Version in base suite: 3.5.1-1 Version in overlay suite: 3.5.1-1+deb13u1 Base version: openssl_3.5.1-1+deb13u1 Target version: openssl_3.5.4-1~deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openssl/openssl_3.5.1-1+deb13u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openssl/openssl_3.5.4-1~deb13u1.dsc /srv/release.debian.org/tmp/aHfXY1mTdj/openssl-3.5.4/test/recipes/90-test_store_cases_data/test-BER.p12 |binary openssl-3.5.4/CHANGES.md | 126 ++ openssl-3.5.4/Configurations/unix-Makefile.tmpl | 14 openssl-3.5.4/NEWS.md | 46 openssl-3.5.4/NOTES-WINDOWS.md | 2 openssl-3.5.4/VERSION.dat | 4 openssl-3.5.4/apps/asn1parse.c | 2 openssl-3.5.4/apps/cms.c | 1 openssl-3.5.4/apps/enc.c | 2 openssl-3.5.4/apps/include/apps.h | 1 openssl-3.5.4/apps/lib/apps.c | 49 openssl-3.5.4/apps/ocsp.c | 21 openssl-3.5.4/apps/rand.c | 4 openssl-3.5.4/apps/storeutl.c | 16 openssl-3.5.4/crypto/aes/asm/aes-s390x.pl | 5 openssl-3.5.4/crypto/asn1/asn_mime.c | 22 openssl-3.5.4/crypto/bio/bss_dgram.c | 25 openssl-3.5.4/crypto/bio/bss_file.c | 2 openssl-3.5.4/crypto/cms/cms_pwri.c | 2 openssl-3.5.4/crypto/dh/dh_check.c | 36 openssl-3.5.4/crypto/dh/dh_key.c | 14 openssl-3.5.4/crypto/dh/dh_pmeth.c | 2 openssl-3.5.4/crypto/ec/ecp_sm2p256.c | 103 - openssl-3.5.4/crypto/encode_decode/decoder_lib.c | 28 openssl-3.5.4/crypto/encode_decode/decoder_pkey.c | 72 + openssl-3.5.4/crypto/encode_decode/encoder_local.h | 2 openssl-3.5.4/crypto/err/openssl.txt | 1 openssl-3.5.4/crypto/evp/asymcipher.c | 8 openssl-3.5.4/crypto/evp/bio_ok.c | 25 openssl-3.5.4/crypto/evp/ctrl_params_translate.c | 2 openssl-3.5.4/crypto/evp/keymgmt_meth.c | 4 openssl-3.5.4/crypto/evp/m_sigver.c | 24 openssl-3.5.4/crypto/evp/p_lib.c | 15 openssl-3.5.4/crypto/evp/p_seal.c | 7 openssl-3.5.4/crypto/evp/skeymgmt_meth.c | 2 openssl-3.5.4/crypto/http/http_lib.c | 1 openssl-3.5.4/crypto/info.c | 14 openssl-3.5.4/crypto/ml_dsa/ml_dsa_key.c | 4 openssl-3.5.4/crypto/ml_kem/ml_kem.c | 2 openssl-3.5.4/crypto/modes/siv128.c | 3 openssl-3.5.4/crypto/pkcs7/pk7_doit.c | 7 openssl-3.5.4/crypto/property/property_parse.c | 2 openssl-3.5.4/crypto/provider_core.c | 10 openssl-3.5.4/crypto/rand/randfile.c | 6 openssl-3.5.4/crypto/riscv32cpuid.pl | 5 openssl-3.5.4/crypto/riscv64cpuid.pl | 5 openssl-3.5.4/crypto/rsa/rsa_pmeth.c | 8 openssl-3.5.4/crypto/rsa/rsa_sign.c | 4 openssl-3.5.4/crypto/sleep.c | 39 openssl-3.5.4/crypto/slh_dsa/slh_dsa_key.c | 24 openssl-3.5.4/crypto/slh_dsa/slh_hash.c | 3 openssl-3.5.4/crypto/sm2/sm2_sign.c | 6 openssl-3.5.4/crypto/store/store_lib.c | 25 openssl-3.5.4/crypto/threads_pthread.c | 12 openssl-3.5.4/crypto/x509/by_store.c | 34 openssl-3.5.4/crypto/x509/t_req.c | 6 openssl-3.5.4/crypto/x509/t_x509.c | 3 openssl-3.5.4/crypto/x509/v3_attrdesc.c | 4 openssl-3.5.4/crypto/x509/v3_purp.c | 2 openssl-3.5.4/crypto/x509/x509_ext.c | 20 openssl-3.5.4/crypto/x509/x509_local.h | 1 openssl-3.5.4/crypto/x509/x509_lu.c | 7 openssl-3.5.4/crypto/x509/x509_vpm.c | 5 openssl-3.5.4/crypto/x509/x_crl.c | 15 openssl-3.5.4/debian/changelog | 6 openssl-3.5.4/debian/control | 2 openssl-3.5.4/debian/patches/SM2-Use-constant-time-modular-inversion.patch | 42 openssl-3.5.4/debian/patches/ecp_sm2p256.c-Remove-unused-code.patch | 135 -- openssl-3.5.4/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch | 25 openssl-3.5.4/debian/patches/man-section.patch | 10 openssl-3.5.4/debian/patches/series | 4 openssl-3.5.4/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch | 24 openssl-3.5.4/demos/bio/saccept.c | 7 openssl-3.5.4/demos/bio/server-arg.c | 7 openssl-3.5.4/demos/bio/server-cmod.c | 7 openssl-3.5.4/demos/bio/server-conf.c | 7 openssl-3.5.4/demos/certs/mkcerts.sh | 2 openssl-3.5.4/demos/certs/ocspquery.sh | 2 openssl-3.5.4/demos/certs/ocsprun.sh | 4 openssl-3.5.4/demos/cms/cms_ddec.c | 4 openssl-3.5.4/demos/cms/cms_denc.c | 4 openssl-3.5.4/demos/pkey/EVP_PKEY_RSA_keygen.c | 4 openssl-3.5.4/doc/internal/man3/ossl_namemap_new.pod | 15 openssl-3.5.4/doc/man1/openssl-enc.pod.in | 7 openssl-3.5.4/doc/man1/openssl-fipsinstall.pod.in | 10 openssl-3.5.4/doc/man3/BN_generate_prime.pod | 6 openssl-3.5.4/doc/man3/DEFINE_STACK_OF.pod | 19 openssl-3.5.4/doc/man3/EVP_EncryptInit.pod | 2 openssl-3.5.4/doc/man3/EVP_PKEY_new.pod | 14 openssl-3.5.4/doc/man3/EVP_aes_128_gcm.pod | 4 openssl-3.5.4/doc/man3/EVP_aria_128_gcm.pod | 4 openssl-3.5.4/doc/man3/EVP_chacha20.pod | 4 openssl-3.5.4/doc/man3/OPENSSL_secure_malloc.pod | 9 openssl-3.5.4/doc/man3/OSSL_CALLBACK.pod | 11 openssl-3.5.4/doc/man3/OpenSSL_version.pod | 9 openssl-3.5.4/doc/man3/PEM_read_CMS.pod | 8 openssl-3.5.4/doc/man3/RAND_load_file.pod | 8 openssl-3.5.4/doc/man3/SSL_CIPHER_get_name.pod | 4 openssl-3.5.4/doc/man3/SSL_CTX_set_domain_flags.pod | 2 openssl-3.5.4/doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 10 openssl-3.5.4/doc/man3/SSL_SESSION_get0_hostname.pod | 10 openssl-3.5.4/doc/man3/SSL_poll.pod | 24 openssl-3.5.4/doc/man3/d2i_X509.pod | 5 openssl-3.5.4/doc/man5/fips_config.pod | 16 openssl-3.5.4/doc/man7/EVP_ASYM_CIPHER-RSA.pod | 5 openssl-3.5.4/doc/man7/EVP_PKEY-DSA.pod | 4 openssl-3.5.4/doc/man7/EVP_PKEY-FFC.pod | 4 openssl-3.5.4/doc/man7/EVP_SIGNATURE-ML-DSA.pod | 2 openssl-3.5.4/doc/man7/EVP_SIGNATURE-SLH-DSA.pod | 2 openssl-3.5.4/doc/man7/OSSL_PROVIDER-FIPS.pod | 96 - openssl-3.5.4/doc/man7/provider-base.pod | 31 openssl-3.5.4/fuzz/dtlsserver.c | 5 openssl-3.5.4/include/crypto/dh.h | 4 openssl-3.5.4/include/crypto/rsa.h | 2 openssl-3.5.4/include/crypto/slh_dsa.h | 2 openssl-3.5.4/include/internal/quic_ackm.h | 4 openssl-3.5.4/include/internal/quic_record_rx.h | 11 openssl-3.5.4/include/openssl/core_dispatch.h | 4 openssl-3.5.4/include/openssl/crypto.h.in | 8 openssl-3.5.4/include/openssl/opensslv.h.in | 11 openssl-3.5.4/include/openssl/pem.h | 1 openssl-3.5.4/include/openssl/proverr.h | 1 openssl-3.5.4/include/openssl/self_test.h | 2 openssl-3.5.4/providers/common/provider_err.c | 2 openssl-3.5.4/providers/common/securitycheck_fips.c | 25 openssl-3.5.4/providers/fips-sources.checksums | 82 - openssl-3.5.4/providers/fips.checksum | 2 openssl-3.5.4/providers/fips/fipsprov.c | 9 openssl-3.5.4/providers/fips/include/fips/fipsindicator.h | 3 openssl-3.5.4/providers/fips/self_test.c | 13 openssl-3.5.4/providers/fips/self_test_data.inc | 277 +++-- openssl-3.5.4/providers/fips/self_test_kats.c | 100 + openssl-3.5.4/providers/implementations/asymciphers/rsa_enc.c | 19 openssl-3.5.4/providers/implementations/encode_decode/decode_pem2der.c | 1 openssl-3.5.4/providers/implementations/kdfs/krb5kdf.c | 7 openssl-3.5.4/providers/implementations/kem/ml_kem_kem.c | 2 openssl-3.5.4/providers/implementations/keymgmt/dh_kmgmt.c | 15 openssl-3.5.4/providers/implementations/keymgmt/ec_kmgmt.c | 17 openssl-3.5.4/providers/implementations/keymgmt/ecx_kmgmt.c | 15 openssl-3.5.4/providers/implementations/keymgmt/ml_dsa_kmgmt.c | 13 openssl-3.5.4/providers/implementations/keymgmt/ml_kem_kmgmt.c | 4 openssl-3.5.4/providers/implementations/keymgmt/rsa_kmgmt.c | 1 openssl-3.5.4/providers/implementations/keymgmt/slh_dsa_kmgmt.c | 29 openssl-3.5.4/providers/implementations/macs/hmac_prov.c | 17 openssl-3.5.4/providers/implementations/signature/dsa_sig.c | 2 openssl-3.5.4/providers/implementations/signature/ecdsa_sig.c | 2 openssl-3.5.4/providers/implementations/signature/rsa_sig.c | 8 openssl-3.5.4/providers/legacyprov.c | 11 openssl-3.5.4/ssl/d1_lib.c | 2 openssl-3.5.4/ssl/quic/quic_ackm.c | 33 openssl-3.5.4/ssl/quic/quic_channel.c | 18 openssl-3.5.4/ssl/quic/quic_impl.c | 8 openssl-3.5.4/ssl/quic/quic_port.c | 3 openssl-3.5.4/ssl/quic/quic_record_rx.c | 10 openssl-3.5.4/ssl/quic/quic_record_tx.c | 4 openssl-3.5.4/ssl/quic/quic_rx_depack.c | 28 openssl-3.5.4/ssl/record/methods/tls_common.c | 11 openssl-3.5.4/ssl/ssl_rsa.c | 5 openssl-3.5.4/ssl/statem/extensions_clnt.c | 10 openssl-3.5.4/ssl/t1_trce.c | 4 openssl-3.5.4/test/build.info | 3 openssl-3.5.4/test/crltest.c | 127 ++ openssl-3.5.4/test/evp_extra_test.c | 43 openssl-3.5.4/test/fake_rsaprov.c | 552 +++++++++- openssl-3.5.4/test/fake_rsaprov.h | 11 openssl-3.5.4/test/ml_kem_evp_extra_test.c | 10 openssl-3.5.4/test/ml_kem_internal_test.c | 14 openssl-3.5.4/test/property_test.c | 19 openssl-3.5.4/test/provider_pkey_test.c | 361 ++++++ openssl-3.5.4/test/quic-openssl-docker/hq-interop/quic-hq-interop.c | 3 openssl-3.5.4/test/quic_ackm_test.c | 5 openssl-3.5.4/test/quic_fifd_test.c | 5 openssl-3.5.4/test/quic_txp_test.c | 3 openssl-3.5.4/test/quicapitest.c | 152 +- openssl-3.5.4/test/radix/quic_bindings.c | 4 openssl-3.5.4/test/radix/terp.c | 6 openssl-3.5.4/test/recipes/03-test_fipsinstall.t | 12 openssl-3.5.4/test/recipes/15-test_ec.t | 14 openssl-3.5.4/test/recipes/20-test_cli_list.t | 25 openssl-3.5.4/test/recipes/25-test_verify.t | 5 openssl-3.5.4/test/recipes/30-test_evp_data/evpkdf_krb5.txt | 10 openssl-3.5.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt | 11 openssl-3.5.4/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt | 4 openssl-3.5.4/test/recipes/80-test_cms.t | 17 openssl-3.5.4/test/recipes/90-test_sslapi.t | 17 openssl-3.5.4/test/recipes/90-test_sslapi_data/ssltraceref-zlib.txt | 255 ++++ openssl-3.5.4/test/recipes/90-test_sslapi_data/ssltraceref.txt | 253 ++++ openssl-3.5.4/test/recipes/90-test_store_cases.t | 26 openssl-3.5.4/test/recipes/90-test_threads_data/store/8489a545.0 | 19 openssl-3.5.4/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh | 58 + openssl-3.5.4/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh | 2 openssl-3.5.4/test/sanitytest.c | 81 + openssl-3.5.4/test/slh_dsa_test.c | 9 openssl-3.5.4/test/sslapitest.c | 87 + openssl-3.5.4/test/testec-sm2.pem | 5 openssl-3.5.4/test/testutil.h | 2 openssl-3.5.4/test/testutil/compare.c | 88 + openssl-3.5.4/test/threadstest.c | 81 + openssl-3.5.4/test/tls13groupselection_test.c | 19 openssl-3.5.4/test/wpackettest.c | 2 openssl-3.5.4/test/x509_test.c | 111 +- openssl-3.5.4/util/perl/TLSProxy/Proxy.pm | 27 202 files changed, 3868 insertions(+), 1164 deletions(-) diff -Nru openssl-3.5.1/CHANGES.md openssl-3.5.4/CHANGES.md --- openssl-3.5.1/CHANGES.md 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/CHANGES.md 2025-09-30 12:37:40.000000000 +0000 @@ -28,6 +28,129 @@ OpenSSL 3.5 ----------- +### Changes between 3.5.3 and 3.5.4 [30 Sep 2025] + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap + + Issue summary: An application trying to decrypt CMS messages encrypted using + password based encryption can trigger an out-of-bounds read and write. + + Impact summary: This out-of-bounds read may trigger a crash which leads to + Denial of Service for an application. The out-of-bounds write can cause + a memory corruption which can have various consequences including + a Denial of Service or Execution of attacker-supplied code. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9230]) + + *Viktor Dukhovni* + + * Fix Timing side-channel in SM2 algorithm on 64 bit ARM + + Issue summary: A timing side-channel which could potentially allow remote + recovery of the private key exists in the SM2 algorithm implementation on + 64 bit ARM platforms. + + Impact summary: A timing side-channel in SM2 signature computations on + 64 bit ARM platforms could allow recovering the private key by an attacker. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9231]) + + *Stanislav Fort and Tomáš Mráz* + + * Fix Out-of-bounds read in HTTP client no_proxy handling + + Issue summary: An application using the OpenSSL HTTP client API functions + may trigger an out-of-bounds read if the "no_proxy" environment variable is + set and the host portion of the authority component of the HTTP URL is an + IPv6 address. + + Impact summary: An out-of-bounds read can trigger a crash which leads to + Denial of Service for an application. + + The issue was reported by Stanislav Fort (Aisle Research). + + ([CVE-2025-9232]) + + *Stanislav Fort* + + * The FIPS provider no longer performs a PCT on key import for ECX keys + (that was introduced in 3.5.2), following the latest update + on that requirement in FIPS 140-3 IG 10.3.A additional comment 1. + + *Eugene Syromiatnikov* + + * Fixed the length of the ASN.1 sequence for the SM3 digests of RSA-encrypted + signatures. + + *Xiao Lou Dong Feng* + + * Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release + builds, as it broke some exiting applications that relied on the previous + 3.x semantics, as documented in `OpenSSL_version(3)`. + + *Richard Levitte* + +### Changes between 3.5.2 and 3.5.3 [16 Sep 2025] + + * Avoided a potential race condition introduced in 3.5.1, where + `OSSL_STORE_CTX` kept open during lookup while potentially being used + by multiple threads simultaneously, that could lead to potential crashes + when multiple concurrent TLS connections are served. + + *Matt Caswell* + + * The FIPS provider no longer performs a PCT on key import for RSA, DH, + and EC keys (that was introduced in 3.5.2), following the latest update + on that requirement in FIPS 140-3 IG 10.3.A additional comment 1. + + *Dr Paul Dale* + + * Secure memory allocation calls are no longer used for HMAC keys. + + *Dr Paul Dale* + + * `openssl req` no longer generates certificates with an empty extension list + when SKID/AKID are set to `none` during generation. + + *David Benjamin* + + * The man page date is now derived from the release date provided + in `VERSION.dat` and not the current date for the released builds. + + *Enji Cooper* + + * Hardened the provider implementation of the RSA public key "encrypt" + operation to add a missing check that the caller-indicated output buffer + size is at least as large as the byte count of the RSA modulus. The issue + was reported by Arash Ale Ebrahim from SYSPWN. + + This operation is typically invoked via `EVP_PKEY_encrypt(3)`. Callers that + in fact provide a sufficiently large buffer, but fail to correctly indicate + its size may now encounter unexpected errors. In applications that attempt + RSA public encryption into a buffer that is too small, an out-of-bounds + write is now avoided and an error is reported instead. + + *Viktor Dukhovni* + + * Added FIPS 140-3 PCT on DH key generation. + + *Nikola Pajkovsky* + + * Fixed the synthesised `OPENSSL_VERSION_NUMBER`. + + *Richard Levitte* + +### Changes between 3.5.1 and 3.5.2 [5 Aug 2025] + + * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. + This is mandated by FIPS 140-3 IG 10.3.A additional comment 1. + + *Dr Paul Dale* + ### Changes between 3.5.0 and 3.5.1 [1 Jul 2025] * Fix x509 application adds trusted use instead of rejected use. @@ -21227,6 +21350,9 @@ +[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 +[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231 +[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 [CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 diff -Nru openssl-3.5.1/Configurations/unix-Makefile.tmpl openssl-3.5.4/Configurations/unix-Makefile.tmpl --- openssl-3.5.1/Configurations/unix-Makefile.tmpl 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/Configurations/unix-Makefile.tmpl 2025-09-30 12:37:40.000000000 +0000 @@ -3,6 +3,8 @@ ## ## {- join("\n## ", @autowarntext) -} {- + use Time::Piece; + use OpenSSL::Util; our $makedep_scheme = $config{makedep_scheme}; @@ -74,6 +76,15 @@ VERSION={- "$config{full_version}" -} VERSION_NUMBER={- "$config{version}" -} +RELEASE_DATE={- my $t = localtime; + if ($config{"release_date"}) { + # Provide the user with a more meaningful error message + # than the default internal parsing error from + # `Time::Piece->strptime(..)`. + eval { $t = Time::Piece->strptime($config{"release_date"}, "%d %b %Y"); } || + die "Parsing \$config{release_date} ('$config{release_date}') failed: $@"; + } + $t->strftime("%Y-%m-%d") -} MAJOR={- $config{major} -} MINOR={- $config{minor} -} SHLIB_VERSION_NUMBER={- $config{shlib_version} -} @@ -1565,7 +1576,8 @@ return <<"EOF"; $args{src}: $pod pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\ - --release=\$(VERSION) $pod >\$\@ + --date=\$(RELEASE_DATE) --release=\$(VERSION) \\ + $pod >\$\@ EOF } elsif (platform->isdef($args{src})) { # diff -Nru openssl-3.5.1/NEWS.md openssl-3.5.4/NEWS.md --- openssl-3.5.1/NEWS.md 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/NEWS.md 2025-09-30 12:37:40.000000000 +0000 @@ -23,6 +23,47 @@ OpenSSL 3.5 ----------- +### Major changes between OpenSSL 3.5.3 and OpenSSL 3.5.4 [30 Sep 2025] + +OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this +release is Moderate. + +This release incorporates the following bug fixes and mitigations: + + * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. + ([CVE-2025-9230]) + + * Fix Timing side-channel in SM2 algorithm on 64 bit ARM. + ([CVE-2025-9231]) + + * Fix Out-of-bounds read in HTTP client no_proxy handling. + ([CVE-2025-9232]) + + * Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release + builds, as it broke some exiting applications that relied on the previous + 3.x semantics, as documented in `OpenSSL_version(3)`. + +### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025] + +OpenSSL 3.5.3 is a bug fix release. + +This release incorporates the following bug fixes and mitigations: + + * Added FIPS 140-3 PCT on DH key generation. + + * Fixed the synthesised `OPENSSL_VERSION_NUMBER`. + + * Removed PCT on key import in the FIPS provider as it is not required by + the standard. + +### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025] + +OpenSSL 3.5.2 is a bug fix release. + +This release incorporates the following bug fixes and mitigations: + + * The FIPS provider now performs a PCT on key import for RSA, EC and ECX. + ### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025] OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this @@ -31,7 +72,7 @@ This release incorporates the following bug fixes and mitigations: * Fix x509 application adds trusted use instead of rejected use. - ([CVE-2025-4575]) + ([CVE-2025-4575]) ### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025] @@ -1899,6 +1940,9 @@ * Support for various new platforms +[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 +[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231 +[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 [CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 diff -Nru openssl-3.5.1/NOTES-WINDOWS.md openssl-3.5.4/NOTES-WINDOWS.md --- openssl-3.5.1/NOTES-WINDOWS.md 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/NOTES-WINDOWS.md 2025-09-30 12:37:40.000000000 +0000 @@ -125,7 +125,7 @@ `\\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\OpenSSL--` Where `` is the major.minor version of the library being -built, and `` is the value specified by `-DOPENSSL_WINCTX`. This allows +built, and `` is the value specified by `-DOSSL_WINCTX`. This allows for multiple openssl builds to be created and installed on a single system, in which each library can use its own set of registry keys. diff -Nru openssl-3.5.1/VERSION.dat openssl-3.5.4/VERSION.dat --- openssl-3.5.1/VERSION.dat 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/VERSION.dat 2025-09-30 12:37:40.000000000 +0000 @@ -1,7 +1,7 @@ MAJOR=3 MINOR=5 -PATCH=1 +PATCH=4 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="1 Jul 2025" +RELEASE_DATE="30 Sep 2025" SHLIB_VERSION=3 diff -Nru openssl-3.5.1/apps/asn1parse.c openssl-3.5.4/apps/asn1parse.c --- openssl-3.5.1/apps/asn1parse.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/apps/asn1parse.c 2025-09-30 12:37:40.000000000 +0000 @@ -40,8 +40,8 @@ {"length", OPT_LENGTH, 'p', "length of section in file"}, {"strparse", OPT_STRPARSE, 'p', "offset; a series of these can be used to 'dig'"}, - {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, + {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"}, {"strictpem", OPT_STRICTPEM, 0, "equivalent to '-inform pem' (obsolete)"}, diff -Nru openssl-3.5.1/apps/cms.c openssl-3.5.4/apps/cms.c --- openssl-3.5.1/apps/cms.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/apps/cms.c 2025-09-30 12:37:40.000000000 +0000 @@ -1280,6 +1280,7 @@ goto end; } if (ret <= 0) { + BIO_printf(bio_err, "Error writing CMS output\n"); ret = 6; goto end; } diff -Nru openssl-3.5.1/apps/enc.c openssl-3.5.4/apps/enc.c --- openssl-3.5.1/apps/enc.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/apps/enc.c 2025-09-30 12:37:40.000000000 +0000 @@ -260,6 +260,8 @@ goto opthelp; if (k) n *= 1024; + if (n > INT_MAX) + goto opthelp; bsize = (int)n; break; case OPT_K: diff -Nru openssl-3.5.1/apps/include/apps.h openssl-3.5.4/apps/include/apps.h --- openssl-3.5.1/apps/include/apps.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/apps/include/apps.h 2025-09-30 12:37:40.000000000 +0000 @@ -103,7 +103,6 @@ /* progress callback for dsaparam, dhparam, req, genpkey, etc. */ int progress_cb(EVP_PKEY_CTX *ctx); -int chopup_args(ARGS *arg, char *buf); void dump_cert_text(BIO *out, X509 *x); void print_name(BIO *out, const char *title, const X509_NAME *nm); void print_bignum_var(BIO *, const BIGNUM *, const char *, diff -Nru openssl-3.5.1/apps/lib/apps.c openssl-3.5.4/apps/lib/apps.c --- openssl-3.5.1/apps/lib/apps.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/apps/lib/apps.c 2025-09-30 12:37:40.000000000 +0000 @@ -83,55 +83,6 @@ const NAME_EX_TBL *in_tbl); int app_init(long mesgwin); -int chopup_args(ARGS *arg, char *buf) -{ - int quoted; - char c = '\0', *p = NULL; - - arg->argc = 0; - if (arg->size == 0) { - arg->size = 20; - arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); - } - - for (p = buf;;) { - /* Skip whitespace. */ - while (*p && isspace(_UC(*p))) - p++; - if (*p == '\0') - break; - - /* The start of something good :-) */ - if (arg->argc >= arg->size) { - char **tmp; - - arg->size += 20; - tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size); - if (tmp == NULL) - return 0; - arg->argv = tmp; - } - quoted = *p == '\'' || *p == '"'; - if (quoted) - c = *p++; - arg->argv[arg->argc++] = p; - - /* now look for the end of this */ - if (quoted) { - while (*p && *p != c) - p++; - *p++ = '\0'; - } else { - while (*p && !isspace(_UC(*p))) - p++; - if (*p) - *p++ = '\0'; - } - } - arg->argv[arg->argc] = NULL; - return 1; -} - #ifndef APP_INIT int app_init(long mesgwin) { diff -Nru openssl-3.5.1/apps/ocsp.c openssl-3.5.4/apps/ocsp.c --- openssl-3.5.1/apps/ocsp.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/apps/ocsp.c 2025-09-30 12:37:40.000000000 +0000 @@ -662,7 +662,8 @@ resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); - send_ocsp_response(cbio, resp); + if (resp != NULL) + send_ocsp_response(cbio, resp); } goto done_resp; } @@ -764,16 +765,18 @@ BIO_free(derbio); } - i = OCSP_response_status(resp); - if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%d)\n", - OCSP_response_status_str(i), i); - if (!ignore_err) + if (resp != NULL) { + i = OCSP_response_status(resp); + if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { + BIO_printf(out, "Responder Error: %s (%d)\n", + OCSP_response_status_str(i), i); + if (!ignore_err) goto end; - } + } - if (resp_text) - OCSP_RESPONSE_print(out, resp, 0); + if (resp_text) + OCSP_RESPONSE_print(out, resp, 0); + } /* If running as responder don't verify our own response */ if (cbio != NULL) { diff -Nru openssl-3.5.1/apps/rand.c openssl-3.5.4/apps/rand.c --- openssl-3.5.1/apps/rand.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/apps/rand.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -199,7 +199,7 @@ int chunk; chunk = scaled_num > buflen ? (int)buflen : (int)scaled_num; - r = RAND_bytes(buf, chunk); + r = RAND_bytes_ex(app_get0_libctx(), buf, chunk, 0); if (r <= 0) goto end; if (format != FORMAT_TEXT) { diff -Nru openssl-3.5.1/apps/storeutl.c openssl-3.5.4/apps/storeutl.c --- openssl-3.5.1/apps/storeutl.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/apps/storeutl.c 2025-09-30 12:37:40.000000000 +0000 @@ -331,14 +331,22 @@ static int indent_printf(int indent, BIO *bio, const char *format, ...) { va_list args; - int ret; + int ret, vret; + + ret = BIO_printf(bio, "%*s", indent, ""); + if (ret < 0) + return ret; va_start(args, format); + vret = BIO_vprintf(bio, format, args); + va_end(args); - ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args); + if (vret < 0) + return vret; + if (vret > INT_MAX - ret) + return INT_MAX; - va_end(args); - return ret; + return ret + vret; } static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, diff -Nru openssl-3.5.1/crypto/aes/asm/aes-s390x.pl openssl-3.5.4/crypto/aes/asm/aes-s390x.pl --- openssl-3.5.1/crypto/aes/asm/aes-s390x.pl 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/aes/asm/aes-s390x.pl 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1431,6 +1431,9 @@ st${g} $s3,0($sp) # backchain la %r1,$stdframe($sp) + xc $stdframe+0(64,$sp),$stdframe+0($sp) # clear reserved/unused + # in parameter block + lmg $s2,$s3,0($key) # copy key stg $s2,$stdframe+80($sp) stg $s3,$stdframe+88($sp) diff -Nru openssl-3.5.1/crypto/asn1/asn_mime.c openssl-3.5.4/crypto/asn1/asn_mime.c --- openssl-3.5.1/crypto/asn1/asn_mime.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/asn1/asn_mime.c 2025-09-30 12:37:40.000000000 +0000 @@ -168,6 +168,19 @@ BIO_write(out, ",", 1); write_comma = 1; md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); + + /* RFC 8702 does not define a micalg for SHAKE, assuming "shake-" */ + if (md_nid == NID_shake128) { + if (BIO_puts(out, "shake-128") < 0) + goto err; + continue; + } + if (md_nid == NID_shake256) { + if (BIO_puts(out, "shake-256") < 0) + goto err; + continue; + } + md = EVP_get_digestbynid(md_nid); if (md && md->md_ctrl) { int rv; @@ -204,15 +217,15 @@ case NID_id_GostR3411_94: BIO_puts(out, "gostr3411-94"); - goto err; + break; case NID_id_GostR3411_2012_256: BIO_puts(out, "gostr3411-2012-256"); - goto err; + break; case NID_id_GostR3411_2012_512: BIO_puts(out, "gostr3411-2012-512"); - goto err; + break; default: if (have_unknown) { @@ -272,7 +285,8 @@ BIO_printf(bio, "Content-Type: multipart/signed;"); BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); BIO_puts(bio, " micalg=\""); - asn1_write_micalg(bio, mdalgs); + if (!asn1_write_micalg(bio, mdalgs)) + return 0; BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", bound, mime_eol, mime_eol); BIO_printf(bio, "This is an S/MIME signed message%s%s", diff -Nru openssl-3.5.1/crypto/bio/bss_dgram.c openssl-3.5.4/crypto/bio/bss_dgram.c --- openssl-3.5.1/crypto/bio/bss_dgram.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/bio/bss_dgram.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -464,11 +464,11 @@ return ret; } -static long dgram_get_mtu_overhead(bio_dgram_data *data) +static long dgram_get_mtu_overhead(BIO_ADDR *addr) { long ret; - switch (BIO_ADDR_family(&data->peer)) { + switch (BIO_ADDR_family(addr)) { case AF_INET: /* * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP @@ -480,7 +480,8 @@ { # ifdef IN6_IS_ADDR_V4MAPPED struct in6_addr tmp_addr; - if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) + + if (BIO_ADDR_rawaddress(addr, &tmp_addr, NULL) && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) /* * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP @@ -666,11 +667,7 @@ &sockopt_len)) < 0 || sockopt_val < 0) { ret = 0; } else { - /* - * we assume that the transport protocol is UDP and no IP - * options are used. - */ - data->mtu = sockopt_val - 8 - 20; + data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); ret = data->mtu; } break; @@ -682,11 +679,7 @@ || sockopt_val < 0) { ret = 0; } else { - /* - * we assume that the transport protocol is UDP and no IPV6 - * options are used. - */ - data->mtu = sockopt_val - 8 - 40; + data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr); ret = data->mtu; } break; @@ -700,7 +693,7 @@ # endif break; case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: - ret = -dgram_get_mtu_overhead(data); + ret = -dgram_get_mtu_overhead(&data->peer); switch (BIO_ADDR_family(&data->peer)) { case AF_INET: ret += 576; @@ -956,7 +949,7 @@ } break; case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: - ret = dgram_get_mtu_overhead(data); + ret = dgram_get_mtu_overhead(&data->peer); break; /* diff -Nru openssl-3.5.1/crypto/bio/bss_file.c openssl-3.5.4/crypto/bio/bss_file.c --- openssl-3.5.1/crypto/bio/bss_file.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/bio/bss_file.c 2025-09-30 12:37:40.000000000 +0000 @@ -287,7 +287,7 @@ if (fp == NULL) { ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), "calling fopen(%s, %s)", - ptr, p); + (const char *)ptr, p); ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); ret = 0; break; diff -Nru openssl-3.5.1/crypto/cms/cms_pwri.c openssl-3.5.4/crypto/cms/cms_pwri.c --- openssl-3.5.1/crypto/cms/cms_pwri.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/cms/cms_pwri.c 2025-09-30 12:37:40.000000000 +0000 @@ -242,7 +242,7 @@ /* Check byte failure */ goto err; } - if (inlen < (size_t)(tmp[0] - 4)) { + if (inlen < 4 + (size_t)tmp[0]) { /* Invalid length value */ goto err; } diff -Nru openssl-3.5.1/crypto/dh/dh_check.c openssl-3.5.4/crypto/dh/dh_check.c --- openssl-3.5.1/crypto/dh/dh_check.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/dh/dh_check.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,6 +16,7 @@ #include #include "internal/cryptlib.h" #include +#include #include "dh_local.h" #include "crypto/dh.h" @@ -329,17 +330,27 @@ * FFC pairwise check from SP800-56A R3. * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency */ -int ossl_dh_check_pairwise(const DH *dh) +int ossl_dh_check_pairwise(const DH *dh, int return_on_null_numbers) { int ret = 0; BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL; + OSSL_SELF_TEST *st = NULL; + OSSL_CALLBACK *stcb = NULL; + void *stcbarg = NULL; if (dh->params.p == NULL || dh->params.g == NULL || dh->priv_key == NULL || dh->pub_key == NULL) - return 0; + return return_on_null_numbers; + + OSSL_SELF_TEST_get_callback(dh->libctx, &stcb, &stcbarg); + st = OSSL_SELF_TEST_new(stcb, stcbarg); + if (st == NULL) + goto err; + OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, + OSSL_SELF_TEST_DESC_PCT_DH); ctx = BN_CTX_new_ex(dh->libctx); if (ctx == NULL) @@ -351,10 +362,27 @@ /* recalculate the public key = (g ^ priv) mod p */ if (!ossl_dh_generate_public_key(ctx, dh, dh->priv_key, pub_key)) goto err; + +#ifdef FIPS_MODULE + { + int len; + unsigned char bytes[1024] = {0}; /* Max key size of 8192 bits */ + + if (BN_num_bytes(pub_key) > (int)sizeof(bytes)) + goto err; + len = BN_bn2bin(pub_key, bytes); + OSSL_SELF_TEST_oncorrupt_byte(st, bytes); + if (BN_bin2bn(bytes, len, pub_key) == NULL) + goto err; + } +#endif /* check it matches the existing public_key */ ret = BN_cmp(pub_key, dh->pub_key) == 0; -err: + err: BN_free(pub_key); BN_CTX_free(ctx); + + OSSL_SELF_TEST_onend(st, ret); + OSSL_SELF_TEST_free(st); return ret; } diff -Nru openssl-3.5.1/crypto/dh/dh_key.c openssl-3.5.4/crypto/dh/dh_key.c --- openssl-3.5.1/crypto/dh/dh_key.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/dh/dh_key.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -267,7 +267,7 @@ int ok = 0; int generate_new_key = 0; #ifndef FIPS_MODULE - unsigned l; + int l; #endif BN_CTX *ctx = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; @@ -327,11 +327,13 @@ goto err; #else if (dh->params.q == NULL) { - /* secret exponent length, must satisfy 2^(l-1) <= p */ - if (dh->length != 0 - && dh->length >= BN_num_bits(dh->params.p)) + /* secret exponent length, must satisfy 2^l < (p-1)/2 */ + l = BN_num_bits(dh->params.p); + if (dh->length >= l) goto err; - l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1; + l -= 2; + if (dh->length != 0 && dh->length < l) + l = dh->length; if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; diff -Nru openssl-3.5.1/crypto/dh/dh_pmeth.c openssl-3.5.4/crypto/dh/dh_pmeth.c --- openssl-3.5.1/crypto/dh/dh_pmeth.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/dh/dh_pmeth.c 2025-09-30 12:37:40.000000000 +0000 @@ -408,7 +408,7 @@ } dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey); dhpub = EVP_PKEY_get0_DH(ctx->peerkey); - if (dhpub == NULL) { + if (dhpub == NULL || dh == NULL) { ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET); return 0; } diff -Nru openssl-3.5.1/crypto/ec/ecp_sm2p256.c openssl-3.5.4/crypto/ec/ecp_sm2p256.c --- openssl-3.5.1/crypto/ec/ecp_sm2p256.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/ec/ecp_sm2p256.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -56,10 +56,6 @@ 0xffffffffffffffff, 0xffffffff00000000, 0xffffffffffffffff, 0xfffffffeffffffff }; -ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = { - 0x53bbf40939d54123, 0x7203df6b21c6052b, - 0xffffffffffffffff, 0xfffffffeffffffff -}; ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0}; @@ -177,13 +173,6 @@ BN_MOD_INV(out, in, ecp_sm2p256_div_by_2, ecp_sm2p256_sub, def_p); } -/* Modular inverse mod order |out| = |in|^(-1) % |ord|. */ -static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out, - const BN_ULONG* in) { - BN_MOD_INV(out, in, ecp_sm2p256_div_by_2_mod_ord, ecp_sm2p256_sub_mod_ord, - def_ord); -} - /* Point double: R <- P + P */ static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P) { @@ -454,52 +443,6 @@ } #endif -/* - * Convert Jacobian coordinate point into affine coordinate (x,y) - */ -static int ecp_sm2p256_get_affine(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx) -{ - ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0}; - - if (EC_POINT_is_at_infinity(group, point)) { - ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - - if (ecp_sm2p256_bignum_field_elem(point_x, point->X) <= 0 - || ecp_sm2p256_bignum_field_elem(point_y, point->Y) <= 0 - || ecp_sm2p256_bignum_field_elem(point_z, point->Z) <= 0) { - ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - return 0; - } - - ecp_sm2p256_mod_inverse(z_inv3, point_z); - ecp_sm2p256_sqr(z_inv2, z_inv3); - - if (x != NULL) { - ecp_sm2p256_mul(x_aff, point_x, z_inv2); - if (!bn_set_words(x, x_aff, P256_LIMBS)) - return 0; - } - - if (y != NULL) { - ecp_sm2p256_mul(z_inv3, z_inv3, z_inv2); - ecp_sm2p256_mul(y_aff, point_y, z_inv3); - if (!bn_set_words(y, y_aff, P256_LIMBS)) - return 0; - } - - return 1; -} - /* r = sum(scalar[i]*point[i]) */ static int ecp_sm2p256_windowed_mul(const EC_GROUP *group, P256_POINT *r, @@ -689,44 +632,6 @@ return 1; } -static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *x, BN_CTX *ctx) -{ - int ret = 0; - ALIGN32 BN_ULONG t[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG out[P256_LIMBS] = {0}; - - if (bn_wexpand(r, P256_LIMBS) == NULL) { - ECerr(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if ((BN_num_bits(x) > 256) || BN_is_negative(x)) { - BIGNUM *tmp; - - if ((tmp = BN_CTX_get(ctx)) == NULL - || !BN_nnmod(tmp, x, group->order, ctx)) { - ECerr(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - x = tmp; - } - - if (!ecp_sm2p256_bignum_field_elem(t, x)) { - ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - goto err; - } - - ecp_sm2p256_mod_ord_inverse(out, t); - - if (!bn_set_words(r, out, P256_LIMBS)) - goto err; - - ret = 1; -err: - return ret; -} - const EC_METHOD *EC_GFp_sm2p256_method(void) { static const EC_METHOD ret = { @@ -747,7 +652,7 @@ ossl_ec_GFp_simple_point_copy, ossl_ec_GFp_simple_point_set_to_infinity, ossl_ec_GFp_simple_point_set_affine_coordinates, - ecp_sm2p256_get_affine, + ossl_ec_GFp_simple_point_get_affine_coordinates, 0, 0, 0, ossl_ec_GFp_simple_add, ossl_ec_GFp_simple_dbl, @@ -763,7 +668,7 @@ ecp_sm2p256_field_mul, ecp_sm2p256_field_sqr, 0 /* field_div */, - 0 /* field_inv */, + ossl_ec_GFp_simple_field_inv, 0 /* field_encode */, 0 /* field_decode */, 0 /* field_set_to_one */, @@ -779,7 +684,7 @@ ossl_ecdsa_simple_sign_setup, ossl_ecdsa_simple_sign_sig, ossl_ecdsa_simple_verify_sig, - ecp_sm2p256_inv_mod_ord, + 0, /* use constant‑time fallback for inverse mod order */ 0, /* blind_coordinates */ 0, /* ladder_pre */ 0, /* ladder_step */ diff -Nru openssl-3.5.1/crypto/encode_decode/decoder_lib.c openssl-3.5.4/crypto/encode_decode/decoder_lib.c --- openssl-3.5.1/crypto/encode_decode/decoder_lib.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/encode_decode/decoder_lib.c 2025-09-30 12:37:40.000000000 +0000 @@ -537,6 +537,14 @@ } } +static int decoder_sk_cmp(const OSSL_DECODER_INSTANCE *const *a, + const OSSL_DECODER_INSTANCE *const *b) +{ + if ((*a)->score == (*b)->score) + return (*a)->order - (*b)->order; + return (*a)->score - (*b)->score; +} + int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, OSSL_LIB_CTX *libctx, const char *propq) { @@ -595,6 +603,26 @@ OSSL_DECODER_do_all_provided(libctx, collect_all_decoders, skdecoders); numdecoders = sk_OSSL_DECODER_num(skdecoders); + /* + * If there are provided or default properties, sort the initial decoder list + * by property matching score so that the highest scored provider is selected + * first. + */ + if (propq != NULL || ossl_ctx_global_properties(libctx, 0) != NULL) { + int num_decoder_insts = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts); + int i; + OSSL_DECODER_INSTANCE *di; + sk_OSSL_DECODER_INSTANCE_compfunc old_cmp = + sk_OSSL_DECODER_INSTANCE_set_cmp_func(ctx->decoder_insts, decoder_sk_cmp); + + for (i = 0; i < num_decoder_insts; i++) { + di = sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); + di->order = i; + } + sk_OSSL_DECODER_INSTANCE_sort(ctx->decoder_insts); + sk_OSSL_DECODER_INSTANCE_set_cmp_func(ctx->decoder_insts, old_cmp); + } + memset(&data, 0, sizeof(data)); data.ctx = ctx; data.w_prev_start = 0; diff -Nru openssl-3.5.1/crypto/encode_decode/decoder_pkey.c openssl-3.5.4/crypto/encode_decode/decoder_pkey.c --- openssl-3.5.1/crypto/encode_decode/decoder_pkey.