kgess-mirror/freebsd-src
1
0
Fork 0
mirror of https://git.freebsd.org/src.git synced 2026-01-16 23:02:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

openssl: import 3.5.1

Browse source 
This change adds OpenSSL 3.5.1 from upstream [1].

The 3.5.1 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

More information about the release (from a high level) can be found in
the release notes [4].

1. https://github.com/openssl/openssl/releases/download/openssl-3.5.1/openssl-3.5.1.tar.gz
2. https://github.com/openssl/openssl/releases/download/openssl-3.5.1/openssl-3.5.1.tar.gz.asc
3. https://github.com/openssl/openssl/releases/download/openssl-3.5.1/openssl-3.5.1.tar.gz.sha256
4. https://github.com/openssl/openssl/blob/openssl-3.5.1/NEWS.md

Reviewed by:	ngie, philip
Approved by:	philip (mentor)
Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Pierre Pronchery 2025-07-11 23:17:50 +02:00
parent 09a2519227
commit 1095efe41f
189 changed files with 4283 additions and 1427 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
CHANGES.md
View file

@ -28,6 +28,29 @@ OpenSSL Releases
OpenSSL 3.5
-----------
### Changes between 3.5.0 and 3.5.1 [1 Jul 2025]
* Fix x509 application adds trusted use instead of rejected use.
Issue summary: Use of -addreject option with the openssl x509 application adds
a trusted use instead of a rejected use for a certificate.
Impact summary: If a user intends to make a trusted certificate rejected for
a particular use it will be instead marked as trusted for that use.
([CVE-2025-4575])
*Tomas Mraz*
* Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
alert being received. Older versions of OpenSSL failed with DTLS if a
no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We
have now restored the original behaviour and brought DTLS back into line with
TLS.
*Matt Caswell*
### Changes between 3.4 and 3.5.0 [8 Apr 2025]
* Added server side support for QUIC
@ -6586,6 +6609,11 @@ OpenSSL 1.1.0
*Rob Percival <robpercival@google.com>*
* SSLv3 is by default disabled at build-time. Builds that are not
configured with "enable-ssl3" will not support SSLv3.
*Kurt Roeckx*
OpenSSL 1.0.2
-------------
@ -21199,6 +21227,7 @@ ndif
<!-- Links -->
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119

8
Configurations/unix-Makefile.tmpl
View file

@ -135,7 +135,7 @@ GENERATED_PODS={- # common0.tmpl provides @generated
fill_lines(" ", $COLUMNS - 15,
map { my $x = $_;
(
grep {
grep {
$unified_info{attributes}->{depends}
->{$x}->{$_}->{pod} // 0
}
@ -809,12 +809,12 @@ install_dev: install_runtime_libs
cp $$e "$(DESTDIR)$(PKGCONFIGDIR)/$$fn"; \
chmod 644 "$(DESTDIR)$(PKGCONFIGDIR)/$$fn"; \
done
@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(CMAKECONFIGDIR)
@$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(CMAKECONFIGDIR)"
@for e in $(INSTALL_EXPORTERS_CMAKE); do \
fn=`basename $$e`; \
$(ECHO) "install $$e -> $(DESTDIR)$(CMAKECONFIGDIR)/$$fn"; \
cp $$e $(DESTDIR)$(CMAKECONFIGDIR)/$$fn; \
chmod 644 $(DESTDIR)$(CMAKECONFIGDIR)/$$fn; \
cp $$e "$(DESTDIR)$(CMAKECONFIGDIR)/$$fn"; \
chmod 644 "$(DESTDIR)$(CMAKECONFIGDIR)/$$fn"; \
done
uninstall_dev: uninstall_runtime_libs

1
Configure
View file

@ -171,6 +171,7 @@ my @gcc_devteam_warn = qw(
-Wextra
-Wno-unused-parameter
-Wno-missing-field-initializers
-Wno-unterminated-string-initialization
-Wswitch
-Wsign-compare
-Wshadow

