p12 differ diff -Nru openssl-3.0.17/test/recipes/90-test_threads_data/store/8489a545.0 openssl-3.0.18/test/recipes/90-test_threads_data/store/8489a545.0 --- openssl-3.0.17/test/recipes/90-test_threads_data/store/8489a545.0 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/test/recipes/90-test_threads_data/store/8489a545.0 2025-09-30 13:12:07.000000000 +0000 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTIwMTIxMjIwMTEzN1oYDzIxMjAxMjEzMjAxMTM3WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo3UwczAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB +BjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3o1IwHwYDVR0jBBgwFoAUjvUl +rx6ba4Q9fICayVOcTXL3o1IwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN +AQELBQADggEBABWUjaqtkdRDhVAJZTxkJVgohjRrBwp86Y0JZWdCDua/sErmEaGu +nQVxWWFWIgu6sb8tyQo3/7dBIQl3Rpij9bsgKhToO1OzoG3Oi3d0+zRDHfY6xNrj +TUE00FeLHGNWsgZSIvu99DrGApT/+uPdWfJgMu5szillqW+4hcCUPLjG9ekVNt1s +KhdEklo6PrP6eMbm6s22EIVUxqGE6xxAmrvyhlY1zJH9BJ23Ps+xabjG6OeMRZzT +0F/fU7XIFieSO7rqUcjgo1eYc3ghsDxNUJ6TPBgv5z4SPnstoOBj59rjpJ7Qkpyd +L17VfEadezat37Cpeha7vGDduCsyMfN4kiw= +-----END CERTIFICATE----- diff -Nru openssl-3.0.17/test/testec-sm2.pem openssl-3.0.18/test/testec-sm2.pem --- openssl-3.0.17/test/testec-sm2.pem 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/test/testec-sm2.pem 2025-09-30 13:12:07.000000000 +0000 @@ -0,0 +1,5 @@ +-----BEGIN SM2 PRIVATE KEY----- +MHcCAQEEIKPB7gEYKGAwAkz0MfGwQm0BXclgzvSTxQG9bm4RCAxXoAoGCCqBHM9V +AYItoUQDQgAE+FuibOpfjVfj716O3LglhK4HzjUR82mgn8kTZinQsEafw3FFZzZJ +vwHIGHUsSKxVTRIEs+BICQDBg99OA3VU/Q== +-----END SM2 PRIVATE KEY----- diff -Nru openssl-3.0.17/test/threadstest.c openssl-3.0.18/test/threadstest.c --- openssl-3.0.17/test/threadstest.c 2025-07-01 12:11:11.000000000 +0000 +++ openssl-3.0.18/test/threadstest.c 2025-09-30 13:12:07.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,6 +30,7 @@ static int do_fips = 0; static char *privkey; +static char *storedir; static char *config_file = NULL; static int multidefault_run = 0; static const char *default_provider[] = { "default", NULL }; @@ -582,7 +583,6 @@ { thread_t thread1, thread2; int testresult = 0; - OSSL_PROVIDER *prov = NULL; /* Avoid running this test twice */ if (multidefault_run) { @@ -593,9 +593,6 @@ multi_success = 1; multi_libctx = NULL; - prov = OSSL_PROVIDER_load(multi_libctx, "default"); - if (!TEST_ptr(prov)) - goto err; if (!TEST_true(run_thread(&thread1, thread_multi_simple_fetch)) || !TEST_true(run_thread(&thread2, thread_multi_simple_fetch))) @@ -611,7 +608,6 @@ testresult = 1; err: - OSSL_PROVIDER_unload(prov); return testresult; } @@ -663,6 +659,62 @@ 1, default_provider); } +static X509_STORE *store = NULL; + +static void test_x509_store_by_subject(void) +{ + X509_STORE_CTX *ctx; + X509_OBJECT *obj = NULL; + X509_NAME *name = NULL; + int success = 0; + + ctx = X509_STORE_CTX_new(); + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_true(X509_STORE_CTX_init(ctx, store, NULL, NULL))) + goto err; + + name = X509_NAME_new(); + if (!TEST_ptr(name)) + goto err; + if (!TEST_true(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, + (unsigned char *)"Root CA", + -1, -1, 0))) + goto err; + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, name); + if (!TEST_ptr(obj)) + goto err; + + success = 1; + err: + X509_OBJECT_free(obj); + X509_STORE_CTX_free(ctx); + X509_NAME_free(name); + if (!success) + multi_success = 0; +} + +/* Test accessing an X509_STORE from multiple threads */ +static int test_x509_store(void) +{ + int ret = 0; + + store = X509_STORE_new(); + if (!TEST_ptr(store)) + return 0; + if (!TEST_true(X509_STORE_load_store(store, storedir))) + goto err; + + ret = thread_run_test(&test_x509_store_by_subject, MAXIMUM_THREADS, + &test_x509_store_by_subject, 0, NULL); + + err: + X509_STORE_free(store); + store = NULL; + return ret; +} + typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, @@ -709,20 +761,24 @@ if (!TEST_ptr(privkey)) return 0; + storedir = test_mk_file_path(datadir, "store"); + /* Keep first to validate auto creation of default library context */ ADD_TEST(test_multi_default); - ADD_TEST(test_lock); ADD_TEST(test_once); ADD_TEST(test_thread_local); ADD_TEST(test_atomic); ADD_TEST(test_multi_load); + ADD_ALL_TESTS(test_multi, 6); ADD_TEST(test_lib_ctx_load_config); + ADD_TEST(test_x509_store); return 1; } void cleanup_tests(void) { OPENSSL_free(privkey); + OPENSSL_free(storedir); }