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/encode_decode/decoder_pkey.c 2025-09-30 12:37:40.000000000 +0000 @@ -222,15 +222,21 @@ int total; /* number of matching results */ char error_occurred; char keytype_resolved; + OSSL_PROPERTY_LIST *pq; STACK_OF(EVP_KEYMGMT) *keymgmts; }; -static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, - void *provctx, struct collect_data_st *data) +/* + * Add decoder instance to the decoder context if it is compatible. Returns 1 + * if a decoder was added, 0 otherwise. + */ +static int collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder, + void *provctx, struct collect_data_st *data) { void *decoderctx = NULL; OSSL_DECODER_INSTANCE *di = NULL; + const OSSL_PROPERTY_LIST *props; /* * We already checked the EVP_KEYMGMT is applicable in check_keymgmt so we @@ -239,17 +245,17 @@ if (keymgmt->name_id != decoder->base.id) /* Mismatch is not an error, continue. */ - return; + return 0; if ((decoderctx = decoder->newctx(provctx)) == NULL) { data->error_occurred = 1; - return; + return 0; } if ((di = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) { decoder->freectx(decoderctx); data->error_occurred = 1; - return; + return 0; } /* @@ -263,7 +269,7 @@ || OPENSSL_strcasecmp(data->ctx->start_input_type, "PEM") != 0)) { /* Mismatch is not an error, continue. */ ossl_decoder_instance_free(di); - return; + return 0; } OSSL_TRACE_BEGIN(DECODER) { @@ -275,13 +281,30 @@ OSSL_DECODER_get0_properties(decoder)); } OSSL_TRACE_END(DECODER); + /* + * Get the property match score so the decoders can be prioritized later. + */ + props = ossl_decoder_parsed_properties(decoder); + if (data->pq != NULL && props != NULL) { + di->score = ossl_property_match_count(data->pq, props); + /* + * Mismatch of mandatory properties is not an error, the decoder is just + * ignored, continue. + */ + if (di->score < 0) { + ossl_decoder_instance_free(di); + return 0; + } + } + if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) { ossl_decoder_instance_free(di); data->error_occurred = 1; - return; + return 0; } ++data->total; + return 1; } static void collect_decoder(OSSL_DECODER *decoder, void *arg) @@ -321,7 +344,9 @@ for (i = 0; i < end_i; ++i) { keymgmt = sk_EVP_KEYMGMT_value(keymgmts, i); - collect_decoder_keymgmt(keymgmt, decoder, provctx, data); + /* Only add this decoder once */ + if (collect_decoder_keymgmt(keymgmt, decoder, provctx, data)) + break; if (data->error_occurred) return; } @@ -407,6 +432,8 @@ struct decoder_pkey_data_st *process_data = NULL; struct collect_data_st collect_data = { NULL }; STACK_OF(EVP_KEYMGMT) *keymgmts = NULL; + OSSL_PROPERTY_LIST **plp; + OSSL_PROPERTY_LIST *pq = NULL, *p2 = NULL; OSSL_TRACE_BEGIN(DECODER) { const char *input_type = ctx->start_input_type; @@ -443,6 +470,25 @@ process_data->keymgmts = keymgmts; /* + * Collect passed and default properties to prioritize the decoders. + */ + if (propquery != NULL) + p2 = pq = ossl_parse_query(libctx, propquery, 1); + + plp = ossl_ctx_global_properties(libctx, 0); + if (plp != NULL && *plp != NULL) { + if (pq == NULL) { + pq = *plp; + } else { + p2 = ossl_property_merge(pq, *plp); + ossl_property_free(pq); + if (p2 == NULL) + goto err; + pq = p2; + } + } + + /* * Enumerate all keymgmts into a stack. * * We could nest EVP_KEYMGMT_do_all_provided inside @@ -457,10 +503,11 @@ * upfront, as this ensures that the names for all loaded providers have * been registered by the time we try to resolve the keytype string. */ - collect_data.ctx = ctx; - collect_data.libctx = libctx; - collect_data.keymgmts = keymgmts; - collect_data.keytype = keytype; + collect_data.ctx = ctx; + collect_data.libctx = libctx; + collect_data.keymgmts = keymgmts; + collect_data.keytype = keytype; + collect_data.pq = pq; EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, &collect_data); if (collect_data.error_occurred) @@ -496,6 +543,7 @@ ok = 1; err: decoder_clean_pkey_construct_arg(process_data); + ossl_property_free(p2); return ok; } diff -Nru openssl-3.5.1/crypto/encode_decode/encoder_local.h openssl-3.5.4/crypto/encode_decode/encoder_local.h --- openssl-3.5.1/crypto/encode_decode/encoder_local.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/encode_decode/encoder_local.h 2025-09-30 12:37:40.000000000 +0000 @@ -109,6 +109,8 @@ const char *input_type; /* Never NULL */ const char *input_structure; /* May be NULL */ int input_type_id; + int order; /* For stable ordering of decoders wrt proqs */ + int score; /* For ordering decoders wrt proqs */ unsigned int flag_input_structure_was_set : 1; }; diff -Nru openssl-3.5.1/crypto/err/openssl.txt openssl-3.5.4/crypto/err/openssl.txt --- openssl-3.5.1/crypto/err/openssl.txt 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/err/openssl.txt 2025-09-30 12:37:40.000000000 +0000 @@ -1076,6 +1076,7 @@ PROV_R_FINAL_CALL_OUT_OF_ORDER:237:final call out of order PROV_R_FIPS_MODULE_CONDITIONAL_ERROR:227:fips module conditional error PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE:224:fips module entering error state +PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR:253:fips module import pct error PROV_R_FIPS_MODULE_IN_ERROR_STATE:225:fips module in error state PROV_R_GENERATE_ERROR:191:generate error PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:165:\ diff -Nru openssl-3.5.1/crypto/evp/asymcipher.c openssl-3.5.4/crypto/evp/asymcipher.c --- openssl-3.5.1/crypto/evp/asymcipher.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/evp/asymcipher.c 2025-09-30 12:37:40.000000000 +0000 @@ -261,10 +261,12 @@ cipher = ctx->op.ciph.cipher; desc = cipher->description != NULL ? cipher->description : ""; + ERR_set_mark(); ret = cipher->encrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE, "%s encrypt:%s", cipher->type_name, desc); + ERR_clear_last_mark(); return ret; legacy: @@ -309,10 +311,12 @@ cipher = ctx->op.ciph.cipher; desc = cipher->description != NULL ? cipher->description : ""; + ERR_set_mark(); ret = cipher->decrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE, "%s decrypt:%s", cipher->type_name, desc); + ERR_clear_last_mark(); return ret; diff -Nru openssl-3.5.1/crypto/evp/bio_ok.c openssl-3.5.4/crypto/evp/bio_ok.c --- openssl-3.5.1/crypto/evp/bio_ok.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/evp/bio_ok.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -560,7 +560,7 @@ { BIO_OK_CTX *ctx; EVP_MD_CTX *md; - unsigned long tl = 0; + size_t tl = 0; unsigned char tmp[EVP_MAX_MD_SIZE]; int md_size; @@ -571,15 +571,18 @@ goto berr; assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ - tl = ctx->buf[0]; - tl <<= 8; - tl |= ctx->buf[1]; - tl <<= 8; - tl |= ctx->buf[2]; - tl <<= 8; - tl |= ctx->buf[3]; + tl = ((size_t)ctx->buf[0] << 24) + | ((size_t)ctx->buf[1] << 16) + | ((size_t)ctx->buf[2] << 8) + | ((size_t)ctx->buf[3]); - if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) + if (tl > OK_BLOCK_SIZE) + goto berr; + + if (tl > SIZE_MAX - OK_BLOCK_BLOCK - (size_t)md_size) + goto berr; + + if (ctx->buf_len < tl + OK_BLOCK_BLOCK + (size_t)md_size) return 1; if (!EVP_DigestUpdate(md, @@ -587,7 +590,7 @@ goto berr; if (!EVP_DigestFinal_ex(md, tmp, NULL)) goto berr; - if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { + if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, (size_t)md_size) == 0) { /* there might be parts from next block lurking around ! */ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; ctx->buf_len_save = ctx->buf_len; diff -Nru openssl-3.5.1/crypto/evp/ctrl_params_translate.c openssl-3.5.4/crypto/evp/ctrl_params_translate.c --- openssl-3.5.1/crypto/evp/ctrl_params_translate.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/evp/ctrl_params_translate.c 2025-09-30 12:37:40.000000000 +0000 @@ -1356,7 +1356,7 @@ if (i == OSSL_NELEM(str_value_map)) { ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE, "[action:%d, state:%d] padding name %s", - ctx->action_type, state, ctx->p1); + ctx->action_type, state, (const char *)ctx->p2); ctx->p1 = ret = -2; } else if (state == POST_CTRL_TO_PARAMS) { /* EVP_PKEY_CTRL_GET_RSA_PADDING weirdness explained further up */ diff -Nru openssl-3.5.1/crypto/evp/keymgmt_meth.c openssl-3.5.4/crypto/evp/keymgmt_meth.c --- openssl-3.5.1/crypto/evp/keymgmt_meth.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/evp/keymgmt_meth.c 2025-09-30 12:37:40.000000000 +0000 @@ -460,10 +460,12 @@ return NULL; } + ERR_set_mark(); ret = keymgmt->gen(genctx, cb, cbarg); - if (ret == NULL) + if (ret == NULL && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_FAILURE, "%s key generation:%s", keymgmt->type_name, desc); + ERR_clear_last_mark(); return ret; } diff -Nru openssl-3.5.1/crypto/evp/m_sigver.c openssl-3.5.4/crypto/evp/m_sigver.c --- openssl-3.5.1/crypto/evp/m_sigver.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/evp/m_sigver.c 2025-09-30 12:37:40.000000000 +0000 @@ -426,10 +426,12 @@ return 0; } + ERR_set_mark(); ret = signature->digest_sign_update(pctx->op.sig.algctx, data, dsize); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_sign_update:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; legacy: @@ -470,10 +472,12 @@ return 0; } + ERR_set_mark(); ret = signature->digest_verify_update(pctx->op.sig.algctx, data, dsize); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_verify_update:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; legacy: @@ -523,11 +527,13 @@ pctx = dctx; } + ERR_set_mark(); r = signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen, sigret == NULL ? 0 : *siglen); - if (!r) + if (!r && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_sign_final:%s", signature->type_name, desc); + ERR_clear_last_mark(); if (dctx == NULL && sigret != NULL) ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; else @@ -634,11 +640,13 @@ if (sigret != NULL) ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + ERR_set_mark(); ret = signature->digest_sign(pctx->op.sig.algctx, sigret, siglen, sigret == NULL ? 0 : *siglen, tbs, tbslen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_sign:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; } } else { @@ -689,10 +697,12 @@ pctx = dctx; } + ERR_set_mark(); r = signature->digest_verify_final(pctx->op.sig.algctx, sig, siglen); - if (!r) + if (!r && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_verify_final:%s", signature->type_name, desc); + ERR_clear_last_mark(); if (dctx == NULL) ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; else @@ -765,10 +775,12 @@ int ret; ctx->flags |= EVP_MD_CTX_FLAG_FINALISED; + ERR_set_mark(); ret = signature->digest_verify(pctx->op.sig.algctx, sigret, siglen, tbs, tbslen); - if (ret <= 0) + if (ret <= 0 && ERR_count_to_mark() == 0) ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE, "%s digest_verify:%s", signature->type_name, desc); + ERR_clear_last_mark(); return ret; } } else { diff -Nru openssl-3.5.1/crypto/evp/p_lib.c openssl-3.5.4/crypto/evp/p_lib.c --- openssl-3.5.1/crypto/evp/p_lib.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/evp/p_lib.c 2025-09-30 12:37:40.000000000 +0000 @@ -1146,15 +1146,14 @@ } else { const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - const char *supported_sig = - pkey->keymgmt->query_operation_name != NULL - ? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE) - : EVP_KEYMGMT_get0_name(pkey->keymgmt); - EVP_SIGNATURE *signature = NULL; + EVP_SIGNATURE *sig; + const char *name; - signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL); - if (signature != NULL) { - EVP_SIGNATURE_free(signature); + name = evp_keymgmt_util_query_operation_name(pkey->keymgmt, + OSSL_OP_SIGNATURE); + sig = EVP_SIGNATURE_fetch(libctx, name, NULL); + if (sig != NULL) { + EVP_SIGNATURE_free(sig); return 1; } } diff -Nru openssl-3.5.1/crypto/evp/p_seal.c openssl-3.5.4/crypto/evp/p_seal.c --- openssl-3.5.1/crypto/evp/p_seal.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/evp/p_seal.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -55,6 +55,7 @@ for (i = 0; i < npubk; i++) { size_t keylen = len; + size_t outlen = EVP_PKEY_get_size(pubk[i]); pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pubk[i], NULL); if (pctx == NULL) { @@ -63,9 +64,9 @@ } if (EVP_PKEY_encrypt_init(pctx) <= 0 - || EVP_PKEY_encrypt(pctx, ek[i], &keylen, key, keylen) <= 0) + || EVP_PKEY_encrypt(pctx, ek[i], &outlen, key, keylen) <= 0) goto err; - ekl[i] = (int)keylen; + ekl[i] = (int)outlen; EVP_PKEY_CTX_free(pctx); } pctx = NULL; diff -Nru openssl-3.5.1/crypto/evp/skeymgmt_meth.c openssl-3.5.4/crypto/evp/skeymgmt_meth.c --- openssl-3.5.1/crypto/evp/skeymgmt_meth.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/evp/skeymgmt_meth.c 2025-09-30 12:37:40.000000000 +0000 @@ -197,7 +197,7 @@ void (*fn)(EVP_SKEYMGMT *skeymgmt, void *arg), void *arg) { - evp_generic_do_all(libctx, OSSL_OP_KEYMGMT, + evp_generic_do_all(libctx, OSSL_OP_SKEYMGMT, (void (*)(void *, void *))fn, arg, skeymgmt_from_algorithm, (int (*)(void *))EVP_SKEYMGMT_up_ref, diff -Nru openssl-3.5.1/crypto/http/http_lib.c openssl-3.5.4/crypto/http/http_lib.c --- openssl-3.5.1/crypto/http/http_lib.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/http/http_lib.c 2025-09-30 12:37:40.000000000 +0000 @@ -263,6 +263,7 @@ /* strip leading '[' and trailing ']' from escaped IPv6 address */ sl -= 2; strncpy(host, server + 1, sl); + host[sl] = '\0'; server = host; } diff -Nru openssl-3.5.1/crypto/info.c openssl-3.5.4/crypto/info.c --- openssl-3.5.1/crypto/info.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/info.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,6 +23,9 @@ #if defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" # define CPU_INFO_STR_LEN 128 +#elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC) +# include "crypto/ppc_arch.h" +# define CPU_INFO_STR_LEN 128 #elif defined(__s390__) || defined(__s390x__) # include "s390x_arch.h" # define CPU_INFO_STR_LEN 2048 @@ -77,6 +80,15 @@ BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), " env:%s", env); +# elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC) + const char *env; + + BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), + CPUINFO_PREFIX "OPENSSL_ppccap=0x%x", OPENSSL_ppccap_P); + if ((env = getenv("OPENSSL_ppccap")) != NULL) + BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), + sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), + " env:%s", env); # elif defined(__s390__) || defined(__s390x__) const char *env; diff -Nru openssl-3.5.1/crypto/ml_dsa/ml_dsa_key.c openssl-3.5.4/crypto/ml_dsa/ml_dsa_key.c --- openssl-3.5.1/crypto/ml_dsa/ml_dsa_key.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/ml_dsa/ml_dsa_key.c 2025-09-30 12:37:40.000000000 +0000 @@ -311,6 +311,7 @@ static int public_from_private(const ML_DSA_KEY *key, EVP_MD_CTX *md_ctx, VECTOR *t1, VECTOR *t0) { + int ret = 0; const ML_DSA_PARAMS *params = key->params; uint32_t k = params->k, l = params->l; POLY *polys; @@ -343,9 +344,10 @@ /* Zeroize secret */ vector_zero(&s1_ntt); + ret = 1; err: OPENSSL_free(polys); - return 1; + return ret; } int ossl_ml_dsa_key_public_from_private(ML_DSA_KEY *key) diff -Nru openssl-3.5.1/crypto/ml_kem/ml_kem.c openssl-3.5.4/crypto/ml_kem/ml_kem.c --- openssl-3.5.1/crypto/ml_kem/ml_kem.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/ml_kem/ml_kem.c 2025-09-30 12:37:40.000000000 +0000 @@ -2046,5 +2046,5 @@ * No match if just one of the public keys is not available, otherwise both * are unavailable, and for now such keys are considered equal. */ - return (ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2)); + return (!(ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2))); } diff -Nru openssl-3.5.1/crypto/modes/siv128.c openssl-3.5.4/crypto/modes/siv128.c --- openssl-3.5.1/crypto/modes/siv128.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/modes/siv128.c 2025-09-30 12:37:40.000000000 +0000 @@ -202,9 +202,12 @@ || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, sizeof(ctx->d.byte))) { EVP_CIPHER_CTX_free(ctx->cipher_ctx); + ctx->cipher_ctx = NULL; EVP_MAC_CTX_free(ctx->mac_ctx_init); + ctx->mac_ctx_init = NULL; EVP_MAC_CTX_free(mac_ctx); EVP_MAC_free(ctx->mac); + ctx->mac = NULL; return 0; } EVP_MAC_CTX_free(mac_ctx); diff -Nru openssl-3.5.1/crypto/pkcs7/pk7_doit.c openssl-3.5.4/crypto/pkcs7/pk7_doit.c --- openssl-3.5.1/crypto/pkcs7/pk7_doit.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/pkcs7/pk7_doit.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -361,8 +361,11 @@ if (xalg->parameter == NULL) goto err; } - if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) + if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) { + ASN1_TYPE_free(xalg->parameter); + xalg->parameter = NULL; goto err; + } } /* Lets do the pub key stuff :-) */ diff -Nru openssl-3.5.1/crypto/property/property_parse.c openssl-3.5.4/crypto/property/property_parse.c --- openssl-3.5.1/crypto/property/property_parse.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/property/property_parse.c 2025-09-30 12:37:40.000000000 +0000 @@ -641,7 +641,7 @@ } quotes = quote != '\0'; - if (*remain == 0) { + if (*remain <= (size_t)quotes) { *needed += 2 * quotes; return; } diff -Nru openssl-3.5.1/crypto/provider_core.c openssl-3.5.4/crypto/provider_core.c --- openssl-3.5.1/crypto/provider_core.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/provider_core.c 2025-09-30 12:37:40.000000000 +0000 @@ -562,8 +562,10 @@ template.parameters = sk_INFOPAIR_deep_copy(p->parameters, infopair_copy, infopair_free); - if (template.parameters == NULL) + if (template.parameters == NULL) { + CRYPTO_THREAD_unlock(store->lock); return NULL; + } break; } CRYPTO_THREAD_unlock(store->lock); @@ -2419,6 +2421,11 @@ return ERR_pop_to_mark(); } +static int core_count_to_mark(const OSSL_CORE_HANDLE *handle) +{ + return ERR_count_to_mark(); +} + static void core_indicator_get_callback(OPENSSL_CORE_CTX *libctx, OSSL_INDICATOR_CALLBACK **cb) { @@ -2600,6 +2607,7 @@ { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK, (void (*)(void))core_clear_last_error_mark }, { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark }, + { OSSL_FUNC_CORE_COUNT_TO_MARK, (void (*)(void))core_count_to_mark }, { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file }, { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf }, { OSSL_FUNC_BIO_READ_EX, (void (*)(void))ossl_core_bio_read_ex }, diff -Nru openssl-3.5.1/crypto/rand/randfile.c openssl-3.5.4/crypto/rand/randfile.c --- openssl-3.5.1/crypto/rand/randfile.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/rand/randfile.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -167,6 +167,10 @@ /* If given a bytecount, and we did it, break. */ if (bytes > 0 && (bytes -= i) <= 0) break; + + /* We can hit a signed integer overflow on the next iteration */ + if (ret > INT_MAX - RAND_LOAD_BUF_SIZE) + break; } OPENSSL_cleanse(buf, sizeof(buf)); diff -Nru openssl-3.5.1/crypto/riscv32cpuid.pl openssl-3.5.4/crypto/riscv32cpuid.pl --- openssl-3.5.1/crypto/riscv32cpuid.pl 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/riscv32cpuid.pl 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -94,7 +94,8 @@ .globl riscv_vlen_asm .type riscv_vlen_asm,\@function riscv_vlen_asm: - csrr $ret, vlenb + # 0xc22 is CSR vlenb + csrr $ret, 0xc22 slli $ret, $ret, 3 ret .size riscv_vlen_asm,.-riscv_vlen_asm diff -Nru openssl-3.5.1/crypto/riscv64cpuid.pl openssl-3.5.4/crypto/riscv64cpuid.pl --- openssl-3.5.1/crypto/riscv64cpuid.pl 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/riscv64cpuid.pl 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -94,7 +94,8 @@ .globl riscv_vlen_asm .type riscv_vlen_asm,\@function riscv_vlen_asm: - csrr $ret, vlenb + # 0xc22 is CSR vlenb + csrr $ret, 0xc22 slli $ret, $ret, 3 ret .size riscv_vlen_asm,.-riscv_vlen_asm diff -Nru openssl-3.5.1/crypto/rsa/rsa_pmeth.c openssl-3.5.4/crypto/rsa/rsa_pmeth.c --- openssl-3.5.1/crypto/rsa/rsa_pmeth.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/rsa/rsa_pmeth.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -228,7 +228,7 @@ return -1; ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, RSA_X931_PADDING); - if (ret < 1) + if (ret <= 0) return 0; ret--; if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_get_type(rctx->md))) { @@ -255,7 +255,7 @@ } else { ret = RSA_public_decrypt(siglen, sig, rout, rsa, rctx->pad_mode); } - if (ret < 0) + if (ret <= 0) return ret; *routlen = ret; return 1; @@ -313,7 +313,7 @@ return -1; rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, rctx->pad_mode); - if (rslen == 0) + if (rslen <= 0) return 0; } diff -Nru openssl-3.5.1/crypto/rsa/rsa_sign.c openssl-3.5.4/crypto/rsa/rsa_sign.c --- openssl-3.5.1/crypto/rsa/rsa_sign.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/rsa/rsa_sign.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -129,7 +129,7 @@ # ifndef OPENSSL_NO_SM3 /* SM3 (1 2 156 10197 1 401) */ static const unsigned char digestinfo_sm3_der[] = { - ASN1_SEQUENCE, 0x0f + SM3_DIGEST_LENGTH, + ASN1_SEQUENCE, 0x10 + SM3_DIGEST_LENGTH, ASN1_SEQUENCE, 0x0c, ASN1_OID, 0x08, 1 * 40 + 2, 0x81, 0x1c, 0xcf, 0x55, 1, 0x83, 0x78, ASN1_NULL, 0x00, diff -Nru openssl-3.5.1/crypto/sleep.c openssl-3.5.4/crypto/sleep.c --- openssl-3.5.1/crypto/sleep.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/sleep.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -9,9 +9,10 @@ #include #include "internal/e_os.h" +#include "internal/time.h" /* system-specific variants defining OSSL_sleep() */ -#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) +#if (defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)) && !defined(OPENSSL_USE_SLEEP_BUSYLOOP) # if defined(OPENSSL_USE_USLEEP) \ || defined(__DJGPP__) \ @@ -26,7 +27,7 @@ */ # include -void OSSL_sleep(uint64_t millis) +static void ossl_sleep_millis(uint64_t millis) { unsigned int s = (unsigned int)(millis / 1000); unsigned int us = (unsigned int)((millis % 1000) * 1000); @@ -45,7 +46,7 @@ # elif defined(__TANDEM) && !defined(_REENTRANT) # include -void OSSL_sleep(uint64_t millis) +static void ossl_sleep_millis(uint64_t millis) { /* HPNS does not support usleep for non threaded apps */ PROCESS_DELAY_(millis * 1000); @@ -55,7 +56,7 @@ /* nanosleep is defined by POSIX.1-2001 */ # include -void OSSL_sleep(uint64_t millis) +static void ossl_sleep_millis(uint64_t millis) { struct timespec ts; @@ -68,7 +69,7 @@ #elif defined(_WIN32) && !defined(OPENSSL_SYS_UEFI) # include -void OSSL_sleep(uint64_t millis) +static void ossl_sleep_millis(uint64_t millis) { /* * Windows' Sleep() takes a DWORD argument, which is smaller than @@ -83,7 +84,7 @@ #else /* Fallback to a busy wait */ -# include "internal/time.h" +# define USE_SLEEP_SECS static void ossl_sleep_secs(uint64_t secs) { @@ -107,10 +108,28 @@ while (ossl_time_compare(ossl_time_now(), finish) < 0) /* busy wait */ ; } +#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ void OSSL_sleep(uint64_t millis) { - ossl_sleep_secs(millis / 1000); - ossl_sleep_millis(millis % 1000); + OSSL_TIME now = ossl_time_now(); + OSSL_TIME finish = ossl_time_add(now, ossl_ms2time(millis)); + uint64_t left = millis; + +#if defined(USE_SLEEP_SECS) + do { + ossl_sleep_secs(left / 1000); + now = ossl_time_now(); + left = ossl_time2ms(ossl_time_subtract(finish, now)); + } while (ossl_time_compare(now, finish) < 0 && left > 1000); + + if (ossl_time_compare(now, finish) >= 0) + return; +#endif + + do { + ossl_sleep_millis(left); + now = ossl_time_now(); + left = ossl_time2ms(ossl_time_subtract(finish, now)); + } while (ossl_time_compare(now, finish) < 0); } -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ diff -Nru openssl-3.5.1/crypto/slh_dsa/slh_dsa_key.c openssl-3.5.4/crypto/slh_dsa/slh_dsa_key.c --- openssl-3.5.1/crypto/slh_dsa/slh_dsa_key.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/slh_dsa/slh_dsa_key.c 2025-09-30 12:37:40.000000000 +0000 @@ -77,6 +77,17 @@ } /** + * @brief Return the libctx associated with a SLH_DSA_KEY object + * + * @param key A SLH_DSA_KEY to extract the libctx from. + * @returns The new OSSL_LIB_CTX object on success, or NULL failure + */ +OSSL_LIB_CTX *ossl_slh_dsa_key_get0_libctx(const SLH_DSA_KEY *key) +{ + return key != NULL ? key->libctx : NULL; +} + +/** * @brief Create a new SLH_DSA_KEY object * * @param libctx A OSSL_LIB_CTX object used for fetching algorithms. @@ -235,6 +246,15 @@ return ret; } +void ossl_slh_dsa_key_reset(SLH_DSA_KEY *key) +{ + key->pub = NULL; + if (key->has_priv) { + key->has_priv = 0; + OPENSSL_cleanse(key->priv, sizeof(key->priv)); + } +} + /** * @brief Load a SLH_DSA key from raw data. * @@ -293,9 +313,7 @@ key->pub = p; return 1; err: - key->pub = NULL; - key->has_priv = 0; - OPENSSL_cleanse(key->priv, priv_len); + ossl_slh_dsa_key_reset(key); return 0; } diff -Nru openssl-3.5.1/crypto/slh_dsa/slh_hash.c openssl-3.5.4/crypto/slh_dsa/slh_hash.c --- openssl-3.5.1/crypto/slh_dsa/slh_hash.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/slh_dsa/slh_hash.c 2025-09-30 12:37:40.000000000 +0000 @@ -158,6 +158,9 @@ int sz = EVP_MD_get_size(hctx->key->md_big); size_t seed_len = (size_t)sz + 2 * n; + if (sz <= 0) + return 0; + memcpy(seed, r, n); memcpy(seed + n, pk_seed, n); return digest_4(hctx->md_big_ctx, r, n, pk_seed, n, pk_root, n, msg, msg_len, diff -Nru openssl-3.5.1/crypto/sm2/sm2_sign.c openssl-3.5.4/crypto/sm2/sm2_sign.c --- openssl-3.5.1/crypto/sm2/sm2_sign.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/sm2/sm2_sign.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -220,6 +220,10 @@ BIGNUM *tmp = NULL; OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); + if (dA == NULL) { + ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY); + goto done; + } kG = EC_POINT_new(group); if (kG == NULL) { ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); diff -Nru openssl-3.5.1/crypto/store/store_lib.c openssl-3.5.4/crypto/store/store_lib.c --- openssl-3.5.1/crypto/store/store_lib.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/store/store_lib.c 2025-09-30 12:37:40.000000000 +0000 @@ -428,12 +428,6 @@ if (ctx->loader != NULL) OSSL_TRACE(STORE, "Loading next object\n"); - if (ctx->cached_info != NULL - && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { - sk_OSSL_STORE_INFO_free(ctx->cached_info); - ctx->cached_info = NULL; - } - if (ctx->cached_info != NULL) { v = sk_OSSL_STORE_INFO_shift(ctx->cached_info); } else { @@ -556,14 +550,23 @@ int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) { - int ret = 1; + int ret = 0; - if (ctx->fetched_loader != NULL) - ret = ctx->loader->p_eof(ctx->loader_ctx); + if (ctx->cached_info != NULL + && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { + sk_OSSL_STORE_INFO_free(ctx->cached_info); + ctx->cached_info = NULL; + } + + if (ctx->cached_info == NULL) { + ret = 1; + if (ctx->fetched_loader != NULL) + ret = ctx->loader->p_eof(ctx->loader_ctx); #ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) - ret = ctx->loader->eof(ctx->loader_ctx); + if (ctx->fetched_loader == NULL) + ret = ctx->loader->eof(ctx->loader_ctx); #endif + } return ret != 0; } diff -Nru openssl-3.5.1/crypto/threads_pthread.c openssl-3.5.4/crypto/threads_pthread.c --- openssl-3.5.1/crypto/threads_pthread.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/threads_pthread.c 2025-09-30 12:37:40.000000000 +0000 @@ -62,8 +62,10 @@ /* * The Non-Stop KLT thread model currently seems broken in its rwlock * implementation + * Likewise is there a problem with the glibc implementation on riscv. */ -# if defined(PTHREAD_RWLOCK_INITIALIZER) && !defined(_KLT_MODEL_) +# if defined(PTHREAD_RWLOCK_INITIALIZER) && !defined(_KLT_MODEL_) \ + && !defined(__riscv) # define USE_RWLOCK # endif @@ -279,7 +281,7 @@ /* if the idx hasn't changed, we're good, else try again */ if (qp_idx == ATOMIC_LOAD_N(uint32_t, &lock->reader_idx, - __ATOMIC_RELAXED)) + __ATOMIC_ACQUIRE)) break; ATOMIC_SUB_FETCH(&lock->qp_group[qp_idx].users, (uint64_t)1, @@ -403,8 +405,12 @@ *curr_id = lock->id_ctr; lock->id_ctr++; + /* + * make the current state of everything visible by this release + * when get_hold_current_qp acquires the next qp + */ ATOMIC_STORE_N(uint32_t, &lock->reader_idx, lock->current_alloc_idx, - __ATOMIC_RELAXED); + __ATOMIC_RELEASE); /* * this should make sure that the new value of reader_idx is visible in diff -Nru openssl-3.5.1/crypto/x509/by_store.c openssl-3.5.4/crypto/x509/by_store.c --- openssl-3.5.1/crypto/x509/by_store.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/by_store.c 2025-09-30 12:37:40.000000000 +0000 @@ -17,7 +17,6 @@ char *uri; OSSL_LIB_CTX *libctx; char *propq; - OSSL_STORE_CTX *ctx; } CACHED_STORE; DEFINE_STACK_OF(CACHED_STORE) @@ -27,14 +26,12 @@ const OSSL_STORE_SEARCH *criterion, int depth) { int ok = 0; - OSSL_STORE_CTX *ctx = store->ctx; + OSSL_STORE_CTX *ctx; X509_STORE *xstore = X509_LOOKUP_get_store(lctx); - if (ctx == NULL - && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq, - NULL, NULL, NULL, NULL, NULL)) == NULL) + if ((ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq, + NULL, NULL, NULL, NULL, NULL)) == NULL) return 0; - store->ctx = ctx; /* * We try to set the criterion, but don't care if it was valid or not. @@ -79,7 +76,6 @@ substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info); substore.libctx = store->libctx; substore.propq = store->propq; - substore.ctx = NULL; ok = cache_objects(lctx, &substore, criterion, depth - 1); } } else { @@ -105,7 +101,6 @@ break; } OSSL_STORE_close(ctx); - store->ctx = NULL; return ok; } @@ -114,7 +109,6 @@ static void free_store(CACHED_STORE *store) { if (store != NULL) { - OSSL_STORE_close(store->ctx); OPENSSL_free(store->uri); OPENSSL_free(store->propq); OPENSSL_free(store); @@ -136,6 +130,7 @@ if (argp != NULL) { STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx); CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store)); + OSSL_STORE_CTX *sctx; if (store == NULL) { return 0; @@ -145,14 +140,20 @@ store->libctx = libctx; if (propq != NULL) store->propq = OPENSSL_strdup(propq); - store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL, - NULL, NULL, NULL); - if (store->ctx == NULL + /* + * We open this to check for errors now - so we can report those + * errors early. + */ + sctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL, + NULL, NULL, NULL); + if (sctx == NULL || (propq != NULL && store->propq == NULL) || store->uri == NULL) { + OSSL_STORE_close(sctx); free_store(store); return 0; } + OSSL_STORE_close(sctx); if (stores == NULL) { stores = sk_CACHED_STORE_new_null(); @@ -174,7 +175,6 @@ store.uri = (char *)argp; store.libctx = libctx; store.propq = (char *)propq; - store.ctx = NULL; return cache_objects(ctx, &store, NULL, 0); } default: @@ -218,8 +218,14 @@ OSSL_STORE_SEARCH_free(criterion); - if (ok) + if (ok) { + X509_STORE *store = X509_LOOKUP_get_store(ctx); + + if (!ossl_x509_store_read_lock(store)) + return 0; tmp = X509_OBJECT_retrieve_by_subject(store_objects, type, name); + X509_STORE_unlock(store); + } ok = 0; if (tmp != NULL) { diff -Nru openssl-3.5.1/crypto/x509/t_req.c openssl-3.5.4/crypto/x509/t_req.c --- openssl-3.5.1/crypto/x509/t_req.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/t_req.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,7 +40,7 @@ long l; int i; EVP_PKEY *pkey; - STACK_OF(X509_EXTENSION) *exts; + STACK_OF(X509_EXTENSION) *exts = NULL; char mlch = ' '; int nmindent = 0, printok = 0; @@ -191,6 +191,7 @@ goto err; } sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + exts = NULL; } } @@ -204,6 +205,7 @@ return 1; err: + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); return 0; } diff -Nru openssl-3.5.1/crypto/x509/t_x509.c openssl-3.5.4/crypto/x509/t_x509.c --- openssl-3.5.1/crypto/x509/t_x509.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/t_x509.c 2025-09-30 12:37:40.000000000 +0000 @@ -219,7 +219,8 @@ goto err; if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL) goto err; - i2d_X509_NAME(subj, &dertmp); + if (i2d_X509_NAME(subj, &dertmp) < 0) + goto err; md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq); if (md == NULL) diff -Nru openssl-3.5.1/crypto/x509/v3_attrdesc.c openssl-3.5.4/crypto/x509/v3_attrdesc.c --- openssl-3.5.1/crypto/x509/v3_attrdesc.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/v3_attrdesc.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,8 @@ } if (BIO_printf(out, "%*sHash Value: ", indent, "") <= 0) return 0; + if (hash->hashValue == NULL) + return 0; return ossl_bio_print_hex(out, hash->hashValue->data, hash->hashValue->length); } diff -Nru openssl-3.5.1/crypto/x509/v3_purp.c openssl-3.5.4/crypto/x509/v3_purp.c --- openssl-3.5.1/crypto/x509/v3_purp.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/v3_purp.c 2025-09-30 12:37:40.000000000 +0000 @@ -186,7 +186,7 @@ return 0; } if (trust < X509_TRUST_DEFAULT || name == NULL || sname == NULL || ck == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT); + ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } diff -Nru openssl-3.5.1/crypto/x509/x509_ext.c openssl-3.5.4/crypto/x509/x509_ext.c --- openssl-3.5.1/crypto/x509/x509_ext.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/x509_ext.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,9 +42,21 @@ return X509v3_get_ext(x->crl.extensions, loc); } +static X509_EXTENSION *delete_ext(STACK_OF(X509_EXTENSION) **sk, int loc) +{ + X509_EXTENSION *ret = X509v3_delete_ext(*sk, loc); + + /* Empty extension lists are omitted. */ + if (*sk != NULL && sk_X509_EXTENSION_num(*sk) == 0) { + sk_X509_EXTENSION_pop_free(*sk, X509_EXTENSION_free); + *sk = NULL; + } + return ret; +} + X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) { - return X509v3_delete_ext(x->crl.extensions, loc); + return delete_ext(&x->crl.extensions, loc); } void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) @@ -91,7 +103,7 @@ X509_EXTENSION *X509_delete_ext(X509 *x, int loc) { - return X509v3_delete_ext(x->cert_info.extensions, loc); + return delete_ext(&x->cert_info.extensions, loc); } int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) @@ -139,7 +151,7 @@ X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) { - return X509v3_delete_ext(x->extensions, loc); + return delete_ext(&x->extensions, loc); } int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) diff -Nru openssl-3.5.1/crypto/x509/x509_local.h openssl-3.5.4/crypto/x509/x509_local.h --- openssl-3.5.1/crypto/x509/x509_local.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/x509_local.h 2025-09-30 12:37:40.000000000 +0000 @@ -159,3 +159,4 @@ int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject); int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *ctx, X509_LOOKUP_TYPE type, const X509_NAME *name, X509_OBJECT *ret); +int ossl_x509_store_read_lock(X509_STORE *xs); diff -Nru openssl-3.5.1/crypto/x509/x509_lu.c openssl-3.5.4/crypto/x509/x509_lu.c --- openssl-3.5.1/crypto/x509/x509_lu.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/x509_lu.c 2025-09-30 12:37:40.000000000 +0000 @@ -44,7 +44,7 @@ return CRYPTO_THREAD_write_lock(xs->lock); } -static int x509_store_read_lock(X509_STORE *xs) +int ossl_x509_store_read_lock(X509_STORE *xs) { return CRYPTO_THREAD_read_lock(xs->lock); } @@ -331,7 +331,7 @@ stmp.type = X509_LU_NONE; stmp.data.x509 = NULL; - if (!x509_store_read_lock(store)) + if (!ossl_x509_store_read_lock(store)) return 0; /* Should already be sorted...but just in case */ if (!sk_X509_OBJECT_is_sorted(store->objs)) { @@ -408,7 +408,6 @@ } if (!X509_STORE_lock(store)) { - obj->type = X509_LU_NONE; X509_OBJECT_free(obj); return 0; } @@ -604,7 +603,7 @@ return NULL; } - if (!x509_store_read_lock(store)) + if (!ossl_x509_store_read_lock(store)) return NULL; objs = sk_X509_OBJECT_deep_copy(store->objs, x509_object_dup, diff -Nru openssl-3.5.1/crypto/x509/x509_vpm.c openssl-3.5.4/crypto/x509/x509_vpm.c --- openssl-3.5.1/crypto/x509/x509_vpm.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/x509_vpm.c 2025-09-30 12:37:40.000000000 +0000 @@ -635,6 +635,11 @@ { int num = OSSL_NELEM(default_table); + if (id < 0) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT); + return NULL; + } + if (id < num) return default_table + id; return sk_X509_VERIFY_PARAM_value(param_table, id - num); diff -Nru openssl-3.5.1/crypto/x509/x_crl.c openssl-3.5.4/crypto/x509/x_crl.c --- openssl-3.5.1/crypto/x509/x_crl.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/crypto/x509/x_crl.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -289,6 +289,7 @@ static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) { int idp_only = 0; + int ret = 0; /* Set various flags according to IDP */ crl->idp_flags |= IDP_PRESENT; @@ -320,7 +321,17 @@ crl->idp_reasons &= CRLDP_ALL_REASONS; } - return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); + ret = DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); + + /* + * RFC5280 specifies that if onlyContainsUserCerts, onlyContainsCACerts, + * indirectCRL, and OnlyContainsAttributeCerts are all FALSE, there must + * be either a distributionPoint field or an onlySomeReasons field present. + */ + if (crl->idp_flags == IDP_PRESENT && idp->distpoint == NULL) + crl->idp_flags |= IDP_INVALID; + + return ret; } ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { diff -Nru openssl-3.5.1/debian/changelog openssl-3.5.4/debian/changelog --- openssl-3.5.1/debian/changelog 2025-09-26 19:18:35.000000000 +0000 +++ openssl-3.5.4/debian/changelog 2025-11-01 11:22:59.000000000 +0000 @@ -1,3 +1,9 @@ +openssl (3.5.4-1~deb13u1) trixie; urgency=medium + + * Import 3.5.4 + + -- Sebastian Andrzej Siewior Sat, 01 Nov 2025 12:22:59 +0100 + openssl (3.5.1-1+deb13u1) trixie-security; urgency=medium * CVE-2025-9230 (Out-of-bounds read & write in RFC 3211 KEK Unwrap) diff -Nru openssl-3.5.1/debian/control openssl-3.5.4/debian/control --- openssl-3.5.1/debian/control 2025-09-26 19:03:27.000000000 +0000 +++ openssl-3.5.4/debian/control 2025-11-01 11:22:59.000000000 +0000 @@ -68,7 +68,7 @@ Section: libs Architecture: any Multi-Arch: same -Breaks: libssl3 (<< ${source:Version}), openssh-client (<< 1:9.4p1), openssh-server (<< 1:9.4p1), python3-m2crypto (<< 0.38.0-4) +Breaks: libssl3 (<< ${source:Version}), openssh-client (<< 1:9.4p1), openssh-server (<< 1:9.4p1), python3-m2crypto (<< 0.38.0-4), freeradius (<< 3.2.7+dfsg-1+deb13u1) Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends}, openssl-provider-legacy Description: Secure Sockets Layer toolkit - shared libraries diff -Nru openssl-3.5.1/debian/patches/SM2-Use-constant-time-modular-inversion.patch openssl-3.5.4/debian/patches/SM2-Use-constant-time-modular-inversion.patch --- openssl-3.5.1/debian/patches/SM2-Use-constant-time-modular-inversion.patch 2025-09-26 19:17:51.000000000 +0000 +++ openssl-3.5.4/debian/patches/SM2-Use-constant-time-modular-inversion.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -From: Tomas Mraz -Date: Thu, 11 Sep 2025 18:40:34 +0200 -Subject: SM2: Use constant time modular inversion - -Fixes CVE-2025-9231 - -Issue and a proposed fix reported by Stanislav Fort (Aisle Research). ---- - crypto/ec/ecp_sm2p256.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/crypto/ec/ecp_sm2p256.c b/crypto/ec/ecp_sm2p256.c -index 7668b61378b6..f3ace351bdff 100644 ---- a/crypto/ec/ecp_sm2p256.c -+++ b/crypto/ec/ecp_sm2p256.c -@@ -747,7 +747,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void) - ossl_ec_GFp_simple_point_copy, - ossl_ec_GFp_simple_point_set_to_infinity, - ossl_ec_GFp_simple_point_set_affine_coordinates, -- ecp_sm2p256_get_affine, -+ ossl_ec_GFp_simple_point_get_affine_coordinates, - 0, 0, 0, - ossl_ec_GFp_simple_add, - ossl_ec_GFp_simple_dbl, -@@ -763,7 +763,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void) - ecp_sm2p256_field_mul, - ecp_sm2p256_field_sqr, - 0 /* field_div */, -- 0 /* field_inv */, -+ ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */, - 0 /* field_decode */, - 0 /* field_set_to_one */, -@@ -779,7 +779,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void) - ossl_ecdsa_simple_sign_setup, - ossl_ecdsa_simple_sign_sig, - ossl_ecdsa_simple_verify_sig, -- ecp_sm2p256_inv_mod_ord, -+ 0, /* use constant‑time fallback for inverse mod order */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ - 0, /* ladder_step */ diff -Nru openssl-3.5.1/debian/patches/ecp_sm2p256.c-Remove-unused-code.patch openssl-3.5.4/debian/patches/ecp_sm2p256.c-Remove-unused-code.patch --- openssl-3.5.1/debian/patches/ecp_sm2p256.c-Remove-unused-code.patch 2025-09-26 19:17:51.000000000 +0000 +++ openssl-3.5.4/debian/patches/ecp_sm2p256.c-Remove-unused-code.