87
HACKING.md
View file

@ -1,33 +1,80 @@
MODIFYING OPENSSL SOURCE
========================
This document describes the way to add custom modifications to OpenSSL sources.
This document describes the way to add custom modifications to OpenSSL
sources.
If you are adding new public functions to the custom library build, you need to
either add a prototype in one of the existing OpenSSL header files;
or provide a new header file and edit
[Configurations/unix-Makefile.tmpl](Configurations/unix-Makefile.tmpl)
to pick up that file.
If you are adding new C source files
------------------------------------
After that, perform the following steps:
Please update the `build.info` files in the directories where you placed the
C source files, to include a line like this for each new C source file:
- In `crypto/` or any of its subdirectories (intended for `libcrypto`):
SOURCE[../libcrypto]={name-of-C-source-file}
- In `ssl/` or any of its subdirectories (intended for `libssl`):
SOURCE[../libssl]={name-of-C-source-file}
Do note that the path given as the `SOURCE` attribute must be adapted
appropriately for the location of the `build.info` file, as it's a relative
path to where the library itself is built, for example:
- For `crypto/build.info`, the library path should be `../libcrypto`
- For `crypto/evp/build.info`, the library path should be
`../../libcrypto`
- For `ssl/build.info`, the library path should be `../libssl`
- For `ssl/quic/build.info`, the library path should be `../../libssl`
To know more about `build.info` files, please read [doc/internal/man7/build.info.pod].
For better viewing, consider converting it to HTML or PDF using `pod2html`
or `pod2pdf`.
Adding new public functions
---------------------------
If you are adding new public functions to the custom library build, you need to
either add a prototype in one of the existing OpenSSL header files, or
provide a new header file and edit.
Only headers in the `include/openssl` subdirectory are considered for public
functions. If you're creating a new header file, it must be located in that
directory.
Functions declared in `include/openssl` header files are assumed to be part
of the `libcrypto` library unless specified otherwise. *If your new
functions are meant for the `libssl` library*, you will need to edit
[Configurations/unix-Makefile.tmpl] and add the header file name in the
array `my @sslheaders_tmpl`.
Updating OpenSSL's bookkeeping files
------------------------------------
OpenSSL has a few bookkeeping files to keep track of exposed functions, most
importantly `util/libcrypto.num` and `util/libssl.num`. Any time a new
public function - as defined above - is added, these files must be updated.
To make such an update, please do the following:
./Configure -Werror --strict-warnings [your-options]
make update
make
make test
`make update` ensures that your functions declarations are added to
`util/libcrypto.num` or `util/libssl.num`.
If you plan to submit the changes you made to OpenSSL
(see [CONTRIBUTING.md](CONTRIBUTING.md)), it's worth running:
If you plan to submit the changes you made to OpenSSL (see
[CONTRIBUTING.md]), it's also worth running the following after running
`make update`, to ensure that documentation has correct format.
make doc-nits
after running `make update` to ensure that documentation has correct format.
Do note that `make update` also generates files related to OIDs (in the
`crypto/objects/` folder) and errors messages.
`make update` also generates files related to OIDs (in the `crypto/objects/`
folder) and errors.
If a merge error occurs in one of these generated files, then the
generated files need to be removed and regenerated using `make update`.
To aid in this process, the generated files can be committed separately
so they can be removed easily.
If a git merge error occurs in one of these generated files, then the
generated files need to be removed and regenerated using `make update`.
To aid in this process, the generated files can be committed separately
so they can be removed easily by reverting that commit.
[doc/internal/man7/build.info.pod]: ./doc/internal/man7/build.info.pod
[Configurations/unix-Makefile.tmpl]: ./Configurations/unix-Makefile.tmpl
[CONTRIBUTING.md]: ./CONTRIBUTING.md

12
NEWS.md
View file

@ -23,6 +23,16 @@ OpenSSL Releases
OpenSSL 3.5
-----------
### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025]
OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this
release is Low.
This release incorporates the following bug fixes and mitigations:
* Fix x509 application adds trusted use instead of rejected use.
([CVE-2025-4575])
### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025]
OpenSSL 3.5.0 is a feature release adding significant new functionality to
@ -1889,7 +1899,7 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119

5
NOTES-WINDOWS.md
View file

@ -87,6 +87,11 @@ Quick start
on the Universal CRT or
- `perl Configure` to let Configure figure out the platform
a. If you don't plan to develop OpenSSL yourself and don't need to rebuild,
in other words, if you always do a new build, turning off the build
dependency feature can speed up build times by up to 50%:
`perl Configure no-makedepend`
6. `nmake`
7. `nmake test`

4
VERSION.dat
View file

@ -1,7 +1,7 @@
MAJOR=3
MINOR=5
PATCH=0
PATCH=1
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="8 Apr 2025"
RELEASE_DATE="1 Jul 2025"
SHLIB_VERSION=3