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,135 +0,0 @@ -From: Tomas Mraz -Date: Tue, 16 Sep 2025 14:48:31 +0200 -Subject: ecp_sm2p256.c: Remove unused code - ---- - crypto/ec/ecp_sm2p256.c | 95 ------------------------------------------------- - 1 file changed, 95 deletions(-) - -diff --git a/crypto/ec/ecp_sm2p256.c b/crypto/ec/ecp_sm2p256.c -index f3ace351bdff..ffb58399dfd0 100644 ---- a/crypto/ec/ecp_sm2p256.c -+++ b/crypto/ec/ecp_sm2p256.c -@@ -56,10 +56,6 @@ ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = { - 0xffffffffffffffff, 0xffffffff00000000, - 0xffffffffffffffff, 0xfffffffeffffffff - }; --ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = { -- 0x53bbf40939d54123, 0x7203df6b21c6052b, -- 0xffffffffffffffff, 0xfffffffeffffffff --}; - - ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0}; - -@@ -177,13 +173,6 @@ static ossl_inline void ecp_sm2p256_mod_inverse(BN_ULONG* out, - BN_MOD_INV(out, in, ecp_sm2p256_div_by_2, ecp_sm2p256_sub, def_p); - } - --/* Modular inverse mod order |out| = |in|^(-1) % |ord|. */ --static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out, -- const BN_ULONG* in) { -- BN_MOD_INV(out, in, ecp_sm2p256_div_by_2_mod_ord, ecp_sm2p256_sub_mod_ord, -- def_ord); --} -- - /* Point double: R <- P + P */ - static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P) - { -@@ -454,52 +443,6 @@ static int ecp_sm2p256_is_affine_G(const EC_POINT *generator) - } - #endif - --/* -- * Convert Jacobian coordinate point into affine coordinate (x,y) -- */ --static int ecp_sm2p256_get_affine(const EC_GROUP *group, -- const EC_POINT *point, -- BIGNUM *x, BIGNUM *y, BN_CTX *ctx) --{ -- ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0}; -- ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0}; -- ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0}; -- ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0}; -- ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0}; -- ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0}; -- ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0}; -- -- if (EC_POINT_is_at_infinity(group, point)) { -- ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); -- return 0; -- } -- -- if (ecp_sm2p256_bignum_field_elem(point_x, point->X) <= 0 -- || ecp_sm2p256_bignum_field_elem(point_y, point->Y) <= 0 -- || ecp_sm2p256_bignum_field_elem(point_z, point->Z) <= 0) { -- ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); -- return 0; -- } -- -- ecp_sm2p256_mod_inverse(z_inv3, point_z); -- ecp_sm2p256_sqr(z_inv2, z_inv3); -- -- if (x != NULL) { -- ecp_sm2p256_mul(x_aff, point_x, z_inv2); -- if (!bn_set_words(x, x_aff, P256_LIMBS)) -- return 0; -- } -- -- if (y != NULL) { -- ecp_sm2p256_mul(z_inv3, z_inv3, z_inv2); -- ecp_sm2p256_mul(y_aff, point_y, z_inv3); -- if (!bn_set_words(y, y_aff, P256_LIMBS)) -- return 0; -- } -- -- return 1; --} -- - /* r = sum(scalar[i]*point[i]) */ - static int ecp_sm2p256_windowed_mul(const EC_GROUP *group, - P256_POINT *r, -@@ -689,44 +632,6 @@ static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r, - return 1; - } - --static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, -- const BIGNUM *x, BN_CTX *ctx) --{ -- int ret = 0; -- ALIGN32 BN_ULONG t[P256_LIMBS] = {0}; -- ALIGN32 BN_ULONG out[P256_LIMBS] = {0}; -- -- if (bn_wexpand(r, P256_LIMBS) == NULL) { -- ECerr(ERR_LIB_EC, ERR_R_BN_LIB); -- goto err; -- } -- -- if ((BN_num_bits(x) > 256) || BN_is_negative(x)) { -- BIGNUM *tmp; -- -- if ((tmp = BN_CTX_get(ctx)) == NULL -- || !BN_nnmod(tmp, x, group->order, ctx)) { -- ECerr(ERR_LIB_EC, ERR_R_BN_LIB); -- goto err; -- } -- x = tmp; -- } -- -- if (!ecp_sm2p256_bignum_field_elem(t, x)) { -- ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); -- goto err; -- } -- -- ecp_sm2p256_mod_ord_inverse(out, t); -- -- if (!bn_set_words(r, out, P256_LIMBS)) -- goto err; -- -- ret = 1; --err: -- return ret; --} -- - const EC_METHOD *EC_GFp_sm2p256_method(void) - { - static const EC_METHOD ret = { diff -Nru openssl-3.5.1/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch openssl-3.5.4/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch --- openssl-3.5.1/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch 2025-09-26 19:17:51.000000000 +0000 +++ openssl-3.5.4/debian/patches/kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -From: Viktor Dukhovni -Date: Thu, 11 Sep 2025 18:10:12 +0200 -Subject: kek_unwrap_key(): Fix incorrect check of unwrapped key size - -Fixes CVE-2025-9230 - -The check is off by 8 bytes so it is possible to overread by -up to 8 bytes and overwrite up to 4 bytes. ---- - crypto/cms/cms_pwri.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c -index a7d609f83791..ee1b8aa6ed61 100644 ---- a/crypto/cms/cms_pwri.c -+++ b/crypto/cms/cms_pwri.c -@@ -242,7 +242,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, - /* Check byte failure */ - goto err; - } -- if (inlen < (size_t)(tmp[0] - 4)) { -+ if (inlen < 4 + (size_t)tmp[0]) { - /* Invalid length value */ - goto err; - } diff -Nru openssl-3.5.1/debian/patches/man-section.patch openssl-3.5.4/debian/patches/man-section.patch --- openssl-3.5.1/debian/patches/man-section.patch 2025-09-26 19:17:51.000000000 +0000 +++ openssl-3.5.4/debian/patches/man-section.patch 2025-11-01 11:22:59.000000000 +0000 @@ -7,10 +7,10 @@ 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index a6f666957ec0..46fe9d6f2dd6 100644 +index 81f49926ce92..6ad6ce0c262e 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -347,7 +347,8 @@ HTMLDIR=$(DOCDIR)/html +@@ -358,7 +358,8 @@ HTMLDIR=$(DOCDIR)/html # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. @@ -20,12 +20,12 @@ HTMLSUFFIX=html # For "optional" echo messages, to get "real" silence -@@ -1564,7 +1565,7 @@ EOF +@@ -1575,7 +1576,7 @@ EOF my $pod = $gen0; return <<"EOF"; $args{src}: $pod - pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\ + pod2man --name=$name --section=$section\$(MANSECTION) --center=OpenSSL \\ - --release=\$(VERSION) $pod >\$\@ + --date=\$(RELEASE_DATE) --release=\$(VERSION) \\ + $pod >\$\@ EOF - } elsif (platform->isdef($args{src})) { diff -Nru openssl-3.5.1/debian/patches/series openssl-3.5.4/debian/patches/series --- openssl-3.5.1/debian/patches/series 2025-09-26 19:17:51.000000000 +0000 +++ openssl-3.5.4/debian/patches/series 2025-11-01 11:22:59.000000000 +0000 @@ -5,7 +5,3 @@ c_rehash-compat.patch Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch conf-Serialize-allocation-free-of-ssl_names.patch -use_proxy-Add-missing-terminating-NUL-byte.patch -kek_unwrap_key-Fix-incorrect-check-of-unwrapped-key-size.patch -SM2-Use-constant-time-modular-inversion.patch -ecp_sm2p256.c-Remove-unused-code.patch diff -Nru openssl-3.5.1/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch openssl-3.5.4/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch --- openssl-3.5.1/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch 2025-09-26 19:17:51.000000000 +0000 +++ openssl-3.5.4/debian/patches/use_proxy-Add-missing-terminating-NUL-byte.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ -From: Tomas Mraz -Date: Thu, 11 Sep 2025 18:43:55 +0200 -Subject: use_proxy(): Add missing terminating NUL byte - -Fixes CVE-2025-9232 - -There is a missing terminating NUL byte after strncpy() call. -Issue and a proposed fix reported by Stanislav Fort (Aisle Research). ---- - crypto/http/http_lib.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c -index fcf8a69e07a8..022b8c194cbe 100644 ---- a/crypto/http/http_lib.c -+++ b/crypto/http/http_lib.c -@@ -263,6 +263,7 @@ static int use_proxy(const char *no_proxy, const char *server) - /* strip leading '[' and trailing ']' from escaped IPv6 address */ - sl -= 2; - strncpy(host, server + 1, sl); -+ host[sl] = '\0'; - server = host; - } - diff -Nru openssl-3.5.1/demos/bio/saccept.c openssl-3.5.4/demos/bio/saccept.c --- openssl-3.5.1/demos/bio/saccept.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/bio/saccept.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -53,7 +53,8 @@ { char *port = NULL; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; char buf[512]; int ret = EXIT_FAILURE, i; @@ -83,6 +84,7 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; /* Arrange to leave server loop on interrupt */ sigsetup(); @@ -121,5 +123,6 @@ if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff -Nru openssl-3.5.1/demos/bio/server-arg.c openssl-3.5.4/demos/bio/server-arg.c --- openssl-3.5.1/demos/bio/server-arg.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/bio/server-arg.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,8 @@ int main(int argc, char *argv[]) { char *port = "*:4433"; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; SSL_CONF_CTX *cctx; char buf[512]; @@ -105,6 +106,7 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; again: /* @@ -140,5 +142,6 @@ if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff -Nru openssl-3.5.1/demos/bio/server-cmod.c openssl-3.5.4/demos/bio/server-cmod.c --- openssl-3.5.1/demos/bio/server-cmod.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/bio/server-cmod.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,7 +24,8 @@ unsigned char buf[512]; char *port = "*:4433"; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; int ret = EXIT_FAILURE, i; @@ -52,6 +53,7 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; again: /* @@ -90,5 +92,6 @@ if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff -Nru openssl-3.5.1/demos/bio/server-conf.c openssl-3.5.4/demos/bio/server-conf.c --- openssl-3.5.1/demos/bio/server-conf.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/bio/server-conf.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,8 @@ { char *port = "*:4433"; BIO *in = NULL; - BIO *ssl_bio, *tmp; + BIO *ssl_bio = NULL; + BIO *tmp; SSL_CTX *ctx; SSL_CONF_CTX *cctx = NULL; CONF *conf = NULL; @@ -97,6 +98,7 @@ * Basically it means the SSL BIO will be automatically setup */ BIO_set_accept_bios(in, ssl_bio); + ssl_bio = NULL; again: /* @@ -135,5 +137,6 @@ if (ret != EXIT_SUCCESS) ERR_print_errors_fp(stderr); BIO_free(in); + BIO_free_all(ssl_bio); return ret; } diff -Nru openssl-3.5.1/demos/certs/mkcerts.sh openssl-3.5.4/demos/certs/mkcerts.sh --- openssl-3.5.1/demos/certs/mkcerts.sh 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/certs/mkcerts.sh 2025-09-30 12:37:40.000000000 +0000 @@ -1,7 +1,7 @@ #!/bin/sh opensslcmd() { - LD_LIBRARY_PATH=../.. ../../apps/openssl $@ + LD_LIBRARY_PATH=../.. ../../apps/openssl "$@" } OPENSSL_CONF=../../apps/openssl.cnf diff -Nru openssl-3.5.1/demos/certs/ocspquery.sh openssl-3.5.4/demos/certs/ocspquery.sh --- openssl-3.5.1/demos/certs/ocspquery.sh 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/certs/ocspquery.sh 2025-09-30 12:37:40.000000000 +0000 @@ -4,7 +4,7 @@ # called. opensslcmd() { - LD_LIBRARY_PATH=../.. ../../apps/openssl $@ + LD_LIBRARY_PATH=../.. ../../apps/openssl "$@" } OPENSSL_CONF=../../apps/openssl.cnf diff -Nru openssl-3.5.1/demos/certs/ocsprun.sh openssl-3.5.4/demos/certs/ocsprun.sh --- openssl-3.5.1/demos/certs/ocsprun.sh 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/certs/ocsprun.sh 2025-09-30 12:37:40.000000000 +0000 @@ -1,7 +1,7 @@ #!/bin/sh opensslcmd() { - LD_LIBRARY_PATH=../.. ../../apps/openssl $@ + LD_LIBRARY_PATH=../.. ../../apps/openssl "$@" } # Example of running an querying OpenSSL test OCSP responder. @@ -18,4 +18,4 @@ PORT=8888 opensslcmd ocsp -port $PORT -index index.txt -CA intca.pem \ - -rsigner resp.pem -rkey respkey.pem -rother intca.pem $* + -rsigner resp.pem -rkey respkey.pem -rother intca.pem "$@" diff -Nru openssl-3.5.1/demos/cms/cms_ddec.c openssl-3.5.4/demos/cms/cms_ddec.c --- openssl-3.5.1/demos/cms/cms_ddec.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/cms/cms_ddec.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -58,7 +58,7 @@ /* Open file containing detached content */ dcont = BIO_new_file("smencr.out", "rb"); - if (!in) + if (dcont == NULL) goto err; out = BIO_new_file("encrout.txt", "w"); diff -Nru openssl-3.5.1/demos/cms/cms_denc.c openssl-3.5.4/demos/cms/cms_denc.c --- openssl-3.5.1/demos/cms/cms_denc.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/cms/cms_denc.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,7 +57,7 @@ dout = BIO_new_file("smencr.out", "wb"); - if (!in) + if (in == NULL || dout == NULL) goto err; /* encrypt content */ diff -Nru openssl-3.5.1/demos/pkey/EVP_PKEY_RSA_keygen.c openssl-3.5.4/demos/pkey/EVP_PKEY_RSA_keygen.c --- openssl-3.5.1/demos/pkey/EVP_PKEY_RSA_keygen.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/demos/pkey/EVP_PKEY_RSA_keygen.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /*- - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -254,7 +254,7 @@ if (argc > 1) { bits_i = atoi(argv[1]); - if (bits < 512) { + if (bits_i < 512) { fprintf(stderr, "Invalid RSA key size\n"); return EXIT_FAILURE; } diff -Nru openssl-3.5.1/doc/internal/man3/ossl_namemap_new.pod openssl-3.5.4/doc/internal/man3/ossl_namemap_new.pod --- openssl-3.5.1/doc/internal/man3/ossl_namemap_new.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/internal/man3/ossl_namemap_new.pod 2025-09-30 12:37:40.000000000 +0000 @@ -4,7 +4,7 @@ ossl_namemap_new, ossl_namemap_free, ossl_namemap_stored, ossl_namemap_empty, ossl_namemap_add_name, ossl_namemap_add_names, -ossl_namemap_name2num, ossl_namemap_name2num_n, +ossl_namemap_name2num, ossl_namemap_name2num_n, ossl_namemap_num2name, ossl_namemap_doall_names - internal number E-E name map @@ -23,6 +23,8 @@ int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name); int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, const char *name, size_t name_len); + const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, + int idx); int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, void (*fn)(const char *name, void *data), void *data); @@ -64,6 +66,9 @@ ossl_namemap_name2num(), but takes a string length I as well, allowing the caller to use a fragment of a string as a name. +ossl_namemap_num2name() finds the Ith name associated with the +id I. + ossl_namemap_doall_names() walks through all names associated with I in the given I and calls the function I for each of them. @@ -88,9 +93,9 @@ ossl_namemap_add_name() returns the number associated with the added string, or zero on error. -ossl_namemap_num2names() returns a pointer to a NULL-terminated list of -pointers to the names corresponding to the given number, or NULL if -it's undefined in the given B. +ossl_namemap_num2name() returns a pointer to Ith name associated +with id I, or NULL if it's undefined in the given +B. ossl_namemap_name2num() and ossl_namemap_name2num_n() return the number corresponding to the given name, or 0 if it's undefined in the given @@ -116,7 +121,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man1/openssl-enc.pod.in openssl-3.5.4/doc/man1/openssl-enc.pod.in --- openssl-3.5.1/doc/man1/openssl-enc.pod.in 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man1/openssl-enc.pod.in 2025-09-30 12:37:40.000000000 +0000 @@ -193,9 +193,12 @@ Print out the key and IV used then immediately exit: don't do any encryption or decryption. -=item B<-bufsize> I +=item B<-bufsize> I[B] Set the buffer size for I/O. +The maximum size that can be specified is B<2^31-1> (2147483647) bytes. +The B suffix can be specified to indicate that I is provided +in kibibytes (multiples of 1024 bytes). =item B<-nopad> @@ -279,7 +282,7 @@ implications if not used correctly. A beginner is advised to just use a strong block cipher, such as AES, in CBC mode. -All the block ciphers normally use PKCS#5 padding, also known as standard +All the block ciphers normally use PKCS#7 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. diff -Nru openssl-3.5.1/doc/man1/openssl-fipsinstall.pod.in openssl-3.5.4/doc/man1/openssl-fipsinstall.pod.in --- openssl-3.5.1/doc/man1/openssl-fipsinstall.pod.in 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man1/openssl-fipsinstall.pod.in 2025-09-30 12:37:40.000000000 +0000 @@ -237,9 +237,7 @@ =item B<-hkdf_digest_check> -Configure the module to enable a run-time digest check when deriving a key by -HKDF. -See NIST SP 800-56Cr2 for details. +This option is deprecated. =item B<-tls13_kdf_digest_check> @@ -261,9 +259,7 @@ =item B<-sskdf_digest_check> -Configure the module to enable a run-time digest check when deriving a key by -SSKDF. -See NIST SP 800-56Cr2 for details. +This option is deprecated. =item B<-x963kdf_digest_check> @@ -493,7 +489,7 @@ =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/BN_generate_prime.pod openssl-3.5.4/doc/man3/BN_generate_prime.pod --- openssl-3.5.1/doc/man3/BN_generate_prime.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/BN_generate_prime.pod 2025-09-30 12:37:40.000000000 +0000 @@ -130,7 +130,7 @@ If B

passes all these tests, it is considered a probable prime. The test performed on B

are trial division by a number of small primes -and rounds of the of the Miller-Rabin probabilistic primality test. +and rounds of the Miller-Rabin probabilistic primality test. The functions do at least 64 rounds of the Miller-Rabin test giving a maximum false positive rate of 2^-128. @@ -148,7 +148,7 @@ BN_is_prime_fasttest() and BN_is_prime() behave just like BN_is_prime_fasttest_ex() and BN_is_prime_ex() respectively, but with the old -style call back. +style callback. B is a preallocated B (to save the overhead of allocating and freeing the structure in a loop), or B. @@ -246,7 +246,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/DEFINE_STACK_OF.pod openssl-3.5.4/doc/man3/DEFINE_STACK_OF.pod --- openssl-3.5.1/doc/man3/DEFINE_STACK_OF.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/DEFINE_STACK_OF.pod 2025-09-30 12:37:40.000000000 +0000 @@ -170,15 +170,14 @@ element. The new element value is returned or NULL if an error occurred: this will only happen if I is NULL or I is out of range. -B_find>() searches I for the element I. In the case -where no comparison function has been specified, the function performs -a linear search for a pointer equal to I. The index of the first -matching element is returned or B<-1> if there is no match. In the case -where a comparison function has been specified, I is sorted and -B_find>() returns the index of a matching element or B<-1> if there -is no match. Note that, in this case the comparison function will usually -compare the values pointed to rather than the pointers themselves and -the order of elements in I can change. +B_find>() searches I for the element I. In the +case where no comparison function has been specified, the function +performs a linear search for a pointer equal to I. In the case +where a comparison function has been specified, the function performs +a search for a element that the comparison function indicates is a +match. If the stack is sorted, a binary search is used, otherwise, a +linear search is used. B_find>() returns the index of a +matching element or B<-1> if there is no match. B_find_ex>() operates like B_find>() except when a comparison function has been specified and no matching element is found. @@ -301,7 +300,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/EVP_EncryptInit.pod openssl-3.5.4/doc/man3/EVP_EncryptInit.pod --- openssl-3.5.1/doc/man3/EVP_EncryptInit.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/EVP_EncryptInit.pod 2025-09-30 12:37:40.000000000 +0000 @@ -850,7 +850,7 @@ =item "tag" (B) Gets or sets the AEAD tag for the associated cipher context I. -See L. +See L. =item "pipeline-tag" (B) diff -Nru openssl-3.5.1/doc/man3/EVP_PKEY_new.pod openssl-3.5.4/doc/man3/EVP_PKEY_new.pod --- openssl-3.5.1/doc/man3/EVP_PKEY_new.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/EVP_PKEY_new.pod 2025-09-30 12:37:40.000000000 +0000 @@ -219,7 +219,19 @@ The structure returned by EVP_PKEY_new() is empty. To add a private or public key to this empty structure use the appropriate functions described in L, L, L or -L. +L for legacy key types implemented in internal +OpenSSL providers. + +For fully provider-managed key types (see L), +possibly implemented in external providers, use functions such as +L or L +to populate key data. + +Generally caution is advised for using an B structure across +different library contexts: In order for an B to be shared by +multiple library contexts the providers associated with the library contexts +must have key managers that support the key type and implement the +OSSL_FUNC_keymgmt_import() and OSSL_FUNC_keymgmt_export() functions. =head1 RETURN VALUES diff -Nru openssl-3.5.1/doc/man3/EVP_aes_128_gcm.pod openssl-3.5.4/doc/man3/EVP_aes_128_gcm.pod --- openssl-3.5.1/doc/man3/EVP_aes_128_gcm.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/EVP_aes_128_gcm.pod 2025-09-30 12:37:40.000000000 +0000 @@ -127,7 +127,7 @@ AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode (GCM) and OCB Mode respectively. These ciphers require additional control -operations to function correctly, see the L +operations to function correctly, see the L section for details. =item EVP_aes_128_wrap(), @@ -184,7 +184,7 @@ =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/EVP_aria_128_gcm.pod openssl-3.5.4/doc/man3/EVP_aria_128_gcm.pod --- openssl-3.5.1/doc/man3/EVP_aria_128_gcm.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/EVP_aria_128_gcm.pod 2025-09-30 12:37:40.000000000 +0000 @@ -88,7 +88,7 @@ ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter Mode (GCM). These ciphers require additional control operations to function -correctly, see the L section for details. +correctly, see the L section for details. =back @@ -113,7 +113,7 @@ =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/EVP_chacha20.pod openssl-3.5.4/doc/man3/EVP_chacha20.pod --- openssl-3.5.1/doc/man3/EVP_chacha20.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/EVP_chacha20.pod 2025-09-30 12:37:40.000000000 +0000 @@ -36,7 +36,7 @@ Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key is 256 bits and the IV is 96 bits. This supports additional authenticated data (AAD) and produces a 128-bit authentication tag. See the -L section for more information. +L section for more information. =back @@ -64,7 +64,7 @@ =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/OPENSSL_secure_malloc.pod openssl-3.5.4/doc/man3/OPENSSL_secure_malloc.pod --- openssl-3.5.1/doc/man3/OPENSSL_secure_malloc.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/OPENSSL_secure_malloc.pod 2025-09-30 12:37:40.000000000 +0000 @@ -45,7 +45,12 @@ information might be stored, OpenSSL supports the concept of a "secure heap." The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your -threat model and concerns. +threat model and concerns. It should be noted that the secure heap +uses a single read/write lock, and therefore any operations +that involve allocation or freeing of secure heap memory are serialised, +blocking other threads. With that in mind, highly concurrent applications +should enable the secure heap with caution and be aware of the performance +implications for multi-threaded code. If a secure heap is used, then private key B values are stored there. This protects long-term storage of private keys, but will not necessarily @@ -135,7 +140,7 @@ =head1 COPYRIGHT -Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/OSSL_CALLBACK.pod openssl-3.5.4/doc/man3/OSSL_CALLBACK.pod --- openssl-3.5.1/doc/man3/OSSL_CALLBACK.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/OSSL_CALLBACK.pod 2025-09-30 12:37:40.000000000 +0000 @@ -47,15 +47,10 @@ =back -=begin comment RETURN VALUES doesn't make sense for a manual that only -describes a type, but document checkers still want that section, and -to have more than just the section title. - =head1 RETURN VALUES -txt - -=end comment +Functions of type B and B +must return 1 on success and 0 on failure. =head1 SEE ALSO @@ -67,7 +62,7 @@ =head1 COPYRIGHT -Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/OpenSSL_version.pod openssl-3.5.4/doc/man3/OpenSSL_version.pod --- openssl-3.5.1/doc/man3/OpenSSL_version.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/OpenSSL_version.pod 2025-09-30 12:37:40.000000000 +0000 @@ -256,9 +256,16 @@ The macros and functions described here were added in OpenSSL 3.0, except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num(). +=head1 BUGS + +There was a discrepancy between this manual and commentary + code +in F<< >>, where the latter suggested that the +four least significant bits of B could be +C<0x0f> in released OpenSSL versions. + =head1 COPYRIGHT -Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/PEM_read_CMS.pod openssl-3.5.4/doc/man3/PEM_read_CMS.pod --- openssl-3.5.1/doc/man3/PEM_read_CMS.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/PEM_read_CMS.pod 2025-09-30 12:37:40.000000000 +0000 @@ -84,9 +84,9 @@ =head1 DESCRIPTION -All of the functions described on this page are deprecated. -Applications should use OSSL_ENCODER_to_bio() and OSSL_DECODER_from_bio() -instead. +To replace the deprecated functions listed above, applications should use the +B type and OSSL_DECODER_from_bio() and OSSL_ENCODER_to_bio() to +read and write PEM data containing key parameters or private and public keys. In the description below, B> is used as a placeholder for any of the OpenSSL datatypes, such as B. @@ -142,7 +142,7 @@ =head1 COPYRIGHT -Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/RAND_load_file.pod openssl-3.5.4/doc/man3/RAND_load_file.pod --- openssl-3.5.1/doc/man3/RAND_load_file.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/RAND_load_file.pod 2025-09-30 12:37:40.000000000 +0000 @@ -19,7 +19,11 @@ RAND_load_file() reads a number of bytes from file B and adds them to the PRNG. If B is nonnegative, up to B are read; -if B is -1, the complete file is read. +if B is -1, the complete file is read (unless the file +is not a regular file, in that case a fixed number of bytes, +256 in the current implementation, is attempted to be read). +RAND_load_file() can read less than the complete file or the requested number +of bytes if it doesn't fit in the return value type. Do not load the same file multiple times unless its contents have been updated by RAND_write_file() between reads. Also, note that B should be adequately protected so that an @@ -77,7 +81,7 @@ =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/SSL_CIPHER_get_name.pod openssl-3.5.4/doc/man3/SSL_CIPHER_get_name.pod --- openssl-3.5.1/doc/man3/SSL_CIPHER_get_name.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/SSL_CIPHER_get_name.pod 2025-09-30 12:37:40.000000000 +0000 @@ -37,7 +37,7 @@ int SSL_CIPHER_is_aead(const SSL_CIPHER *c); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); - uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); + uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); =head1 DESCRIPTION @@ -203,7 +203,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/SSL_CTX_set_domain_flags.pod openssl-3.5.4/doc/man3/SSL_CTX_set_domain_flags.pod --- openssl-3.5.1/doc/man3/SSL_CTX_set_domain_flags.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/SSL_CTX_set_domain_flags.pod 2025-09-30 12:37:40.000000000 +0000 @@ -106,7 +106,7 @@ =head1 HISTORY -These functions were added in @QUIC_SERVER_VERSION@. +These functions were added in OpenSSL 3.5. =head1 COPYRIGHT diff -Nru openssl-3.5.1/doc/man3/SSL_CTX_set_tmp_dh_callback.pod openssl-3.5.4/doc/man3/SSL_CTX_set_tmp_dh_callback.pod --- openssl-3.5.1/doc/man3/SSL_CTX_set_tmp_dh_callback.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/SSL_CTX_set_tmp_dh_callback.pod 2025-09-30 12:37:40.000000000 +0000 @@ -58,9 +58,11 @@ Typically applications should use well known DH parameters that have built-in support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto() configure OpenSSL to use the default built-in DH parameters for the B -and B objects respectively. Passing a value of 1 in the I parameter -switches the feature on, and passing a value of 0 switches it off. The default -setting is off. +and B objects respectively. Passing a value of 2 or 1 in the I +parameter switches it on. If the I parameter is set to 2, it will force +the DH key size to 1024 if the B or B security level +L is 0 or 1. Passing a value of 0 switches +it off. The default setting is off. If "auto" DH parameters are switched on then the parameters will be selected to be consistent with the size of the key associated with the server's certificate. @@ -112,7 +114,7 @@ =head1 COPYRIGHT -Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man3/SSL_SESSION_get0_hostname.pod openssl-3.5.4/doc/man3/SSL_SESSION_get0_hostname.pod --- openssl-3.5.1/doc/man3/SSL_SESSION_get0_hostname.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/SSL_SESSION_get0_hostname.pod 2025-09-30 12:37:40.000000000 +0000 @@ -23,9 +23,10 @@ =head1 DESCRIPTION -SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the -client when the session was created if it was accepted by the server. Otherwise -NULL is returned. +SSL_SESSION_get0_hostname() retrieves the Server Name Indication (SNI) value +that was sent by the client when the session was created if the server +acknowledged the client's SNI extension by including an empty SNI extension +in response. Otherwise NULL is returned. The value returned is a pointer to memory maintained within B and should not be free'd. @@ -44,8 +45,7 @@ =head1 RETURN VALUES -SSL_SESSION_get0_hostname() returns either a string or NULL based on if there -is the SNI value sent by client. +SSL_SESSION_get0_hostname() returns the SNI string if available, or NULL if not. SSL_SESSION_set1_hostname() returns 1 on success or 0 on error. diff -Nru openssl-3.5.1/doc/man3/SSL_poll.pod openssl-3.5.4/doc/man3/SSL_poll.pod --- openssl-3.5.1/doc/man3/SSL_poll.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/SSL_poll.pod 2025-09-30 12:37:40.000000000 +0000 @@ -5,12 +5,14 @@ SSL_poll, SSL_POLL_EVENT_NONE, SSL_POLL_EVENT_F, +SSL_POLL_EVENT_EL, SSL_POLL_EVENT_EC, SSL_POLL_EVENT_ECD, SSL_POLL_EVENT_ER, SSL_POLL_EVENT_EW, SSL_POLL_EVENT_R, SSL_POLL_EVENT_W, +SSL_POLL_EVENT_IC, SSL_POLL_EVENT_ISB, SSL_POLL_EVENT_ISU, SSL_POLL_EVENT_OSB, @@ -35,27 +37,29 @@ #define SSL_POLL_EVENT_NONE 0 #define SSL_POLL_EVENT_F /* F (Failure) */ + #define SSL_POLL_EVENT_EL /* EL (Exception on Listener) */ #define SSL_POLL_EVENT_EC /* EC (Exception on Conn) */ #define SSL_POLL_EVENT_ECD /* ECD (Exception on Conn Drained) */ #define SSL_POLL_EVENT_ER /* ER (Exception on Read) */ #define SSL_POLL_EVENT_EW /* EW (Exception on Write) */ #define SSL_POLL_EVENT_R /* R (Readable) */ #define SSL_POLL_EVENT_W /* W (Writable) */ + #define SSL_POLL_EVENT_IC /* IC (Incoming Connection) */ #define SSL_POLL_EVENT_ISB /* ISB (Incoming Stream: Bidi) */ #define SSL_POLL_EVENT_ISU /* ISU (Incoming Stream: Uni) */ #define SSL_POLL_EVENT_OSB /* OSB (Outgoing Stream: Bidi) */ #define SSL_POLL_EVENT_OSU /* OSU (Outgoing Stream: Uni) */ - #define SSL_POLL_EVENT_RW /* R | W */ - #define SSL_POLL_EVENT_RE /* R | ER */ - #define SSL_POLL_EVENT_WE /* W | EW */ - #define SSL_POLL_EVENT_RWE /* RE | WE */ - #define SSL_POLL_EVENT_E /* EC | ER | EW */ - #define SSL_POLL_EVENT_IS /* ISB | ISU */ - #define SSL_POLL_EVENT_ISE /* IS | EC */ - #define SSL_POLL_EVENT_I /* IS */ - #define SSL_POLL_EVENT_OS /* OSB | OSU */ - #define SSL_POLL_EVENT_OSE /* OS | EC */ + #define SSL_POLL_EVENT_RW /* R | W */ + #define SSL_POLL_EVENT_RE /* R | ER */ + #define SSL_POLL_EVENT_WE /* W | EW */ + #define SSL_POLL_EVENT_RWE /* RE | WE */ + #define SSL_POLL_EVENT_E /* EL | EC | ER | EW */ + #define SSL_POLL_EVENT_IS /* ISB | ISU */ + #define SSL_POLL_EVENT_ISE /* IS | EC */ + #define SSL_POLL_EVENT_I /* IS */ + #define SSL_POLL_EVENT_OS /* OSB | OSU */ + #define SSL_POLL_EVENT_OSE /* OS | EC */ typedef struct ssl_poll_item_st { BIO_POLL_DESCRIPTOR desc; diff -Nru openssl-3.5.1/doc/man3/d2i_X509.pod openssl-3.5.4/doc/man3/d2i_X509.pod --- openssl-3.5.1/doc/man3/d2i_X509.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man3/d2i_X509.pod 2025-09-30 12:37:40.000000000 +0000 @@ -588,8 +588,9 @@ B>() returns the number of bytes successfully encoded or a negative value if an error occurs. -B_bio>() and B_fp>() return 1 for success and 0 if an -error occurs. +B_bio>() and B_fp>(), +as well as i2d_ASN1_bio_stream(), +return 1 for success and 0 if an error occurs. =head1 EXAMPLES diff -Nru openssl-3.5.1/doc/man5/fips_config.pod openssl-3.5.4/doc/man5/fips_config.pod --- openssl-3.5.1/doc/man5/fips_config.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man5/fips_config.pod 2025-09-30 12:37:40.000000000 +0000 @@ -62,17 +62,11 @@ =item B -An indicator that the self-tests were successfully run. -This should only be written after the module has -successfully passed its self tests during installation. -If this field is not present, then the self tests will run when the module -loads. +This field is deprecated and is no longer used. =item B -A MAC of the value of the B option, to prevent accidental -changes to that value. -It is written-to at the same time as B is updated. +This field is deprecated and is no longer used. =back @@ -112,7 +106,7 @@ =item B -See L B<-hkdf_digest_check> +This option is deprecated. =item B @@ -128,7 +122,7 @@ =item B -See L B<-sskdf_digest_check> +This option is deprecated. =item B @@ -233,7 +227,7 @@ =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man7/EVP_ASYM_CIPHER-RSA.pod openssl-3.5.4/doc/man7/EVP_ASYM_CIPHER-RSA.pod --- openssl-3.5.1/doc/man7/EVP_ASYM_CIPHER-RSA.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man7/EVP_ASYM_CIPHER-RSA.pod 2025-09-30 12:37:40.000000000 +0000 @@ -27,7 +27,8 @@ This padding mode is no longer supported by the FIPS provider for key agreement and key transport. -(This is a FIPS 140-3 requirement) +(This is a FIPS 140-3 requirement). +See L B<-rsa_pkcs15_pad_disabled>. =item "x931" (B) @@ -109,7 +110,7 @@ =head1 COPYRIGHT -Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man7/EVP_PKEY-DSA.pod openssl-3.5.4/doc/man7/EVP_PKEY-DSA.pod --- openssl-3.5.1/doc/man7/EVP_PKEY-DSA.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man7/EVP_PKEY-DSA.pod 2025-09-30 12:37:40.000000000 +0000 @@ -119,7 +119,7 @@ =head1 SEE ALSO L, -L +L, L, L, L, @@ -133,7 +133,7 @@ =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man7/EVP_PKEY-FFC.pod openssl-3.5.4/doc/man7/EVP_PKEY-FFC.pod --- openssl-3.5.1/doc/man7/EVP_PKEY-FFC.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man7/EVP_PKEY-FFC.pod 2025-09-30 12:37:40.000000000 +0000 @@ -213,7 +213,7 @@ L, L, L, -L +L, L, L, L, @@ -222,7 +222,7 @@ =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/doc/man7/EVP_SIGNATURE-ML-DSA.pod openssl-3.5.4/doc/man7/EVP_SIGNATURE-ML-DSA.pod --- openssl-3.5.1/doc/man7/EVP_SIGNATURE-ML-DSA.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man7/EVP_SIGNATURE-ML-DSA.pod 2025-09-30 12:37:40.000000000 +0000 @@ -113,7 +113,7 @@ EVP_PKEY_sign(sctx, sig, &sig_len, msg, msg_len); ... OPENSSL_free(sig); - EVP_SIGNATURE(sig_alg); + EVP_SIGNATURE_free(sig_alg); EVP_PKEY_CTX_free(sctx); } diff -Nru openssl-3.5.1/doc/man7/EVP_SIGNATURE-SLH-DSA.pod openssl-3.5.4/doc/man7/EVP_SIGNATURE-SLH-DSA.pod --- openssl-3.5.1/doc/man7/EVP_SIGNATURE-SLH-DSA.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man7/EVP_SIGNATURE-SLH-DSA.pod 2025-09-30 12:37:40.000000000 +0000 @@ -109,7 +109,7 @@ EVP_PKEY_sign(sctx, sig, &sig_len, msg, msg_len); ... OPENSSL_free(sig); - EVP_SIGNATURE(sig_alg); + EVP_SIGNATURE_free(sig_alg); EVP_PKEY_CTX_free(sctx); } diff -Nru openssl-3.5.1/doc/man7/OSSL_PROVIDER-FIPS.pod openssl-3.5.4/doc/man7/OSSL_PROVIDER-FIPS.pod --- openssl-3.5.1/doc/man7/OSSL_PROVIDER-FIPS.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man7/OSSL_PROVIDER-FIPS.pod 2025-09-30 12:37:40.000000000 +0000 @@ -14,7 +14,7 @@ =head2 Properties The implementations in this provider specifically have these properties -defined: +defined for approved algorithms: =over 4 @@ -41,20 +41,17 @@ that the OpenSSL FIPS provider is used for cryptographic operations rather than other FIPS capable providers. -=head2 Provider parameters - -See L for a list of base parameters. -Additionally the OpenSSL FIPS provider also supports the following gettable -parameters: - -=over 4 +=head2 Approved algorithms -=item "security-checks" (B) +Algorithms that are fetched using "fips=yes" may still be unapproved if certain +conditions are not met. See L for additional +information. -For further information refer to the L option -B<-no_security_checks>. +=head2 Provider parameters -=back +See L for a list of base parameters. +The OpenSSL FIPS provider also handles FIPS indicator related parameters as +specified by L. =head1 OPERATIONS AND ALGORITHMS @@ -84,8 +81,6 @@ =item 3DES, see L -This is an unapproved algorithm. - =back =head2 Message Authentication Code (MAC) @@ -212,21 +207,21 @@ =item EC, see L -=item X25519, see L - -This is an unapproved algorithm. - -=item X448, see L +=item ED25519, see L -This is an unapproved algorithm. +=item ED448, see L -=item ED25519, see L +=item X25519, see L This is an unapproved algorithm. +The FIPS 140-3 IG states that "Curves that are included in SP 800-186 but not +included in SP 800-56Arev3 are not approved for key agreement". -=item ED448, see L +=item X448, see L This is an unapproved algorithm. +The FIPS 140-3 IG states that "Curves that are included in SP 800-186 but not" +included in SP 800-56Arev3 are not approved for key agreement". =item TLS1-PRF @@ -288,8 +283,11 @@ =head1 SELF TESTING -One of the requirements for the FIPS module is self testing. An optional callback -mechanism is available to return information to the user using +A requirement of FIPS modules is to run cryptographic algorithm self tests. +FIPS 140-3 requires known answer tests to be run on startup as well as +conditional tests that run during cryptographic operations. + +An optional callback mechanism is available to return information to the user using L. The parameters passed to the callback are described in L @@ -311,12 +309,10 @@ modified. The integrity value is compared to a value written to a configuration file during installation. -=item "Install_Integrity" (B) +=item "KAT_Integrity" (B) -Uses HMAC SHA256 on a fixed string to validate that the installation process -has already been performed and the self test KATS have already been tested, -The integrity value is compared to a value written to a configuration -file after successfully running the self tests during installation. +Used during the Module Integrity test to perform a known answer test on +HMAC SHA256 prior to using it. =item "KAT_Cipher" (B) @@ -360,24 +356,28 @@ =item "Conditional_PCT" (B) -Conditional test that is run during the generation or importing of key pairs. +Conditional test that is run during the generation of key pairs. + +=item "Import_PCT" (B) + +Conditional test that is run during the import of key pairs. + +=item "Conditional_KAT" (B) + +Conditional test run during generation that derive the public key from the +private key and checks that the public key matches. This is a SP 800-56A requirement. =item "Continuous_RNG_Test" (B) Continuous random number generator test. -=back - -The "Module_Integrity" self test is always run at startup. -The "Install_Integrity" self test is used to check if the self tests have -already been run at installation time. If they have already run then the -self tests are not run on subsequent startups. -All other self test categories are run once at installation time, except for the -"Pairwise_Consistency_Test". +=item "Install_Integrity" (B) -There is only one instance of the "Module_Integrity" and "Install_Integrity" -self tests. All other self tests may have multiple instances. +This is deprecated. The option is no longer used since FIPS 140-3 requires +self tests to always run on startup. Previous FIPS 140-2 validations allowed +the self tests to be run just once. +=back The FIPS module passes the following descriptions(s) to OSSL_SELF_TEST_onbegin(). @@ -385,7 +385,7 @@ =item "HMAC" (B) -"Module_Integrity" and "Install_Integrity" use this. +"Module_Integrity" uses this. =item "RSA" (B) @@ -559,20 +559,6 @@ release within the same major release series. This flexibility enables you to address bug fixes and CVEs that fall outside the FIPS boundary. -The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms, -consequently the property query C is mandatory for applications that -want to operate in a FIPS approved manner. The algorithms are: - -=over 4 - -=item Triple DES ECB - -=item Triple DES CBC - -=item EdDSA - -=back - You can load the FIPS provider into multiple library contexts as any other provider. However the following restriction applies. The FIPS provider cannot be used by multiple copies of OpenSSL libcrypto in a single process. diff -Nru openssl-3.5.1/doc/man7/provider-base.pod openssl-3.5.4/doc/man7/provider-base.pod --- openssl-3.5.1/doc/man7/provider-base.pod 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/doc/man7/provider-base.pod 2025-09-30 12:37:40.000000000 +0000 @@ -154,6 +154,10 @@ core_new_error OSSL_FUNC_CORE_NEW_ERROR core_set_error_debug OSSL_FUNC_CORE_SET_ERROR_DEBUG core_vset_error OSSL_FUNC_CORE_VSET_ERROR + core_set_error_mark OSSL_FUNC_CORE_SET_ERROR_MARK + core_clear_last_error_mark OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK + core_pop_error_to_mark OSSL_FUNC_CORE_POP_ERROR_TO_MARK + core_count_to_mark OSSL_FUNC_CORE_COUNT_TO_MARK core_obj_add_sigid OSSL_FUNC_CORE_OBJ_ADD_SIGID core_obj_create OSSL_FUNC_CORE_OBJ_CREATE CRYPTO_malloc OSSL_FUNC_CRYPTO_MALLOC @@ -270,6 +274,33 @@ This corresponds to the OpenSSL function L. +=item core_set_error_mark() + +sets a mark on the current topmost error record if there is one. + +This corresponds to the OpenSSL function L. + +=item core_clear_last_error_mark() + +removes the last mark added if there is one. + +This corresponds to the OpenSSL function L. + +=item core_pop_error_to_mark() + +pops the top of the error stack until a mark is found. The mark is then removed. +If there is no mark, the whole stack is removed. + +This corresponds to the OpenSSL function L. + +=item core_count_to_mark() + +returns the number of entries on the error stack above the most recently +marked entry, not including that entry. If there is no mark in the error stack, +the number of entries in the error stack is returned. + +This corresponds to the OpenSSL function L. + =back The core_obj_create() function registers a new OID and associated short name diff -Nru openssl-3.5.1/fuzz/dtlsserver.c openssl-3.5.4/fuzz/dtlsserver.c --- openssl-3.5.1/fuzz/dtlsserver.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/fuzz/dtlsserver.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -590,10 +590,7 @@ SSL *server; BIO *in; BIO *out; -#if !defined(OPENSSL_NO_EC) \ - || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) BIO *bio_buf; -#endif SSL_CTX *ctx; int ret; #ifndef OPENSSL_NO_DEPRECATED_3_0 diff -Nru openssl-3.5.1/include/crypto/dh.h openssl-3.5.4/include/crypto/dh.h --- openssl-3.5.1/include/crypto/dh.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/crypto/dh.h 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,7 +42,7 @@ int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret); int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret); -int ossl_dh_check_pairwise(const DH *dh); +int ossl_dh_check_pairwise(const DH *dh, int return_on_null_numbers); const DH_METHOD *ossl_dh_get_method(const DH *dh); diff -Nru openssl-3.5.1/include/crypto/rsa.h openssl-3.5.4/include/crypto/rsa.h --- openssl-3.5.1/include/crypto/rsa.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/crypto/rsa.h 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.1/include/crypto/slh_dsa.h openssl-3.5.4/include/crypto/slh_dsa.h --- openssl-3.5.1/include/crypto/slh_dsa.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/crypto/slh_dsa.h 2025-09-30 12:37:40.000000000 +0000 @@ -23,9 +23,11 @@ typedef struct slh_dsa_hash_ctx_st SLH_DSA_HASH_CTX; typedef struct slh_dsa_key_st SLH_DSA_KEY; +__owur OSSL_LIB_CTX *ossl_slh_dsa_key_get0_libctx(const SLH_DSA_KEY *key); __owur SLH_DSA_KEY *ossl_slh_dsa_key_new(OSSL_LIB_CTX *libctx, const char *propq, const char *alg); void ossl_slh_dsa_key_free(SLH_DSA_KEY *key); +void ossl_slh_dsa_key_reset(SLH_DSA_KEY *key); __owur SLH_DSA_KEY *ossl_slh_dsa_key_dup(const SLH_DSA_KEY *src, int selection); __owur int ossl_slh_dsa_key_equal(const SLH_DSA_KEY *key1, const SLH_DSA_KEY *key2, int selection); diff -Nru openssl-3.5.1/include/internal/quic_ackm.h openssl-3.5.4/include/internal/quic_ackm.h --- openssl-3.5.1/include/internal/quic_ackm.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/internal/quic_ackm.h 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ void *now_arg, OSSL_STATM *statm, const OSSL_CC_METHOD *cc_method, - OSSL_CC_DATA *cc_data); + OSSL_CC_DATA *cc_data, int is_server); void ossl_ackm_free(OSSL_ACKM *ackm); void ossl_ackm_set_loss_detection_deadline_callback(OSSL_ACKM *ackm, diff -Nru openssl-3.5.1/include/internal/quic_record_rx.h openssl-3.5.4/include/internal/quic_record_rx.h --- openssl-3.5.1/include/internal/quic_record_rx.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/internal/quic_record_rx.h 2025-09-30 12:37:40.000000000 +0000 @@ -168,6 +168,17 @@ size_t secret_len); /* + * Utility function to update the pn space from a src to a dst qrx. + * Occasionally we use a temporary qrx to do packet validation on quic frames + * that are not yet associated with a channel, and in the event a validation is + * successful AND we allocate a new qrx for the newly created channel, we need + * to migrate the largest_pn values recorded in the tmp qrx to the channel qrx. + * If we don't then PN decoding fails in cases where the initial PN is a large value. + * This function does that migration for us + */ +void ossl_qrx_update_pn_space(OSSL_QRX *src, OSSL_QRX *dst); + +/* * Informs the QRX that it can now discard key material for a given EL. The QRX * will no longer be able to process incoming packets received at that * encryption level. This function is idempotent and succeeds if the EL has diff -Nru openssl-3.5.1/include/openssl/core_dispatch.h openssl-3.5.4/include/openssl/core_dispatch.h --- openssl-3.5.1/include/openssl/core_dispatch.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/openssl/core_dispatch.h 2025-09-30 12:37:40.000000000 +0000 @@ -253,6 +253,10 @@ OSSL_CORE_MAKE_FUNC(int, provider_free, (const OSSL_CORE_HANDLE *prov, int deactivate)) +/* Additional error functions provided by the core */ +# define OSSL_FUNC_CORE_COUNT_TO_MARK 120 +OSSL_CORE_MAKE_FUNC(int, core_count_to_mark, (const OSSL_CORE_HANDLE *prov)) + /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ # define OSSL_FUNC_PROVIDER_TEARDOWN 1024 OSSL_CORE_MAKE_FUNC(void, provider_teardown, (void *provctx)) diff -Nru openssl-3.5.1/include/openssl/crypto.h.in openssl-3.5.4/include/openssl/crypto.h.in --- openssl-3.5.1/include/openssl/crypto.h.in 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/openssl/crypto.h.in 2025-09-30 12:37:40.000000000 +0000 @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -335,9 +335,9 @@ OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align, void **freeptr, const char *file, int line); -OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); -OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line); -OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); void CRYPTO_free(void *ptr, const char *file, int line); void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); diff -Nru openssl-3.5.1/include/openssl/opensslv.h.in openssl-3.5.4/include/openssl/opensslv.h.in --- openssl-3.5.1/include/openssl/opensslv.h.in 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/openssl/opensslv.h.in 2025-09-30 12:37:40.000000000 +0000 @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,17 +89,12 @@ # define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}" -/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ -# ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0L -# else -# define _OPENSSL_VERSION_PRE_RELEASE 0xfL -# endif +/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PP0L */ # define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) \ |(OPENSSL_VERSION_MINOR<<20) \ |(OPENSSL_VERSION_PATCH<<4) \ - |_OPENSSL_VERSION_PRE_RELEASE ) + |0x0L ) # ifdef __cplusplus } diff -Nru openssl-3.5.1/include/openssl/pem.h openssl-3.5.4/include/openssl/pem.h --- openssl-3.5.1/include/openssl/pem.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/openssl/pem.h 2025-09-30 12:37:40.000000000 +0000 @@ -57,6 +57,7 @@ # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" +# define PEM_STRING_SM2PRIVATEKEY "SM2 PRIVATE KEY" # define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" # define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE" diff -Nru openssl-3.5.1/include/openssl/proverr.h openssl-3.5.4/include/openssl/proverr.h --- openssl-3.5.1/include/openssl/proverr.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/openssl/proverr.h 2025-09-30 12:37:40.000000000 +0000 @@ -49,6 +49,7 @@ # define PROV_R_FINAL_CALL_OUT_OF_ORDER 237 # define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227 # define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224 +# define PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR 253 # define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225 # define PROV_R_GENERATE_ERROR 191 # define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165 diff -Nru openssl-3.5.1/include/openssl/self_test.h openssl-3.5.4/include/openssl/self_test.h --- openssl-3.5.1/include/openssl/self_test.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/include/openssl/self_test.h 2025-09-30 12:37:40.000000000 +0000 @@ -31,6 +31,7 @@ # define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test" # define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT" # define OSSL_SELF_TEST_TYPE_PCT_KAT "Conditional_KAT" +# define OSSL_SELF_TEST_TYPE_PCT_IMPORT "Import_PCT" # define OSSL_SELF_TEST_TYPE_KAT_INTEGRITY "KAT_Integrity" # define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" # define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher" @@ -50,6 +51,7 @@ # define OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1 "RSA" # define OSSL_SELF_TEST_DESC_PCT_ECDSA "ECDSA" # define OSSL_SELF_TEST_DESC_PCT_EDDSA "EDDSA" +# define OSSL_SELF_TEST_DESC_PCT_DH "DH" # define OSSL_SELF_TEST_DESC_PCT_DSA "DSA" # define OSSL_SELF_TEST_DESC_PCT_ML_DSA "ML-DSA" # define OSSL_SELF_TEST_DESC_PCT_ML_KEM "ML-KEM" diff -Nru openssl-3.5.1/providers/common/provider_err.c openssl-3.5.4/providers/common/provider_err.c --- openssl-3.5.1/providers/common/provider_err.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/common/provider_err.c 2025-09-30 12:37:40.000000000 +0000 @@ -63,6 +63,8 @@ "fips module conditional error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE), "fips module entering error state"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR), + "fips module import pct error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_IN_ERROR_STATE), "fips module in error state"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_GENERATE_ERROR), "generate error"}, diff -Nru openssl-3.5.1/providers/common/securitycheck_fips.c openssl-3.5.4/providers/common/securitycheck_fips.c --- openssl-3.5.1/providers/common/securitycheck_fips.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/common/securitycheck_fips.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,18 +98,33 @@ int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, int nid, int sha1_allowed, + int sha512_trunc_allowed, const char *desc, OSSL_FIPS_IND_CHECK_CB *config_check_f) { int approved; + const char *op = "none"; - if (nid == NID_undef) + switch (nid) { + case NID_undef: approved = 0; - else - approved = sha1_allowed || nid != NID_sha1; + break; + case NID_sha512_224: + case NID_sha512_256: + approved = sha512_trunc_allowed; + op = "Digest Truncated SHA512"; + break; + case NID_sha1: + approved = sha1_allowed; + op = "Digest SHA1"; + break; + default: + approved = 1; + break; + } if (!approved) { - if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, "Digest SHA1", + if (!ossl_FIPS_IND_on_unapproved(ind, id, libctx, desc, op, config_check_f)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); return 0; diff -Nru openssl-3.5.1/providers/fips/fipsprov.c openssl-3.5.4/providers/fips/fipsprov.c --- openssl-3.5.1/providers/fips/fipsprov.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/fips/fipsprov.c 2025-09-30 12:37:40.000000000 +0000 @@ -65,6 +65,7 @@ static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; +static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark; static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc; static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free; @@ -797,6 +798,9 @@ case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(in)); break; + case OSSL_FUNC_CORE_COUNT_TO_MARK: + set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in)); + break; case OSSL_FUNC_CRYPTO_MALLOC: set_func(c_CRYPTO_malloc, OSSL_FUNC_CRYPTO_malloc(in)); break; @@ -1035,6 +1039,11 @@ return c_pop_error_to_mark(NULL); } +int ERR_count_to_mark(void) +{ + return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0; +} + /* * This must take a library context, since it's called from the depths * of crypto/initthread.c code, where it's (correctly) assumed that the diff -Nru openssl-3.5.1/providers/fips/include/fips/fipsindicator.h openssl-3.5.4/providers/fips/include/fips/fipsindicator.h --- openssl-3.5.1/providers/fips/include/fips/fipsindicator.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/fips/include/fips/fipsindicator.h 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -134,6 +134,7 @@ int ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND *ind, int id, OSSL_LIB_CTX *libctx, int nid, int sha1_allowed, + int sha512_trunc_allowed, const char *desc, OSSL_FIPS_IND_CHECK_CB *config_check_f); diff -Nru openssl-3.5.1/providers/fips/self_test.c openssl-3.5.4/providers/fips/self_test.c --- openssl-3.5.1/providers/fips/self_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/fips/self_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -424,9 +424,18 @@ void ossl_set_error_state(const char *type) { - int cond_test = (type != NULL && strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0); + int cond_test = 0; + int import_pct = 0; - if (!cond_test || (FIPS_conditional_error_check == 1)) { + if (type != NULL) { + cond_test = strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0; + import_pct = strcmp(type, OSSL_SELF_TEST_TYPE_PCT_IMPORT) == 0; + } + + if (import_pct) { + /* Failure to import is transient to avoid a DoS attack */ + ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR); + } else if (!cond_test || (FIPS_conditional_error_check == 1)) { set_fips_state(FIPS_STATE_ERROR); ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE); } else { diff -Nru openssl-3.5.1/providers/fips/self_test_data.inc openssl-3.5.4/providers/fips/self_test_data.inc --- openssl-3.5.1/providers/fips/self_test_data.inc 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/fips/self_test_data.inc 2025-09-30 12:37:40.000000000 +0000 @@ -169,6 +169,12 @@ } ST_KAT_KEM; /*- DIGEST SELF TEST DATA */ +static const unsigned char sha1_pt[] = "abc"; +static const unsigned char sha1_digest[] = { + 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, + 0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, + 0x9C, 0xD0, 0xD8, 0x9D +}; static const unsigned char sha512_pt[] = "abc"; static const unsigned char sha512_digest[] = { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, 0x49, @@ -187,12 +193,18 @@ /* * Note: - * SHA1 and SHA256 are tested by higher level algorithms so a + * SHA256 is tested by higher level algorithms so a * CAST is not needed. */ static const ST_KAT_DIGEST st_kat_digest_tests[] = { { + OSSL_SELF_TEST_DESC_MD_SHA1, + "SHA1", + ITM_STR(sha1_pt), + ITM(sha1_digest), + }, + { OSSL_SELF_TEST_DESC_MD_SHA2, "SHA512", ITM_STR(sha512_pt), @@ -208,28 +220,6 @@ /*- CIPHER TEST DATA */ -/* DES3 test data */ -static const unsigned char des_ede3_cbc_pt[] = { - 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, - 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A, - 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C, - 0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 -}; -static const unsigned char des_ede3_cbc_key[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, - 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, - 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23 -}; -static const unsigned char des_ede3_cbc_iv[] = { - 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17 -}; -static const unsigned char des_ede3_cbc_ct[] = { - 0x20, 0x79, 0xC3, 0xD5, 0x3A, 0xA7, 0x63, 0xE1, - 0x93, 0xB7, 0x9E, 0x25, 0x69, 0xAB, 0x52, 0x62, - 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F, - 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7 -}; - /* AES-256 GCM test data */ static const unsigned char aes_256_gcm_key[] = { 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c, @@ -364,7 +354,7 @@ ST_KAT_PARAM_END() }; -static const char sskdf_digest[] = "SHA224"; +static const char sskdf_digest[] = "SHA256"; static const unsigned char sskdf_secret[] = { 0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4, 0x06, 0x27, 0x57, 0xb0, 0x6b, 0x9e, 0xba, 0xe1, @@ -383,8 +373,8 @@ 0x9b, 0x1e, 0xe0, 0xec, 0x3f, 0x8d, 0xbe }; static const unsigned char sskdf_expected[] = { - 0xa4, 0x62, 0xde, 0x16, 0xa8, 0x9d, 0xe8, 0x46, - 0x6e, 0xf5, 0x46, 0x0b, 0x47, 0xb8 + 0x27, 0xce, 0x57, 0xed, 0xb1, 0x7e, 0x1f, 0xf2, + 0xe4, 0x79, 0x2e, 0x84, 0x8b, 0x04, 0xf1, 0xae }; static const ST_KAT_PARAM sskdf_params[] = { ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, sskdf_digest), @@ -393,7 +383,7 @@ ST_KAT_PARAM_END() }; -static const char x942kdf_digest[] = "SHA1"; +static const char x942kdf_digest[] = "SHA256"; static const char x942kdf_cekalg[] = "AES-128-WRAP"; static const unsigned char x942kdf_secret[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -401,8 +391,8 @@ 0x10, 0x11, 0x12, 0x13 }; static const unsigned char x942kdf_expected[] = { - 0xd6, 0xd6, 0xb0, 0x94, 0xc1, 0x02, 0x7a, 0x7d, - 0xe6, 0xe3, 0x11, 0x72, 0x94, 0xa3, 0x53, 0x64 + 0x79, 0x66, 0xa0, 0x38, 0x22, 0x28, 0x1e, 0xa3, + 0xeb, 0x08, 0xd9, 0xbc, 0x69, 0x5b, 0xd8, 0xff }; static const ST_KAT_PARAM x942kdf_params[] = { ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, x942kdf_digest), @@ -809,51 +799,73 @@ /* * HMAC_DRBG.rsp * - * [SHA-1] + * [SHA-256] * [PredictionResistance = True] - * [EntropyInputLen = 128] - * [NonceLen = 64] - * [PersonalizationStringLen = 128] - * [AdditionalInputLen = 128] - * [ReturnedBitsLen = 640] + * [EntropyInputLen = 256] + * [NonceLen = 128] + * [PersonalizationStringLen = 256] + * [AdditionalInputLen = 256] + * [ReturnedBitsLen = 1024] * * COUNT = 0 */ -static const unsigned char drbg_hmac_sha1_pr_entropyin[] = { - 0x68, 0x0f, 0xac, 0xe9, 0x0d, 0x7b, 0xca, 0x21, 0xd4, 0xa0, 0xed, 0xb7, - 0x79, 0x9e, 0xe5, 0xd8 -}; -static const unsigned char drbg_hmac_sha1_pr_nonce[] = { - 0xb7, 0xbe, 0x9e, 0xed, 0xdd, 0x0e, 0x3b, 0x4b -}; -static const unsigned char drbg_hmac_sha1_pr_persstr[] = { - 0xf5, 0x8c, 0x40, 0xae, 0x70, 0xf7, 0xa5, 0x56, 0x48, 0xa9, 0x31, 0xa0, - 0xa9, 0x31, 0x3d, 0xd7 -}; -static const unsigned char drbg_hmac_sha1_pr_entropyinpr0[] = { - 0x7c, 0xaf, 0xe2, 0x31, 0x63, 0x0a, 0xa9, 0x5a, 0x74, 0x2c, 0x4e, 0x5f, - 0x5f, 0x22, 0xc6, 0xa4 -}; -static const unsigned char drbg_hmac_sha1_pr_entropyinpr1[] = { - 0x1c, 0x0d, 0x77, 0x92, 0x89, 0x88, 0x27, 0x94, 0x8a, 0x58, 0x9f, 0x82, - 0x2d, 0x1a, 0xf7, 0xa6 -}; -static const unsigned char drbg_hmac_sha1_pr_addin0[] = { - 0xdc, 0x36, 0x63, 0xf0, 0x62, 0x78, 0x9c, 0xd1, 0x5c, 0xbb, 0x20, 0xc3, - 0xc1, 0x8c, 0xd9, 0xd7 -}; -static const unsigned char drbg_hmac_sha1_pr_addin1[] = { - 0xfe, 0x85, 0xb0, 0xab, 0x14, 0xc6, 0x96, 0xe6, 0x9c, 0x24, 0xe7, 0xb5, - 0xa1, 0x37, 0x12, 0x0c -}; -static const unsigned char drbg_hmac_sha1_pr_expected[] = { - 0x68, 0x00, 0x4b, 0x3a, 0x28, 0xf7, 0xf0, 0x1c, 0xf9, 0xe9, 0xb5, 0x71, - 0x20, 0x79, 0xef, 0x80, 0x87, 0x1b, 0x08, 0xb9, 0xa9, 0x1b, 0xcd, 0x2b, - 0x9f, 0x09, 0x4d, 0xa4, 0x84, 0x80, 0xb3, 0x4c, 0xaf, 0xd5, 0x59, 0x6b, - 0x0c, 0x0a, 0x48, 0xe1, 0x48, 0xda, 0xbc, 0x6f, 0x77, 0xb8, 0xff, 0xaf, - 0x18, 0x70, 0x28, 0xe1, 0x04, 0x13, 0x7a, 0x4f, 0xeb, 0x1c, 0x72, 0xb0, - 0xc4, 0x4f, 0xe8, 0xb1, 0xaf, 0xab, 0xa5, 0xbc, 0xfd, 0x86, 0x67, 0xf2, - 0xf5, 0x5b, 0x46, 0x06, 0x63, 0x2e, 0x3c, 0xbc +static const unsigned char drbg_hmac_sha2_pr_entropyin[] = { + 0xca, 0x85, 0x19, 0x11, 0x34, 0x93, 0x84, 0xbf, + 0xfe, 0x89, 0xde, 0x1c, 0xbd, 0xc4, 0x6e, 0x68, + 0x31, 0xe4, 0x4d, 0x34, 0xa4, 0xfb, 0x93, 0x5e, + 0xe2, 0x85, 0xdd, 0x14, 0xb7, 0x1a, 0x74, 0x88 +}; +static const unsigned char drbg_hmac_sha2_pr_nonce[] = { + 0x65, 0x9b, 0xa9, 0x6c, 0x60, 0x1d, 0xc6, 0x9f, + 0xc9, 0x02, 0x94, 0x08, 0x05, 0xec, 0x0c, 0xa8 +}; +static const unsigned char drbg_hmac_sha2_pr_persstr[] = { + 0xe7, 0x2d, 0xd8, 0x59, 0x0d, 0x4e, 0xd5, 0x29, + 0x55, 0x15, 0xc3, 0x5e, 0xd6, 0x19, 0x9e, 0x9d, + 0x21, 0x1b, 0x8f, 0x06, 0x9b, 0x30, 0x58, 0xca, + 0xa6, 0x67, 0x0b, 0x96, 0xef, 0x12, 0x08, 0xd0 +}; +static const unsigned char drbg_hmac_sha2_pr_entropyinpr0[] = { + 0x5c, 0xac, 0xc6, 0x81, 0x65, 0xa2, 0xe2, 0xee, + 0x20, 0x81, 0x2f, 0x35, 0xec, 0x73, 0xa7, 0x9d, + 0xbf, 0x30, 0xfd, 0x47, 0x54, 0x76, 0xac, 0x0c, + 0x44, 0xfc, 0x61, 0x74, 0xcd, 0xac, 0x2b, 0x55 +}; +static const unsigned char drbg_hmac_sha2_pr_entropyinpr1[] = { + 0x8d, 0xf0, 0x13, 0xb4, 0xd1, 0x03, 0x52, 0x30, + 0x73, 0x91, 0x7d, 0xdf, 0x6a, 0x86, 0x97, 0x93, + 0x05, 0x9e, 0x99, 0x43, 0xfc, 0x86, 0x54, 0x54, + 0x9e, 0x7a, 0xb2, 0x2f, 0x7c, 0x29, 0xf1, 0x22 +}; +static const unsigned char drbg_hmac_sha2_pr_addin0[] = { + 0x79, 0x3a, 0x7e, 0xf8, 0xf6, 0xf0, 0x48, 0x2b, + 0xea, 0xc5, 0x42, 0xbb, 0x78, 0x5c, 0x10, 0xf8, + 0xb7, 0xb4, 0x06, 0xa4, 0xde, 0x92, 0x66, 0x7a, + 0xb1, 0x68, 0xec, 0xc2, 0xcf, 0x75, 0x73, 0xc6 +}; +static const unsigned char drbg_hmac_sha2_pr_addin1[] = { + 0x22, 0x38, 0xcd, 0xb4, 0xe2, 0x3d, 0x62, 0x9f, + 0xe0, 0xc2, 0xa8, 0x3d, 0xd8, 0xd5, 0x14, 0x4c, + 0xe1, 0xa6, 0x22, 0x9e, 0xf4, 0x1d, 0xab, 0xe2, + 0xa9, 0x9f, 0xf7, 0x22, 0xe5, 0x10, 0xb5, 0x30 +}; +static const unsigned char drbg_hmac_sha2_pr_expected[] = { + 0xb1, 0xd1, 0x7c, 0x00, 0x2a, 0x7f, 0xeb, 0xd2, + 0x84, 0x12, 0xd8, 0xe5, 0x8a, 0x7f, 0x32, 0x31, + 0x8e, 0x4e, 0xe3, 0x60, 0x5a, 0x99, 0xb0, 0x5b, + 0x05, 0xd5, 0x93, 0x56, 0xd5, 0xf0, 0xc6, 0xb4, + 0x96, 0x0a, 0x4b, 0x8f, 0x96, 0x3b, 0x7e, 0xfa, + 0x55, 0xbb, 0x68, 0x72, 0xfb, 0xea, 0xc7, 0xb9, + 0x9b, 0x78, 0xde, 0xa8, 0xf3, 0x53, 0x19, 0x73, + 0x63, 0x7c, 0x94, 0x6a, 0x9c, 0xab, 0x33, 0x49, + 0x74, 0x4b, 0x24, 0xa0, 0x85, 0x1d, 0xd4, 0x7f, + 0x2b, 0x3b, 0x46, 0x0c, 0x2c, 0x61, 0x84, 0x6e, + 0x91, 0x18, 0x1d, 0x62, 0xd4, 0x2c, 0x60, 0xa4, + 0xef, 0xda, 0x5e, 0xd5, 0x79, 0x02, 0xbf, 0xd7, + 0x02, 0xb3, 0x49, 0xc5, 0x49, 0x52, 0xc7, 0xf6, + 0x44, 0x76, 0x9d, 0x8e, 0xf4, 0x01, 0x5e, 0xcc, + 0x5f, 0x5b, 0xbd, 0x4a, 0xf0, 0x61, 0x34, 0x68, + 0x8e, 0x30, 0x05, 0x0e, 0x04, 0x97, 0xfb, 0x0a }; static const ST_KAT_DRBG st_kat_drbg_tests[] = @@ -884,15 +896,15 @@ }, { OSSL_SELF_TEST_DESC_DRBG_HMAC, - "HMAC-DRBG", "digest", "SHA1", - ITM(drbg_hmac_sha1_pr_entropyin), - ITM(drbg_hmac_sha1_pr_nonce), - ITM(drbg_hmac_sha1_pr_persstr), - ITM(drbg_hmac_sha1_pr_entropyinpr0), - ITM(drbg_hmac_sha1_pr_entropyinpr1), - ITM(drbg_hmac_sha1_pr_addin0), - ITM(drbg_hmac_sha1_pr_addin1), - ITM(drbg_hmac_sha1_pr_expected) + "HMAC-DRBG", "digest", "SHA256", + ITM(drbg_hmac_sha2_pr_entropyin), + ITM(drbg_hmac_sha2_pr_nonce), + ITM(drbg_hmac_sha2_pr_persstr), + ITM(drbg_hmac_sha2_pr_entropyinpr0), + ITM(drbg_hmac_sha2_pr_entropyinpr1), + ITM(drbg_hmac_sha2_pr_addin0), + ITM(drbg_hmac_sha2_pr_addin1), + ITM(drbg_hmac_sha2_pr_expected) } }; @@ -907,38 +919,39 @@ 0x40, 0xb8, 0xfc, 0xe6 }; static const unsigned char dh_pub[] = { - 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04, - 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69, - 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59, - 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b, - 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c, - 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21, - 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06, - 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb, - 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2, - 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0, - 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83, - 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90, - 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2, - 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7, - 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0, - 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88, - 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb, - 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a, - 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97, - 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d, - 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf, - 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e, - 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f, - 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d, - 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1, - 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c, - 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47, - 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e, - 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f, - 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9, - 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c, - 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3 + 0x00, 0x8f, 0x81, 0x67, 0x68, 0xce, 0x97, 0x99, + 0x7e, 0x11, 0x5c, 0xad, 0x5b, 0xe1, 0x0c, 0xd4, + 0x15, 0x44, 0xdf, 0xc2, 0x47, 0xe7, 0x06, 0x27, + 0x5e, 0xf3, 0x9d, 0x5c, 0x4b, 0x2e, 0x35, 0x05, + 0xfd, 0x3c, 0x8f, 0x35, 0x85, 0x1b, 0x82, 0xdd, + 0x49, 0xc9, 0xa8, 0x7e, 0x3a, 0x5f, 0x33, 0xdc, + 0x8f, 0x5e, 0x32, 0x76, 0xe1, 0x52, 0x1b, 0x88, + 0x85, 0xda, 0xa9, 0x1d, 0x5f, 0x1c, 0x05, 0x3a, + 0xd4, 0x8d, 0xbb, 0xe7, 0x46, 0x46, 0x1e, 0x29, + 0x4b, 0x5a, 0x02, 0x88, 0x46, 0x94, 0xd0, 0x68, + 0x7d, 0xb2, 0x9f, 0x3a, 0x3d, 0x82, 0x05, 0xe5, + 0xa7, 0xbe, 0x6c, 0x7e, 0x24, 0x35, 0x25, 0x14, + 0xf3, 0x45, 0x08, 0x90, 0xfc, 0x55, 0x2e, 0xa8, + 0xb8, 0xb1, 0x89, 0x15, 0x94, 0x51, 0x44, 0xa9, + 0x9f, 0x68, 0xcb, 0x90, 0xbc, 0xd3, 0xae, 0x02, + 0x37, 0x26, 0xe4, 0xe9, 0x1a, 0x90, 0x95, 0x7e, + 0x1d, 0xac, 0x0c, 0x91, 0x97, 0x83, 0x24, 0x83, + 0xb9, 0xa1, 0x40, 0x72, 0xac, 0xf0, 0x55, 0x32, + 0x18, 0xab, 0xb8, 0x90, 0xda, 0x13, 0x4a, 0xc8, + 0x4b, 0x7c, 0x18, 0xbc, 0x33, 0xbf, 0x99, 0x85, + 0x39, 0x3e, 0xc6, 0x95, 0x9b, 0x48, 0x8e, 0xbe, + 0x46, 0x59, 0x48, 0x41, 0x0d, 0x37, 0x25, 0x94, + 0xbe, 0x8d, 0xf5, 0x81, 0x52, 0xf6, 0xdc, 0xeb, + 0x98, 0xd7, 0x3b, 0x44, 0x61, 0x6f, 0xa3, 0xef, + 0x7b, 0xfe, 0xbb, 0xc2, 0x8e, 0x46, 0x63, 0xbc, + 0x52, 0x65, 0xf9, 0xf8, 0x85, 0x41, 0xdf, 0x82, + 0x4a, 0x10, 0x2a, 0xe3, 0x0c, 0xb7, 0xad, 0x84, + 0xa6, 0x6f, 0x4e, 0x8e, 0x96, 0x1e, 0x04, 0xf7, + 0x57, 0x39, 0xca, 0x58, 0xd4, 0xef, 0x5a, 0xf1, + 0xf5, 0x69, 0xc2, 0xb1, 0x5c, 0x0a, 0xce, 0xbe, + 0x38, 0x01, 0xb5, 0x3f, 0x07, 0x8a, 0x72, 0x90, + 0x10, 0xac, 0x51, 0x3a, 0x96, 0x43, 0xdf, 0x6f, + 0xea }; static const unsigned char dh_peer_pub[] = { 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a, @@ -1295,6 +1308,18 @@ ST_KAT_PARAM_END() }; +/*- + * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the + * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient + * HP/UX PA-RISC compilers. + */ +static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE; + +static const ST_KAT_PARAM rsa_enc_params[] = { + ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none), + ST_KAT_PARAM_END() +}; + static const unsigned char rsa_sig_msg[] = "Hello World!"; static const unsigned char rsa_expected_sig[256] = { @@ -3484,3 +3509,33 @@ # endif }; #endif /* !OPENSSL_NO_ML_DSA || !OPENSSL_NO_SLH_DSA */ + +static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = { + { + OSSL_SELF_TEST_DESC_ASYM_RSA_ENC, + "RSA", + 1, + rsa_pub_key, + rsa_enc_params, + ITM(rsa_asym_plaintext_encrypt), + ITM(rsa_asym_expected_encrypt), + }, + { + OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, + "RSA", + 0, + rsa_priv_key, + rsa_enc_params, + ITM(rsa_asym_expected_encrypt), + ITM(rsa_asym_plaintext_encrypt), + }, + { + OSSL_SELF_TEST_DESC_ASYM_RSA_DEC, + "RSA", + 0, + rsa_crt_key, + rsa_enc_params, + ITM(rsa_asym_expected_encrypt), + ITM(rsa_asym_plaintext_encrypt), + }, +}; diff -Nru openssl-3.5.1/providers/fips/self_test_kats.c openssl-3.5.4/providers/fips/self_test_kats.c --- openssl-3.5.1/providers/fips/self_test_kats.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/fips/self_test_kats.c 2025-09-30 12:37:40.000000000 +0000 @@ -813,6 +813,93 @@ #endif /* + * Test an encrypt or decrypt KAT.. + * + * FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt + * and decrypt.. + */ +static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st, + OSSL_LIB_CTX *libctx) +{ + int ret = 0; + OSSL_PARAM *keyparams = NULL, *initparams = NULL; + OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL; + EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL; + EVP_PKEY *key = NULL; + BN_CTX *bnctx = NULL; + unsigned char out[256]; + size_t outlen = sizeof(out); + + OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc); + + bnctx = BN_CTX_new_ex(libctx); + if (bnctx == NULL) + goto err; + + /* Load a public or private key from data */ + keybld = OSSL_PARAM_BLD_new(); + if (keybld == NULL + || !add_params(keybld, t->key, bnctx)) + goto err; + keyparams = OSSL_PARAM_BLD_to_param(keybld); + keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL); + if (keyctx == NULL || keyparams == NULL) + goto err; + if (EVP_PKEY_fromdata_init(keyctx) <= 0 + || EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0) + goto err; + + /* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */ + encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL); + if (encctx == NULL + || (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0) + || (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0)) + goto err; + + /* Add any additional parameters such as padding */ + if (t->postinit != NULL) { + initbld = OSSL_PARAM_BLD_new(); + if (initbld == NULL) + goto err; + if (!add_params(initbld, t->postinit, bnctx)) + goto err; + initparams = OSSL_PARAM_BLD_to_param(initbld); + if (initparams == NULL) + goto err; + if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0) + goto err; + } + + if (t->encrypt) { + if (EVP_PKEY_encrypt(encctx, out, &outlen, + t->in, t->in_len) <= 0) + goto err; + } else { + if (EVP_PKEY_decrypt(encctx, out, &outlen, + t->in, t->in_len) <= 0) + goto err; + } + /* Check the KAT */ + OSSL_SELF_TEST_oncorrupt_byte(st, out); + if (outlen != t->expected_len + || memcmp(out, t->expected, t->expected_len) != 0) + goto err; + + ret = 1; +err: + BN_CTX_free(bnctx); + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(encctx); + EVP_PKEY_CTX_free(keyctx); + OSSL_PARAM_free(keyparams); + OSSL_PARAM_BLD_free(keybld); + OSSL_PARAM_free(initparams); + OSSL_PARAM_BLD_free(initbld); + OSSL_SELF_TEST_onend(st, ret); + return ret; +} + +/* * Test a data driven list of KAT's for digest algorithms. * All tests are run regardless of if they fail or not. * Return 0 if any test fails. @@ -853,6 +940,17 @@ return ret; } +static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) +{ + int i, ret = 1; + + for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) { + if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx)) + ret = 0; + } + return ret; +} + static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx) { int i, ret = 1; @@ -1092,6 +1190,8 @@ ret = 0; if (!self_test_kems(st, libctx)) ret = 0; + if (!self_test_asym_ciphers(st, libctx)) + ret = 0; RAND_set0_private(libctx, saved_rand); return ret; diff -Nru openssl-3.5.1/providers/fips-sources.checksums openssl-3.5.4/providers/fips-sources.checksums --- openssl-3.5.1/providers/fips-sources.checksums 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/fips-sources.checksums 2025-09-30 12:37:40.000000000 +0000 @@ -16,7 +16,7 @@ ecd9bdfaf25cdd3d8ec0c50cb4306d98374da1c6056e27e0cf31a057dc5ee150 crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl d372152dac004b96a89f8531256bd05597ca0b614b444bb02aee93238dcf83ab crypto/aes/asm/aes-riscv64-zvkned.pl f0388e17ba4268ed0b562da60e0780072180a824a379b79fafb60e25b8da3b52 crypto/aes/asm/aes-riscv64.pl -ecbfe826f4c514810c3ee20e265f4f621149694c298554b2682e5de4f029f14f crypto/aes/asm/aes-s390x.pl +290ae2a09826d24e83763415a021e328d41a163f41cff8c9e3b882e973677f33 crypto/aes/asm/aes-s390x.pl ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1 crypto/aes/asm/aes-sparcv9.pl 391497550eaca253f64b2aba7ba2e53c6bae7dff01583bc6bfc12e930bb7e217 crypto/aes/asm/aes-x86_64.pl c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm/aesfx-sparcv9.pl @@ -136,7 +136,7 @@ 9549901d6f0f96cd17bd76c2b6cb33fb25641707bfdb8ed34aab250c34f7f4f6 crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h a54b1b60cf48ca89dfb3f71d299794dd6c2e462c576b0fe583d1448f819c80ea crypto/dh/dh_backend.c -24cf9462da6632c52b726041271f8a43dfb3f74414abe460d9cc9c7fd2fd2d7d crypto/dh/dh_check.c +9db32c052fb3cf7c36ab8e642f4852c2fa68a7b6bae0e3b1746522f826827068 crypto/dh/dh_check.c c117ac4fd24369c7813ac9dc9685640700a82bb32b0f7e038e85afd6c8db75c7 crypto/dh/dh_gen.c 6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a539a8930035fee3b723d74a1d13e931ff69a2b523c83d4a2d0d9db6c78ba902 crypto/dh/dh_kdf.c @@ -204,7 +204,7 @@ 43f81968983e9a466b7dc9cffe64302418703f7a66adcbac4b7c4d8cb19c9af5 crypto/ec/ecx_backend.c 5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3 crypto/ec/ecx_backend.h 2be4ca60082891bdc99f8c6ebc5392c1f0a7a53f0bcf18dcf5497a7aee0b9c84 crypto/ec/ecx_key.c -73c956c97fd558b0fd267934657fb829fd8d9ab12dda2d96d3ca1521f0416ca8 crypto/evp/asymcipher.c +c1f04d877f96f2d0852290e34b1994dd48222650ac1121903cee9c259fe3ebf2 crypto/evp/asymcipher.c 80da494704c8fc54fea36e5de7100a6c2fdcc5f8c50f43ac477df5f56fa57e58 crypto/evp/dh_support.c bc9f3b827e3d29ac485fff9fb1c8f71d7e2bcd883ccc44c776de2f620081df58 crypto/evp/digest.c 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c @@ -219,7 +219,7 @@ 90742590db894920ffdb737a450ee591488aa455802e777400b1bf887618fd7a crypto/evp/kdf_meth.c 948f7904e81008588288a1ba7969b9de83546c687230ffe2a3fd0be1651bce8f crypto/evp/kem.c 55d141a74405415ad21789abcace9557f1d1ef54cf207e99993bf0a801f4b81e crypto/evp/keymgmt_lib.c -5cb9ddc6a7434bd7e063bf85455c2025fb34e4eb846d7d113dbcedc25eeac7a3 crypto/evp/keymgmt_meth.c +d57908a9473d2af324f32549649016f7a3c196b5ac8b54d6ca3c82f84cab5d48 crypto/evp/keymgmt_meth.c 9e44d1ffb52fee194b12c50962907c8637e7d92f08339345ec9fd3bd4a248e69 crypto/evp/mac_lib.c cd611921dc773b47207c036b9108ec820ab39d67780ba4adc9ccb9dc8da58627 crypto/evp/mac_meth.c 4f0a9a7baa72c6984edb53c46101b6ff774543603bec1e1d3a6123adf27e41db crypto/evp/p_lib.c @@ -228,7 +228,7 @@ c2c8f6d17dc3d85ffcced051047c0b00ce99d119635f4626c5c6db3d59d86fbb crypto/evp/pmeth_lib.c ba4ff38738cbcfd3841d53a2fab92227638ceca176d3ffe50e486c9dcbabb5dd crypto/evp/s_lib.c 3c003fa01341a69c461b75cffd93cf31a1899373d7e95a1ef3754ea1bfbb77fe crypto/evp/signature.c -a3ba57f8181cfbbf017fe1d4fa8d80f4999eea6d2834b0bcda22b60e6a5e31e3 crypto/evp/skeymgmt_meth.c +30af153213f8b008955486000c5a92507dc694c4af9ac6ed6fef3f290efa3e52 crypto/evp/skeymgmt_meth.c 64f7e366e681930ba10267272b87dba223b9744a01c27ba0504a4941802a580d crypto/ex_data.c d986ec74995b05ff65a68df320ab45894ba35d7be4906f8d78ca5fca294a4e6c crypto/ffc/ffc_backend.c a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c @@ -250,7 +250,7 @@ f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c 18127868d868ca5705444c24f7dc385391ba31154fc04ff54949739e8fa7fdfc crypto/ml_dsa/ml_dsa_encoders.c 825105b0a2c4844b2b4229001650ff7e61e1348e52f1072210f70b97cd4adb71 crypto/ml_dsa/ml_dsa_hash.h -c82201cf1a17ff2d4b169dcd4402d3d56f4685e460a1447e021db4abd67f7f0e crypto/ml_dsa/ml_dsa_key.c +c467f4400d399aad6b51746ef2575d1e04d260a1bf901b35ca55624fe62e650e crypto/ml_dsa/ml_dsa_key.c 579c1a12a5c5f014476a6bf695dc271f63074fb187e23ffc3f9ccb5b7ea044f1 crypto/ml_dsa/ml_dsa_key.h 3f98eb0467033d0a40867ef1c1036dcfea5d231eeac2321196f7d7c7243edace crypto/ml_dsa/ml_dsa_key_compress.c 