262
apps/CA.pl.in
View file

@ -1,5 +1,5 @@
#!{- $config{HASHBANGPERL} -}
# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -19,14 +19,17 @@ my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
my $openssl = $ENV{'OPENSSL'} // "openssl";
$ENV{'OPENSSL'} = $openssl;
my @openssl = split_val($openssl);
my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // "";
my @OPENSSL_CONFIG = split_val($OPENSSL_CONFIG);
# Command invocations.
my $REQ = "$openssl req $OPENSSL_CONFIG";
my $CA = "$openssl ca $OPENSSL_CONFIG";
my $VERIFY = "$openssl verify";
my $X509 = "$openssl x509";
my $PKCS12 = "$openssl pkcs12";
my @REQ = (@openssl, "req", @OPENSSL_CONFIG);
my @CA = (@openssl, "ca", @OPENSSL_CONFIG);
my @VERIFY = (@openssl, "verify");
my @X509 = (@openssl, "x509");
my @PKCS12 = (@openssl, "pkcs12");
# Default values for various configuration settings.
my $CATOP = "./demoCA";
@ -34,10 +37,10 @@ my $CAKEY = "cakey.pem";
my $CAREQ = "careq.pem";
my $CACERT = "cacert.pem";
my $CACRL = "crl.pem";
my $DAYS = "-days 365";
my $CADAYS = "-days 1095"; # 3 years
my $EXTENSIONS = "-extensions v3_ca";
my $POLICY = "-policy policy_anything";
my @DAYS = qw(-days 365);
my @CADAYS = qw(-days 1095); # 3 years
my @EXTENSIONS = qw(-extensions v3_ca);
my @POLICY = qw(-policy policy_anything);
my $NEWKEY = "newkey.pem";
my $NEWREQ = "newreq.pem";
my $NEWCERT = "newcert.pem";
@ -45,31 +48,177 @@ my $NEWP12 = "newcert.p12";
# Commandline parsing
my %EXTRA;
my $WHAT = shift @ARGV || "";
my $WHAT = shift @ARGV // "";
@ARGV = parse_extra(@ARGV);
my $RET = 0;
sub split_val {
return split_val_win32(@_) if ($^O eq 'MSWin32');
my ($val) = @_;
my (@ret, @frag);
# Skip leading whitespace
$val =~ m{\A[ \t]*}ogc;
# Unix shell-compatible split
#
# Handles backslash escapes outside quotes and
# in double-quoted strings. Parameter and
# command-substitution is silently ignored.
# Bare newlines outside quotes and (trailing) backslashes are disallowed.
while (1) {
last if (pos($val) == length($val));
# The first char is never a SPACE or TAB. Possible matches are:
# 1. Ordinary string fragment
# 2. Single-quoted string
# 3. Double-quoted string
# 4. Backslash escape
# 5. Bare backlash or newline (rejected)
#
if ($val =~ m{\G([^'" \t\n\\]+)}ogc) {
# Ordinary string
push @frag, $1;
} elsif ($val =~ m{\G'([^']*)'}ogc) {
# Single-quoted string
push @frag, $1;
} elsif ($val =~ m{\G"}ogc) {
# Double-quoted string
push @frag, "";
while (1) {
last if ($val =~ m{\G"}ogc);
if ($val =~ m{\G([^"\\]+)}ogcs) {
# literals
push @frag, $1;
} elsif ($val =~ m{\G.(["\`\$\\])}ogc) {
# backslash-escaped special
push @frag, $1;
} elsif ($val =~ m{\G.(.)}ogcs) {
# backslashed non-special
push @frag, "\\$1" unless $1 eq "\n";
} else {
die sprintf("Malformed quoted string: %s\n", $val);
}
}
} elsif ($val =~ m{\G\\(.)}ogc) {
# Backslash is unconditional escape outside quoted strings
push @frag, $1 unless $1 eq "\n";
} else {
die sprintf("Bare backslash or newline in: '%s'\n", $val);
}
# Done if at SPACE, TAB or end, otherwise continue current fragment
#
next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
push @ret, join("", splice(@frag)) if (@frag > 0);
}
# Handle final fragment
push @ret, join("", splice(@frag)) if (@frag > 0);
return @ret;
}
sub split_val_win32 {
my ($val) = @_;
my (@ret, @frag);
# Skip leading whitespace
$val =~ m{\A[ \t]*}ogc;
# Windows-compatible split
# See: "Parsing C++ command-line arguments" in:
# https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170
#
# Backslashes are special only when followed by a double-quote
# Pairs of double-quotes make a single double-quote.
# Closing double-quotes may be omitted.
while (1) {
last if (pos($val) == length($val));
# The first char is never a SPACE or TAB.
# 1. Ordinary string fragment
# 2. Double-quoted string
# 3. Backslashes preceding a double-quote
# 4. Literal backslashes
# 5. Bare newline (rejected)
#
if ($val =~ m{\G([^" \t\n\\]+)}ogc) {
# Ordinary string
push @frag, $1;
} elsif ($val =~ m{\G"}ogc) {
# Double-quoted string
push @frag, "";
while (1) {
if ($val =~ m{\G("+)}ogc) {
# Two double-quotes make one literal double-quote
my $l = length($1);
push @frag, q{"} x int($l/2) if ($l > 1);
next if ($l % 2 == 0);
last;
}
if ($val =~ m{\G([^"\\]+)}ogc) {
push @frag, $1;
} elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
# Backslashes before a double-quote are escapes
my $l = length($1);
push @frag, q{\\} x int($l / 2);
if ($l % 2 == 1) {
++pos($val);
push @frag, q{"};
}
} elsif ($val =~ m{\G((?:(?>[\\]+)[^"\\]+)+)}ogc) {
# Backslashes not before a double-quote are not special
push @frag, $1;
} else {
# Tolerate missing closing double-quote
last;
}
}
} elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
my $l = length($1);
push @frag, q{\\} x int($l / 2);
if ($l % 2 == 1) {
++pos($val);
push @frag, q{"};
}
} elsif ($val =~ m{\G([\\]+)}ogc) {
# Backslashes not before a double-quote are not special
push @frag, $1;
} else {
die sprintf("Bare newline in: '%s'\n", $val);
}
# Done if at SPACE, TAB or end, otherwise continue current fragment
#
next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
push @ret, join("", splice(@frag)) if (@frag > 0);
}
# Handle final fragment
push @ret, join("", splice(@frag)) if (@frag);
return @ret;
}
# Split out "-extra-CMD value", and return new |@ARGV|. Fill in
# |EXTRA{CMD}| with list of values.
sub parse_extra
{
my @args;
foreach ( @OPENSSL_CMDS ) {
$EXTRA{$_} = '';
$EXTRA{$_} = [];
}
my @result;
while ( scalar(@_) > 0 ) {
my $arg = shift;
if ( $arg !~ m/-extra-([a-z0-9]+)/ ) {
push @result, $arg;
while (@_) {
my $arg = shift(@_);
if ( $arg !~ m{^-extra-(\w+)$} ) {
push @args, split_val($arg);
next;
}
$arg =~ s/-extra-//;
die("Unknown \"-${arg}-extra\" option, exiting")
unless scalar grep { $arg eq $_ } @OPENSSL_CMDS;
$EXTRA{$arg} .= " " . shift;
$arg = $1;
die "Unknown \"-extra-${arg}\" option, exiting\n"
unless grep { $arg eq $_ } @OPENSSL_CMDS;
die "Missing \"-extra-${arg}\" option value, exiting\n"
unless (@_ > 0);
push @{$EXTRA{$arg}}, split_val(shift(@_));
}
return @result;
return @args;
}
@ -112,9 +261,9 @@ sub copy_pemfile
# Wrapper around system; useful for debugging. Returns just the exit status
sub run
{
my $cmd = shift;
print "====\n$cmd\n" if $verbose;
my $status = system($cmd);
my ($cmd, @args) = @_;
print "====\n$cmd @args\n" if $verbose;
my $status = system {$cmd} $cmd, @args;
print "==> $status\n====\n" if $verbose;
return $status >> 8;
}
@ -133,17 +282,15 @@ EOF
if ($WHAT eq '-newcert' ) {
# create a certificate
$RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"
. " $EXTRA{req}");
$RET = run(@REQ, qw(-new -x509 -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-precert' ) {
# create a pre-certificate
$RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"
. " $EXTRA{req}");
$RET = run(@REQ, qw(-x509 -precert -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
# create a certificate request
$RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
$RET = run(@REQ, "-new", (defined $1 ? ($1,) : ()), "-keyout", $NEWKEY, "-out", $NEWREQ, @{$EXTRA{req}});
print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
} elsif ($WHAT eq '-newca' ) {