983d164bfa3dbe8d85ad1fdc24d897e79d9246d96d9c1862855c6c538b387ad9 crypto/ml_dsa/ml_dsa_local.h @@ -263,7 +263,7 @@ 1d7f57a41034988a4e7d4c9a998760d2ef802c5e90275d09a3ca31c5f3403d94 crypto/ml_dsa/ml_dsa_sign.c 5217ef237e21872205703b95577290c34898423466a465c7bd609b2eb4627964 crypto/ml_dsa/ml_dsa_sign.h abd934284bcd8061027a69f437fa4410c6b72cd950be1ebe048244d036371208 crypto/ml_dsa/ml_dsa_vector.h -defc2e4e81ff1b78056c795bc0565f4241a259c2957abe84a51bcbc1e4ace3f1 crypto/ml_kem/ml_kem.c +8c4f7238f68f959f2ad1e2529c567364c5a8818898355c82818521e03239ea76 crypto/ml_kem/ml_kem.c 36e24eae5d38cc9666ae40e4e8a2dc12328e1159fea68447cb19dab174d25adf crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl 33357356cd739d4ae89d52f0804b6900e4b94d8829323819c6f64c8908e978df crypto/modes/asm/aes-gcm-armv8_64.pl bcc09bdb474f045d04c983fa09c31a010c5a25513f53a5d3653ade91304f0f96 crypto/modes/asm/aes-gcm-avx512.pl @@ -306,17 +306,17 @@ 467c416422ecf61e3b713c5eb259fdbcb4aa73ae8dee61804d0b85cfd3fff4f7 crypto/property/defn_cache.c 91c1f1f8eb5588ed9da17386c244ae68a6a81717b1c7ab6c9f1a6a57973a039f crypto/property/property.c 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h -d32105cb087d708d0504a787f74bc163cc398c299faf2e98d6bb5ae02f5ce9b7 crypto/property/property_parse.c +1e99a3934812f99dad79cbfbb6727ad61b6093711c1a6c74d4b50f9318152611 crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 20e69b9d594dfc443075eddbb0e6bcc0ed36ca51993cd50cc5a4f86eb31127f8 crypto/property/property_string.c -faa002fd33a147494ea93dbd1cef07138c6f61432d6465ceb4a34118e31e0a72 crypto/provider_core.c +10644e9d20214660706de58d34edf635c110d4e4f2628cd5284a08c60ed9aff8 crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c e13cf63765dd538a75eb9d2cb8fcb0243e6bd2988dd420c83806a69984dad558 crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h 426ba915ca65a770f8264129f8ac47db7aaf06c6ae51517c5d775eacdf91b9f6 crypto/rcu_internal.h -48f6a98e3d7e9ae79f2d2b8ea9965d0c4ec3b1a4473adbceb47fe1e7930dc3c1 crypto/riscv32cpuid.pl -f6c5a1440de995a115dbba5f732b294e2e6d94aa520687afd1e776af1ba48cf8 crypto/riscv64cpuid.pl +0c1d3e0e857e9e4f84752a8ef0b619d8af0d81427b52facbd0174e685dac9a47 crypto/riscv32cpuid.pl +231263dffc16987f5288592ebf4c0738902d5146bfc16bcd8a157e044cb697da crypto/riscv64cpuid.pl 0b0f3c7757447c2374338f2008c6545a1d176dcbdb41f06873f4681dc43fd42e crypto/riscvcap.c f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c 1b828f428f0e78b591378f7b780164c4574620c68f9097de041cbd576f811bf6 crypto/rsa/rsa_backend.c @@ -393,11 +393,11 @@ 1a2e505ac8ef45ff46f36ab89f5fb1d6a6888b2123a7cb75cf0eae849ee5de70 crypto/slh_dsa/slh_adrs.h 11d3895ea104d1238999f00b2beee4de71f35eea79065ac7b4536ee79d61d2dd crypto/slh_dsa/slh_dsa.c ab7b580b1cba302c5675918b457794a3b3d00aac42297312d9447bc6f6a40b09 crypto/slh_dsa/slh_dsa_hash_ctx.c -c26498960895d435af4ef5f592d98a0c011c00609bbba8bbd0078d4a4f081609 crypto/slh_dsa/slh_dsa_key.c +36007c2d3c7f6a405745a25d1a10b97ce781c7541b1610e51981f549c9852a5b crypto/slh_dsa/slh_dsa_key.c 4c7981f7db69025f52495c549fb3b3a76be62b9e13072c3f3b7f1dedeaf8cc91 crypto/slh_dsa/slh_dsa_key.h 5dcb631891eb6afcd27a6b19d2de4d493c71dab159e53620d86d9b96642e97e8 crypto/slh_dsa/slh_dsa_local.h adb3f4dea52396935b8442df7b36ed99324d3f3e8ce3fdf714d6dfd683e1f9f0 crypto/slh_dsa/slh_fors.c -ff320d5fc65580eb85e4e0530f332af515124a5ec8915b5a7ec04acad524c11d crypto/slh_dsa/slh_hash.c +3891252acdefc4eff77d7a65cc35d77bdca8083c9dd0d44ff91889ceafcccb45 crypto/slh_dsa/slh_hash.c a146cdf01b4b6e20127f0e48b30ed5e8820bec0fca2d9423c7b63eddf0f19af3 crypto/slh_dsa/slh_hash.h 6402664fbb259808a6f7b5a5d6be2b4a3cc8a905399d97b160cdb3e4a97c02c4 crypto/slh_dsa/slh_hypertree.c 98ba100862bb45d13bcddff79bc55e44eadd95f528dd49accb4da3ca85fcc52d crypto/slh_dsa/slh_params.c @@ -416,7 +416,7 @@ 27ec0090f4243c96e4fbe1babfd4320c2a16615ffa368275433217d50a1ef76c crypto/thread/internal.c 67ba8d87fbbb7c9a9e438018e7ecfd1cedd4d00224be05755580d044f5f1317a crypto/threads_lib.c b1a828491d9ce305802662561788facac92dff70cca9ead807f3e28741ff21e0 crypto/threads_none.c -c659f7ce5c4b59d2a1cff78485fa8e89c8d20d5798df4afc1b94ff635ffc0262 crypto/threads_pthread.c +491e9c29d4a7b4dd627ea25c20ce4a33103565b3108b618c41c6816dfc675569 crypto/threads_pthread.c 9c3bf7b4baa302a4017150fbcaa114ee9df935b18d5a3a8c8015003780d4e7de crypto/threads_win.c 7edd638df588b14711a50c98d458c4fc83f223ed03bc6c39c7c8edf7915b7cfa crypto/time.c 88c5f9f4d2611223d283ebd2ae10ae5ecbb9972d00f747d93fcb74b62641e3f9 crypto/x86_64cpuid.pl @@ -433,7 +433,7 @@ 6c72cfa9e59d276c1debcfd36a0aff277539b43d2272267147fad4165d72747c include/crypto/ctype.h f69643f16687c5a290b2ce6b846c6d1dddabfaf7e4d26fde8b1181955de32833 include/crypto/decoder.h 89693e0a7528a9574e1d2f80644b29e3b895d3684111dd07c18cc5bed28b45b7 include/crypto/des_platform.h -daf508bb7ed5783f1c8c622f0c230e179244dd3f584e1223a19ab95930fbcb4f include/crypto/dh.h +48d133a1eb8c3b3198cfe1cafda47f9abe8050d53004f3874f258a78f29b9e48 include/crypto/dh.h 679f6e52d9becdf51fde1649478083d18fa4f5a6ece21eeb1decf70f739f49d5 include/crypto/dsa.h c7aafee54cc3ace0c563f15aa5af2cdce13e2cfc4f9a9a133952825fb7c8faf5 include/crypto/ec.h adf369f3c9392e9f2dec5a87f61ac9e48160f4a763dae51d4ad5306c4ca4e226 include/crypto/ecx.h @@ -448,7 +448,7 @@ 6f16685ffbc97dc2ac1240bfddf4bbac2dd1ad83fff6da91aee6f3f64c6ee8ff include/crypto/rsa.h 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h 80338f3865b7c74aab343879432a6399507b834e2f55dd0e9ee7a5eeba11242a include/crypto/sha.h -0814571bff328719cc1e5a73a4daf6f5810b17f9e50fe63287f91f445f053213 include/crypto/slh_dsa.h +dc7808729c3231a08bbe470b3e1b562420030f59f7bc05b14d7b516fa77b4f3a include/crypto/slh_dsa.h 7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h d6d1cd1ec7581046f5a84359a32ed41caad9e7c1b4d1eb9665ea4763de10e6b3 include/crypto/types.h 27d13538d9303b1c2f0b2ce9b6d376097ce7661354fbefbde24b7ef07206ea45 include/internal/bio.h @@ -511,9 +511,9 @@ 69d98c5230b1c2a1b70c3e6b244fcfd8460a80ebf548542ea43bb1a57fe6cf57 include/openssl/configuration.h.in 6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h 28c6f0ede39c821dcf4abeeb4e41972038ebb3e3c9d0a43ffdf28edb559470e1 include/openssl/core.h -940f6276e5bab8a7c59eedba56150902e619823c10dc5e50cf63575be6be9ba0 include/openssl/core_dispatch.h +b59255ddb1ead5531c3f0acf72fa6627d5c7192f3d23e9536eed00f32258c43b include/openssl/core_dispatch.h d37532e62315d733862d0bff8d8de9fe40292a75deacae606f4776e544844316 include/openssl/core_names.h.in -57898905771752f6303e2b1cca1c9a41ea5e9c7bf08ee06531213a65e960e424 include/openssl/crypto.h.in +01ed3af4e25b9be3453a8f13d7dd3b4e9e73889bbed338e0d4b8021f0d17aa82 include/openssl/crypto.h.in 628e2a9e67412e2903ecb75efb27b262db1f266b805c07ece6b85bf7ffa19dac include/openssl/cryptoerr.h bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h 83af275af84cf88c4e420030a9ea07c38d1887009c8f471874ed1458a4b1cda7 include/openssl/decoder.h @@ -546,20 +546,20 @@ cb6bca3913c60a57bac39583eee0f789d49c3d29be3ecde9aecc7f3287117aa5 include/openssl/objects.h d25537af264684dff033dd8ae62b0348f868fcfec4aa51fa8f07bcfa4bd807ad include/openssl/objectserr.h fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970 include/openssl/opensslconf.h -1bf52d136e94f727a96651c1f48ad040482f35dae152519ccd585efd410b92f0 include/openssl/opensslv.h.in +6c1a8837bbba633db2a8951ff29ccfe09e7d2a24a37ee2af90f2d897c190da9a include/openssl/opensslv.h.in 767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20 include/openssl/param_build.h 1c442aaaa4dda7fbf727a451bc676fb4d855ef617c14dc77ff2a5e958ae33c3e include/openssl/params.h 44f178176293c6ce8142890ff9dc2d466364c734e4e811f56bd62010c5403183 include/openssl/pkcs7.h.in 8394828da6fd7a794777320c955d27069bfef694356c25c62b7a9eb47cd55832 include/openssl/pkcs7err.h ed785c451189aa5f7299f9f32a841e7f25b67c4ee937c8de8491a39240f5bd9d include/openssl/prov_ssl.h -7c0e616ec99ac03d241da8def32cebf2679d9cacc93f58d2c2c4b05faf0011ea include/openssl/proverr.h +d8e2e31fbf88649efaabb6a999d9c464d4462b016c65c6bdf830b2ab4261a792 include/openssl/proverr.h 01ecfa6add534dfe98c23382e0f2faf86f627c21ce16c5b49bf90333fb4cac9f include/openssl/provider.h 765846563fbd69411aff6ce00bcc22f577f6407f5a80d592edb1dc10b580a145 include/openssl/rand.h 1c135b1e5ef06e052f554d52a744a9a807a8c371c848389ad836f9e4a923dd8e include/openssl/randerr.h 2f4f0106e9b2db6636491dbe3ef81b80dbf01aefe6f73d19663423b7fcd54466 include/openssl/rsa.h 2f339ba2f22b8faa406692289a6e51fdbbb04b03f85cf3ca849835e58211ad23 include/openssl/rsaerr.h 6586f2187991731835353de0ffad0b6b57609b495e53d0f32644491ece629eb2 include/openssl/safestack.h.in -b0c9ed3ce37034524623c579e8a2ea0feb6aab39e7489ce66e2b6bf28ec81840 include/openssl/self_test.h +39300fe80a46e0b76e07f10ada73a0ba55887c8cd5f98180b337ef6d5a3344d1 include/openssl/self_test.h a435cb5d87a37c05921afb2d68f581018ec9f62fd9b3194ab651139b24f616d2 include/openssl/sha.h c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h @@ -604,23 +604,23 @@ f221ca9b117c9cccb776bb230f71b86553ce6c24196bea120124a4be7b8a712f providers/common/include/prov/providercommon.h 4a6e35be7600e78633324422f019443747a62777eba4987efc50f900c43fda25 providers/common/include/prov/securitycheck.h ba12773ee7d5afbd55e240798a0e36a2b0bdb4472f3aa3984bb8059f68cfba25 providers/common/provider_ctx.c -c67989723273186af8d0fa7019fe5564957a21dd9867645cfab6ba54f8871df4 providers/common/provider_err.c +1f724e74106fa406999d706ec4b88c7185d2d1ceb7cc431a3340f778f533dbda providers/common/provider_err.c c4032b7cb033b588c6eb0585b8dfbed029d5b112a74ddd134dbcb1d78b0f9684 providers/common/provider_seeding.c 976aed982b0091a8f5320ee15e9b3d56c638c2a6b8481ddf9478d07927522f82 providers/common/provider_util.c bde6107744cf6840a4c350a48265ed000c49b0524fa60b0d68d6d7b33df5fce6 providers/common/securitycheck.c -8ea192553b423e881d85118c70bcb26a40fbdee4e110f230c966939c76f4aa7e providers/common/securitycheck_fips.c +c0ba8608dd7719c9a8d9f8668ce60007eaadd6635162d4448815a7b76a9b2439 providers/common/securitycheck_fips.c abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c d8cb05784ae8533a7d9569d4fbaaea4175b63a7c9f4fb0f254215224069dea6b providers/fips/fipsindicator.c -e9383013a79a8223784a69a66bb610d16d54e61ea978f67a3d31de9f48cd4627 providers/fips/fipsprov.c -7be8349d3b557b6d9d5f87d318253a73d21123628a08f50726502abf0e3d8a44 providers/fips/include/fips/fipsindicator.h +485441c31b5ff7916a12d0b8438d131a58cbc1ff6267cd266ae2dd6128c825cc providers/fips/fipsprov.c +6e024bbebae12014997c105df04c22bd07bbbc0a0b0a9ddd14fb798dbd3f0f26 providers/fips/include/fips/fipsindicator.h ef204adc49776214dbb299265bc4f2c40b48848cbea4c25b8029f2b46a5c9797 providers/fips/include/fips_indicator_params.inc f2581d7b4e105f2bb6d30908f3c2d9959313be08cec6dbeb49030c125a7676d3 providers/fips/include/fips_selftest_params.inc 669f76f742bcaaf28846b057bfab97da7c162d69da244de71b7c743bf16e430f providers/fips/include/fipscommon.h -1af975061d9ea273fd337c74ccaab7b9331ab781d887c4e7164c5ac35e2c2e94 providers/fips/self_test.c +f111fd7e016af8cc6f96cd8059c28227b328dd466ed137ae0c0bc0c3c3eec3ba providers/fips/self_test.c 5c2c6c2f69e2eb01b88fa35630f27948e00dd2c2fd351735c74f34ccb2005cbe providers/fips/self_test.h -9c5c8131ee9a5b2d1056b5548db3269c00445294134cb30b631707f69f8904f1 providers/fips/self_test_data.inc -2e568e2b161131240e97bd77a730c2299f961c2f1409ea8466422fc07f9be23f providers/fips/self_test_kats.c -7a368f6c6a5636593018bf10faecc3be1005e7cb3f0647f25c62b6f0fb7ac974 providers/implementations/asymciphers/rsa_enc.c +df83c901ad13675fbbb4708b6087feba6099870ad3dd0e8d09cfdb6798419770 providers/fips/self_test_data.inc +6779d5afb3f48d82868b247ffb0a6a572f6e3964738296ad47e7ccafdb263c88 providers/fips/self_test_kats.c +dde79dfdedfe0e73006a0cf912fdde1ff109dfbc5ba6ecab319c938bc4275950 providers/implementations/asymciphers/rsa_enc.c c2f1b12c64fc369dfc3b9bc9e76a76de7280e6429adaee55d332eb1971ad1879 providers/implementations/ciphers/cipher_aes.c 6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6 providers/implementations/ciphers/cipher_aes.h c20072ecf42c87f9fad2ea241d358f57ed2a04cf0cc51bdb8cb5086172f6fc8a providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -692,24 +692,24 @@ e18ef50cd62647a2cc784c45169d75054dccd58fc106bf623d921de995bb3c34 providers/implementations/kdfs/sskdf.c 6d9767a99a5b46d44ac9e0898ee18d219c04dfb34fda42e71d54adccbed7d57c providers/implementations/kdfs/tls1_prf.c 88d04ff4c93648a4fbfd9ce137cfc64f2c85e1850593c1ab35334b8b3de8ad99 providers/implementations/kdfs/x942kdf.c -3e199221ff78d80a3678e917dbbd232c5cd15f35b7c41bac92b60f766f656af7 providers/implementations/kem/ml_kem_kem.c +b04249bcc64d6f7ec16f494afef252356b2f56424a034ab53def90463de0cb6f providers/implementations/kem/ml_kem_kem.c a2e2b44064ef44b880b89ab6adc83686936acaa906313a37e5ec69d632912034 providers/implementations/kem/mlx_kem.c c764555b9dc9b273c280514a5d2d44156f82f3e99155a77c627f2c773209bcd7 providers/implementations/kem/rsa_kem.c -b9f7fc5c19f637cee55b0a435b838f5de3a5573ca376ba602e90f70855a78852 providers/implementations/keymgmt/dh_kmgmt.c +56e173f4ddb3e91314abd79b18de513c8cbc645669a287942fca4632c3851f6b providers/implementations/keymgmt/dh_kmgmt.c 24cc3cc8e8681c77b7f96c83293bd66045fd8ad69f756e673ca7f8ca9e82b0af providers/implementations/keymgmt/dsa_kmgmt.c -e10086c31aafae0562054e3b07f12409e39b87b5e96ee7668c231c37861aa447 providers/implementations/keymgmt/ec_kmgmt.c +36a9c1c8658ce7918453827cb58ed52787e590e3f148c5510deeb2c16c25a29d providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc -d042d687da861d2a39658c6b857a6507a70fa78cecdf883bd1dcdafcf102e084 providers/implementations/keymgmt/ecx_kmgmt.c +11c27cc3c9f38885c484f25d11987e93f197aa90bef2fc1d6e8f508c2d014d4d providers/implementations/keymgmt/ecx_kmgmt.c daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d providers/implementations/keymgmt/kdf_legacy_kmgmt.c d97d7c8d3410b3e560ef2becaea2a47948e22205be5162f964c5e51a7eef08cb providers/implementations/keymgmt/mac_legacy_kmgmt.c -24384616fcba4eb5594ccb2ebc199bcee8494ce1b3f4ac7824f17743e39c0279 providers/implementations/keymgmt/ml_dsa_kmgmt.c -830c339dfc7f301ce5267ef9b0dc173b84d9597509c1a61ae038f3c01af78f45 providers/implementations/keymgmt/ml_kem_kmgmt.c +a428de71082fd01e5dcfa030a6fc34f6700b86d037b4e22f015c917862a158ce providers/implementations/keymgmt/ml_dsa_kmgmt.c +ae129b80f400c2d520262a44842fb02898d6986dd1417ac468293dc104337120 providers/implementations/keymgmt/ml_kem_kmgmt.c e15b780a1489bbe4c7d40d6aaa3bccfbf973e3946578f460eeb8373c657eee91 providers/implementations/keymgmt/mlx_kmgmt.c -9376a19735fcc79893cb3c6b0cff17a2cae61db9e9165d9a30f8def7f8e8e7c7 providers/implementations/keymgmt/rsa_kmgmt.c -6f0a786170ba9af860e36411d158ac0bd74bcb4d75c818a0cebadbc764759283 providers/implementations/keymgmt/slh_dsa_kmgmt.c +d37e7a96253cf146e45c9adf9dbf83ab83fccbe41a5e5a6736f9085a60c38167 providers/implementations/keymgmt/rsa_kmgmt.c +6bb62b5417afb24a43b726148862770689f420a310722398f714f396ba07f205 providers/implementations/keymgmt/slh_dsa_kmgmt.c 9d02d481b9c7c0c9e0932267d1a3e1fef00830aaa03093f000b88aa042972b9f providers/implementations/macs/cmac_prov.c 3c558b57fff3588b6832475e0b1c5be590229ad50d95a6ebb089b62bf5fe382d providers/implementations/macs/gmac_prov.c -3b5e591e8f6c6ba721a20d978452c9aae9a8259b3595b158303a49b35f286e53 providers/implementations/macs/hmac_prov.c +b78305d36f248499a97800873a6bd215b2b7ae2e767c04b7ffcbad7add066040 providers/implementations/macs/hmac_prov.c 6f9100c9cdd39f94601d04a6564772686571711ff198cf8469e86444d1ba25f3 providers/implementations/macs/kmac_prov.c 4115f822e2477cd2c92a1c956cca1e4dbc5d86366e2a44a37526756153c0e432 providers/implementations/rands/drbg.c b7e24bb9265501e37253e801028f3fd0af5111a100c0b2005c53d43f02c03389 providers/implementations/rands/drbg_ctr.c @@ -718,12 +718,12 @@ 2c63defffcc681ada17a6cc3eb895634fd8bf86110796a6381cc3dedd26fd47d providers/implementations/rands/drbg_local.h ddae75f1e08416c92802faafba9d524e3bf58c13e9fcb51735733e161006f89e providers/implementations/rands/fips_crng_test.c 04e726d547a00d0254362b0ebd3ddf87f58a53b78d3a070a1620f5fa714330bb providers/implementations/rands/test_rng.c -bd3c3d166be0e171e08e1cd03a943a643b4c181f11d8dde5e508d50163ac0cb8 providers/implementations/signature/dsa_sig.c -848ecf7587757410f98661a22fdf6eece53cc317224a22826d838131a47de8b0 providers/implementations/signature/ecdsa_sig.c +732a4402f2621e2b676f0c0e885fb5ca8bc22d00842d47e7607a875fdff8a980 providers/implementations/signature/dsa_sig.c +72d09f89a9645d365fb357a512fb5687c04a924c34f1bbfc17e17c1ca169d7c6 providers/implementations/signature/ecdsa_sig.c bd48b0fe43f0d0d91eb34bdfd48fbcfd69bceabf0ddc678702fe9ef968064bb6 providers/implementations/signature/eddsa_sig.c e0e67e402ff19b0d2eb5228d7ebd70b9477c12595ac34d6f201373d7c8a516f4 providers/implementations/signature/mac_legacy_sig.c 51251a1ca4c0b6faea059de5d5268167fe47565163317177d09db39978134f78 providers/implementations/signature/ml_dsa_sig.c -6c370ec1d3393fa9ac7125e26700fbc0ea05bfd489ddacd1bb6da9b990da26d1 providers/implementations/signature/rsa_sig.c +bab268ab5ad1d5e8dfdd8c01d25b216c657406ec2ff4e7ce190814ac7b92509f providers/implementations/signature/rsa_sig.c 14e7640b4db5e59e29b0266256d3d821adf871afa9703e18285f2fc957ac5971 providers/implementations/signature/slh_dsa_sig.c 21f537f9083f0341d9d1b0ace090a8d8f0b2b9e9cf76771c359b6ea00667a469 providers/implementations/skeymgmt/aes_skmgmt.c 2dbf9b8e738fad556c3248fb554ff4cc269ade3c86fa3d2786ba9b6d6016bf22 providers/implementations/skeymgmt/generic.c diff -Nru openssl-3.5.1/providers/fips.checksum openssl-3.5.4/providers/fips.checksum --- openssl-3.5.1/providers/fips.checksum 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/fips.checksum 2025-09-30 12:37:40.000000000 +0000 @@ -1 +1 @@ -cffe76b0bc6464c7c864d5e2eaaf528439cb6c9908dc75666d530aa8a65e152e providers/fips-sources.checksums +c342f9dc7075a6ecd0e4b3c9db06e180765278a7bbae233ec1a65095a0e524ec providers/fips-sources.checksums diff -Nru openssl-3.5.1/providers/implementations/asymciphers/rsa_enc.c openssl-3.5.4/providers/implementations/asymciphers/rsa_enc.c --- openssl-3.5.1/providers/implementations/asymciphers/rsa_enc.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/asymciphers/rsa_enc.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -151,6 +151,7 @@ size_t outsize, const unsigned char *in, size_t inlen) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + size_t len = RSA_size(prsactx->rsa); int ret; if (!ossl_prov_is_running()) @@ -168,17 +169,21 @@ } #endif - if (out == NULL) { - size_t len = RSA_size(prsactx->rsa); + if (len == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } - if (len == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); - return 0; - } + if (out == NULL) { *outlen = len; return 1; } + if (outsize < len) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return 0; + } + if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING) { int rsasize = RSA_size(prsactx->rsa); unsigned char *tbuf; diff -Nru openssl-3.5.1/providers/implementations/encode_decode/decode_pem2der.c openssl-3.5.4/providers/implementations/encode_decode/decode_pem2der.c --- openssl-3.5.1/providers/implementations/encode_decode/decode_pem2der.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/encode_decode/decode_pem2der.c 2025-09-30 12:37:40.000000000 +0000 @@ -151,6 +151,7 @@ { PEM_STRING_DSAPARAMS, OSSL_OBJECT_PKEY, "DSA", "type-specific" }, { PEM_STRING_ECPRIVATEKEY, OSSL_OBJECT_PKEY, "EC", "type-specific" }, { PEM_STRING_ECPARAMETERS, OSSL_OBJECT_PKEY, "EC", "type-specific" }, + { PEM_STRING_SM2PRIVATEKEY, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, { PEM_STRING_SM2PARAMETERS, OSSL_OBJECT_PKEY, "SM2", "type-specific" }, { PEM_STRING_RSA, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, { PEM_STRING_RSA_PUBLIC, OSSL_OBJECT_PKEY, "RSA", "type-specific" }, diff -Nru openssl-3.5.1/providers/implementations/kdfs/krb5kdf.c openssl-3.5.4/providers/implementations/kdfs/krb5kdf.c --- openssl-3.5.1/providers/implementations/kdfs/krb5kdf.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/kdfs/krb5kdf.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -350,7 +350,7 @@ { int klen, ret; - ret = EVP_EncryptInit_ex(ctx, cipher, engine, key, NULL); + ret = EVP_EncryptInit_ex(ctx, cipher, engine, NULL, NULL); if (!ret) goto out; /* set the key len for the odd variable key len cipher */ @@ -362,6 +362,9 @@ goto out; } } + ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL); + if (!ret) + goto out; /* we never want padding, either the length requested is a multiple of * the cipher block size or we are passed a cipher that can cope with * partial blocks via techniques like cipher text stealing */ diff -Nru openssl-3.5.1/providers/implementations/kem/ml_kem_kem.c openssl-3.5.4/providers/implementations/kem/ml_kem_kem.c --- openssl-3.5.1/providers/implementations/kem/ml_kem_kem.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/kem/ml_kem_kem.c 2025-09-30 12:37:40.000000000 +0000 @@ -171,7 +171,7 @@ return 1; } if (shsec == NULL) { - ERR_raise_data(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL, + ERR_raise_data(ERR_LIB_PROV, PROV_R_NULL_OUTPUT_BUFFER, "NULL shared-secret buffer"); goto end; } diff -Nru openssl-3.5.1/providers/implementations/keymgmt/dh_kmgmt.c openssl-3.5.4/providers/implementations/keymgmt/dh_kmgmt.c --- openssl-3.5.1/providers/implementations/keymgmt/dh_kmgmt.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/keymgmt/dh_kmgmt.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,10 +19,12 @@ #include #include #include +#include #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "crypto/dh.h" +#include "internal/fips.h" #include "internal/sizes.h" static OSSL_FUNC_keymgmt_new_fn dh_newdata; @@ -440,7 +442,7 @@ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR) - ok = ok && ossl_dh_check_pairwise(dh); + ok = ok && ossl_dh_check_pairwise(dh, 0); return ok; } @@ -792,6 +794,15 @@ gctx->gen_type == DH_PARAMGEN_TYPE_FIPS_186_2); if (DH_generate_key(dh) <= 0) goto end; +#ifdef FIPS_MODULE + if (!ossl_fips_self_testing()) { + ret = ossl_dh_check_pairwise(dh, 0); + if (ret <= 0) { + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + goto end; + } + } +#endif /* FIPS_MODULE */ } DH_clear_flags(dh, DH_FLAG_TYPE_MASK); DH_set_flags(dh, gctx->dh_type); diff -Nru openssl-3.5.1/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.5.4/providers/implementations/keymgmt/ec_kmgmt.c --- openssl-3.5.1/providers/implementations/keymgmt/ec_kmgmt.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/keymgmt/ec_kmgmt.c 2025-09-30 12:37:40.000000000 +0000 @@ -20,12 +20,14 @@ #include #include #include +#include #include "crypto/bn.h" #include "crypto/ec.h" #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "prov/securitycheck.h" +#include "internal/fips.h" #include "internal/param_build_set.h" #ifndef FIPS_MODULE @@ -1330,6 +1332,21 @@ if (gctx->group_check != NULL) ret = ret && ossl_ec_set_check_group_type_from_name(ec, gctx->group_check); +#ifdef FIPS_MODULE + if (ret > 0 + && !ossl_fips_self_testing() + && EC_KEY_get0_public_key(ec) != NULL + && EC_KEY_get0_private_key(ec) != NULL + && EC_KEY_get0_group(ec) != NULL) { + BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); + + ret = bnctx != NULL && ossl_ec_key_pairwise_check(ec, bnctx); + BN_CTX_free(bnctx); + if (ret <= 0) + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + } +#endif /* FIPS_MODULE */ + if (ret) return ec; err: diff -Nru openssl-3.5.1/providers/implementations/keymgmt/ecx_kmgmt.c openssl-3.5.4/providers/implementations/keymgmt/ecx_kmgmt.c --- openssl-3.5.1/providers/implementations/keymgmt/ecx_kmgmt.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/keymgmt/ecx_kmgmt.c 2025-09-30 12:37:40.000000000 +0000 @@ -17,6 +17,7 @@ #include #include #include +#include "internal/fips.h" #include "internal/param_build_set.h" #include #include "crypto/ecx.h" @@ -92,6 +93,15 @@ static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx); #endif +#ifdef FIPS_MODULE +static int ecd_fips140_pairwise_test(const ECX_KEY *ecx, int type, int self_test); +#endif /* FIPS_MODULE */ + +static ossl_inline int ecx_key_type_is_ed(ECX_KEY_TYPE type) +{ + return type == ECX_KEY_TYPE_ED25519 || type == ECX_KEY_TYPE_ED448; +} + static void *x25519_new_key(void *provctx) { if (!ossl_prov_is_running()) @@ -703,8 +713,7 @@ } #ifndef FIPS_MODULE if (gctx->dhkem_ikm != NULL && gctx->dhkem_ikmlen != 0) { - if (gctx->type == ECX_KEY_TYPE_ED25519 - || gctx->type == ECX_KEY_TYPE_ED448) + if (ecx_key_type_is_ed(gctx->type)) goto err; if (!ossl_ecx_dhkem_derive_private(key, privkey, gctx->dhkem_ikm, gctx->dhkem_ikmlen)) @@ -968,7 +977,7 @@ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != OSSL_KEYMGMT_SELECT_KEYPAIR) return ok; - if (type == ECX_KEY_TYPE_ED25519 || type == ECX_KEY_TYPE_ED448) + if (ecx_key_type_is_ed(type)) ok = ok && ecd_key_pairwise_check(ecx, type); else ok = ok && ecx_key_pairwise_check(ecx, type); diff -Nru openssl-3.5.1/providers/implementations/keymgmt/ml_dsa_kmgmt.c openssl-3.5.4/providers/implementations/keymgmt/ml_dsa_kmgmt.c --- openssl-3.5.1/providers/implementations/keymgmt/ml_dsa_kmgmt.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/keymgmt/ml_dsa_kmgmt.c 2025-09-30 12:37:40.000000000 +0000 @@ -268,6 +268,7 @@ { ML_DSA_KEY *key = keydata; int include_priv; + int res; if (!ossl_prov_is_running() || key == NULL) return 0; @@ -276,7 +277,17 @@ return 0; include_priv = ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0); - return ml_dsa_key_fromdata(key, params, include_priv); + res = ml_dsa_key_fromdata(key, params, include_priv); +#ifdef FIPS_MODULE + if (res > 0) { + res = ml_dsa_pairwise_test(key); + if (!res) { + ossl_ml_dsa_key_reset(key); + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); + } + } +#endif /* FIPS_MODULE */ + return res; } #define ML_DSA_IMEXPORTABLE_PARAMETERS \ diff -Nru openssl-3.5.1/providers/implementations/keymgmt/ml_kem_kmgmt.c openssl-3.5.4/providers/implementations/keymgmt/ml_kem_kmgmt.c --- openssl-3.5.1/providers/implementations/keymgmt/ml_kem_kmgmt.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/keymgmt/ml_kem_kmgmt.c 2025-09-30 12:37:40.000000000 +0000 @@ -475,7 +475,7 @@ if (res > 0 && include_private && !ml_kem_pairwise_test(key, key->prov_flags)) { #ifdef FIPS_MODULE - ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); + ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT); #endif ossl_ml_kem_key_reset(key); res = 0; @@ -504,7 +504,7 @@ } #ifndef FIPS_MODULE -void *ml_kem_load(const void *reference, size_t reference_sz) +static void *ml_kem_load(const void *reference, size_t reference_sz) { ML_KEM_KEY *key = NULL; uint8_t *encoded_dk = NULL; diff -Nru openssl-3.5.1/providers/implementations/keymgmt/rsa_kmgmt.c openssl-3.5.4/providers/implementations/keymgmt/rsa_kmgmt.c --- openssl-3.5.1/providers/implementations/keymgmt/rsa_kmgmt.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/keymgmt/rsa_kmgmt.c 2025-09-30 12:37:40.000000000 +0000 @@ -25,6 +25,7 @@ #include "prov/provider_ctx.h" #include "crypto/rsa.h" #include "crypto/cryptlib.h" +#include "internal/fips.h" #include "internal/param_build_set.h" static OSSL_FUNC_keymgmt_new_fn rsa_newdata; diff -Nru openssl-3.5.1/providers/implementations/keymgmt/slh_dsa_kmgmt.c openssl-3.5.4/providers/implementations/keymgmt/slh_dsa_kmgmt.c --- openssl-3.5.1/providers/implementations/keymgmt/slh_dsa_kmgmt.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/keymgmt/slh_dsa_kmgmt.c 2025-09-30 12:37:40.000000000 +0000 @@ -11,6 +11,7 @@ #include #include #include +#include #include "crypto/slh_dsa.h" #include "internal/fips.h" #include "internal/param_build_set.h" @@ -18,6 +19,11 @@ #include "prov/providercommon.h" #include "prov/provider_ctx.h" +#ifdef FIPS_MODULE +static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key, + SLH_DSA_HASH_CTX *ctx); +#endif /* FIPS_MODULE */ + static OSSL_FUNC_keymgmt_free_fn slh_dsa_free_key; static OSSL_FUNC_keymgmt_has_fn slh_dsa_has; static OSSL_FUNC_keymgmt_match_fn slh_dsa_match; @@ -281,9 +287,8 @@ * Refer to FIPS 140-3 IG 10.3.A Additional Comment 1 * Perform a pairwise test for SLH_DSA by signing and verifying a signature. */ -static int slh_dsa_fips140_pairwise_test(SLH_DSA_HASH_CTX *ctx, - const SLH_DSA_KEY *key, - OSSL_LIB_CTX *lib_ctx) +static int slh_dsa_fips140_pairwise_test(const SLH_DSA_KEY *key, + SLH_DSA_HASH_CTX *ctx) { int ret = 0; OSSL_SELF_TEST *st = NULL; @@ -293,15 +298,25 @@ size_t msg_len = sizeof(msg); uint8_t *sig = NULL; size_t sig_len; + OSSL_LIB_CTX *lib_ctx; + int alloc_ctx = 0; /* During self test, it is a waste to do this test */ if (ossl_fips_self_testing()) return 1; + if (ctx == NULL) { + ctx = ossl_slh_dsa_hash_ctx_new(key); + if (ctx == NULL) + return 0; + alloc_ctx = 1; + } + lib_ctx = ossl_slh_dsa_key_get0_libctx(key); + OSSL_SELF_TEST_get_callback(lib_ctx, &cb, &cb_arg); st = OSSL_SELF_TEST_new(cb, cb_arg); if (st == NULL) - return 0; + goto err; OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, OSSL_SELF_TEST_DESC_PCT_SLH_DSA); @@ -322,6 +337,8 @@ ret = 1; err: + if (alloc_ctx) + ossl_slh_dsa_hash_ctx_free(ctx); OPENSSL_free(sig); OSSL_SELF_TEST_onend(st, ret); OSSL_SELF_TEST_free(st); @@ -342,12 +359,12 @@ return NULL; ctx = ossl_slh_dsa_hash_ctx_new(key); if (ctx == NULL) - return NULL; + goto err; if (!ossl_slh_dsa_generate_key(ctx, key, gctx->libctx, gctx->entropy, gctx->entropy_len)) goto err; #ifdef FIPS_MODULE - if (!slh_dsa_fips140_pairwise_test(ctx, key, gctx->libctx)) { + if (!slh_dsa_fips140_pairwise_test(key, ctx)) { ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); goto err; } diff -Nru openssl-3.5.1/providers/implementations/macs/hmac_prov.c openssl-3.5.4/providers/implementations/macs/hmac_prov.c --- openssl-3.5.1/providers/implementations/macs/hmac_prov.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/macs/hmac_prov.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,7 +98,7 @@ if (macctx != NULL) { HMAC_CTX_free(macctx->ctx); ossl_prov_digest_reset(&macctx->digest); - OPENSSL_secure_clear_free(macctx->key, macctx->keylen); + OPENSSL_clear_free(macctx->key, macctx->keylen); OPENSSL_free(macctx); } } @@ -127,13 +127,13 @@ return NULL; } if (src->key != NULL) { - /* There is no "secure" OPENSSL_memdup */ - dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1); + dst->key = OPENSSL_malloc(src->keylen > 0 ? src->keylen : 1); if (dst->key == NULL) { hmac_free(dst); return 0; } - memcpy(dst->key, src->key, src->keylen); + if (src->keylen > 0) + memcpy(dst->key, src->key, src->keylen); } return dst; } @@ -178,13 +178,14 @@ #endif if (macctx->key != NULL) - OPENSSL_secure_clear_free(macctx->key, macctx->keylen); + OPENSSL_clear_free(macctx->key, macctx->keylen); /* Keep a copy of the key in case we need it for TLS HMAC */ - macctx->key = OPENSSL_secure_malloc(keylen > 0 ? keylen : 1); + macctx->key = OPENSSL_malloc(keylen > 0 ? keylen : 1); if (macctx->key == NULL) return 0; - memcpy(macctx->key, key, keylen); + if (keylen > 0) + memcpy(macctx->key, key, keylen); macctx->keylen = keylen; digest = ossl_prov_digest_md(&macctx->digest); diff -Nru openssl-3.5.1/providers/implementations/signature/dsa_sig.c openssl-3.5.4/providers/implementations/signature/dsa_sig.c --- openssl-3.5.1/providers/implementations/signature/dsa_sig.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/signature/dsa_sig.c 2025-09-30 12:37:40.000000000 +0000 @@ -193,7 +193,7 @@ if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, ctx->libctx, - md_nid, sha1_allowed, desc, + md_nid, sha1_allowed, 0, desc, ossl_fips_config_signature_digest_check)) goto err; } diff -Nru openssl-3.5.1/providers/implementations/signature/ecdsa_sig.c openssl-3.5.4/providers/implementations/signature/ecdsa_sig.c --- openssl-3.5.1/providers/implementations/signature/ecdsa_sig.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/signature/ecdsa_sig.c 2025-09-30 12:37:40.000000000 +0000 @@ -219,7 +219,7 @@ if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, ctx->libctx, - md_nid, sha1_allowed, desc, + md_nid, sha1_allowed, 0, desc, ossl_fips_config_signature_digest_check)) goto err; } diff -Nru openssl-3.5.1/providers/implementations/signature/rsa_sig.c openssl-3.5.4/providers/implementations/signature/rsa_sig.c --- openssl-3.5.1/providers/implementations/signature/rsa_sig.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/implementations/signature/rsa_sig.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -411,7 +411,7 @@ if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), OSSL_FIPS_IND_SETTABLE1, ctx->libctx, - md_nid, sha1_allowed, desc, + md_nid, sha1_allowed, 1, desc, ossl_fips_config_signature_digest_check)) goto err; } @@ -952,7 +952,7 @@ return 0; ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa, RSA_X931_PADDING); - if (ret < 1) { + if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; } @@ -1002,7 +1002,7 @@ } else { ret = RSA_public_decrypt(siglen, sig, rout, prsactx->rsa, prsactx->pad_mode); - if (ret < 0) { + if (ret <= 0) { ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB); return 0; } diff -Nru openssl-3.5.1/providers/legacyprov.c openssl-3.5.4/providers/legacyprov.c --- openssl-3.5.1/providers/legacyprov.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/providers/legacyprov.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -48,6 +48,7 @@ static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; +static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark; #endif /* Parameters we provide to the core */ @@ -234,6 +235,9 @@ case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(tmp)); break; + case OSSL_FUNC_CORE_COUNT_TO_MARK: + set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in)); + break; } } #endif @@ -301,4 +305,9 @@ { return c_pop_error_to_mark(NULL); } + +int ERR_count_to_mark(void) +{ + return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0; +} #endif diff -Nru openssl-3.5.1/ssl/d1_lib.c openssl-3.5.4/ssl/d1_lib.c --- openssl-3.5.1/ssl/d1_lib.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/d1_lib.c 2025-09-30 12:37:40.000000000 +0000 @@ -863,7 +863,7 @@ BIO *wbio; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); - if (s == NULL) + if (sc == NULL) return -1; wbio = SSL_get_wbio(s); diff -Nru openssl-3.5.1/ssl/quic/quic_ackm.c openssl-3.5.4/ssl/quic/quic_ackm.c --- openssl-3.5.1/ssl/quic/quic_ackm.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/quic/quic_ackm.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -536,6 +536,9 @@ /* Set to 1 when the handshake is confirmed. */ char handshake_confirmed; + /* Set to 1 when attached to server channel */ + char is_server; + /* Set to 1 when the peer has completed address validation. */ char peer_completed_addr_validation; @@ -855,7 +858,13 @@ } for (i = QUIC_PN_SPACE_INITIAL; i < QUIC_PN_SPACE_NUM; ++i) { - if (ackm->ack_eliciting_bytes_in_flight[i] == 0) + /* + * RFC 9002 section 6.2.2.1 keep probe timeout armed until + * handshake is confirmed (client sees HANDSHAKE_DONE message + * from server). + */ + if (ackm->ack_eliciting_bytes_in_flight[i] == 0 && + (ackm->handshake_confirmed == 1 || ackm->is_server == 1)) continue; if (i == QUIC_PN_SPACE_APP) { @@ -875,10 +884,18 @@ } } - t = ossl_time_add(ackm->time_of_last_ack_eliciting_pkt[i], duration); - if (ossl_time_compare(t, pto_timeout) < 0) { - pto_timeout = t; - pto_space = i; + /* + * Only re-arm timer if stack has sent at least one ACK eliciting frame. + * If stack has sent no ACK eliciting frame at given encryption level then + * particular timer is zero and we must not attempt to set it. Timer keeps + * time since epoch (Jan 1 1970) and we must not set timer to past. + */ + if (!ossl_time_is_zero(ackm->time_of_last_ack_eliciting_pkt[i])) { + t = ossl_time_add(ackm->time_of_last_ack_eliciting_pkt[i], duration); + if (ossl_time_compare(t, pto_timeout) < 0) { + pto_timeout = t; + pto_space = i; + } } } @@ -1021,7 +1038,8 @@ void *now_arg, OSSL_STATM *statm, const OSSL_CC_METHOD *cc_method, - OSSL_CC_DATA *cc_data) + OSSL_CC_DATA *cc_data, + int is_server) { OSSL_ACKM *ackm; int i; @@ -1045,6 +1063,7 @@ ackm->statm = statm; ackm->cc_method = cc_method; ackm->cc_data = cc_data; + ackm->is_server = (char)is_server; ackm->rx_max_ack_delay = ossl_ms2time(QUIC_DEFAULT_MAX_ACK_DELAY); ackm->tx_max_ack_delay = DEFAULT_TX_MAX_ACK_DELAY; diff -Nru openssl-3.5.1/ssl/quic/quic_channel.c openssl-3.5.4/ssl/quic/quic_channel.c --- openssl-3.5.1/ssl/quic/quic_channel.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/quic/quic_channel.c 2025-09-30 12:37:40.000000000 +0000 @@ -242,7 +242,8 @@ goto err; if ((ch->ackm = ossl_ackm_new(get_time, ch, &ch->statm, - ch->cc_method, ch->cc_data)) == NULL) + ch->cc_method, ch->cc_data, + ch->is_server)) == NULL) goto err; if (!ossl_quic_stream_map_init(&ch->qsm, get_stream_limit, ch, @@ -1330,8 +1331,20 @@ ossl_unused uint64_t rx_max_idle_timeout = 0; ossl_unused const void *stateless_reset_token_p = NULL; QUIC_PREFERRED_ADDR pfa; + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ch->tls); - if (ch->got_remote_transport_params) { + /* + * When HRR happens the client sends the transport params in the new client + * hello again. Reset the transport params here and load them again. + */ + if (ch->is_server && sc->hello_retry_request != SSL_HRR_NONE + && ch->got_remote_transport_params) { + ch->max_local_streams_bidi = 0; + ch->max_local_streams_uni = 0; + ch->got_local_transport_params = 0; + OPENSSL_free(ch->local_transport_params); + ch->local_transport_params = NULL; + } else if (ch->got_remote_transport_params) { reason = "multiple transport parameter extensions"; goto malformed; } @@ -2422,7 +2435,6 @@ if (!PACKET_get_net_4(&vpkt, &supported_ver)) return; - supported_ver = ntohl(supported_ver); if (supported_ver == QUIC_VERSION_1) { /* * If the server supports version 1, set it as diff -Nru openssl-3.5.1/ssl/quic/quic_impl.c openssl-3.5.4/ssl/quic/quic_impl.c --- openssl-3.5.1/ssl/quic/quic_impl.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/quic/quic_impl.c 2025-09-30 12:37:40.000000000 +0000 @@ -3197,6 +3197,7 @@ QCTX ctx; QUIC_STREAM *qs; int err; + int ret; if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx)) return 0; @@ -3204,13 +3205,15 @@ qs = ctx.xso->stream; if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) { + ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); qctx_unlock(&ctx); - return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL); + return ret; } if (!quic_validate_for_write(ctx.xso, &err)) { + ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); qctx_unlock(&ctx); - return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL); + return ret; } if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) { @@ -4769,6 +4772,7 @@ ossl_crypto_mutex_free(&hdl->mutex); lh_QUIC_TOKEN_doall(hdl->cache, free_this_token); lh_QUIC_TOKEN_free(hdl->cache); + CRYPTO_FREE_REF(&hdl->references); OPENSSL_free(hdl); return; } diff -Nru openssl-3.5.1/ssl/quic/quic_port.c openssl-3.5.4/ssl/quic/quic_port.c --- openssl-3.5.1/ssl/quic/quic_port.