# create the directory hierarchy
@ -176,48 +323,45 @@ if ($WHAT eq '-newcert' ) {
copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
} else {
print "Making CA certificate ...\n";
$RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY"
. " -out ${CATOP}/$CAREQ $EXTRA{req}");
$RET = run("$CA -create_serial"
. " -out ${CATOP}/$CACERT $CADAYS -batch"
. " -keyfile ${CATOP}/private/$CAKEY -selfsign"
. " $EXTENSIONS"
. " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
$RET = run(@REQ, qw(-new -keyout), "${CATOP}/private/$CAKEY",
"-out", "${CATOP}/$CAREQ", @{$EXTRA{req}});
$RET = run(@CA, qw(-create_serial -out), "${CATOP}/$CACERT", @CADAYS,
qw(-batch -keyfile), "${CATOP}/private/$CAKEY", "-selfsign",
@EXTENSIONS, "-infiles", "${CATOP}/$CAREQ", @{$EXTRA{ca}})
if $RET == 0;
print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
}
} elsif ($WHAT eq '-pkcs12' ) {
my $cname = $ARGV[0];
$cname = "My Certificate" unless defined $cname;
$RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
. " -certfile ${CATOP}/$CACERT -out $NEWP12"
. " -export -name \"$cname\" $EXTRA{pkcs12}");
print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
$RET = run(@PKCS12, "-in", $NEWCERT, "-inkey", $NEWKEY,
"-certfile", "${CATOP}/$CACERT", "-out", $NEWP12,
qw(-export -name), $cname, @{$EXTRA{pkcs12}});
print "PKCS#12 file is in $NEWP12\n" if $RET == 0;
} elsif ($WHAT eq '-xsign' ) {
$RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
$RET = run(@CA, @POLICY, "-infiles", $NEWREQ, @{$EXTRA{ca}});
} elsif ($WHAT eq '-sign' ) {
$RET = run("$CA $POLICY -out $NEWCERT"
. " -infiles $NEWREQ $EXTRA{ca}");
$RET = run(@CA, @POLICY, "-out", $NEWCERT,
"-infiles", $NEWREQ, @{$EXTRA{ca}});
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signCA' ) {
$RET = run("$CA $POLICY -out $NEWCERT"
. " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
$RET = run(@CA, @POLICY, "-out", $NEWCERT, @EXTENSIONS,
"-infiles", $NEWREQ, @{$EXTRA{ca}});
print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-signcert' ) {
$RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
. " -out tmp.pem $EXTRA{x509}");
$RET = run("$CA $POLICY -out $NEWCERT"
. "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
$RET = run(@X509, qw(-x509toreq -in), $NEWREQ, "-signkey", $NEWREQ,
qw(-out tmp.pem), @{$EXTRA{x509}});
$RET = run(@CA, @POLICY, "-out", $NEWCERT,
qw(-infiles tmp.pem), @{$EXTRA{ca}}) if $RET == 0;
print "Signed certificate is in $NEWCERT\n" if $RET == 0;
} elsif ($WHAT eq '-verify' ) {
my @files = @ARGV ? @ARGV : ( $NEWCERT );
foreach my $file (@files) {
# -CAfile quoted for VMS, since the C RTL downcases all unquoted
# arguments to C programs
my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
my $status = run(@VERIFY, "-CAfile", "${CATOP}/$CACERT", $file, @{$EXTRA{verify}});
$RET = $status if $status != 0;
}
} elsif ($WHAT eq '-crl' ) {
$RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
$RET = run(@CA, qw(-gencrl -out), "${CATOP}/crl/$CACRL", @{$EXTRA{ca}});
print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
} elsif ($WHAT eq '-revoke' ) {
my $cname = $ARGV[0];
@ -225,10 +369,10 @@ if ($WHAT eq '-newcert' ) {
print "Certificate filename is required; reason optional.\n";
exit 1;
}
my $reason = $ARGV[1];
$reason = " -crl_reason $reason"
if defined $reason && crl_reason_ok($reason);
$RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
my @reason;
@reason = ("-crl_reason", $ARGV[1])
if defined $ARGV[1] && crl_reason_ok($ARGV[1]);
$RET = run(@CA, "-revoke", $cname, @reason, @{$EXTRA{ca}});
} else {
print STDERR "Unknown arg \"$WHAT\"\n";
print STDERR "Use -help for help.\n";

4
apps/cmp.c
View file

@ -955,7 +955,7 @@ static int set_name(const char *str,
OSSL_CMP_CTX *ctx, const char *desc)
{
if (str != NULL) {
X509_NAME *n = parse_name(str, MBSTRING_ASC, 1, desc);
X509_NAME *n = parse_name(str, MBSTRING_UTF8, 1, desc);
if (n == NULL)
return 0;
@ -2506,6 +2506,7 @@ static int save_template(const char *file, const OSSL_CRMF_CERTTEMPLATE *tmpl)
bio, tmpl)) {
CMP_err1("error saving certTemplate from genp: cannot write file %s",
file);
BIO_free(bio);
return 0;
} else {
CMP_info1("stored certTemplate from genp to file '%s'", file);
@ -2525,6 +2526,7 @@ static int save_keyspec(const char *file, const OSSL_CMP_ATAVS *keyspec)
if (!ASN1_i2d_bio_of(OSSL_CMP_ATAVS, i2d_OSSL_CMP_ATAVS, bio, keyspec)) {
CMP_err1("error saving keySpec from genp: cannot write file %s", file);
BIO_free(bio);
return 0;
} else {
CMP_info1("stored keySpec from genp to file '%s'", file);

6
apps/genpkey.c
View file

@ -302,12 +302,14 @@ int genpkey_main(int argc, char **argv)
if (mem_outpubkey != NULL) {
rv = mem_bio_to_file(mem_outpubkey, outpubkeyfile, outformat, private);
if (!rv)
BIO_printf(bio_err, "Error writing to outpubkey: '%s'. Error: %s\n", outpubkeyfile, strerror(errno));
BIO_printf(bio_err, "Error writing to outpubkey: '%s'. Error: %s\n",
outpubkeyfile, strerror(errno));
}
if (mem_out != NULL) {
rv = mem_bio_to_file(mem_out, outfile, outformat, private);
if (!rv)
BIO_printf(bio_err, "Error writing to outfile: '%s'. Error: %s\n", outpubkeyfile, strerror(errno));
BIO_printf(bio_err, "Error writing to outfile: '%s'. Error: %s\n",
outfile, strerror(errno));
}
}
EVP_PKEY_free(pkey);

10
apps/lib/s_socket.c
View file

@ -173,8 +173,16 @@ int init_client(int *sock, const char *host, const char *port,
}
/* Save the address */
if (tfo || !doconn)
if (tfo || !doconn) {
if (ba_ret == NULL) {
BIO_printf(bio_err, "Internal error\n");
BIO_closesocket(*sock);
*sock = INVALID_SOCKET;
goto out;
}
*ba_ret = BIO_ADDR_dup(BIO_ADDRINFO_address(ai));
}
/* Success, don't try any more addresses */
break;

1
apps/pkeyutl.c
View file

@ -426,6 +426,7 @@ int pkeyutl_main(int argc, char **argv)
if (EVP_PKEY_CTX_ctrl_str(ctx, opt, passwd) <= 0) {
BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
prog, opt);
OPENSSL_free(passwd);
goto end;
}
OPENSSL_free(passwd);

6
apps/s_time.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -323,8 +323,10 @@ int s_time_main(int argc, char **argv)
*/
next:
if (!(perform & 2))
if (!(perform & 2)) {
ret = 0;
goto end;
}
printf("\n\nNow timing with session id reuse.\n");
/* Get an SSL object so we can reuse the session id */