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/quic/quic_port.c 2025-09-30 12:37:40.000000000 +0000 @@ -1267,7 +1267,7 @@ * Add the array of supported versions to the end of the packet */ for (i = 0; i < OSSL_NELEM(supported_versions); i++) { - if (!WPACKET_put_bytes_u32(&wpkt, htonl(supported_versions[i]))) + if (!WPACKET_put_bytes_u32(&wpkt, supported_versions[i])) return; } @@ -1691,6 +1691,7 @@ */ while (ossl_qrx_read_pkt(qrx_src, &qrx_pkt) == 1) ossl_quic_channel_inject_pkt(new_ch, qrx_pkt); + ossl_qrx_update_pn_space(qrx_src, new_ch->qrx); } /* diff -Nru openssl-3.5.1/ssl/quic/quic_record_rx.c openssl-3.5.4/ssl/quic/quic_record_rx.c --- openssl-3.5.1/ssl/quic/quic_record_rx.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/quic/quic_record_rx.c 2025-09-30 12:37:40.000000000 +0000 @@ -237,6 +237,16 @@ } } +void ossl_qrx_update_pn_space(OSSL_QRX *src, OSSL_QRX *dst) +{ + size_t i; + + for (i = 0; i < QUIC_PN_SPACE_NUM; i++) + dst->largest_pn[i] = src->largest_pn[i]; + + return; +} + void ossl_qrx_free(OSSL_QRX *qrx) { uint32_t i; diff -Nru openssl-3.5.1/ssl/quic/quic_record_tx.c openssl-3.5.4/ssl/quic/quic_record_tx.c --- openssl-3.5.1/ssl/quic/quic_record_tx.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/quic/quic_record_tx.c 2025-09-30 12:37:40.000000000 +0000 @@ -279,12 +279,12 @@ * data. */ txe2 = OPENSSL_realloc(txe, sizeof(TXE) + n); - if (txe2 == NULL || txe == txe2) { + if (txe2 == NULL) { if (p == NULL) ossl_list_txe_insert_head(txl, txe); else ossl_list_txe_insert_after(txl, p, txe); - return txe2; + return NULL; } if (p == NULL) diff -Nru openssl-3.5.1/ssl/quic/quic_rx_depack.c openssl-3.5.4/ssl/quic/quic_rx_depack.c --- openssl-3.5.1/ssl/quic/quic_rx_depack.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/quic/quic_rx_depack.c 2025-09-30 12:37:40.000000000 +0000 @@ -1429,16 +1429,8 @@ uint32_t enc_level; size_t dgram_len = qpacket->datagram_len; - /* - * ok has three states: - * -1 error with ackm_data uninitialized - * 0 error with ackm_data initialized - * 1 success (ackm_data initialized) - */ - int ok = -1; /* Assume the worst */ - if (ch == NULL) - goto end; + return 0; ch->did_crypto_frame = 0; @@ -1456,9 +1448,8 @@ * Retry and Version Negotiation packets should not be passed to this * function. */ - goto end; + return 0; - ok = 0; /* Still assume the worst */ ackm_data.pkt_space = ossl_quic_enc_level_to_pn_space(enc_level); /* @@ -1480,18 +1471,9 @@ enc_level, qpacket->time, &ackm_data)) - goto end; + return 0; - ok = 1; - end: - /* - * ASSUMPTION: If this function is called at all, |qpacket| is - * a legitimate packet, even if its contents aren't. - * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as - * |ackm_data| has at least been initialized. - */ - if (ok >= 0) - ossl_ackm_on_rx_packet(ch->ackm, &ackm_data); + ossl_ackm_on_rx_packet(ch->ackm, &ackm_data); - return ok > 0; + return 1; } diff -Nru openssl-3.5.1/ssl/record/methods/tls_common.c openssl-3.5.4/ssl/record/methods/tls_common.c --- openssl-3.5.1/ssl/record/methods/tls_common.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/record/methods/tls_common.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1093,9 +1093,12 @@ return 0; } - if (rl->msg_callback != NULL) - rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &rec->type, - 1, rl->cbarg); + if (rl->msg_callback != NULL) { + unsigned char ctype = (unsigned char)rec->type; + + rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &ctype, + 1, rl->cbarg); + } /* * TLSv1.3 alert and handshake records are required to be non-zero in diff -Nru openssl-3.5.1/ssl/ssl_rsa.c openssl-3.5.4/ssl/ssl_rsa.c --- openssl-3.5.1/ssl/ssl_rsa.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/ssl_rsa.c 2025-09-30 12:37:40.000000000 +0000 @@ -1056,10 +1056,13 @@ } } - if (!X509_up_ref(x509)) + if (!X509_up_ref(x509)) { + OSSL_STACK_OF_X509_free(dup_chain); goto out; + } if (!EVP_PKEY_up_ref(privatekey)) { + OSSL_STACK_OF_X509_free(dup_chain); X509_free(x509); goto out; } diff -Nru openssl-3.5.1/ssl/statem/extensions_clnt.c openssl-3.5.4/ssl/statem/extensions_clnt.c --- openssl-3.5.1/ssl/statem/extensions_clnt.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/statem/extensions_clnt.c 2025-09-30 12:37:40.000000000 +0000 @@ -745,6 +745,7 @@ /* SSLfatal() already called */ return EXT_RETURN_FAIL; } + valid_keyshare++; } else { if (s->ext.supportedgroups == NULL) /* use default */ add_only_one = 1; @@ -766,13 +767,18 @@ /* SSLfatal() already called */ return EXT_RETURN_FAIL; } + valid_keyshare++; if (add_only_one) break; - - valid_keyshare++; } } + if (valid_keyshare == 0) { + /* No key shares were allowed */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_SUITABLE_KEY_SHARE); + return EXT_RETURN_FAIL; + } + if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; diff -Nru openssl-3.5.1/ssl/t1_trce.c openssl-3.5.4/ssl/t1_trce.c --- openssl-3.5.1/ssl/t1_trce.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/ssl/t1_trce.c 2025-09-30 12:37:40.000000000 +0000 @@ -549,8 +549,12 @@ {258, "ffdhe4096"}, {259, "ffdhe6144"}, {260, "ffdhe8192"}, + {512, "MLKEM512"}, + {513, "MLKEM768"}, + {514, "MLKEM1024"}, {4587, "SecP256r1MLKEM768"}, {4588, "X25519MLKEM768"}, + {4589, "SecP384r1MLKEM1024"}, {25497, "X25519Kyber768Draft00"}, {25498, "SecP256r1Kyber768Draft00"}, {0xFF01, "arbitrary_explicit_prime_curves"}, diff -Nru openssl-3.5.1/test/build.info openssl-3.5.4/test/build.info --- openssl-3.5.1/test/build.info 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/build.info 2025-09-30 12:37:40.000000000 +0000 @@ -31,7 +31,8 @@ testutil/format_output.c testutil/load.c testutil/fake_random.c \ testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \ testutil/options.c testutil/test_options.c testutil/provider.c \ - testutil/apps_shims.c testutil/random.c testutil/helper.c $LIBAPPSSRC + testutil/apps_shims.c testutil/random.c testutil/helper.c \ + testutil/compare.c $LIBAPPSSRC INCLUDE[libtestutil.a]=../include ../apps/include .. DEPEND[libtestutil.a]=../libcrypto diff -Nru openssl-3.5.1/test/crltest.c openssl-3.5.4/test/crltest.c --- openssl-3.5.1/test/crltest.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/crltest.c 2025-09-30 12:37:40.000000000 +0000 @@ -9,6 +9,7 @@ #include "internal/nelem.h" #include +#include #include #include #include @@ -17,7 +18,16 @@ #include "testutil.h" +/* + * We cannot use old certificates for new tests because the private key + * associated with them is no longer available. Therefore, we add kCRLTestLeaf, + * kCRLTestLeaf2 and PARAM_TIME2, as well as pass the verification time to the + * verify function as a parameter. Certificates and CRL from + * https://github.com/openssl/openssl/issues/27506 are used. + */ + #define PARAM_TIME 1474934400 /* Sep 27th, 2016 */ +#define PARAM_TIME2 1753284700 /* July 23th, 2025 */ static const char *kCRLTestRoot[] = { "-----BEGIN CERTIFICATE-----\n", @@ -70,6 +80,61 @@ NULL }; +static const char *kCRLTestRoot2[] = { + "-----BEGIN CERTIFICATE-----\n", + "MIID4zCCAsugAwIBAgIUGTcyNat9hTOo8nnGdzF7MTzL9WAwDQYJKoZIhvcNAQEL\n", + "BQAweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM\n", + "DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk15IENvbXBhbnkxEzARBgNVBAMMCk15\n", + "IFJvb3QgQ0ExEzARBgNVBAsMCk15IFJvb3QgQ0EwHhcNMjUwMzAzMDcxNDA0WhcN\n", + "MzUwMzAxMDcxNDA0WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p\n", + "YTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwKTXkgQ29tcGFueTET\n", + "MBEGA1UEAwwKTXkgUm9vdCBDQTETMBEGA1UECwwKTXkgUm9vdCBDQTCCASIwDQYJ\n", + "KoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6jjwkmV+pse430MQfyaWv+JtAd2r6K\n", + "qzEquBcoofzuf/yvdEhQPjK3bcotgfEcFq3QMo1MJ7vqRHEIu0hJ+5ZnEQtIRcrg\n", + "Vm7/EoVCBpDc9BDtW40TDp69z9kaKyyKYy6rxmSKgJydGBeGGMwBxgTK/o0xAriC\n", + "C3lLXHT8G8YMamKUpToPL5iCRX+GJPnnizB2ODvpQGMWkbp9+1xEc4dD7Db2wfUb\n", + "gatDYUoGndQKWD49UhURavQZeLpDxlz93YutRRkZTWc4IB7WebiEb39BDjSP3QYm\n", + "2h+rZYyjp3Gxy8pBNTPzE9Dk4yjiqS7o3WGvi/S6zKTLDvWl9t6pMOMCAwEAAaNj\n", + "MGEwHQYDVR0OBBYEFNdhiR+Tlot2VBbp5XfcfLdlG4AkMA4GA1UdDwEB/wQEAwIB\n", + "hjAfBgNVHSMEGDAWgBTXYYkfk5aLdlQW6eV33Hy3ZRuAJDAPBgNVHRMBAf8EBTAD\n", + "AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvwutY0WMcKoqulifnYfhxGLtXSSvD2GET\n", + "uNRv+S1KI5JKcAdfvnbNDpUwlujMDIpe3ewmv9i6kcitpHwZXdVAw6KWagJ0kDSt\n", + "jbArJxuuuFmSFDS7kj8x7FZok5quAWDSSg+ubV2tCVxmDuTs1WXJXD3l9g+3J9GU\n", + "kyeFMKqwRp8w22vm9ilgXrzeesAmmAg/pEb56ljTPeaONQxVe7KJhv2q8J17sML8\n", + "BE7TdVx7UFQbO/t9XqdT5O9eF8JUx4Vn4QSr+jdjJ/ns4T3/IC9dJq9k7tjD48iA\n", + "TNc+7x+uj8P39VA96HpjujVakj8/qn5SQMPJgDds+MSXrX+6JBWm\n", + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *kCRLTestLeaf2[] = { + "-----BEGIN CERTIFICATE-----\n", + "MIIECjCCAvKgAwIBAgIUPxuMqMtuN1j3XZVRVrNmaTCIP04wDQYJKoZIhvcNAQEL\n", + "BQAweTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM\n", + "DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCk15IENvbXBhbnkxEzARBgNVBAMMCk15\n", + "IFJvb3QgQ0ExEzARBgNVBAsMCk15IFJvb3QgQ0EwHhcNMjUwNDE3MTAxNjQ5WhcN\n", + "MjYwNDE3MTAxNjQ5WjBoMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQ\n", + "MA4GA1UEBwwHQmVpamluZzEYMBYGA1UECgwPTXkgT3JnYW5pemF0aW9uMRswGQYD\n", + "VQQDDBJNeSBJbnRlcm1lZGlhdGUgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\n", + "ggEKAoIBAQDIxRxZQokflDaLYoD21HT2U4EshqtKpSf9zPS5unBMCfnQkU4IJjBF\n", + "3qQmfgz5ZOpZv3x0w48fDjiysk0eOVCFAo+uixEjMeuln6Wj3taetch2Sk0YNm5J\n", + "SJCNF2olHZXn5R8ngEmho2j1wbwNnpcccZyRNzUSjR9oAgObkP3O7fyQKJRxwNU0\n", + "sN7mfoyEOczKtUaYbqi2gPx6OOqNLjXlLmfZ8PJagKCN/oYkGU5PoRNXp65Znhu6\n", + "s8FuSmvTodu8Qhs9Uizo+SycaBXn5Fbqt32S+9vPfhH9FfELDfQIaBp+iQAxcKPX\n", + "tUglXEjiEVrbNf722PuWIWN9EIBolULVAgMBAAGjgZowgZcwEgYDVR0TAQH/BAgw\n", + "BgEB/wIBATAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vbG9jYWxob3N0OjgwMDAv\n", + "Y2FfY3JsLmRlcjAdBgNVHQ4EFgQUh40vFgoopz5GUggPEEk2+bKgbwQwHwYDVR0j\n", + "BBgwFoAU12GJH5OWi3ZUFunld9x8t2UbgCQwDgYDVR0PAQH/BAQDAgGGMA0GCSqG\n", + "SIb3DQEBCwUAA4IBAQDANfJuTgo0vRaMPYqOeW8R4jLHdVazdGLeQQ/85vXr/Gl1\n", + "aL40tLp4yZbThxuxTzPzfY1OGkG69YQ/8Vo0gCEi5KjBMYPKmZISKy1MwROQ1Jfp\n", + "HkmyZk1TfuzG/4fN/bun2gjpDYcihf4xA4NhSVzQyvqm1N6VkTgK+bEWTOGzqw66\n", + "6IYPN6oVDmLbwU1EvV3rggB7HUJCJP4qW9DbAQRAijUurPUGoU2vEbrSyYkfQXCf\n", + "p4ouOTMl6O7bJ110SKzxbCfWqom+iAwHlU2tOPVmOp1CLDCClMRNHIFMDGAoBomH\n", + "s01wD+IcIi9OkQEbqVb/XDKes8fqzQgTtSM9C9Ot\n", + "-----END CERTIFICATE-----\n", + NULL +}; + static const char *kBasicCRL[] = { "-----BEGIN X509 CRL-----\n", "MIIBpzCBkAIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzETMBEGA1UE\n", @@ -124,6 +189,24 @@ NULL }; +static const char *kEmptyIdpCRL[] = { + "-----BEGIN X509 CRL-----\n", + "MIICOTCCASECAQEwDQYJKoZIhvcNAQELBQAweTELMAkGA1UEBhMCVVMxEzARBgNV\n", + "BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEzARBgNVBAoM\n", + "Ck15IENvbXBhbnkxEzARBgNVBAMMCk15IFJvb3QgQ0ExEzARBgNVBAsMCk15IFJv\n", + "b3QgQ0EXDTI1MDEwMTAwMDAwMFoXDTI1MTIwMTAwMDAwMFowJzAlAhQcgAIu+B8k\n", + "Be6WphLcth/grHAeXhcNMjUwNDE3MTAxNjUxWqBLMEkwGAYDVR0UBBECDxnP/97a\n", + "dO3y9qRGDM7hQDAfBgNVHSMEGDAWgBTXYYkfk5aLdlQW6eV33Hy3ZRuAJDAMBgNV\n", + "HRwBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAf+mtlDi9IftsYwTcxYYKxE203\n", + "+prttFB00om29jjtkGYRxcs3vZQRTvera21YFn3mrS/lxvhBq6GMx0I61AQ48Pr4\n", + "63bDvZgf+/P6T2+MLgLds23o3TOfy2SBSdnFEcN0bFUgF5U0bFpQqlQWx+FYhrAf\n", + "ZX3RAhURiKKfGKGeVOVKS0u+x666FoDQ7pbhbHM3+jnuzdtv8RQMkj1AZMw0FMl8\n", + "m2dFQhZqT9WdJqZAc8ldc6V3a0rUeOV8BUPACf1k4B0CKhn4draIqltZkWgl3cmU\n", + "SX2V/a51lS12orfNYSEx+vtJ9gpx4LDxyOnai18vueVyljrXuQSrcYuxS2Cd\n", + "-----END X509 CRL-----\n", + NULL +}; + /* * This is kBasicCRL but with a critical issuing distribution point * extension. @@ -189,6 +272,8 @@ static X509 *test_root = NULL; static X509 *test_leaf = NULL; +static X509 *test_root2 = NULL; +static X509 *test_leaf2 = NULL; /* * Glue an array of strings together. Return a BIO and put the string @@ -251,7 +336,7 @@ * Returns a value from X509_V_ERR_xxx or X509_V_OK. */ static int verify(X509 *leaf, X509 *root, STACK_OF(X509_CRL) *crls, - unsigned long flags) + unsigned long flags, time_t verification_time) { X509_STORE_CTX *ctx = X509_STORE_CTX_new(); X509_STORE *store = X509_STORE_new(); @@ -276,8 +361,8 @@ goto err; X509_STORE_CTX_set0_trusted_stack(ctx, roots); X509_STORE_CTX_set0_crls(ctx, crls); - X509_VERIFY_PARAM_set_time(param, PARAM_TIME); - if (!TEST_long_eq((long)X509_VERIFY_PARAM_get_time(param), PARAM_TIME)) + X509_VERIFY_PARAM_set_time(param, verification_time); + if (!TEST_long_eq((long)X509_VERIFY_PARAM_get_time(param), (long)verification_time)) goto err; X509_VERIFY_PARAM_set_depth(param, 16); if (flags) @@ -341,10 +426,11 @@ && TEST_ptr(revoked_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(basic_crl, NULL), - X509_V_FLAG_CRL_CHECK), X509_V_OK) + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_OK) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(basic_crl, revoked_crl), - X509_V_FLAG_CRL_CHECK), X509_V_ERR_CERT_REVOKED); + X509_V_FLAG_CRL_CHECK, PARAM_TIME), + X509_V_ERR_CERT_REVOKED); X509_CRL_free(basic_crl); X509_CRL_free(revoked_crl); return r; @@ -353,7 +439,7 @@ static int test_no_crl(void) { return TEST_int_eq(verify(test_leaf, test_root, NULL, - X509_V_FLAG_CRL_CHECK), + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_ERR_UNABLE_TO_GET_CRL); } @@ -365,12 +451,26 @@ r = TEST_ptr(bad_issuer_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(bad_issuer_crl, NULL), - X509_V_FLAG_CRL_CHECK), + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_ERR_UNABLE_TO_GET_CRL); X509_CRL_free(bad_issuer_crl); return r; } +static int test_crl_empty_idp(void) +{ + X509_CRL *empty_idp_crl = CRL_from_strings(kEmptyIdpCRL); + int r; + + r = TEST_ptr(empty_idp_crl) + && TEST_int_eq(verify(test_leaf2, test_root2, + make_CRL_stack(empty_idp_crl, NULL), + X509_V_FLAG_CRL_CHECK, PARAM_TIME2), + X509_V_ERR_UNABLE_TO_GET_CRL); + X509_CRL_free(empty_idp_crl); + return r; +} + static int test_known_critical_crl(void) { X509_CRL *known_critical_crl = CRL_from_strings(kKnownCriticalCRL); @@ -379,7 +479,7 @@ r = TEST_ptr(known_critical_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(known_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK), X509_V_OK); + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_OK); X509_CRL_free(known_critical_crl); return r; } @@ -392,7 +492,7 @@ r = TEST_ptr(unknown_critical_crl) && TEST_int_eq(verify(test_leaf, test_root, make_CRL_stack(unknown_critical_crl, NULL), - X509_V_FLAG_CRL_CHECK), + X509_V_FLAG_CRL_CHECK, PARAM_TIME), X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION); X509_CRL_free(unknown_critical_crl); return r; @@ -412,7 +512,7 @@ if (idx & 1) { if (!TEST_true(X509_CRL_up_ref(reused_crl))) goto err; - addref_crl = reused_crl; + addref_crl = reused_crl; } idx >>= 1; @@ -455,12 +555,15 @@ int setup_tests(void) { if (!TEST_ptr(test_root = X509_from_strings(kCRLTestRoot)) - || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf))) + || !TEST_ptr(test_leaf = X509_from_strings(kCRLTestLeaf)) + || !TEST_ptr(test_root2 = X509_from_strings(kCRLTestRoot2)) + || !TEST_ptr(test_leaf2 = X509_from_strings(kCRLTestLeaf2))) return 0; ADD_TEST(test_no_crl); ADD_TEST(test_basic_crl); ADD_TEST(test_bad_issuer_crl); + ADD_TEST(test_crl_empty_idp); ADD_TEST(test_known_critical_crl); ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); ADD_ALL_TESTS(test_reuse_crl, 6); @@ -471,4 +574,6 @@ { X509_free(test_root); X509_free(test_leaf); + X509_free(test_root2); + X509_free(test_leaf2); } diff -Nru openssl-3.5.1/test/evp_extra_test.c openssl-3.5.4/test/evp_extra_test.c --- openssl-3.5.1/test/evp_extra_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/evp_extra_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -3938,6 +3938,48 @@ return ret; } +static int test_RSA_encrypt(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *pctx = NULL; + unsigned char *cbuf = NULL, *pbuf = NULL; + size_t clen = 0, plen = 0; + + if (!TEST_ptr(pkey = load_example_rsa_key()) + || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, + pkey, testpropq)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0) + || !TEST_ptr(cbuf = OPENSSL_malloc(clen)) + || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)) + goto done; + + /* Require failure when the output buffer is too small */ + plen = clen - 1; + if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0)) + goto done; + /* flush error stack */ + TEST_openssl_errors(); + + /* Check decryption of encrypted result */ + if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) + || !TEST_ptr(pbuf = OPENSSL_malloc(plen)) + || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0) + || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg)) + || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)) + goto done; + + ret = 1; +done: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_free(pkey); + OPENSSL_free(cbuf); + OPENSSL_free(pbuf); + return ret; +} + #ifndef OPENSSL_NO_DEPRECATED_3_0 static int test_RSA_legacy(void) { @@ -6810,6 +6852,7 @@ ADD_TEST(test_RSA_get_set_params); ADD_TEST(test_RSA_OAEP_set_get_params); ADD_TEST(test_RSA_OAEP_set_null_label); + ADD_TEST(test_RSA_encrypt); #ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_TEST(test_RSA_legacy); #endif diff -Nru openssl-3.5.1/test/fake_rsaprov.c openssl-3.5.4/test/fake_rsaprov.c --- openssl-3.5.1/test/fake_rsaprov.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/fake_rsaprov.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -9,12 +9,15 @@ */ #include +#include +#include #include #include #include #include #include "testutil.h" #include "fake_rsaprov.h" +#include "internal/asn1.h" static OSSL_FUNC_keymgmt_new_fn fake_rsa_keymgmt_new; static OSSL_FUNC_keymgmt_free_fn fake_rsa_keymgmt_free; @@ -32,6 +35,18 @@ static int query_id; static int key_deleted; +unsigned fake_rsa_query_operation_name = 0; + +typedef struct { + OSSL_LIB_CTX *libctx; +} PROV_FAKE_RSA_CTX; + +#define PROV_FAKE_RSA_LIBCTX_OF(provctx) (((PROV_FAKE_RSA_CTX *)provctx)->libctx) + +#define FAKE_RSA_STATUS_IMPORTED 1 +#define FAKE_RSA_STATUS_GENERATED 2 +#define FAKE_RSA_STATUS_DECODED 3 + struct fake_rsa_keydata { int selection; int status; @@ -77,7 +92,7 @@ /* record global for checking */ query_id = id; - return "RSA"; + return fake_rsa_query_operation_name ? NULL: "RSA"; } static int fake_rsa_keymgmt_import(void *keydata, int selection, @@ -86,7 +101,7 @@ struct fake_rsa_keydata *fake_rsa_key = keydata; /* key was imported */ - fake_rsa_key->status = 1; + fake_rsa_key->status = FAKE_RSA_STATUS_IMPORTED; return 1; } @@ -219,11 +234,11 @@ { struct fake_rsa_keydata *key = NULL; - if (reference_sz != sizeof(*key)) + if (reference_sz != sizeof(key)) return NULL; key = *(struct fake_rsa_keydata **)reference; - if (key->status != 1) + if (key->status != FAKE_RSA_STATUS_IMPORTED && key->status != FAKE_RSA_STATUS_DECODED) return NULL; /* detach the reference */ @@ -258,7 +273,7 @@ if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL))) return NULL; - keydata->status = 2; + keydata->status = FAKE_RSA_STATUS_GENERATED; return keydata; } @@ -638,7 +653,7 @@ /* The address of the key becomes the octet string */ params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, - &key, sizeof(*key)); + &key, sizeof(key)); params[3] = OSSL_PARAM_construct_end(); rv = object_cb(params, object_cbarg); *storectx = 1; @@ -702,6 +717,502 @@ { NULL, NULL, NULL } }; +struct der2key_ctx_st; /* Forward declaration */ +typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); +typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); +typedef void free_key_fn(void *); +typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, + struct der2key_ctx_st *); +struct keytype_desc_st { + const char *keytype_name; + const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ + + /* The input structure name */ + const char *structure_name; + + /* + * The EVP_PKEY_xxx type macro. Should be zero for type specific + * structures, non-zero when the outermost structure is PKCS#8 or + * SubjectPublicKeyInfo. This determines which of the function + * pointers below will be used. + */ + int evp_type; + + /* The selection mask for OSSL_FUNC_decoder_does_selection() */ + int selection_mask; + + /* For type specific decoders, we use the corresponding d2i */ + d2i_of_void *d2i_private_key; /* From type-specific DER */ + d2i_of_void *d2i_public_key; /* From type-specific DER */ + d2i_of_void *d2i_key_params; /* From type-specific DER */ + d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ + d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ + + /* + * For any key, we may need to check that the key meets expectations. + * This is useful when the same functions can decode several variants + * of a key. + */ + check_key_fn *check_key; + + /* + * For any key, we may need to make provider specific adjustments, such + * as ensure the key carries the correct library context. + */ + adjust_key_fn *adjust_key; + /* {type}_free() */ + free_key_fn *free_key; +}; + +/* + * Start blatant code steal. Alternative: Open up d2i_X509_PUBKEY_INTERNAL + * as per https://github.com/openssl/openssl/issues/16697 (TBD) + * Code from openssl/crypto/x509/x_pubkey.c as + * ossl_d2i_X509_PUBKEY_INTERNAL is presently not public + */ +struct X509_pubkey_st { + X509_ALGOR *algor; + ASN1_BIT_STRING *public_key; + + EVP_PKEY *pkey; + + /* extra data for the callback, used by d2i_PUBKEY_ex */ + OSSL_LIB_CTX *libctx; + char *propq; +}; + +ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = { + ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), + ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) +} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) + +static X509_PUBKEY *fake_rsa_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, + long len, OSSL_LIB_CTX *libctx) +{ + X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); + + if (xpub == NULL) + return NULL; + return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len, + ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), + libctx, NULL); +} +/* end steal https://github.com/openssl/openssl/issues/16697 */ + +/* + * Context used for DER to key decoding. + */ +struct der2key_ctx_st { + PROV_FAKE_RSA_CTX *provctx; + struct keytype_desc_st *desc; + /* The selection that is passed to fake_rsa_der2key_decode() */ + int selection; + /* Flag used to signal that a failure is fatal */ + unsigned int flag_fatal : 1; +}; + +static int fake_rsa_read_der(PROV_FAKE_RSA_CTX *provctx, OSSL_CORE_BIO *cin, + unsigned char **data, long *len) +{ + BUF_MEM *mem = NULL; + BIO *in = BIO_new_from_core_bio(provctx->libctx, cin); + int ok = (asn1_d2i_read_bio(in, &mem) >= 0); + + if (ok) { + *data = (unsigned char *)mem->data; + *len = (long)mem->length; + OPENSSL_free(mem); + } + BIO_free(in); + return ok; +} + +typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq); +static void *fake_rsa_der2key_decode_p8(const unsigned char **input_der, + long input_der_len, struct der2key_ctx_st *ctx, + key_from_pkcs8_t *key_from_pkcs8) +{ + PKCS8_PRIV_KEY_INFO *p8inf = NULL; + const X509_ALGOR *alg = NULL; + void *key = NULL; + + if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL + && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) + && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) + key = key_from_pkcs8(p8inf, PROV_FAKE_RSA_LIBCTX_OF(ctx->provctx), NULL); + PKCS8_PRIV_KEY_INFO_free(p8inf); + + return key; +} + +static struct fake_rsa_keydata *fake_rsa_d2i_PUBKEY(struct fake_rsa_keydata **a, + const unsigned char **pp, long length) +{ + struct fake_rsa_keydata *key = NULL; + X509_PUBKEY *xpk; + + xpk = fake_rsa_d2i_X509_PUBKEY_INTERNAL(pp, length, NULL); + if (xpk == NULL) + goto err_exit; + + key = fake_rsa_keymgmt_new(NULL); + if (key == NULL) + goto err_exit; + + key->status = FAKE_RSA_STATUS_DECODED; + + if (a != NULL) { + fake_rsa_keymgmt_free(*a); + *a = key; + } + +err_exit: + X509_PUBKEY_free(xpk); + return key; +} + +/* ---------------------------------------------------------------------- */ + +static OSSL_FUNC_decoder_freectx_fn der2key_freectx; +static OSSL_FUNC_decoder_decode_fn fake_rsa_der2key_decode; +static OSSL_FUNC_decoder_export_object_fn der2key_export_object; + +static struct der2key_ctx_st * +der2key_newctx(void *provctx, struct keytype_desc_st *desc, const char *tls_name) +{ + struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + if (ctx != NULL) { + ctx->provctx = provctx; + ctx->desc = desc; + if (desc->evp_type == 0) + ctx->desc->evp_type = OBJ_sn2nid(tls_name); + } + return ctx; +} + +static void der2key_freectx(void *vctx) +{ + struct der2key_ctx_st *ctx = vctx; + + OPENSSL_free(ctx); +} + +static int der2key_check_selection(int selection, + const struct keytype_desc_st *desc) +{ + /* + * The selections are kinda sorta "levels", i.e. each selection given + * here is assumed to include those following. + */ + int checks[] = { + OSSL_KEYMGMT_SELECT_PRIVATE_KEY, + OSSL_KEYMGMT_SELECT_PUBLIC_KEY, + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS + }; + size_t i; + + /* The decoder implementations made here support guessing */ + if (selection == 0) + return 1; + + for (i = 0; i < OSSL_NELEM(checks); i++) { + int check1 = (selection & checks[i]) != 0; + int check2 = (desc->selection_mask & checks[i]) != 0; + + /* + * If the caller asked for the currently checked bit(s), return + * whether the decoder description says it's supported. + */ + if (check1) + return check2; + } + + /* This should be dead code, but just to be safe... */ + return 0; +} + +static int fake_rsa_der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, + OSSL_CALLBACK *data_cb, void *data_cbarg, + OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) +{ + struct der2key_ctx_st *ctx = vctx; + unsigned char *der = NULL; + const unsigned char *derp; + long der_len = 0; + void *key = NULL; + int ok = 0; + + ctx->selection = selection; + /* + * The caller is allowed to specify 0 as a selection mark, to have the + * structure and key type guessed. For type-specific structures, this + * is not recommended, as some structures are very similar. + * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter + * signifies a private key structure, where everything else is assumed + * to be present as well. + */ + if (selection == 0) + selection = ctx->desc->selection_mask; + if ((selection & ctx->desc->selection_mask) == 0) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + + ok = fake_rsa_read_der(ctx->provctx, cin, &der, &der_len); + if (!ok) + goto next; + + ok = 0; /* Assume that we fail */ + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { + derp = der; + if (ctx->desc->d2i_PKCS8 != NULL) { + key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); + if (ctx->flag_fatal) + goto end; + } else if (ctx->desc->d2i_private_key != NULL) { + key = ctx->desc->d2i_private_key(NULL, &derp, der_len); + } + if (key == NULL && ctx->selection != 0) + goto next; + } + if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + derp = der; + if (ctx->desc->d2i_PUBKEY != NULL) + key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len); + else + key = ctx->desc->d2i_public_key(NULL, &derp, der_len); + if (key == NULL && ctx->selection != 0) + goto next; + } + if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { + derp = der; + if (ctx->desc->d2i_key_params != NULL) + key = ctx->desc->d2i_key_params(NULL, &derp, der_len); + if (key == NULL && ctx->selection != 0) + goto next; + } + + /* + * Last minute check to see if this was the correct type of key. This + * should never lead to a fatal error, i.e. the decoding itself was + * correct, it was just an unexpected key type. This is generally for + * classes of key types that have subtle variants, like RSA-PSS keys as + * opposed to plain RSA keys. + */ + if (key != NULL + && ctx->desc->check_key != NULL + && !ctx->desc->check_key(key, ctx)) { + ctx->desc->free_key(key); + key = NULL; + } + + if (key != NULL && ctx->desc->adjust_key != NULL) + ctx->desc->adjust_key(key, ctx); + + next: + /* + * Indicated that we successfully decoded something, or not at all. + * Ending up "empty handed" is not an error. + */ + ok = 1; + + /* + * We free memory here so it's not held up during the callback, because + * we know the process is recursive and the allocated chunks of memory + * add up. + */ + OPENSSL_free(der); + der = NULL; + + if (key != NULL) { + OSSL_PARAM params[4]; + int object_type = OSSL_OBJECT_PKEY; + + params[0] = + OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); + params[1] = + OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, + (char *)ctx->desc->keytype_name, + 0); + /* The address of the key becomes the octet string */ + params[2] = + OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, + &key, sizeof(key)); + params[3] = OSSL_PARAM_construct_end(); + + ok = data_cb(params, data_cbarg); + } + + end: + ctx->desc->free_key(key); + OPENSSL_free(der); + + return ok; +} + +static OSSL_FUNC_keymgmt_export_fn * +fake_rsa_prov_get_keymgmt_export(const OSSL_DISPATCH *fns) +{ + /* Pilfer the keymgmt dispatch table */ + for (; fns->function_id != 0; fns++) + if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT) + return OSSL_FUNC_keymgmt_export(fns); + + return NULL; +} + +static int der2key_export_object(void *vctx, + const void *reference, size_t reference_sz, + OSSL_CALLBACK *export_cb, void *export_cbarg) +{ + struct der2key_ctx_st *ctx = vctx; + OSSL_FUNC_keymgmt_export_fn *export = fake_rsa_prov_get_keymgmt_export(ctx->desc->fns); + void *keydata; + + if (reference_sz == sizeof(keydata) && export != NULL) { + /* The contents of the reference is the address to our object */ + keydata = *(void **)reference; + + return export(keydata, ctx->selection, export_cb, export_cbarg); + } + return 0; +} + +/* ---------------------------------------------------------------------- */ + +static struct fake_rsa_keydata *fake_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, + OSSL_LIB_CTX *libctx, const char *propq) +{ + struct fake_rsa_keydata *key = fake_rsa_keymgmt_new(NULL); + + if (key) + key->status = FAKE_RSA_STATUS_DECODED; + return key; +} + +#define rsa_evp_type EVP_PKEY_RSA + +static void *fake_rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, + struct der2key_ctx_st *ctx) +{ + return fake_rsa_der2key_decode_p8(der, der_len, ctx, + (key_from_pkcs8_t *)fake_rsa_key_from_pkcs8); +} + +static void fake_rsa_key_adjust(void *key, struct der2key_ctx_st *ctx) +{ +} + +/* ---------------------------------------------------------------------- */ + +#define DO_PrivateKeyInfo(keytype) \ + "PrivateKeyInfo", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PRIVATE_KEY), \ + NULL, \ + NULL, \ + NULL, \ + fake_rsa_d2i_PKCS8, \ + NULL, \ + NULL, \ + fake_rsa_key_adjust, \ + (free_key_fn *)fake_rsa_keymgmt_free + +#define DO_SubjectPublicKeyInfo(keytype) \ + "SubjectPublicKeyInfo", keytype##_evp_type, \ + (OSSL_KEYMGMT_SELECT_PUBLIC_KEY), \ + NULL, \ + NULL, \ + NULL, \ + NULL, \ + (d2i_of_void *)fake_rsa_d2i_PUBKEY, \ + NULL, \ + fake_rsa_key_adjust, \ + (free_key_fn *)fake_rsa_keymgmt_free + +/* + * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. + * It takes the following arguments: + * + * keytype_name The implementation key type as a string. + * keytype The implementation key type. This must correspond exactly + * to our existing keymgmt keytype names... in other words, + * there must exist an ossl_##keytype##_keymgmt_functions. + * type The type name for the set of functions that implement the + * decoder for the key type. This isn't necessarily the same + * as keytype. For example, the key types ed25519, ed448, + * x25519 and x448 are all handled by the same functions with + * the common type name ecx. + * kind The kind of support to implement. This translates into + * the DO_##kind macros above, to populate the keytype_desc_st + * structure. + */ +#define MAKE_DECODER(keytype_name, keytype, type, kind) \ + static struct keytype_desc_st kind##_##keytype##_desc = \ + { keytype_name, fake_rsa_keymgmt_funcs, \ + DO_##kind(keytype) }; \ + \ + static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ + \ + static void *kind##_der2##keytype##_newctx(void *provctx) \ + { \ + return der2key_newctx(provctx, &kind##_##keytype##_desc, keytype_name);\ + } \ + static int kind##_der2##keytype##_does_selection(void *provctx, \ + int selection) \ + { \ + return der2key_check_selection(selection, \ + &kind##_##keytype##_desc); \ + } \ + static const OSSL_DISPATCH \ + fake_rsa_##kind##_der_to_##keytype##_decoder_functions[] = { \ + { OSSL_FUNC_DECODER_NEWCTX, \ + (void (*)(void))kind##_der2##keytype##_newctx }, \ + { OSSL_FUNC_DECODER_FREECTX, \ + (void (*)(void))der2key_freectx }, \ + { OSSL_FUNC_DECODER_DOES_SELECTION, \ + (void (*)(void))kind##_der2##keytype##_does_selection }, \ + { OSSL_FUNC_DECODER_DECODE, \ + (void (*)(void))fake_rsa_der2key_decode }, \ + { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ + (void (*)(void))der2key_export_object }, \ + OSSL_DISPATCH_END \ + } + +MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo); +MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo); + +static const OSSL_ALGORITHM fake_rsa_decoder_algs[] = { +#define DECODER_PROVIDER "fake-rsa" +#define DECODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" +#define DECODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" + +/* Arguments are prefixed with '_' to avoid build breaks on certain platforms */ +/* + * Obviously this is not FIPS approved, but in order to test in conjunction + * with the FIPS provider we pretend that it is. + */ + +#define DECODER(_name, _input, _output) \ + { _name, \ + "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input, \ + (fake_rsa_##_input##_to_##_output##_decoder_functions) \ + } +#define DECODER_w_structure(_name, _input, _structure, _output) \ + { _name, \ + "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input \ + ",structure=" DECODER_STRUCTURE_##_structure, \ + (fake_rsa_##_structure##_##_input##_to_##_output##_decoder_functions) \ + } + +DECODER_w_structure("RSA:rsaEncryption", der, PrivateKeyInfo, rsa), +DECODER_w_structure("RSA:rsaEncryption", der, SubjectPublicKeyInfo, rsa), +#undef DECODER_PROVIDER + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM *fake_rsa_query(void *provctx, int operation_id, int *no_cache) @@ -716,13 +1227,24 @@ case OSSL_OP_STORE: return fake_rsa_store_algs; + + case OSSL_OP_DECODER: + return fake_rsa_decoder_algs; } return NULL; } +static void fake_rsa_prov_teardown(void *provctx) +{ + PROV_FAKE_RSA_CTX *pctx = (PROV_FAKE_RSA_CTX *)provctx; + + OSSL_LIB_CTX_free(pctx->libctx); + OPENSSL_free(pctx); +} + /* Functions we provide to the core */ static const OSSL_DISPATCH fake_rsa_method[] = { - { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free }, + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fake_rsa_prov_teardown }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fake_rsa_query }, OSSL_DISPATCH_END }; @@ -731,8 +1253,20 @@ const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, void **provctx) { - if (!TEST_ptr(*provctx = OSSL_LIB_CTX_new())) + OSSL_LIB_CTX *libctx; + PROV_FAKE_RSA_CTX *prov_ctx; + + if (!TEST_ptr(libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in))) + return 0; + + if (!TEST_ptr(prov_ctx = OPENSSL_malloc(sizeof(*prov_ctx)))) { + OSSL_LIB_CTX_free(libctx); return 0; + } + + prov_ctx->libctx = libctx; + + *provctx = prov_ctx; *out = fake_rsa_method; return 1; } diff -Nru openssl-3.5.1/test/fake_rsaprov.h openssl-3.5.4/test/fake_rsaprov.h --- openssl-3.5.1/test/fake_rsaprov.