14
apps/speed.c
View file

@ -507,7 +507,7 @@ static size_t kems_algs_len = 0;
static char *kems_algname[MAX_KEM_NUM] = { NULL };
static double kems_results[MAX_KEM_NUM][3]; /* keygen, encaps, decaps */
#define MAX_SIG_NUM 111
#define MAX_SIG_NUM 256
static size_t sigs_algs_len = 0;
static char *sigs_algname[MAX_SIG_NUM] = { NULL };
static double sigs_results[MAX_SIG_NUM][3]; /* keygen, sign, verify */
@ -573,12 +573,12 @@ typedef struct loopargs_st {
unsigned char *kem_out[MAX_KEM_NUM];
unsigned char *kem_send_secret[MAX_KEM_NUM];
unsigned char *kem_rcv_secret[MAX_KEM_NUM];
EVP_PKEY_CTX *sig_gen_ctx[MAX_KEM_NUM];
EVP_PKEY_CTX *sig_sign_ctx[MAX_KEM_NUM];
EVP_PKEY_CTX *sig_verify_ctx[MAX_KEM_NUM];
size_t sig_max_sig_len[MAX_KEM_NUM];
size_t sig_act_sig_len[MAX_KEM_NUM];
unsigned char *sig_sig[MAX_KEM_NUM];
EVP_PKEY_CTX *sig_gen_ctx[MAX_SIG_NUM];
EVP_PKEY_CTX *sig_sign_ctx[MAX_SIG_NUM];
EVP_PKEY_CTX *sig_verify_ctx[MAX_SIG_NUM];
size_t sig_max_sig_len[MAX_SIG_NUM];
size_t sig_act_sig_len[MAX_SIG_NUM];
unsigned char *sig_sig[MAX_SIG_NUM];
} loopargs_t;
static int run_benchmark(int async_jobs, int (*loop_function) (void *),
loopargs_t *loopargs);

6
apps/storeutl.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -201,9 +201,7 @@ int storeutl_main(int argc, char *argv[])
}
break;
case OPT_CRITERION_FINGERPRINT:
if (criterion != 0
|| (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
&& fingerprint != NULL)) {
if (criterion != 0) {
BIO_printf(bio_err, "%s: criterion already given.\n",
prog);
goto end;