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/fake_rsaprov.h 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,5 +14,14 @@ /* Fake RSA provider implementation */ OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx); void fake_rsa_finish(OSSL_PROVIDER *p); + OSSL_PARAM *fake_rsa_key_params(int priv); void fake_rsa_restore_store_state(void); + +/* + * When fake_rsa_query_operation_name is set to a non-zero value, + * query_operation_name() will return NULL. + * + * By default, it is 0, in which case query_operation_name() will return "RSA". + */ +extern unsigned fake_rsa_query_operation_name; diff -Nru openssl-3.5.1/test/ml_kem_evp_extra_test.c openssl-3.5.4/test/ml_kem_evp_extra_test.c --- openssl-3.5.1/test/ml_kem_evp_extra_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/ml_kem_evp_extra_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -140,9 +140,19 @@ if (!TEST_int_gt(EVP_PKEY_copy_parameters(bkey, akey), 0)) goto err; + /* Bob's empty key is not equal to Alice's */ + if (!TEST_false(EVP_PKEY_eq(akey, bkey)) + || !TEST_false(EVP_PKEY_eq(bkey, akey))) + goto err; + if (!TEST_true(EVP_PKEY_set1_encoded_public_key(bkey, rawpub, publen))) goto err; + /* Bob's copy of Alice's public key makes the two equal */ + if (!TEST_true(EVP_PKEY_eq(akey, bkey)) + || !TEST_true(EVP_PKEY_eq(bkey, akey))) + goto err; + /* Encapsulate Bob's key */ ctx = EVP_PKEY_CTX_new_from_pkey(testctx, bkey, NULL); if (!TEST_ptr(ctx)) diff -Nru openssl-3.5.1/test/ml_kem_internal_test.c openssl-3.5.4/test/ml_kem_internal_test.c --- openssl-3.5.1/test/ml_kem_internal_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/ml_kem_internal_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -107,8 +107,10 @@ return 0; if (!TEST_ptr(privctx = RAND_get0_private(NULL)) - || !TEST_ptr(pubctx = RAND_get0_public(NULL))) - return 0; + || !TEST_ptr(pubctx = RAND_get0_public(NULL))) { + ret = -1; + goto err; + } decap_entropy = ml_kem_public_entropy + ML_KEM_RANDOM_BYTES; @@ -134,8 +136,10 @@ params[1] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); params[2] = OSSL_PARAM_construct_end(); - if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params))) - return 0; + if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params))) { + ret = -1; + goto err; + } public_key = ossl_ml_kem_key_new(NULL, NULL, alg[i]); private_key = ossl_ml_kem_key_new(NULL, NULL, alg[i]); @@ -254,6 +258,8 @@ OPENSSL_free(encoded_public_key); OPENSSL_free(ciphertext); } + +err: EVP_MD_free(sha256); return ret == 0; } diff -Nru openssl-3.5.1/test/property_test.c openssl-3.5.4/test/property_test.c --- openssl-3.5.1/test/property_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/property_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -687,6 +687,22 @@ return ret; } +static int test_property_list_to_string_bounds(void) +{ + OSSL_PROPERTY_LIST *pl = NULL; + char buf[16]; + int ret = 0; + + if (!TEST_ptr(pl = ossl_parse_query(NULL, "provider='$1'", 1))) + goto err; + if (!TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf, 10), 14)) + goto err; + ret = 1; + err: + ossl_property_free(pl); + return ret; +} + int setup_tests(void) { ADD_TEST(test_property_string); @@ -701,5 +717,6 @@ ADD_TEST(test_query_cache_stochastic); ADD_TEST(test_fips_mode); ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests)); + ADD_TEST(test_property_list_to_string_bounds); return 1; } diff -Nru openssl-3.5.1/test/provider_pkey_test.c openssl-3.5.4/test/provider_pkey_test.c --- openssl-3.5.1/test/provider_pkey_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/provider_pkey_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -239,6 +239,77 @@ return ret; } +static int test_pkey_can_sign(void) +{ + OSSL_PROVIDER *fake_rsa = NULL; + EVP_PKEY *pkey_fake = NULL; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM *params = NULL; + int ret = 0; + + if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx))) + return 0; + + /* + * Ensure other tests did not forget to reset fake_rsa_query_operation_name + * to its default value: 0 + */ + if (!TEST_int_eq(fake_rsa_query_operation_name, 0)) + goto end; + + if (!TEST_ptr(params = fake_rsa_key_params(0)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", + "provider=fake-rsa")) + || !TEST_true(EVP_PKEY_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY, + params)) + || !TEST_true(EVP_PKEY_can_sign(pkey_fake)) + || !TEST_ptr(pkey_fake)) + goto end; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(pkey_fake); + pkey_fake = NULL; + OSSL_PARAM_free(params); + params = NULL; + + /* + * Documented behavior for OSSL_FUNC_keymgmt_query_operation_name() + * allows it to return NULL, in which case the fallback should be to use + * EVP_KEYMGMT_get0_name(). That is exactly the thing we are testing here. + */ + fake_rsa_query_operation_name = 1; + + if (!TEST_ptr(params = fake_rsa_key_params(0)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", + "provider=fake-rsa")) + || !TEST_true(EVP_PKEY_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY, + params)) + || !TEST_true(EVP_PKEY_can_sign(pkey_fake)) + || !TEST_ptr(pkey_fake)) + goto end; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(pkey_fake); + pkey_fake = NULL; + OSSL_PARAM_free(params); + params = NULL; + + ret = 1; +end: + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey_fake); + OSSL_PARAM_free(params); + fake_rsa_query_operation_name = 0; + + fake_rsa_finish(fake_rsa); + return ret; +} + static int test_pkey_store(int idx) { OSSL_PROVIDER *deflt = NULL; @@ -424,6 +495,292 @@ return ret; } +#define DEFAULT_PROVIDER_IDX 0 +#define FAKE_RSA_PROVIDER_IDX 1 + +static int reset_ctx_providers(OSSL_LIB_CTX **ctx, OSSL_PROVIDER *providers[2], const char *prop) +{ + OSSL_PROVIDER_unload(providers[DEFAULT_PROVIDER_IDX]); + providers[DEFAULT_PROVIDER_IDX] = NULL; + fake_rsa_finish(providers[FAKE_RSA_PROVIDER_IDX]); + providers[FAKE_RSA_PROVIDER_IDX] = NULL; + OSSL_LIB_CTX_free(*ctx); + *ctx = NULL; + + if (!TEST_ptr(*ctx = OSSL_LIB_CTX_new()) + || !TEST_ptr(providers[DEFAULT_PROVIDER_IDX] = OSSL_PROVIDER_load(*ctx, "default")) + || !TEST_ptr(providers[FAKE_RSA_PROVIDER_IDX] = fake_rsa_start(*ctx)) + || !TEST_true(EVP_set_default_properties(*ctx, prop))) + return 0; + return 1; +} + +struct test_pkey_decoder_properties_t { + const char *provider_props; + const char *explicit_props; + int curr_provider_idx; +}; + +static int test_pkey_provider_decoder_props(void) +{ + OSSL_LIB_CTX *my_libctx = NULL; + OSSL_PROVIDER *providers[2] = { NULL }; + struct test_pkey_decoder_properties_t properties_test[] = { + { "?provider=fake-rsa", NULL, FAKE_RSA_PROVIDER_IDX }, + { "?provider=default", NULL, DEFAULT_PROVIDER_IDX }, + { NULL, "?provider=fake-rsa", FAKE_RSA_PROVIDER_IDX }, + { NULL, "?provider=default", DEFAULT_PROVIDER_IDX }, + { NULL, "provider=fake-rsa", FAKE_RSA_PROVIDER_IDX }, + { NULL, "provider=default", DEFAULT_PROVIDER_IDX }, + }; + EVP_PKEY *pkey = NULL; + BIO *bio_priv = NULL; + unsigned char *encoded_pub = NULL; + int len_pub; + const unsigned char *p; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + size_t i; + int ret = 0; + const char pem_rsa_priv_key[] = { + 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20, 0x50, + 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, + 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49, 0x49, 0x45, 0x76, 0x51, 0x49, 0x42, + 0x41, 0x44, 0x41, 0x4E, 0x42, 0x67, 0x6B, 0x71, 0x68, 0x6B, 0x69, 0x47, + 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x53, 0x43, + 0x42, 0x4B, 0x63, 0x77, 0x67, 0x67, 0x53, 0x6A, 0x41, 0x67, 0x45, 0x41, + 0x41, 0x6F, 0x49, 0x42, 0x41, 0x51, 0x44, 0x45, 0x6B, 0x43, 0x34, 0x5A, + 0x57, 0x76, 0x33, 0x75, 0x63, 0x46, 0x62, 0x55, 0x0A, 0x46, 0x38, 0x59, + 0x77, 0x6C, 0x55, 0x72, 0x6D, 0x51, 0x6C, 0x4C, 0x43, 0x5A, 0x77, 0x41, + 0x67, 0x72, 0x34, 0x44, 0x50, 0x55, 0x41, 0x46, 0x56, 0x48, 0x6C, 0x2B, + 0x77, 0x46, 0x63, 0x58, 0x79, 0x70, 0x56, 0x67, 0x53, 0x63, 0x56, 0x59, + 0x34, 0x4B, 0x37, 0x51, 0x6D, 0x64, 0x57, 0x4B, 0x73, 0x59, 0x71, 0x62, + 0x38, 0x74, 0x70, 0x4F, 0x78, 0x71, 0x77, 0x30, 0x4E, 0x77, 0x5A, 0x57, + 0x58, 0x0A, 0x4F, 0x2B, 0x74, 0x61, 0x34, 0x2B, 0x79, 0x32, 0x37, 0x43, + 0x4F, 0x75, 0x66, 0x6F, 0x4F, 0x68, 0x52, 0x54, 0x4D, 0x77, 0x4E, 0x79, + 0x4E, 0x32, 0x4C, 0x77, 0x53, 0x4E, 0x54, 0x50, 0x4E, 0x33, 0x65, 0x45, + 0x6B, 0x34, 0x65, 0x65, 0x35, 0x51, 0x6E, 0x70, 0x70, 0x45, 0x79, 0x44, + 0x72, 0x71, 0x6F, 0x43, 0x67, 0x76, 0x54, 0x6C, 0x41, 0x41, 0x64, 0x54, + 0x6F, 0x46, 0x61, 0x58, 0x76, 0x6A, 0x0A, 0x78, 0x31, 0x33, 0x59, 0x62, + 0x6A, 0x37, 0x6A, 0x66, 0x68, 0x77, 0x4E, 0x37, 0x34, 0x71, 0x4B, 0x64, + 0x71, 0x73, 0x53, 0x45, 0x74, 0x50, 0x57, 0x79, 0x67, 0x67, 0x65, 0x6F, + 0x74, 0x69, 0x51, 0x53, 0x50, 0x79, 0x36, 0x4B, 0x79, 0x42, 0x49, 0x75, + 0x57, 0x74, 0x49, 0x78, 0x50, 0x41, 0x41, 0x38, 0x6A, 0x41, 0x76, 0x66, + 0x41, 0x6E, 0x51, 0x6A, 0x31, 0x65, 0x58, 0x68, 0x67, 0x68, 0x46, 0x0A, + 0x4E, 0x32, 0x4E, 0x78, 0x6B, 0x71, 0x67, 0x78, 0x76, 0x42, 0x59, 0x64, + 0x4E, 0x79, 0x31, 0x6D, 0x33, 0x2B, 0x6A, 0x58, 0x41, 0x43, 0x50, 0x4C, + 0x52, 0x7A, 0x63, 0x31, 0x31, 0x5A, 0x62, 0x4E, 0x48, 0x4B, 0x69, 0x77, + 0x68, 0x43, 0x59, 0x31, 0x2F, 0x48, 0x69, 0x53, 0x42, 0x6B, 0x77, 0x48, + 0x6C, 0x49, 0x4B, 0x2B, 0x2F, 0x56, 0x4C, 0x6A, 0x32, 0x73, 0x6D, 0x43, + 0x4B, 0x64, 0x55, 0x51, 0x0A, 0x67, 0x76, 0x4C, 0x58, 0x53, 0x6E, 0x6E, + 0x56, 0x67, 0x51, 0x75, 0x6C, 0x48, 0x69, 0x6F, 0x44, 0x36, 0x55, 0x67, + 0x59, 0x38, 0x78, 0x41, 0x32, 0x61, 0x34, 0x4D, 0x31, 0x72, 0x68, 0x59, + 0x75, 0x54, 0x56, 0x38, 0x42, 0x72, 0x50, 0x52, 0x5A, 0x34, 0x42, 0x46, + 0x78, 0x32, 0x6F, 0x30, 0x6A, 0x59, 0x57, 0x76, 0x47, 0x62, 0x41, 0x2F, + 0x48, 0x6C, 0x70, 0x37, 0x66, 0x54, 0x4F, 0x79, 0x2B, 0x0A, 0x46, 0x35, + 0x4F, 0x6B, 0x69, 0x48, 0x53, 0x37, 0x41, 0x67, 0x4D, 0x42, 0x41, 0x41, + 0x45, 0x43, 0x67, 0x67, 0x45, 0x41, 0x59, 0x67, 0x43, 0x75, 0x38, 0x31, + 0x5A, 0x69, 0x51, 0x42, 0x56, 0x44, 0x76, 0x57, 0x69, 0x44, 0x47, 0x4B, + 0x72, 0x2B, 0x31, 0x70, 0x49, 0x66, 0x32, 0x43, 0x78, 0x70, 0x72, 0x47, + 0x4A, 0x45, 0x6D, 0x31, 0x68, 0x38, 0x36, 0x5A, 0x63, 0x45, 0x78, 0x33, + 0x4C, 0x37, 0x0A, 0x71, 0x46, 0x44, 0x57, 0x2B, 0x67, 0x38, 0x48, 0x47, + 0x57, 0x64, 0x30, 0x34, 0x53, 0x33, 0x71, 0x76, 0x68, 0x39, 0x4C, 0x75, + 0x62, 0x6C, 0x41, 0x4A, 0x7A, 0x65, 0x74, 0x41, 0x50, 0x78, 0x52, 0x58, + 0x4C, 0x39, 0x7A, 0x78, 0x33, 0x50, 0x58, 0x6A, 0x4A, 0x5A, 0x73, 0x37, + 0x65, 0x33, 0x48, 0x4C, 0x45, 0x75, 0x6E, 0x79, 0x33, 0x54, 0x61, 0x57, + 0x65, 0x7A, 0x30, 0x58, 0x49, 0x30, 0x4F, 0x0A, 0x34, 0x4C, 0x53, 0x59, + 0x38, 0x53, 0x38, 0x64, 0x36, 0x70, 0x56, 0x42, 0x50, 0x6D, 0x55, 0x45, + 0x74, 0x77, 0x47, 0x57, 0x4E, 0x34, 0x76, 0x59, 0x71, 0x48, 0x6E, 0x4B, + 0x4C, 0x58, 0x4F, 0x62, 0x34, 0x51, 0x51, 0x41, 0x58, 0x73, 0x34, 0x4D, + 0x7A, 0x66, 0x6B, 0x4D, 0x2F, 0x4D, 0x65, 0x2F, 0x62, 0x2B, 0x7A, 0x64, + 0x75, 0x31, 0x75, 0x6D, 0x77, 0x6A, 0x4D, 0x6C, 0x33, 0x44, 0x75, 0x64, + 0x0A, 0x35, 0x72, 0x56, 0x68, 0x6B, 0x67, 0x76, 0x74, 0x38, 0x75, 0x68, + 0x44, 0x55, 0x47, 0x33, 0x58, 0x53, 0x48, 0x65, 0x6F, 0x4A, 0x59, 0x42, + 0x4D, 0x62, 0x54, 0x39, 0x69, 0x6B, 0x4A, 0x44, 0x56, 0x4D, 0x4A, 0x35, + 0x31, 0x72, 0x72, 0x65, 0x2F, 0x31, 0x52, 0x69, 0x64, 0x64, 0x67, 0x78, + 0x70, 0x38, 0x53, 0x6B, 0x74, 0x56, 0x6B, 0x76, 0x47, 0x6D, 0x4D, 0x6C, + 0x39, 0x6B, 0x51, 0x52, 0x38, 0x0A, 0x38, 0x64, 0x76, 0x33, 0x50, 0x78, + 0x2F, 0x6B, 0x54, 0x4E, 0x39, 0x34, 0x45, 0x75, 0x52, 0x67, 0x30, 0x43, + 0x6B, 0x58, 0x42, 0x68, 0x48, 0x70, 0x6F, 0x47, 0x6F, 0x34, 0x71, 0x6E, + 0x4D, 0x33, 0x51, 0x33, 0x42, 0x35, 0x50, 0x6C, 0x6D, 0x53, 0x4B, 0x35, + 0x67, 0x6B, 0x75, 0x50, 0x76, 0x57, 0x79, 0x39, 0x6C, 0x38, 0x4C, 0x2F, + 0x54, 0x56, 0x74, 0x38, 0x4C, 0x62, 0x36, 0x2F, 0x7A, 0x4C, 0x0A, 0x42, + 0x79, 0x51, 0x57, 0x2B, 0x67, 0x30, 0x32, 0x77, 0x78, 0x65, 0x4E, 0x47, + 0x68, 0x77, 0x31, 0x66, 0x6B, 0x44, 0x2B, 0x58, 0x46, 0x48, 0x37, 0x4B, + 0x6B, 0x53, 0x65, 0x57, 0x6C, 0x2B, 0x51, 0x6E, 0x72, 0x4C, 0x63, 0x65, + 0x50, 0x4D, 0x30, 0x68, 0x51, 0x4B, 0x42, 0x67, 0x51, 0x44, 0x78, 0x6F, + 0x71, 0x55, 0x6B, 0x30, 0x50, 0x4C, 0x4F, 0x59, 0x35, 0x57, 0x67, 0x4F, + 0x6B, 0x67, 0x72, 0x0A, 0x75, 0x6D, 0x67, 0x69, 0x65, 0x2F, 0x4B, 0x31, + 0x57, 0x4B, 0x73, 0x2B, 0x69, 0x7A, 0x54, 0x74, 0x41, 0x70, 0x6A, 0x7A, + 0x63, 0x4D, 0x37, 0x36, 0x73, 0x7A, 0x61, 0x36, 0x33, 0x62, 0x35, 0x52, + 0x39, 0x77, 0x2B, 0x50, 0x2B, 0x4E, 0x73, 0x73, 0x4D, 0x56, 0x34, 0x61, + 0x65, 0x56, 0x39, 0x65, 0x70, 0x45, 0x47, 0x5A, 0x4F, 0x36, 0x38, 0x49, + 0x55, 0x6D, 0x69, 0x30, 0x51, 0x6A, 0x76, 0x51, 0x0A, 0x6E, 0x70, 0x6C, + 0x75, 0x51, 0x6F, 0x61, 0x64, 0x46, 0x59, 0x77, 0x65, 0x46, 0x77, 0x53, + 0x51, 0x31, 0x31, 0x42, 0x58, 0x48, 0x6F, 0x65, 0x51, 0x42, 0x41, 0x34, + 0x6E, 0x4E, 0x70, 0x6B, 0x72, 0x56, 0x35, 0x38, 0x68, 0x67, 0x7A, 0x5A, + 0x4E, 0x33, 0x6D, 0x39, 0x4A, 0x4C, 0x52, 0x37, 0x4A, 0x78, 0x79, 0x72, + 0x49, 0x71, 0x58, 0x73, 0x52, 0x6E, 0x55, 0x7A, 0x6C, 0x31, 0x33, 0x4B, + 0x6A, 0x0A, 0x47, 0x7A, 0x5A, 0x42, 0x43, 0x4A, 0x78, 0x43, 0x70, 0x4A, + 0x6A, 0x66, 0x54, 0x7A, 0x65, 0x2F, 0x79, 0x6D, 0x65, 0x38, 0x64, 0x33, + 0x70, 0x61, 0x35, 0x51, 0x4B, 0x42, 0x67, 0x51, 0x44, 0x51, 0x50, 0x35, + 0x6D, 0x42, 0x34, 0x6A, 0x49, 0x2B, 0x67, 0x33, 0x58, 0x48, 0x33, 0x4D, + 0x75, 0x4C, 0x79, 0x42, 0x6A, 0x4D, 0x6F, 0x54, 0x49, 0x76, 0x6F, 0x79, + 0x37, 0x43, 0x59, 0x4D, 0x68, 0x5A, 0x0A, 0x36, 0x2F, 0x2B, 0x4B, 0x6B, + 0x70, 0x77, 0x31, 0x33, 0x32, 0x4A, 0x31, 0x36, 0x6D, 0x71, 0x6B, 0x4C, + 0x72, 0x77, 0x55, 0x4F, 0x5A, 0x66, 0x54, 0x30, 0x65, 0x31, 0x72, 0x4A, + 0x42, 0x73, 0x43, 0x55, 0x6B, 0x45, 0x6F, 0x42, 0x6D, 0x67, 0x4B, 0x4E, + 0x74, 0x52, 0x6B, 0x48, 0x6F, 0x33, 0x2F, 0x53, 0x6A, 0x55, 0x49, 0x2F, + 0x39, 0x66, 0x48, 0x6A, 0x33, 0x75, 0x53, 0x74, 0x50, 0x48, 0x56, 0x0A, + 0x6F, 0x50, 0x63, 0x66, 0x58, 0x6A, 0x2F, 0x67, 0x46, 0x52, 0x55, 0x6B, + 0x44, 0x44, 0x7A, 0x59, 0x2B, 0x61, 0x75, 0x42, 0x33, 0x64, 0x48, 0x4F, + 0x4E, 0x46, 0x31, 0x55, 0x31, 0x7A, 0x30, 0x36, 0x45, 0x41, 0x4E, 0x6B, + 0x6B, 0x50, 0x43, 0x43, 0x33, 0x61, 0x35, 0x33, 0x38, 0x55, 0x41, 0x4E, + 0x42, 0x49, 0x61, 0x50, 0x6A, 0x77, 0x70, 0x52, 0x64, 0x42, 0x7A, 0x4E, + 0x77, 0x31, 0x78, 0x6C, 0x0A, 0x62, 0x76, 0x6E, 0x35, 0x61, 0x43, 0x74, + 0x33, 0x48, 0x77, 0x4B, 0x42, 0x67, 0x42, 0x66, 0x4F, 0x6C, 0x34, 0x6A, + 0x47, 0x45, 0x58, 0x59, 0x6D, 0x4E, 0x36, 0x4B, 0x2B, 0x75, 0x30, 0x65, + 0x62, 0x71, 0x52, 0x44, 0x6B, 0x74, 0x32, 0x67, 0x49, 0x6F, 0x57, 0x36, + 0x62, 0x46, 0x6F, 0x37, 0x58, 0x64, 0x36, 0x78, 0x63, 0x69, 0x2F, 0x67, + 0x46, 0x57, 0x6A, 0x6F, 0x56, 0x43, 0x4F, 0x42, 0x59, 0x0A, 0x67, 0x43, + 0x38, 0x47, 0x4C, 0x4D, 0x6E, 0x77, 0x33, 0x7A, 0x32, 0x71, 0x67, 0x61, + 0x76, 0x34, 0x63, 0x51, 0x49, 0x67, 0x38, 0x45, 0x44, 0x59, 0x70, 0x62, + 0x70, 0x45, 0x34, 0x46, 0x48, 0x51, 0x6E, 0x6E, 0x74, 0x50, 0x6B, 0x4B, + 0x57, 0x2F, 0x62, 0x72, 0x75, 0x30, 0x4E, 0x74, 0x33, 0x79, 0x61, 0x4E, + 0x62, 0x38, 0x69, 0x67, 0x79, 0x31, 0x61, 0x5A, 0x4F, 0x52, 0x66, 0x49, + 0x76, 0x5A, 0x0A, 0x71, 0x54, 0x4D, 0x4C, 0x45, 0x33, 0x6D, 0x65, 0x6C, + 0x63, 0x5A, 0x57, 0x37, 0x4C, 0x61, 0x69, 0x71, 0x65, 0x4E, 0x31, 0x56, + 0x30, 0x76, 0x48, 0x2F, 0x4D, 0x43, 0x55, 0x64, 0x70, 0x58, 0x39, 0x59, + 0x31, 0x34, 0x4B, 0x39, 0x43, 0x4A, 0x59, 0x78, 0x7A, 0x73, 0x52, 0x4F, + 0x67, 0x50, 0x71, 0x64, 0x45, 0x67, 0x4D, 0x57, 0x59, 0x44, 0x46, 0x41, + 0x6F, 0x47, 0x41, 0x41, 0x65, 0x39, 0x6C, 0x0A, 0x58, 0x4D, 0x69, 0x65, + 0x55, 0x4F, 0x68, 0x6C, 0x30, 0x73, 0x71, 0x68, 0x64, 0x5A, 0x59, 0x52, + 0x62, 0x4F, 0x31, 0x65, 0x69, 0x77, 0x54, 0x49, 0x4C, 0x58, 0x51, 0x36, + 0x79, 0x47, 0x4D, 0x69, 0x42, 0x38, 0x61, 0x65, 0x2F, 0x76, 0x30, 0x70, + 0x62, 0x42, 0x45, 0x57, 0x6C, 0x70, 0x6E, 0x38, 0x6B, 0x32, 0x2B, 0x4A, + 0x6B, 0x71, 0x56, 0x54, 0x77, 0x48, 0x67, 0x67, 0x62, 0x43, 0x41, 0x5A, + 0x0A, 0x6A, 0x4F, 0x61, 0x71, 0x56, 0x74, 0x58, 0x31, 0x6D, 0x55, 0x79, + 0x54, 0x59, 0x7A, 0x6A, 0x73, 0x54, 0x7A, 0x34, 0x5A, 0x59, 0x6A, 0x68, + 0x61, 0x48, 0x4A, 0x33, 0x6A, 0x31, 0x57, 0x6C, 0x65, 0x67, 0x6F, 0x4D, + 0x63, 0x73, 0x74, 0x64, 0x66, 0x54, 0x2B, 0x74, 0x78, 0x4D, 0x55, 0x37, + 0x34, 0x6F, 0x67, 0x64, 0x4F, 0x71, 0x4D, 0x7A, 0x68, 0x78, 0x53, 0x55, + 0x4F, 0x34, 0x35, 0x67, 0x38, 0x0A, 0x66, 0x39, 0x57, 0x38, 0x39, 0x6D, + 0x70, 0x61, 0x38, 0x62, 0x42, 0x6A, 0x4F, 0x50, 0x75, 0x2B, 0x79, 0x46, + 0x79, 0x36, 0x36, 0x74, 0x44, 0x61, 0x5A, 0x36, 0x73, 0x57, 0x45, 0x37, + 0x63, 0x35, 0x53, 0x58, 0x45, 0x48, 0x58, 0x6C, 0x38, 0x43, 0x67, 0x59, + 0x45, 0x41, 0x74, 0x41, 0x57, 0x77, 0x46, 0x50, 0x6F, 0x44, 0x53, 0x54, + 0x64, 0x7A, 0x6F, 0x58, 0x41, 0x77, 0x52, 0x6F, 0x66, 0x30, 0x0A, 0x51, + 0x4D, 0x4F, 0x30, 0x38, 0x2B, 0x50, 0x6E, 0x51, 0x47, 0x6F, 0x50, 0x62, + 0x4D, 0x4A, 0x54, 0x71, 0x72, 0x67, 0x78, 0x72, 0x48, 0x59, 0x43, 0x53, + 0x38, 0x75, 0x34, 0x63, 0x59, 0x53, 0x48, 0x64, 0x44, 0x4D, 0x4A, 0x44, + 0x43, 0x4F, 0x4D, 0x6F, 0x35, 0x67, 0x46, 0x58, 0x79, 0x43, 0x2B, 0x35, + 0x46, 0x66, 0x54, 0x69, 0x47, 0x77, 0x42, 0x68, 0x79, 0x35, 0x38, 0x7A, + 0x35, 0x62, 0x37, 0x0A, 0x67, 0x42, 0x77, 0x46, 0x4B, 0x49, 0x39, 0x52, + 0x67, 0x52, 0x66, 0x56, 0x31, 0x44, 0x2F, 0x4E, 0x69, 0x6D, 0x78, 0x50, + 0x72, 0x6C, 0x6A, 0x33, 0x57, 0x48, 0x79, 0x65, 0x63, 0x31, 0x2F, 0x43, + 0x73, 0x2B, 0x42, 0x72, 0x2B, 0x2F, 0x76, 0x65, 0x6B, 0x4D, 0x56, 0x46, + 0x67, 0x35, 0x67, 0x65, 0x6B, 0x65, 0x48, 0x72, 0x34, 0x61, 0x47, 0x53, + 0x46, 0x34, 0x62, 0x6B, 0x30, 0x41, 0x6A, 0x56, 0x0A, 0x54, 0x76, 0x2F, + 0x70, 0x51, 0x6A, 0x79, 0x52, 0x75, 0x5A, 0x41, 0x74, 0x36, 0x36, 0x49, + 0x62, 0x52, 0x5A, 0x64, 0x6C, 0x32, 0x49, 0x49, 0x3D, 0x0A, 0x2D, 0x2D, + 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, + 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D + }; + /* + * PEM of pem_rsa_priv_key: + * -----BEGIN PRIVATE KEY----- + * MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEkC4ZWv3ucFbU + * F8YwlUrmQlLCZwAgr4DPUAFVHl+wFcXypVgScVY4K7QmdWKsYqb8tpOxqw0NwZWX + * O+ta4+y27COufoOhRTMwNyN2LwSNTPN3eEk4ee5QnppEyDrqoCgvTlAAdToFaXvj + * x13Ybj7jfhwN74qKdqsSEtPWyggeotiQSPy6KyBIuWtIxPAA8jAvfAnQj1eXhghF + * N2NxkqgxvBYdNy1m3+jXACPLRzc11ZbNHKiwhCY1/HiSBkwHlIK+/VLj2smCKdUQ + * gvLXSnnVgQulHioD6UgY8xA2a4M1rhYuTV8BrPRZ4BFx2o0jYWvGbA/Hlp7fTOy+ + * F5OkiHS7AgMBAAECggEAYgCu81ZiQBVDvWiDGKr+1pIf2CxprGJEm1h86ZcEx3L7 + * qFDW+g8HGWd04S3qvh9LublAJzetAPxRXL9zx3PXjJZs7e3HLEuny3TaWez0XI0O + * 4LSY8S8d6pVBPmUEtwGWN4vYqHnKLXOb4QQAXs4MzfkM/Me/b+zdu1umwjMl3Dud + * 5rVhkgvt8uhDUG3XSHeoJYBMbT9ikJDVMJ51rre/1Riddgxp8SktVkvGmMl9kQR8 + * 8dv3Px/kTN94EuRg0CkXBhHpoGo4qnM3Q3B5PlmSK5gkuPvWy9l8L/TVt8Lb6/zL + * ByQW+g02wxeNGhw1fkD+XFH7KkSeWl+QnrLcePM0hQKBgQDxoqUk0PLOY5WgOkgr + * umgie/K1WKs+izTtApjzcM76sza63b5R9w+P+NssMV4aeV9epEGZO68IUmi0QjvQ + * npluQoadFYweFwSQ11BXHoeQBA4nNpkrV58hgzZN3m9JLR7JxyrIqXsRnUzl13Kj + * GzZBCJxCpJjfTze/yme8d3pa5QKBgQDQP5mB4jI+g3XH3MuLyBjMoTIvoy7CYMhZ + * 6/+Kkpw132J16mqkLrwUOZfT0e1rJBsCUkEoBmgKNtRkHo3/SjUI/9fHj3uStPHV + * oPcfXj/gFRUkDDzY+auB3dHONF1U1z06EANkkPCC3a538UANBIaPjwpRdBzNw1xl + * bvn5aCt3HwKBgBfOl4jGEXYmN6K+u0ebqRDkt2gIoW6bFo7Xd6xci/gFWjoVCOBY + * gC8GLMnw3z2qgav4cQIg8EDYpbpE4FHQnntPkKW/bru0Nt3yaNb8igy1aZORfIvZ + * qTMLE3melcZW7LaiqeN1V0vH/MCUdpX9Y14K9CJYxzsROgPqdEgMWYDFAoGAAe9l + * XMieUOhl0sqhdZYRbO1eiwTILXQ6yGMiB8ae/v0pbBEWlpn8k2+JkqVTwHggbCAZ + * jOaqVtX1mUyTYzjsTz4ZYjhaHJ3j1WlegoMcstdfT+txMU74ogdOqMzhxSUO45g8 + * f9W89mpa8bBjOPu+yFy66tDaZ6sWE7c5SXEHXl8CgYEAtAWwFPoDSTdzoXAwRof0 + * QMO08+PnQGoPbMJTqrgxrHYCS8u4cYSHdDMJDCOMo5gFXyC+5FfTiGwBhy58z5b7 + * gBwFKI9RgRfV1D/NimxPrlj3WHyec1/Cs+Br+/vekMVFg5gekeHr4aGSF4bk0AjV + * Tv/pQjyRuZAt66IbRZdl2II= + * -----END PRIVATE KEY----- + */ + + /* Load private key BIO, DER-encoded public key and PKCS#8 private key for testing */ + if (!TEST_ptr(bio_priv = BIO_new(BIO_s_mem())) + || !TEST_int_gt(BIO_write(bio_priv, pem_rsa_priv_key, sizeof(pem_rsa_priv_key)), 0) + || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(bio_priv, NULL, NULL, NULL, NULL, NULL)) + || !TEST_int_ge(BIO_seek(bio_priv, 0), 0) + || !TEST_int_gt((len_pub = i2d_PUBKEY(pkey, &encoded_pub)), 0) + || !TEST_ptr(p8 = EVP_PKEY2PKCS8(pkey))) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + for (i = 0; i < OSSL_NELEM(properties_test); i++) { + const char *libctx_prop = properties_test[i].provider_props; + const char *explicit_prop = properties_test[i].explicit_props; + /* *curr_provider will be updated in reset_ctx_providers */ + OSSL_PROVIDER **curr_provider = &providers[properties_test[i].curr_provider_idx]; + + /* + * Decoding a PEM-encoded key uses the properties to select the right provider. + * Using a PEM-encoding adds an extra decoder before the key is created. + */ + if (!TEST_int_eq(reset_ctx_providers(&my_libctx, providers, libctx_prop), 1)) + goto end; + if (!TEST_int_ge(BIO_seek(bio_priv, 0), 0) + || !TEST_ptr(pkey = PEM_read_bio_PrivateKey_ex(bio_priv, NULL, NULL, NULL, my_libctx, + explicit_prop)) + || !TEST_ptr_eq(EVP_PKEY_get0_provider(pkey), *curr_provider)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Decoding a DER-encoded X509_PUBKEY uses the properties to select the right provider */ + if (!TEST_int_eq(reset_ctx_providers(&my_libctx, providers, libctx_prop), 1)) + goto end; + p = encoded_pub; + if (!TEST_ptr(pkey = d2i_PUBKEY_ex(NULL, &p, len_pub, my_libctx, explicit_prop)) + || !TEST_ptr_eq(EVP_PKEY_get0_provider(pkey), *curr_provider)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Decoding a PKCS8_PRIV_KEY_INFO uses the properties to select the right provider */ + if (!TEST_int_eq(reset_ctx_providers(&my_libctx, providers, libctx_prop), 1)) + goto end; + if (!TEST_ptr(pkey = EVP_PKCS82PKEY_ex(p8, my_libctx, explicit_prop)) + || !TEST_ptr_eq(EVP_PKEY_get0_provider(pkey), *curr_provider)) + goto end; + EVP_PKEY_free(pkey); + pkey = NULL; + } + + ret = 1; + +end: + PKCS8_PRIV_KEY_INFO_free(p8); + BIO_free(bio_priv); + OPENSSL_free(encoded_pub); + EVP_PKEY_free(pkey); + OSSL_PROVIDER_unload(providers[DEFAULT_PROVIDER_IDX]); + fake_rsa_finish(providers[FAKE_RSA_PROVIDER_IDX]); + OSSL_LIB_CTX_free(my_libctx); + return ret; +} + int setup_tests(void) { libctx = OSSL_LIB_CTX_new(); @@ -433,9 +790,11 @@ ADD_TEST(test_pkey_sig); ADD_TEST(test_alternative_keygen_init); ADD_TEST(test_pkey_eq); + ADD_TEST(test_pkey_can_sign); ADD_ALL_TESTS(test_pkey_store, 2); ADD_TEST(test_pkey_delete); ADD_TEST(test_pkey_store_open_ex); + ADD_TEST(test_pkey_provider_decoder_props); return 1; } diff -Nru openssl-3.5.1/test/quic-openssl-docker/hq-interop/quic-hq-interop.c openssl-3.5.4/test/quic-openssl-docker/hq-interop/quic-hq-interop.c --- openssl-3.5.1/test/quic-openssl-docker/hq-interop/quic-hq-interop.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/quic-openssl-docker/hq-interop/quic-hq-interop.c 2025-09-30 12:37:40.000000000 +0000 @@ -906,8 +906,6 @@ goto end; } } - BIO_free(req_bio); - req_bio = NULL; reqnames[read_offset + 1] = '\0'; if (!setup_connection(hostname, port, &ctx, &ssl)) { @@ -1037,6 +1035,7 @@ */ BIO_ADDR_free(peer_addr); OPENSSL_free(reqnames); + BIO_free(req_bio); BIO_free(session_bio); for (poll_idx = 0; poll_idx < poll_count; poll_idx++) { BIO_free(outbiolist[poll_idx]); diff -Nru openssl-3.5.1/test/quic_ackm_test.c openssl-3.5.4/test/quic_ackm_test.c --- openssl-3.5.1/test/quic_ackm_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/quic_ackm_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -104,7 +104,8 @@ /* Initialise ACK manager. */ h->ackm = ossl_ackm_new(fake_now, NULL, &h->statm, - &ossl_cc_dummy_method, h->ccdata); + &ossl_cc_dummy_method, h->ccdata, + /* is_server */0); if (!TEST_ptr(h->ackm)) goto err; diff -Nru openssl-3.5.1/test/quic_fifd_test.c openssl-3.5.4/test/quic_fifd_test.c --- openssl-3.5.1/test/quic_fifd_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/quic_fifd_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -329,7 +329,8 @@ || !TEST_ptr(info.ackm = ossl_ackm_new(fake_now, NULL, &info.statm, &ossl_cc_dummy_method, - info.ccdata)) + info.ccdata, + /* is_server */0)) || !TEST_true(ossl_ackm_on_handshake_confirmed(info.ackm)) || !TEST_ptr(info.cfq = ossl_quic_cfq_new()) || !TEST_ptr(info.txpim = ossl_quic_txpim_new()) diff -Nru openssl-3.5.1/test/quic_txp_test.c openssl-3.5.4/test/quic_txp_test.c --- openssl-3.5.1/test/quic_txp_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/quic_txp_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -182,7 +182,8 @@ if (!TEST_ptr(h->args.ackm = ossl_ackm_new(fake_now, NULL, &h->statm, h->cc_method, - h->cc_data))) + h->cc_data, + /* is_server */0))) goto err; if (!TEST_true(ossl_quic_stream_map_init(&h->qsm, NULL, NULL, diff -Nru openssl-3.5.1/test/quicapitest.c openssl-3.5.4/test/quicapitest.c --- openssl-3.5.1/test/quicapitest.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/quicapitest.c 2025-09-30 12:37:40.000000000 +0000 @@ -428,91 +428,6 @@ } #if defined(DO_SSL_TRACE_TEST) -static void strip_line_ends(char *str) -{ - size_t i; - - for (i = strlen(str); - i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r'); - i--); - - str[i] = '\0'; -} - -static int compare_with_file(BIO *membio) -{ - BIO *file = NULL, *newfile = NULL; - char buf1[8192], buf2[8192]; - char *reffile; - int ret = 0; - size_t i; - -#ifdef OPENSSL_NO_ZLIB - reffile = test_mk_file_path(datadir, "ssltraceref.txt"); -#else - reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt"); -#endif - if (!TEST_ptr(reffile)) - goto err; - - file = BIO_new_file(reffile, "rb"); - if (!TEST_ptr(file)) - goto err; - - newfile = BIO_new_file("ssltraceref-new.txt", "wb"); - if (!TEST_ptr(newfile)) - goto err; - - while (BIO_gets(membio, buf2, sizeof(buf2)) > 0) - if (BIO_puts(newfile, buf2) <= 0) { - TEST_error("Failed writing new file data"); - goto err; - } - - if (!TEST_int_ge(BIO_seek(membio, 0), 0)) - goto err; - - while (BIO_gets(file, buf1, sizeof(buf1)) > 0) { - size_t line_len; - - if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) { - TEST_error("Failed reading mem data"); - goto err; - } - strip_line_ends(buf1); - strip_line_ends(buf2); - line_len = strlen(buf1); - if (line_len > 0 && buf1[line_len - 1] == '?') { - /* Wildcard at the EOL means ignore anything after it */ - if (strlen(buf2) > line_len) - buf2[line_len] = '\0'; - } - if (line_len != strlen(buf2)) { - TEST_error("Actual and ref line data length mismatch"); - TEST_info("%s", buf1); - TEST_info("%s", buf2); - goto err; - } - for (i = 0; i < line_len; i++) { - /* '?' is a wild card character in the reference text */ - if (buf1[i] == '?') - buf2[i] = '?'; - } - if (!TEST_str_eq(buf1, buf2)) - goto err; - } - if (!TEST_true(BIO_eof(file)) - || !TEST_true(BIO_eof(membio))) - goto err; - - ret = 1; - err: - OPENSSL_free(reffile); - BIO_free(file); - BIO_free(newfile); - return ret; -} - /* * Tests that the SSL_trace() msg_callback works as expected with a QUIC * connection. This also provides testing of the msg_callback at the same time. @@ -524,6 +439,7 @@ QUIC_TSERVER *qtserv = NULL; int testresult = 0; BIO *bio = NULL; + char *reffile = NULL; if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())) || !TEST_ptr(bio = BIO_new(BIO_s_mem())) @@ -547,7 +463,13 @@ if (!TEST_int_gt(BIO_pending(bio), 0)) goto err; } else { - if (!TEST_true(compare_with_file(bio))) + +# ifdef OPENSSL_NO_ZLIB + reffile = test_mk_file_path(datadir, "ssltraceref.txt"); +# else + reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt"); +# endif + if (!TEST_true(compare_with_reference_file(bio, reffile))) goto err; } @@ -557,6 +479,7 @@ SSL_free(clientquic); SSL_CTX_free(cctx); BIO_free(bio); + OPENSSL_free(reffile); return testresult; } @@ -2863,6 +2786,62 @@ return testresult; } +/* + * When the server has a different primary group than the client, the server + * should not fail on the client hello retry. + */ +static int test_client_hello_retry(void) +{ +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECX) + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL; + int testresult = 0, i = 0, ret = 0; + + if (!TEST_ptr(sctx = create_server_ctx()) + || !TEST_ptr(cctx = create_client_ctx())) + goto err; + /* + * set the specific groups for the test + */ + if (!TEST_true(SSL_CTX_set1_groups_list(cctx, "secp384r1:secp256r1"))) + goto err; + if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "secp256r1"))) + goto err; + + if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl)) + goto err; + + /* Send ClientHello and server retry */ + for (i = 0; i < 2; i++) { + ret = SSL_connect(clientssl); + if (!TEST_int_le(ret, 0) + || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ)) + goto err; + SSL_handle_events(qlistener); + } + + /* We expect a server SSL object which has not yet completed its handshake */ + serverssl = SSL_accept_connection(qlistener, 0); + + /* Call SSL_accept() and SSL_connect() until we are connected */ + if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE, 0, 0))) + goto err; + + testresult = 1; + +err: + SSL_CTX_free(cctx); + SSL_CTX_free(sctx); + SSL_free(clientssl); + SSL_free(serverssl); + SSL_free(qlistener); + + return testresult; +#else + return TEST_skip("EC(X) keys are not supported in this build"); +#endif +} /***********************************************************************************/ OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n") @@ -2964,6 +2943,7 @@ ADD_TEST(test_server_method_with_ssl_new); ADD_TEST(test_ssl_accept_connection); ADD_TEST(test_ssl_set_verify); + ADD_TEST(test_client_hello_retry); return 1; err: cleanup_tests(); diff -Nru openssl-3.5.1/test/radix/quic_bindings.c openssl-3.5.4/test/radix/quic_bindings.c --- openssl-3.5.1/test/radix/quic_bindings.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/radix/quic_bindings.c 2025-09-30 12:37:40.000000000 +0000 @@ -799,9 +799,9 @@ if (!TEST_ptr(child_rt->debug_bio = BIO_new(BIO_s_mem()))) goto err; - ossl_crypto_mutex_lock(child_rt->m); - child_rt->child_script_info = script_info; + + ossl_crypto_mutex_lock(child_rt->m); if (!TEST_ptr(child_rt->t = ossl_crypto_thread_native_start(RADIX_THREAD_worker_main, child_rt, 1))) { ossl_crypto_mutex_unlock(child_rt->m); diff -Nru openssl-3.5.1/test/radix/terp.c openssl-3.5.4/test/radix/terp.c --- openssl-3.5.1/test/radix/terp.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/radix/terp.c 2025-09-30 12:37:40.000000000 +0000 @@ -871,8 +871,10 @@ } GEN_SCRIPT_cleanup(&gen_script); - BIO_printf(debug_bio, "Stats:\n Ops executed: %16llu\n\n", - (unsigned long long)terp.ops_executed); + if (have_terp) { + BIO_printf(debug_bio, "Stats:\n Ops executed: %16llu\n\n", + (unsigned long long)terp.ops_executed); + } SCRIPT_INFO_print(script_info, debug_bio, /*error=*/!ok, ok ? "completed" : "failed, exiting"); return ok; diff -Nru openssl-3.5.1/test/recipes/03-test_fipsinstall.t openssl-3.5.4/test/recipes/03-test_fipsinstall.t --- openssl-3.5.1/test/recipes/03-test_fipsinstall.t 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/03-test_fipsinstall.t 2025-09-30 12:37:40.000000000 +0000 @@ -63,7 +63,7 @@ ( 'x942kdf_key_check', 'x942kdf-key-check' ) ); -plan tests => 40 + (scalar @pedantic_okay) + (scalar @pedantic_fail) +plan tests => 41 + (scalar @pedantic_okay) + (scalar @pedantic_fail) + 4 * (scalar @commandline); my $infile = bldtop_file('providers', platform->dso('fips')); @@ -392,6 +392,16 @@ "fipsinstall fails when the ML-KEM decapsulate implicit failure result is corrupted"); } +# corrupt an Asymmetric cipher test +SKIP: { + skip "Skipping Asymmetric RSA corruption test because of no rsa in this build", 1 + if disabled("rsa") || disabled("fips-post"); + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, + '-corrupt_desc', 'RSA_Encrypt', + '-corrupt_type', 'KAT_AsymmetricCipher'])), + "fipsinstall fails when the asymmetric cipher result is corrupted"); +} + # 'local' ensures that this change is only done in this file. local $ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir()); diff -Nru openssl-3.5.1/test/recipes/15-test_ec.t openssl-3.5.4/test/recipes/15-test_ec.t --- openssl-3.5.1/test/recipes/15-test_ec.t 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/15-test_ec.t 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,7 @@ plan skip_all => 'EC is not supported in this build' if disabled('ec'); -plan tests => 15; +plan tests => 16; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); @@ -33,6 +33,16 @@ tconversion( -type => 'ec', -prefix => 'ec-priv', -in => srctop_file("test","testec-p256.pem") ); }; + +SKIP: { + skip "SM2 is not supported by this OpenSSL build", 1 + if disabled("sm2"); + subtest 'EC conversions -- private key' => sub { + tconversion( -type => 'ec', -prefix => 'sm2-priv', + -in => srctop_file("test","testec-sm2.pem") ); + }; +} + subtest 'EC conversions -- private key PKCS#8' => sub { tconversion( -type => 'ec', -prefix => 'ec-pkcs8', -in => srctop_file("test","testec-p256.pem"), diff -Nru openssl-3.5.1/test/recipes/20-test_cli_list.t openssl-3.5.4/test/recipes/20-test_cli_list.t --- openssl-3.5.1/test/recipes/20-test_cli_list.t 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.5.4/test/recipes/20-test_cli_list.t 2025-09-30 12:37:40.000000000 +0000 @@ -0,0 +1,25 @@ +#! /usr/bin/env perl +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file bldtop_dir with/; +use OpenSSL::Test::Utils; + +setup("test_cli_list"); + +plan tests => 2; + +ok(run(app(["openssl", "list", "-skey-managers"], + stdout => "listout.txt")), +"List skey managers - default configuration"); +open DATA, "listout.txt"; +my @match = grep /secret key/, ; +close DATA; +ok(scalar @match > 1 ? 1 : 0, "Several skey managers are listed - default configuration"); diff -Nru openssl-3.5.1/test/recipes/25-test_verify.t openssl-3.5.4/test/recipes/25-test_verify.t --- openssl-3.5.1/test/recipes/25-test_verify.t 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/25-test_verify.t 2025-09-30 12:37:40.000000000 +0000 @@ -602,9 +602,10 @@ ok(vfy_root("-CAstore", $rootcert), "CAstore"); ok(vfy_root("-CAstore", $rootcert, "-CAfile", $rootcert), "CAfile and existing CAstore"); ok(!vfy_root("-CAstore", "non-existing", "-CAfile", $rootcert), "CAfile and non-existing CAstore"); + SKIP: { - skip "file names with colons aren't supported on Windows and VMS", 2 - if $^O =~ /^(MsWin32|VMS)$/; + skip "file names with colons aren't supported on Windows and VMS", 1 + if $^O =~ /^(MSWin32|VMS)$/; my $foo_file = "foo:cert.pem"; copy($rootcert, $foo_file); ok(vfy_root("-CAstore", $foo_file), "CAstore foo:file"); diff -Nru openssl-3.5.1/test/recipes/30-test_evp_data/evpkdf_krb5.txt openssl-3.5.4/test/recipes/30-test_evp_data/evpkdf_krb5.txt --- openssl-3.5.1/test/recipes/30-test_evp_data/evpkdf_krb5.txt 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/30-test_evp_data/evpkdf_krb5.txt 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -129,3 +129,11 @@ Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92 Ctrl.hexconstant = hexconstant:0000000155 Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705 + +#Erroneous key size for the cipher as XTS has double key size +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-256-XTS +Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 +Ctrl.hexconstant = hexconstant:0000000255 +Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA +Result = KDF_DERIVE_ERROR diff -Nru openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt openssl-3.5.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt --- openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/30-test_evp_data/evppkey_ecdsa.txt 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -261,6 +261,15 @@ Input = "0123456789ABCDEF1234" Result = KEYOP_MISMATCH +FIPSversion = >=3.6.0 +Sign = P-256 +Securitycheck = 1 +Unapproved = 1 +CtrlInit = digest-check:0 +Ctrl = digest:SHA512-224 +Input = "0123456789ABCDEF1234" +Result = KEYOP_ERROR + Title = XOF disallowed DigestVerify = SHAKE256 diff -Nru openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt openssl-3.5.4/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt --- openssl-3.5.1/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -186,4 +186,4 @@ Availablein = default Sign-Message = RSA-SM3:RSA-2048 Input = "Hello World" -Output = 92657e22036214c343d8e95d129c0c47430d5a1ae452371a7847a963f533f96e018aa6658958e6a584cf0d380aa9435175cf2de3dfa60100aca893b76aa6d8f0cc9154ee982cb5ea8f19153fe8a9c801aa2da8bb4451c7ec6fd836e81ecdacf022b68294db068efa47decf3a7c548ea7088a16433029b8733b9573053b7e7122ea10b662726fc97bd149c663617434a9707b672b024f95865d91077edfb79c8ed4c8528032204c46c984a6c82b17794cbf9c4dfe4c1af1d59535f7755540ff36d6a2b55accbf046896c4aae9287a33f38c2a269a02abdac46c17b1b55ee89cc9eb3011a84916596f982c5375dd2110633be6dc43532919466d83bd0f3e406978 +Output = b74e03c18050807541bde949aa0ac91d43fb9730f0b529d5100d5776f4f446d0ca0f0992359dc5f89386ed45bc3bf52cac1f75fbcc088fc2ea77624fd962569d2d317e90886dec424fb6757c4eba1e881ddf4f7942e8003b54e05cc974558dea171ce23a2fc158f71a5621c9a2c3ce45c9af4c706d3f60efe0c0f087a6ec504f771b08e2a1d78e0316c74706c678869bf121d5da00e2e8c8dc1cd273315b4ad8ab9962c62f81cebc5fb393b7f8860ee68545578413feada82b1c2bbfabfa157e298f0354bffc1cc6aa68f058a5d34b6b70ffacd3532c6b2c6a0de059bf605edf392ac8adbf1769555a0a50b2b13c63cae98a461498fae7f0d1729b710f05f39e diff -Nru openssl-3.5.1/test/recipes/80-test_cms.t openssl-3.5.4/test/recipes/80-test_cms.t --- openssl-3.5.1/test/recipes/80-test_cms.t 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/80-test_cms.t 2025-09-30 12:37:40.000000000 +0000 @@ -89,6 +89,15 @@ \&final_compare ], + [ "signed text content DER format, RSA key", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-certfile", $smroot, "-signer", $smrsa1, "-text", + "-out", "{output}.cms" ], + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER", + "-text", "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], + [ "signed detached content DER format, RSA key", [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-signer", $smrsa1, "-out", "{output}.cms" ], @@ -222,6 +231,14 @@ \&final_compare ], + [ "enveloped text content streaming S/MIME format, DES, 1 recipient", + [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, + "-stream", "-text", "-out", "{output}.cms", $smrsa1 ], + [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1, + "-in", "{output}.cms", "-text", "-out", "{output}.txt" ], + \&final_compare + ], + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", diff -Nru openssl-3.5.1/test/recipes/90-test_sslapi.t openssl-3.5.4/test/recipes/90-test_sslapi.t --- openssl-3.5.1/test/recipes/90-test_sslapi.t 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/90-test_sslapi.t 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -45,7 +45,10 @@ srctop_file("test", "recipes", "90-test_sslapi_data", - "dhparams.pem")])), + "dhparams.pem"), + srctop_dir("test", + "recipes", + "90-test_sslapi_data")])), "running sslapitest"); SKIP: { @@ -62,7 +65,10 @@ srctop_file("test", "recipes", "90-test_sslapi_data", - "dhparams.pem")])), + "dhparams.pem"), + srctop_dir("test", + "recipes", + "90-test_sslapi_data")])), "running sslapitest with default fips config"); run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), @@ -140,7 +146,10 @@ srctop_file("test", "recipes", "90-test_sslapi_data", - "dhparams.pem")])), + "dhparams.pem"), + srctop_dir("test", + "recipes", + "90-test_sslapi_data")])), "running sslapitest with modified fips config"); } diff -Nru openssl-3.5.1/test/recipes/90-test_sslapi_data/ssltraceref-zlib.txt openssl-3.5.4/test/recipes/90-test_sslapi_data/ssltraceref-zlib.txt --- openssl-3.5.1/test/recipes/90-test_sslapi_data/ssltraceref-zlib.txt 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.5.4/test/recipes/90-test_sslapi_data/ssltraceref-zlib.txt 2025-09-30 12:37:40.000000000 +0000 @@ -0,0 +1,255 @@ +Sent TLS Record +Header: + Version = TLS 1.0 (0x301) + Content Type = Handshake (22) + Length = ? + ClientHello, Length=? + client_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x? + random_bytes (len=28): ? + session_id (len=? + cipher_suites (len=2) + {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_methods (len=1) + No Compression (0x00) + extensions, length = ? + extension_type=ec_point_formats(11), length=4 + uncompressed (0) + ansiX962_compressed_prime (1) + ansiX962_compressed_char2 (2) + extension_type=supported_groups(10), length=20 + MLKEM512 (512) + MLKEM768 (513) + MLKEM1024 (514) + X25519MLKEM768 (4588) + SecP256r1MLKEM768 (4587) + SecP384r1MLKEM1024 (4589) + secp521r1 (P-521) (25) + secp384r1 (P-384) (24) + secp256r1 (P-256) (23) + extension_type=session_ticket(35), length=0 + extension_type=encrypt_then_mac(22), length=0 + extension_type=extended_master_secret(23), length=0 + extension_type=signature_algorithms(13), length=? + mldsa65 (0x0905) + mldsa87 (0x0906) + mldsa44 (0x0904) + ecdsa_secp256r1_sha256 (0x0403) + ecdsa_secp384r1_sha384 (0x0503) + ecdsa_secp521r1_sha512 (0x0603) + ed25519 (0x0807) + ed448 (0x0808) + ecdsa_brainpoolP256r1tls13_sha256 (0x081a) + ecdsa_brainpoolP384r1tls13_sha384 (0x081b) + ecdsa_brainpoolP512r1tls13_sha512 (0x081c) + rsa_pss_pss_sha256 (0x0809) + rsa_pss_pss_sha384 (0x080a) + rsa_pss_pss_sha512 (0x080b) + rsa_pss_rsae_sha256 (0x0804) + rsa_pss_rsae_sha384 (0x0805) + rsa_pss_rsae_sha512 (0x0806) + rsa_pkcs1_sha256 (0x0401) + rsa_pkcs1_sha384 (0x0501) + rsa_pkcs1_sha512 (0x0601) + extension_type=supported_versions(43), length=3 + TLS 1.3 (772) + extension_type=psk_key_exchange_modes(45), length=2 + psk_dhe_ke (1) + extension_type=key_share(51), length=806 + NamedGroup: MLKEM512 (512) + key_exchange: (len=800): ? + extension_type=compress_certificate(27), length=3 + zlib (1) + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = Handshake (22) + Length = 858 + ServerHello, Length=854 + server_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x? + random_bytes (len=28): ? + session_id (len=? + cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_method: No Compression (0x00) + extensions, length = ? + extension_type=supported_versions(43), length=2 + TLS 1.3 (772) + extension_type=key_share(51), length=772 + NamedGroup: MLKEM512 (512) + key_exchange: (len=768): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ChangeCipherSpec (20) + Length = 1 + change_cipher_spec (1) + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 23 + Inner Content Type = Handshake (22) + EncryptedExtensions, Length=2 + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 839 + Inner Content Type = Handshake (22) + Certificate, Length=818 + context (len=0): + certificate_list, length=814 + ASN.1Cert, length=809 +------details----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Root CA + Validity + Not Before: Jan 14 22:29:46 2016 GMT + Not After : Jan 15 22:29:46 2116 GMT + Subject: CN = server.example + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d5:5d:60:6a:df:fc:61:ee:48:aa:8c:11:48:43: + a5:6d:b6:52:5d:aa:98:49:b1:61:92:35:b1:fc:3a: + 04:25:0c:6d:79:ff:b4:d5:c9:e9:5c:1c:3b:e0:ab: + b3:b8:7d:a3:de:6d:bd:e0:dd:d7:5a:bf:14:47:11: + 42:5e:a6:82:d0:61:c1:7f:dd:13:46:e6:09:85:07: + 0e:f2:d4:fc:1a:64:d2:0a:ad:20:ab:20:6b:96:f0: + ad:cc:c4:19:53:55:dc:01:1d:a4:b3:ef:8a:b4:49: + 53:5d:8a:05:1c:f1:dc:e1:44:bf:c5:d7:e2:77:19: + 57:5c:97:0b:75:ee:88:43:71:0f:ca:6c:c1:b4:b2: + 50:a7:77:46:6c:58:0f:11:bf:f1:76:24:5a:ae:39: + 42:b7:51:67:29:e1:d0:55:30:6f:17:e4:91:ea:ad: + f8:28:c2:43:6f:a2:64:a9:fb:9d:98:92:62:48:3e: + eb:0d:4f:82:4a:8a:ff:3f:72:ee:96:b5:ae:a1:c1: + 98:ba:ef:7d:90:75:6d:ff:5a:52:9e:ab:f5:c0:7e: + d0:87:43:db:85:07:07:0f:7d:38:7a:fd:d1:d3:ee: + 65:1d:d3:ea:39:6a:87:37:ee:4a:d3:e0:0d:6e:f5: + 70:ac:c2:bd:f1:6e:f3:92:95:5e:a9:f0:a1:65:95: + 93:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C0:E7:84:BF:E8:59:27:33:10:B0:52:4F:51:52:2F:06:D6:C0:7A:CD + X509v3 Authority Key Identifier: + 70:7F:2E:AE:83:68:59:98:04:23:2A:CD:EB:3E:17:CD:24:DD:01:49 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Alternative Name: + DNS:server.example + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7b:d3:04:43:75:8a:0f:11:ae:c4:fb:d7:a1:a2:9e:fe:20:18: + d5:f4:2f:31:88:46:b6:75:8c:ee:e5:9b:97:a6:b9:a3:cd:60: + 9a:46:c3:48:97:e5:97:68:f7:5a:86:35:73:d9:69:9e:f9:5f: + 74:b9:e6:94:13:01:cb:6a:dc:e3:c4:04:e9:65:da:9c:a4:8b: + 28:f3:f9:9a:7f:bf:97:1f:45:92:e5:05:b1:56:e6:0b:f6:47: + de:1e:89:b6:2b:e1:4d:df:4a:7e:01:d3:23:dc:97:8c:47:fe: + 5f:c7:cc:98:46:0e:c4:83:5b:ca:8a:f1:52:09:be:6b:ec:3f: + 09:8b:d0:93:02:bf:e1:51:e7:d1:7e:34:56:19:74:d0:ff:28: + 25:de:b7:9f:56:52:91:7d:20:29:85:0a:80:44:5f:71:32:25: + 71:0f:c2:16:e2:5f:6b:1d:3f:32:5b:0a:3c:74:1c:b9:62:f1: + ed:07:50:a3:6d:b4:b4:31:0a:c0:53:44:6a:3a:88:84:8b:2d: + a9:b0:37:8e:e6:18:36:bd:9a:20:40:0f:01:92:8b:3d:aa:61: + e7:ae:2c:ed:36:cd:3a:07:86:74:3a:29:b3:d7:3a:b4:00:a9: + c2:f5:92:78:0e:e2:0f:a3:fe:bb:be:e0:06:53:84:59:1d:90: + 69:e5:b6:f9 +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD +DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 +o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV +3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ +8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 +rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 +cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS +T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud +EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 +YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI +RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk +iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK +8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi +X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q +YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= +-----END CERTIFICATE----- +------------------ + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 281 + Inner Content Type = Handshake (22) + CertificateVerify, Length=260 + Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) + Signature (len=256): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 53 + Inner Content Type = Handshake (22) + Finished, Length=32 + verify_data (len=32): ? + +Sent TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ChangeCipherSpec (20) + Length = 1 + change_cipher_spec (1) + +Sent TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 53 + Inner Content Type = Handshake (22) + Finished, Length=32 + verify_data (len=32): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 234 + Inner Content Type = Handshake (22) + NewSessionTicket, Length=213 + ticket_lifetime_hint=7200 + ticket_age_add=? + ticket_nonce (len=8): ? + ticket (len=192): ? + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 234 + Inner Content Type = Handshake (22) + NewSessionTicket, Length=213 + ticket_lifetime_hint=7200 + ticket_age_add=? + ticket_nonce (len=8): ? + ticket (len=192): ? + No extensions + diff -Nru openssl-3.5.1/test/recipes/90-test_sslapi_data/ssltraceref.txt openssl-3.5.4/test/recipes/90-test_sslapi_data/ssltraceref.txt --- openssl-3.5.1/test/recipes/90-test_sslapi_data/ssltraceref.txt 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.5.4/test/recipes/90-test_sslapi_data/ssltraceref.txt 2025-09-30 12:37:40.000000000 +0000 @@ -0,0 +1,253 @@ +Sent TLS Record +Header: + Version = TLS 1.0 (0x301) + Content Type = Handshake (22) + Length = ? + ClientHello, Length=? + client_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x? + random_bytes (len=28): ? + session_id (len=? + cipher_suites (len=2) + {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_methods (len=1) + No Compression (0x00) + extensions, length = ? + extension_type=ec_point_formats(11), length=4 + uncompressed (0) + ansiX962_compressed_prime (1) + ansiX962_compressed_char2 (2) + extension_type=supported_groups(10), length=20 + MLKEM512 (512) + MLKEM768 (513) + MLKEM1024 (514) + X25519MLKEM768 (4588) + SecP256r1MLKEM768 (4587) + SecP384r1MLKEM1024 (4589) + secp521r1 (P-521) (25) + secp384r1 (P-384) (24) + secp256r1 (P-256) (23) + extension_type=session_ticket(35), length=0 + extension_type=encrypt_then_mac(22), length=0 + extension_type=extended_master_secret(23), length=0 + extension_type=signature_algorithms(13), length=? + mldsa65 (0x0905) + mldsa87 (0x0906) + mldsa44 (0x0904) + ecdsa_secp256r1_sha256 (0x0403) + ecdsa_secp384r1_sha384 (0x0503) + ecdsa_secp521r1_sha512 (0x0603) + ed25519 (0x0807) + ed448 (0x0808) + ecdsa_brainpoolP256r1tls13_sha256 (0x081a) + ecdsa_brainpoolP384r1tls13_sha384 (0x081b) + ecdsa_brainpoolP512r1tls13_sha512 (0x081c) + rsa_pss_pss_sha256 (0x0809) + rsa_pss_pss_sha384 (0x080a) + rsa_pss_pss_sha512 (0x080b) + rsa_pss_rsae_sha256 (0x0804) + rsa_pss_rsae_sha384 (0x0805) + rsa_pss_rsae_sha512 (0x0806) + rsa_pkcs1_sha256 (0x0401) + rsa_pkcs1_sha384 (0x0501) + rsa_pkcs1_sha512 (0x0601) + extension_type=supported_versions(43), length=3 + TLS 1.3 (772) + extension_type=psk_key_exchange_modes(45), length=2 + psk_dhe_ke (1) + extension_type=key_share(51), length=806 + NamedGroup: MLKEM512 (512) + key_exchange: (len=800): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = Handshake (22) + Length = 858 + ServerHello, Length=854 + server_version=0x303 (TLS 1.2) + Random: + gmt_unix_time=0x? + random_bytes (len=28): ? + session_id (len=? + cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256 + compression_method: No Compression (0x00) + extensions, length = ? + extension_type=supported_versions(43), length=2 + TLS 1.3 (772) + extension_type=key_share(51), length=772 + NamedGroup: MLKEM512 (512) + key_exchange: (len=768): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ChangeCipherSpec (20) + Length = 1 + change_cipher_spec (1) + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 23 + Inner Content Type = Handshake (22) + EncryptedExtensions, Length=2 + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 839 + Inner Content Type = Handshake (22) + Certificate, Length=818 + context (len=0): + certificate_list, length=814 + ASN.1Cert, length=809 +------details----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN = Root CA + Validity + Not Before: Jan 14 22:29:46 2016 GMT + Not After : Jan 15 22:29:46 2116 GMT + Subject: CN = server.example + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:d5:5d:60:6a:df:fc:61:ee:48:aa:8c:11:48:43: + a5:6d:b6:52:5d:aa:98:49:b1:61:92:35:b1:fc:3a: + 04:25:0c:6d:79:ff:b4:d5:c9:e9:5c:1c:3b:e0:ab: + b3:b8:7d:a3:de:6d:bd:e0:dd:d7:5a:bf:14:47:11: + 42:5e:a6:82:d0:61:c1:7f:dd:13:46:e6:09:85:07: + 0e:f2:d4:fc:1a:64:d2:0a:ad:20:ab:20:6b:96:f0: + ad:cc:c4:19:53:55:dc:01:1d:a4:b3:ef:8a:b4:49: + 53:5d:8a:05:1c:f1:dc:e1:44:bf:c5:d7:e2:77:19: + 57:5c:97:0b:75:ee:88:43:71:0f:ca:6c:c1:b4:b2: + 50:a7:77:46:6c:58:0f:11:bf:f1:76:24:5a:ae:39: + 42:b7:51:67:29:e1:d0:55:30:6f:17:e4:91:ea:ad: + f8:28:c2:43:6f:a2:64:a9:fb:9d:98:92:62:48:3e: + eb:0d:4f:82:4a:8a:ff:3f:72:ee:96:b5:ae:a1:c1: + 98:ba:ef:7d:90:75:6d:ff:5a:52:9e:ab:f5:c0:7e: + d0:87:43:db:85:07:07:0f:7d:38:7a:fd:d1:d3:ee: + 65:1d:d3:ea:39:6a:87:37:ee:4a:d3:e0:0d:6e:f5: + 70:ac:c2:bd:f1:6e:f3:92:95:5e:a9:f0:a1:65:95: + 93:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + C0:E7:84:BF:E8:59:27:33:10:B0:52:4F:51:52:2F:06:D6:C0:7A:CD + X509v3 Authority Key Identifier: + 70:7F:2E:AE:83:68:59:98:04:23:2A:CD:EB:3E:17:CD:24:DD:01:49 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Extended Key Usage: + TLS Web Server Authentication + X509v3 Subject Alternative Name: + DNS:server.example + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7b:d3:04:43:75:8a:0f:11:ae:c4:fb:d7:a1:a2:9e:fe:20:18: + d5:f4:2f:31:88:46:b6:75:8c:ee:e5:9b:97:a6:b9:a3:cd:60: + 9a:46:c3:48:97:e5:97:68:f7:5a:86:35:73:d9:69:9e:f9:5f: + 74:b9:e6:94:13:01:cb:6a:dc:e3:c4:04:e9:65:da:9c:a4:8b: + 28:f3:f9:9a:7f:bf:97:1f:45:92:e5:05:b1:56:e6:0b:f6:47: + de:1e:89:b6:2b:e1:4d:df:4a:7e:01:d3:23:dc:97:8c:47:fe: + 5f:c7:cc:98:46:0e:c4:83:5b:ca:8a:f1:52:09:be:6b:ec:3f: + 09:8b:d0:93:02:bf:e1:51:e7:d1:7e:34:56:19:74:d0:ff:28: + 25:de:b7:9f:56:52:91:7d:20:29:85:0a:80:44:5f:71:32:25: + 71:0f:c2:16:e2:5f:6b:1d:3f:32:5b:0a:3c:74:1c:b9:62:f1: + ed:07:50:a3:6d:b4:b4:31:0a:c0:53:44:6a:3a:88:84:8b:2d: + a9:b0:37:8e:e6:18:36:bd:9a:20:40:0f:01:92:8b:3d:aa:61: + e7:ae:2c:ed:36:cd:3a:07:86:74:3a:29:b3:d7:3a:b4:00:a9: + c2:f5:92:78:0e:e2:0f:a3:fe:bb:be:e0:06:53:84:59:1d:90: + 69:e5:b6:f9 +-----BEGIN CERTIFICATE----- +MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD +DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9 +o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV +3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/ +8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1 +rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71 +cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS +T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud +EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4 +YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI +RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk +iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK +8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi +X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q +YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk= +-----END CERTIFICATE----- +------------------ + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 281 + Inner Content Type = Handshake (22) + CertificateVerify, Length=260 + Signature Algorithm: rsa_pss_rsae_sha256 (0x0804) + Signature (len=256): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 53 + Inner Content Type = Handshake (22) + Finished, Length=32 + verify_data (len=32): ? + +Sent TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ChangeCipherSpec (20) + Length = 1 + change_cipher_spec (1) + +Sent TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 53 + Inner Content Type = Handshake (22) + Finished, Length=32 + verify_data (len=32): ? + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 234 + Inner Content Type = Handshake (22) + NewSessionTicket, Length=213 + ticket_lifetime_hint=7200 + ticket_age_add=? + ticket_nonce (len=8): ? + ticket (len=192): ? + No extensions + +Received TLS Record +Header: + Version = TLS 1.2 (0x303) + Content Type = ApplicationData (23) + Length = 234 + Inner Content Type = Handshake (22) + NewSessionTicket, Length=213 + ticket_lifetime_hint=7200 + ticket_age_add=? + ticket_nonce (len=8): ? + ticket (len=192): ? + No extensions + diff -Nru openssl-3.5.1/test/recipes/90-test_store_cases.t openssl-3.5.4/test/recipes/90-test_store_cases.t --- openssl-3.5.1/test/recipes/90-test_store_cases.t 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/90-test_store_cases.t 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,9 +18,10 @@ my $test_name = "test_store_cases"; setup($test_name); -plan tests => 2; +plan tests => 3; my $stderr; +my @stdout; # The case of the garbage PKCS#12 DER file where a passphrase was # prompted for. That should not have happened. @@ -34,3 +35,24 @@ close DATA; ok(scalar @match > 0 ? 0 : 1, "checking that storeutl didn't ask for a passphrase"); + + SKIP: { + skip "The objects in test-BER.p12 contain EC keys, which is disabled in this build", 1 + if disabled("ec"); + skip "test-BER.p12 has contents encrypted with DES-EDE3-CBC, which is disabled in this build", 1 + if disabled("des"); + + # The case with a BER-encoded PKCS#12 file, using infinite + EOC + # constructs. There was a bug with those in OpenSSL 3.0 and newer, + # where OSSL_STORE_load() (and by consequence, 'openssl storeutl') + # only extracted the first available object from that file and + # ignored the rest. + # Our test file has a total of four objects, and this should be + # reflected in the total that 'openssl storeutl' outputs + @stdout = run(app(['openssl', 'storeutl', '-passin', 'pass:12345', + data_file('test-BER.p12')]), + capture => 1); + @stdout = map { my $x = $_; $x =~ s/\R$//; $x } @stdout; # Better chomp + ok((grep { $_ eq 'Total found: 4' } @stdout), + "Checking that 'openssl storeutl' with test-BER.p12 returns 4 objects"); +} Binary files /srv/release.debian.org/tmp/nkWfcFbpjA/openssl-3.5.1/test/recipes/90-test_store_cases_data/test-BER.p12 and /srv/release.debian.org/tmp/aHfXY1mTdj/openssl-3.5.4/test/recipes/90-test_store_cases_data/test-BER.p12 differ diff -Nru openssl-3.5.1/test/recipes/90-test_threads_data/store/8489a545.0 openssl-3.5.4/test/recipes/90-test_threads_data/store/8489a545.0 --- openssl-3.5.1/test/recipes/90-test_threads_data/store/8489a545.0 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.5.4/test/recipes/90-test_threads_data/store/8489a545.0 2025-09-30 12:37:40.000000000 +0000 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTIwMTIxMjIwMTEzN1oYDzIxMjAxMjEzMjAxMTM3WjASMRAwDgYDVQQD +DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8 +oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS +feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN +wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g +MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u +aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff +tWgiQ35mJCOvxQIDAQABo3UwczAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB +BjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3o1IwHwYDVR0jBBgwFoAUjvUl +rx6ba4Q9fICayVOcTXL3o1IwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN +AQELBQADggEBABWUjaqtkdRDhVAJZTxkJVgohjRrBwp86Y0JZWdCDua/sErmEaGu +nQVxWWFWIgu6sb8tyQo3/7dBIQl3Rpij9bsgKhToO1OzoG3Oi3d0+zRDHfY6xNrj +TUE00FeLHGNWsgZSIvu99DrGApT/+uPdWfJgMu5szillqW+4hcCUPLjG9ekVNt1s +KhdEklo6PrP6eMbm6s22EIVUxqGE6xxAmrvyhlY1zJH9BJ23Ps+xabjG6OeMRZzT +0F/fU7XIFieSO7rqUcjgo1eYc3ghsDxNUJ6TPBgv5z4SPnstoOBj59rjpJ7Qkpyd +L17VfEadezat37Cpeha7vGDduCsyMfN4kiw= +-----END CERTIFICATE----- diff -Nru openssl-3.5.1/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh openssl-3.5.4/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh --- openssl-3.5.1/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.5.4/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh 2025-09-30 12:37:40.000000000 +0000 @@ -0,0 +1,58 @@ +#!/bin/bash + +# Test openssl CA functionality using oqsprovider for alg $1 + +if [ $# -ne 1 ]; then + echo "Usage: $0 . Exiting." + exit 1 +fi + +if [ -z "$OPENSSL_APP" ]; then + echo "OPENSSL_APP env var not set. Exiting." + exit 1 +fi + +if [ -z "$OPENSSL_MODULES" ]; then + echo "Warning: OPENSSL_MODULES env var not set." +fi + +if [ -z "$OPENSSL_CONF" ]; then + echo "Warning: OPENSSL_CONF env var not set." +fi + +# Set OSX DYLD_LIBRARY_PATH if not already externally set +if [ -z "$DYLD_LIBRARY_PATH" ]; then + export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH +fi + +echo "oqsprovider-ca.sh commencing..." + +#rm -rf tmp +mkdir -p tmp && cd tmp +rm -rf demoCA && mkdir -p demoCA/newcerts +touch demoCA/index.txt +echo '01' > demoCA/serial +$OPENSSL_APP req -x509 -new -newkey $1 -keyout $1_rootCA.key -out $1_rootCA.crt -subj "/CN=test CA" -nodes + +if [ $? -ne 0 ]; then + echo "Failed to generate root CA. Exiting." + exit 1 +fi + +$OPENSSL_APP req -new -newkey $1 -keyout $1.key -out $1.csr -nodes -subj "/CN=test Server" + +if [ $? -ne 0 ]; then + echo "Failed to generate test server CSR. Exiting." + exit 1 +fi + +$OPENSSL_APP ca -batch -days 100 -keyfile $1_rootCA.key -cert $1_rootCA.crt -policy policy_anything -notext -out $1.crt -infiles $1.csr + +if [ $? -ne 0 ]; then + echo "Failed to generate server CRT. Exiting." + exit 1 +fi + +# Don't forget to use provider(s) when not activated via config file +$OPENSSL_APP verify -CAfile $1_rootCA.crt $1.crt + diff -Nru openssl-3.5.1/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh openssl-3.5.4/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh --- openssl-3.5.1/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/recipes/95-test_external_oqsprovider_data/oqsprovider.sh 2025-09-30 12:37:40.000000000 +0000 @@ -70,5 +70,7 @@ export OPENSSL_MODULES=$PWD/_build/lib export OQS_PROVIDER_TESTSCRIPTS=$SRCTOP/oqs-provider/scripts export OPENSSL_CONF=$OQS_PROVIDER_TESTSCRIPTS/openssl-ca.cnf +# hotfix for wrong cert validity period +cp $SRCTOP/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh $SRCTOP/oqs-provider/scripts/ # Be verbose if harness is verbose: $SRCTOP/oqs-provider/scripts/runtests.sh -V diff -Nru openssl-3.5.1/test/sanitytest.c openssl-3.5.4/test/sanitytest.c --- openssl-3.5.1/test/sanitytest.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/sanitytest.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,10 @@ #include "internal/numbers.h" #include "internal/time.h" +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L +# include +#endif + static int test_sanity_null_zero(void) { char *p; @@ -130,22 +134,77 @@ return CRYPTO_memcmp("ab", "cd", 2); } -static int test_sanity_sleep(void) +static const struct sleep_test_vector { + uint64_t val; +} sleep_test_vectors[] = { { 0 }, { 1 }, { 999 }, { 1000 } }; + +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L +static void +alrm_handler(int sig) +{ +} +#endif /* defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L */ + +static int test_sanity_sleep(int i) { + const struct sleep_test_vector * const td = sleep_test_vectors + i; OSSL_TIME start = ossl_time_now(); - uint64_t seconds; + uint64_t ms; +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L /* - * On any reasonable system this must sleep at least one second - * but not more than 20. - * Assuming there is no interruption. + * Set up an interrupt timer to check that OSSL_sleep doesn't return early + * due to interrupts. */ - OSSL_sleep(1000); + do { + static const struct itimerval it = { { 0, 111111 } }; + struct sigaction sa; + sigset_t mask; + + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = alrm_handler; + + if (sigaction(SIGALRM, &sa, NULL)) { + TEST_perror("test_sanity_sleep: sigaction"); + break; + } + + sigemptyset(&mask); + sigaddset(&mask, SIGALRM); + if (sigprocmask(SIG_UNBLOCK, &mask, NULL)) { + TEST_perror("test_sanity_sleep: sigprocmask"); + break; + } + + if (setitimer(ITIMER_REAL, &it, NULL)) { + TEST_perror("test_sanity_sleep: arm setitimer"); + break; + } + } while (0); +#endif /* defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L */ - seconds = ossl_time2seconds(ossl_time_subtract(ossl_time_now(), start)); + /* + * On any reasonable system this must sleep at least the specified time + * but not more than 20 seconds more than that. + */ + OSSL_sleep(td->val); + +#if defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L + /* disarm the timer */ + do { + static const struct itimerval it; + + if (setitimer(ITIMER_REAL, &it, NULL)) { + TEST_perror("test_sanity_sleep: disarm setitimer"); + break; + } + } while (0); +#endif /* defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L */ - if (!TEST_uint64_t_ge(seconds, 1) || !TEST_uint64_t_le(seconds, 20)) - return 0; + ms = ossl_time2ms(ossl_time_subtract(ossl_time_now(), start)); + + if (!TEST_uint64_t_ge(ms, td->val) + !TEST_uint64_t_le(ms, td->val + 20000)) + return 0; return 1; } @@ -158,6 +217,6 @@ ADD_TEST(test_sanity_unsigned_conversion); ADD_TEST(test_sanity_range); ADD_TEST(test_sanity_memcmp); - ADD_TEST(test_sanity_sleep); + ADD_ALL_TESTS(test_sanity_sleep, OSSL_NELEM(sleep_test_vectors)); return 1; } diff -Nru openssl-3.5.1/test/slh_dsa_test.c openssl-3.5.4/test/slh_dsa_test.c --- openssl-3.5.1/test/slh_dsa_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/slh_dsa_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -183,10 +183,11 @@ * Loading 128s private key data into a 128f algorithm will have an incorrect * public key. */ - if (!TEST_ptr(key = slh_dsa_key_from_data("SLH-DSA-SHA2-128f", - slh_dsa_sha2_128s_0_keygen_priv, - sizeof(slh_dsa_sha2_128s_0_keygen_priv), 0))) - return 0; + key = slh_dsa_key_from_data("SLH-DSA-SHA2-128f", + slh_dsa_sha2_128s_0_keygen_priv, + sizeof(slh_dsa_sha2_128s_0_keygen_priv), 0); + if (!TEST_ptr(key)) + goto end; if (!TEST_ptr(vctx = EVP_PKEY_CTX_new_from_pkey(lib_ctx, key, NULL))) goto end; if (!TEST_int_eq(EVP_PKEY_pairwise_check(vctx), 0)) diff -Nru openssl-3.5.1/test/sslapitest.c openssl-3.5.4/test/sslapitest.c --- openssl-3.5.1/test/sslapitest.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/sslapitest.c 2025-09-30 12:37:40.000000000 +0000 @@ -98,6 +98,7 @@ static char *srpvfile = NULL; static char *tmpfilename = NULL; static char *dhfile = NULL; +static char *datadir = NULL; static int is_fips = 0; static int fips_ems_check = 0; @@ -120,6 +121,15 @@ #define CLIENT_VERSION_LEN 2 +/* The ssltrace test assumes some options are switched on/off */ +#if !defined(OPENSSL_NO_SSL_TRACE) \ + && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \ + && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH) \ + && !defined(OPENSSL_NO_ML_DSA) && !defined(OPENSSL_NO_ML_KEM) \ + && !defined(OPENSSL_NO_TLS1_3) +# define DO_SSL_TRACE_TEST +#endif + /* * This structure is used to validate that the correct number of log messages * of various types are emitted when emitting secret logs. @@ -13269,6 +13279,77 @@ return testresult; } +#if defined(DO_SSL_TRACE_TEST) +/* + * Tests that the SSL_trace() msg_callback works as expected with a PQ Groups. + */ +static int test_ssl_trace(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + BIO *bio = NULL; + char *reffile = NULL; + char *grouplist = "MLKEM512:MLKEM768:MLKEM1024:X25519MLKEM768:SecP256r1MLKEM768" + ":SecP384r1MLKEM1024:secp521r1:secp384r1:secp256r1"; + + if (!fips_provider_version_ge(libctx, 3, 5, 0)) + return TEST_skip("FIPS provider does not support MLKEM algorithms"); + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_3_VERSION, TLS1_3_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_ptr(bio = BIO_new(BIO_s_mem())) + || !TEST_true(SSL_CTX_set1_groups_list(sctx, grouplist)) + || !TEST_true(SSL_CTX_set1_groups_list(cctx, grouplist)) + || !TEST_true(SSL_CTX_set_ciphersuites(cctx, + "TLS_AES_128_GCM_SHA256")) + || !TEST_true(SSL_CTX_set_ciphersuites(sctx, + "TLS_AES_128_GCM_SHA256")) +# ifdef SSL_OP_LEGACY_EC_POINT_FORMATS + || !TEST_true(SSL_CTX_set_options(cctx, SSL_OP_LEGACY_EC_POINT_FORMATS)) + || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_LEGACY_EC_POINT_FORMATS)) +# endif + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto err; + + SSL_set_msg_callback(clientssl, SSL_trace); + SSL_set_msg_callback_arg(clientssl, bio); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto err; + + /* Skip the comparison of the trace when the fips provider is used. */ + if (is_fips) { + /* Check whether there was something written. */ + if (!TEST_int_gt(BIO_pending(bio), 0)) + goto err; + } else { + +# ifdef OPENSSL_NO_ZLIB + reffile = test_mk_file_path(datadir, "ssltraceref.txt"); +# else + reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt"); +# endif + if (!TEST_true(compare_with_reference_file(bio, reffile))) + goto err; + } + + testresult = 1; + err: + BIO_free(bio); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + OPENSSL_free(reffile); + + return testresult; +} +#endif + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") int setup_tests(void) @@ -13303,6 +13384,8 @@ || !TEST_ptr(dhfile = test_get_argument(5))) return 0; + datadir = test_get_argument(6); + if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile))) return 0; @@ -13598,6 +13681,10 @@ ADD_TEST(test_quic_tls_early_data); #endif ADD_ALL_TESTS(test_no_renegotiation, 2); +#if defined(DO_SSL_TRACE_TEST) + if (datadir != NULL) + ADD_TEST(test_ssl_trace); +#endif return 1; err: diff -Nru openssl-3.5.1/test/testec-sm2.pem openssl-3.5.4/test/testec-sm2.pem --- openssl-3.5.1/test/testec-sm2.pem 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.5.4/test/testec-sm2.pem 2025-09-30 12:37:40.000000000 +0000 @@ -0,0 +1,5 @@ +-----BEGIN SM2 PRIVATE KEY----- +MHcCAQEEIKPB7gEYKGAwAkz0MfGwQm0BXclgzvSTxQG9bm4RCAxXoAoGCCqBHM9V +AYItoUQDQgAE+FuibOpfjVfj716O3LglhK4HzjUR82mgn8kTZinQsEafw3FFZzZJ +vwHIGHUsSKxVTRIEs+BICQDBg99OA3VU/Q== +-----END SM2 PRIVATE KEY----- diff -Nru openssl-3.5.1/test/testutil/compare.c openssl-3.5.4/test/testutil/compare.c --- openssl-3.5.1/test/testutil/compare.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.5.4/test/testutil/compare.c 2025-09-30 12:37:40.000000000 +0000 @@ -0,0 +1,88 @@ +/* + * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" + +static void strip_line_ends(char *str) +{ + size_t i; + + for (i = strlen(str); + i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r'); + i--); + + str[i] = '\0'; +} + +int compare_with_reference_file(BIO *membio, const char *reffile) +{ + BIO *file = NULL, *newfile = NULL; + char buf1[8192], buf2[8192]; + int ret = 0; + size_t i; + + if (!TEST_ptr(reffile)) + goto err; + + file = BIO_new_file(reffile, "rb"); + if (!TEST_ptr(file)) + goto err; + + newfile = BIO_new_file("ssltraceref-new.txt", "wb"); + if (!TEST_ptr(newfile)) + goto err; + + while (BIO_gets(membio, buf2, sizeof(buf2)) > 0) + if (BIO_puts(newfile, buf2) <= 0) { + TEST_error("Failed writing new file data"); + goto err; + } + + if (!TEST_int_ge(BIO_seek(membio, 0), 0)) + goto err; + + while (BIO_gets(file, buf1, sizeof(buf1)) > 0) { + size_t line_len; + + if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) { + TEST_error("Failed reading mem data"); + goto err; + } + strip_line_ends(buf1); + strip_line_ends(buf2); + line_len = strlen(buf1); + if (line_len > 0 && buf1[line_len - 1] == '?') { + /* Wildcard at the EOL means ignore anything after it */ + if (strlen(buf2) > line_len) + buf2[line_len] = '\0'; + } + if (line_len != strlen(buf2)) { + TEST_error("Actual and ref line data length mismatch"); + TEST_info("%s", buf1); + TEST_info("%s", buf2); + goto err; + } + for (i = 0; i < line_len; i++) { + /* '?' is a wild card character in the reference text */ + if (buf1[i] == '?') + buf2[i] = '?'; + } + if (!TEST_str_eq(buf1, buf2)) + goto err; + } + if (!TEST_true(BIO_eof(file)) + || !TEST_true(BIO_eof(membio))) + goto err; + + ret = 1; + err: + BIO_free(file); + BIO_free(newfile); + return ret; +} diff -Nru openssl-3.5.1/test/testutil.h openssl-3.5.4/test/testutil.h --- openssl-3.5.1/test/testutil.h 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/testutil.h 2025-09-30 12:37:40.000000000 +0000 @@ -652,4 +652,6 @@ STACK_OF(X509) *load_certs_pem(const char *file); X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx); time_t test_asn1_string_to_time_t(const char *asn1_string); + +int compare_with_reference_file(BIO *membio, const char *reffile); #endif /* OSSL_TESTUTIL_H */ diff -Nru openssl-3.5.1/test/threadstest.c openssl-3.5.4/test/threadstest.c --- openssl-3.5.1/test/threadstest.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/threadstest.c 2025-09-30 12:37:40.000000000 +0000 @@ -49,6 +49,7 @@ static int do_fips = 0; static char *privkey; +static char *storedir; static char *config_file = NULL; static int multidefault_run = 0; @@ -182,13 +183,16 @@ CRYPTO_atomic_add(&rwwriter2_done, 0, &lw2, atomiclock); count++; - if (rwwriter_ptr != NULL && old > *rwwriter_ptr) { - TEST_info("rwwriter pointer went backwards\n"); - rw_torture_result = 0; + if (rwwriter_ptr != NULL) { + if (old > *rwwriter_ptr) { + TEST_info("rwwriter pointer went backwards! %d : %d\n", + old, *rwwriter_ptr); + rw_torture_result = 0; + } + old = *rwwriter_ptr; } if (CRYPTO_THREAD_unlock(rwtorturelock) == 0) abort(); - *iterations = count; if (rw_torture_result == 0) { *iterations = count; return; @@ -320,7 +324,8 @@ t1 = ossl_time_now(); for (count = 0; ; count++) { - new = CRYPTO_zalloc(sizeof(uint64_t), NULL, 0); + new = CRYPTO_malloc(sizeof(uint64_t), NULL, 0); + *new = (uint64_t)0xBAD; if (contention == 0) OSSL_sleep(1000); ossl_rcu_write_lock(rcu_lock); @@ -380,6 +385,8 @@ if (oldval > val) { TEST_info("rcu torture value went backwards! %llu : %llu", (unsigned long long)oldval, (unsigned long long)val); + if (valp == NULL) + TEST_info("ossl_rcu_deref did return NULL!"); rcu_torture_result = 0; } oldval = val; /* just try to deref the pointer */ @@ -1135,7 +1142,7 @@ multidefault_run = 1; return thread_run_test(&thread_multi_simple_fetch, - 2, &thread_multi_simple_fetch, 0, default_provider); + 2, &thread_multi_simple_fetch, 0, NULL); } static int test_multi_load(void) @@ -1295,6 +1302,62 @@ &test_pem_read_one, 1, default_provider); } +static X509_STORE *store = NULL; + +static void test_x509_store_by_subject(void) +{ + X509_STORE_CTX *ctx; + X509_OBJECT *obj = NULL; + X509_NAME *name = NULL; + int success = 0; + + ctx = X509_STORE_CTX_new(); + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_true(X509_STORE_CTX_init(ctx, store, NULL, NULL))) + goto err; + + name = X509_NAME_new(); + if (!TEST_ptr(name)) + goto err; + if (!TEST_true(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, + (unsigned char *)"Root CA", + -1, -1, 0))) + goto err; + obj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, name); + if (!TEST_ptr(obj)) + goto err; + + success = 1; + err: + X509_OBJECT_free(obj); + X509_STORE_CTX_free(ctx); + X509_NAME_free(name); + if (!success) + multi_set_success(0); +} + +/* Test accessing an X509_STORE from multiple threads */ +static int test_x509_store(void) +{ + int ret = 0; + + store = X509_STORE_new(); + if (!TEST_ptr(store)) + return 0; + if (!TEST_true(X509_STORE_load_store(store, storedir))) + goto err; + + ret = thread_run_test(&test_x509_store_by_subject, MAXIMUM_THREADS, + &test_x509_store_by_subject, 0, NULL); + + err: + X509_STORE_free(store); + store = NULL; + return ret; +} + typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, @@ -1341,6 +1404,10 @@ if (!TEST_ptr(privkey)) return 0; + storedir = test_mk_file_path(datadir, "store"); + if (!TEST_ptr(storedir)) + return 0; + if (!TEST_ptr(global_lock = CRYPTO_THREAD_lock_new())) return 0; @@ -1379,12 +1446,14 @@ ADD_TEST(test_bio_dgram_pair); #endif ADD_TEST(test_pem_read); + ADD_TEST(test_x509_store); return 1; } void cleanup_tests(void) { OPENSSL_free(privkey); + OPENSSL_free(storedir); #ifdef TSAN_REQUIRES_LOCKING CRYPTO_THREAD_lock_free(tsan_lock); #endif diff -Nru openssl-3.5.1/test/tls13groupselection_test.c openssl-3.5.4/test/tls13groupselection_test.c --- openssl-3.5.1/test/tls13groupselection_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/tls13groupselection_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -311,17 +311,17 @@ { "X25519:secp256r1:X448:secp521r1:-X448:-secp256r1:-X25519:-secp521r1", "", CLIENT_PREFERENCE, - NEGOTIATION_FAILURE + NEGOTIATION_FAILURE, INIT }, { "secp384r1:secp521r1:X25519", /* test 39 */ "prime256v1:X448", CLIENT_PREFERENCE, - NEGOTIATION_FAILURE + NEGOTIATION_FAILURE, INIT }, { "secp521r1:secp384r1:X25519", /* test 40 */ "prime256v1:X448", SERVER_PREFERENCE, - NEGOTIATION_FAILURE + NEGOTIATION_FAILURE, INIT }, /* * These are allowed @@ -340,6 +340,15 @@ SERVER_PREFERENCE, "secp521r1", SH }, + /* + * Not a syntax error, but invalid because brainpoolP256r1 is the only + * key share and is not valid in TLSv1.3 + */ + { "*brainpoolP256r1:X25519", /* test 43 */ + "X25519", + SERVER_PREFERENCE, + NEGOTIATION_FAILURE, INIT + } }; static void server_response_check_cb(int write_p, int version, @@ -489,6 +498,10 @@ ok = 1; } else { TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)); + if (test_type == TEST_NEGOTIATION_FAILURE && + !TEST_int_eq((int)current_test_vector->expected_server_response, + (int)server_response)) + goto end; ok = 1; } diff -Nru openssl-3.5.1/test/wpackettest.c openssl-3.5.4/test/wpackettest.c --- openssl-3.5.1/test/wpackettest.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/wpackettest.c 2025-09-30 12:37:40.000000000 +0000 @@ -588,7 +588,7 @@ for (i = 0; i < 10000; ++i) { if (!TEST_int_gt(RAND_bytes(rand_data, sizeof(rand_data)), 0)) - return cleanup(&pkt); + return 0; memcpy(&expected, rand_data, sizeof(expected)); diff -Nru openssl-3.5.1/test/x509_test.c openssl-3.5.4/test/x509_test.c --- openssl-3.5.1/test/x509_test.c 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/test/x509_test.c 2025-09-30 12:37:40.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -176,6 +176,112 @@ return ret; } +static int test_x509_delete_last_extension(void) +{ + int ret = 0; + X509 *x509 = NULL; + X509_EXTENSION *ext = NULL; + ASN1_OBJECT *obj = NULL; + + if (!TEST_ptr((x509 = X509_new())) + /* Initially, there are no extensions and thus no extension list. */ + || !TEST_ptr_null(X509_get0_extensions(x509)) + /* Add an extension. */ + || !TEST_ptr((ext = X509_EXTENSION_new())) + || !TEST_ptr((obj = OBJ_nid2obj(NID_subject_key_identifier))) + || !TEST_int_eq(X509_EXTENSION_set_object(ext, obj), 1) + || !TEST_int_eq(X509_add_ext(x509, ext, -1), 1) + /* There should now be an extension list. */ + || !TEST_ptr(X509_get0_extensions(x509)) + || !TEST_int_eq(sk_X509_EXTENSION_num(X509_get0_extensions(x509)), 1)) + goto err; + + /* Delete the extension. */ + X509_EXTENSION_free(X509_delete_ext(x509, 0)); + + /* The extension list should be NULL again. */ + if (!TEST_ptr_null(X509_get0_extensions(x509))) + goto err; + + ret = 1; + +err: + X509_free(x509); + X509_EXTENSION_free(ext); + return ret; +} + +static int test_x509_crl_delete_last_extension(void) +{ + int ret = 0; + X509_CRL *crl = NULL; + X509_EXTENSION *ext = NULL; + ASN1_OBJECT *obj = NULL; + + if (!TEST_ptr((crl = X509_CRL_new())) + /* Initially, there are no extensions and thus no extension list. */ + || !TEST_ptr_null(X509_CRL_get0_extensions(crl)) + /* Add an extension. */ + || !TEST_ptr((ext = X509_EXTENSION_new())) + || !TEST_ptr((obj = OBJ_nid2obj(NID_subject_key_identifier))) + || !TEST_int_eq(X509_EXTENSION_set_object(ext, obj), 1) + || !TEST_int_eq(X509_CRL_add_ext(crl, ext, -1), 1) + /* There should now be an extension list. */ + || !TEST_ptr(X509_CRL_get0_extensions(crl)) + || !TEST_int_eq(sk_X509_EXTENSION_num(X509_CRL_get0_extensions(crl)), + 1)) + goto err; + + /* Delete the extension. */ + X509_EXTENSION_free(X509_CRL_delete_ext(crl, 0)); + + /* The extension list should be NULL again. */ + if (!TEST_ptr_null(X509_CRL_get0_extensions(crl))) + goto err; + + ret = 1; + +err: + X509_CRL_free(crl); + X509_EXTENSION_free(ext); + return ret; +} + +static int test_x509_revoked_delete_last_extension(void) +{ + int ret = 0; + X509_REVOKED *rev = NULL; + X509_EXTENSION *ext = NULL; + ASN1_OBJECT *obj = NULL; + + if (!TEST_ptr((rev = X509_REVOKED_new())) + /* Initially, there are no extensions and thus no extension list. */ + || !TEST_ptr_null(X509_REVOKED_get0_extensions(rev)) + /* Add an extension. */ + || !TEST_ptr((ext = X509_EXTENSION_new())) + || !TEST_ptr((obj = OBJ_nid2obj(NID_subject_key_identifier))) + || !TEST_int_eq(X509_EXTENSION_set_object(ext, obj), 1) + || !TEST_int_eq(X509_REVOKED_add_ext(rev, ext, -1), 1) + /* There should now be an extension list. */ + || !TEST_ptr(X509_REVOKED_get0_extensions(rev)) + || !TEST_int_eq(sk_X509_EXTENSION_num(X509_REVOKED_get0_extensions(rev)), 1)) + goto err; + + /* Delete the extension. */ + X509_EXTENSION_free(X509_REVOKED_delete_ext(rev, 0)); + + /* The extension list should be NULL again. */ + if (!TEST_ptr_null(X509_REVOKED_get0_extensions(rev))) + goto err; + + ret = 1; + +err: + X509_REVOKED_free(rev); + X509_EXTENSION_free(ext); + return ret; +} + OPT_TEST_DECLARE_USAGE("\n") int setup_tests(void) @@ -210,6 +316,9 @@ ADD_TEST(test_x509_tbs_cache); ADD_TEST(test_x509_crl_tbs_cache); ADD_TEST(test_asn1_item_verify); + ADD_TEST(test_x509_delete_last_extension); + ADD_TEST(test_x509_crl_delete_last_extension); + ADD_TEST(test_x509_revoked_delete_last_extension); return 1; } diff -Nru openssl-3.5.1/util/perl/TLSProxy/Proxy.pm openssl-3.5.4/util/perl/TLSProxy/Proxy.pm --- openssl-3.5.1/util/perl/TLSProxy/Proxy.pm 2025-07-01 11:52:08.000000000 +0000 +++ openssl-3.5.4/util/perl/TLSProxy/Proxy.pm 2025-09-30 12:37:40.000000000 +0000 @@ -97,7 +97,23 @@ sub init { - require IO::Socket::IP; + my $useSockInet = 0; + eval { + require IO::Socket::IP; + my $s = IO::Socket::IP->new( + LocalAddr => "::1", + LocalPort => 0, + Listen=>1, + ); + $s or die "\n"; + $s->close(); + }; + if ($@ eq "") { + require IO::Socket::IP; + } else { + $useSockInet = 1; + } + my $class = shift; my ($filter, $execute, @@ -118,8 +134,13 @@ $test_client_port = 49152 + int(rand(65535 - 49152)); my $test_sock; if ($useINET6 == 0) { - $test_sock = IO::Socket::IP->new(LocalPort => $test_client_port, - LocalAddr => $test_client_addr); + if ($useSockInet == 0) { + $test_sock = IO::Socket::IP->new(LocalPort => $test_client_port, + LocalAddr => $test_client_addr); + } else { + $test_sock = IO::Socket::INET->new(LocalAddr => $test_client_addr, + LocalPort => $test_client_port); + } } else { $test_sock = IO::Socket::INET6->new(LocalAddr => $test_client_addr, LocalPort => $test_client_port,