68
apps/x509.c
View file

@ -447,26 +447,26 @@ int x509_main(int argc, char **argv)
break;
case OPT_ADDTRUST:
if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
goto end;
goto err;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid trust object value %s\n",
prog, opt_arg());
goto opthelp;
}
if (!sk_ASN1_OBJECT_push(trust, objtmp))
goto end;
goto err;
trustout = 1;
break;
case OPT_ADDREJECT:
if (reject == NULL && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
goto end;
goto err;
if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
BIO_printf(bio_err, "%s: Invalid reject object value %s\n",
prog, opt_arg());
goto opthelp;
}
if (!sk_ASN1_OBJECT_push(trust, objtmp))
goto end;
if (!sk_ASN1_OBJECT_push(reject, objtmp))
goto err;
trustout = 1;
break;
case OPT_SETALIAS:
@ -618,7 +618,7 @@ int x509_main(int argc, char **argv)
goto opthelp;
if (!app_RAND_load())
goto end;
goto err;
if (!opt_check_md(digest))
goto opthelp;
@ -647,7 +647,7 @@ int x509_main(int argc, char **argv)
if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(),
app_get0_propq()))
goto end;
goto err;
if (newcert && infile != NULL) {
BIO_printf(bio_err, "The -in option cannot be used with -new\n");
@ -660,12 +660,12 @@ int x509_main(int argc, char **argv)
if (privkeyfile != NULL) {
privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key");
if (privkey == NULL)
goto end;
goto err;
}
if (pubkeyfile != NULL) {
if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e,
"explicitly set public key")) == NULL)
goto end;
goto err;
}
if (newcert) {
@ -682,10 +682,10 @@ int x509_main(int argc, char **argv)
}
if (issu != NULL
&& (fissu = parse_name(issu, chtype, multirdn, "issuer")) == NULL)
goto end;
goto err;
if (subj != NULL
&& (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
goto end;
goto err;
if (CAkeyfile == NULL)
CAkeyfile = CAfile;
@ -717,7 +717,7 @@ int x509_main(int argc, char **argv)
X509V3_CTX ctx2;
if ((extconf = app_load_config(extfile)) == NULL)
goto end;
goto err;
if (extsect == NULL) {
extsect = app_conf_try_string(extconf, "default", "extensions");
if (extsect == NULL)
@ -739,7 +739,7 @@ int x509_main(int argc, char **argv)
req = load_csr_autofmt(infile, informat, vfyopts,
"certificate request input");
if (req == NULL)
goto end;
goto err;
if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
BIO_printf(bio_err, "Error unpacking public key from CSR\n");
@ -770,11 +770,11 @@ int x509_main(int argc, char **argv)
goto err;
}
if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
goto end;
goto err;
if (CAfile == NULL && sno == NULL) {
sno = ASN1_INTEGER_new();
if (sno == NULL || !rand_serial(NULL, sno))
goto end;
goto err;
}
if (req != NULL && ext_copy != EXT_COPY_UNSET) {
if (clrext && ext_copy != EXT_COPY_NONE) {
@ -791,27 +791,27 @@ int x509_main(int argc, char **argv)
"Warning: Reading certificate from stdin since no -in or -new option is given\n");
x = load_cert_pass(infile, informat, 1, passin, "certificate");
if (x == NULL)
goto end;
goto err;
}
if ((fsubj != NULL || req != NULL)
&& !X509_set_subject_name(x, fsubj != NULL ? fsubj :
X509_REQ_get_subject_name(req)))
goto end;
goto err;
if ((pubkey != NULL || privkey != NULL || req != NULL)
&& !X509_set_pubkey(x, pubkey != NULL ? pubkey :
privkey != NULL ? privkey :
X509_REQ_get0_pubkey(req)))
goto end;
goto err;
if (CAfile != NULL) {
xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
if (xca == NULL)
goto end;
goto err;
}
out = bio_open_default(outfile, 'w', outformat);
if (out == NULL)
goto end;
goto err;
if (alias)
X509_alias_set1(x, (unsigned char *)alias, -1);
@ -847,9 +847,9 @@ int x509_main(int argc, char **argv)
if (sno == NULL)
sno = x509_load_serial(CAfile, CAserial, CA_createserial);
if (sno == NULL)
goto end;
goto err;
if (!x509toreq && !reqfile && !newcert && !self_signed(ctx, x))
goto end;
goto err;
} else {
if (privkey != NULL && !cert_matches_key(x, privkey))
BIO_printf(bio_err,
@ -857,17 +857,17 @@ int x509_main(int argc, char **argv)
}
if (sno != NULL && !X509_set_serialNumber(x, sno))
goto end;
goto err;
if (reqfile || newcert || privkey != NULL || CAfile != NULL) {
if (!preserve_dates && !set_cert_times(x, not_before, not_after, days, 1))
goto end;
goto err;
if (fissu != NULL) {
if (!X509_set_issuer_name(x, fissu))
goto end;
goto err;
} else {
if (!X509_set_issuer_name(x, X509_get_subject_name(issuer_cert)))
goto end;
goto err;
}
}
@ -875,7 +875,7 @@ int x509_main(int argc, char **argv)
/* prepare fallback for AKID, but only if issuer cert equals subject cert */
if (CAfile == NULL) {
if (!X509V3_set_issuer_pkey(&ext_ctx, privkey))
goto end;
goto err;
}
if (extconf != NULL && !x509toreq) {
X509V3_set_nconf(&ext_ctx, extconf);
@ -904,7 +904,7 @@ int x509_main(int argc, char **argv)
goto err;
}
if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL)
goto end;
goto err;
if (extconf != NULL) {
X509V3_set_nconf(&ext_ctx, extconf);
if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
@ -914,7 +914,7 @@ int x509_main(int argc, char **argv)
}
}
if (!do_X509_REQ_sign(rq, privkey, digest, sigopts))
goto end;
goto err;
if (!noout) {
if (outformat == FORMAT_ASN1) {
X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
@ -932,7 +932,7 @@ int x509_main(int argc, char **argv)
} else if (CAfile != NULL) {
if ((CAkey = load_key(CAkeyfile, CAkeyformat,
0, passin, e, "CA private key")) == NULL)
goto end;
goto err;
if (!X509_check_private_key(xca, CAkey)) {
BIO_printf(bio_err,
"CA certificate and CA private key do not match\n");
@ -940,10 +940,10 @@ int x509_main(int argc, char **argv)
}
if (!do_X509_sign(x, 0, CAkey, digest, sigopts, &ext_ctx))
goto end;
goto err;
} else if (privkey != NULL) {
if (!do_X509_sign(x, 0, privkey, digest, sigopts, &ext_ctx))
goto end;
goto err;
}
if (badsig) {
const ASN1_BIT_STRING *signature;
@ -967,11 +967,11 @@ int x509_main(int argc, char **argv)
BIGNUM *bnser = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
if (bnser == NULL)
goto end;
goto err;
if (!BN_add_word(bnser, 1)
|| (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) {
BN_free(bnser);
goto end;
goto err;
}
BN_free(bnser);
i2a_ASN1_INTEGER(out, ser);

2
crypto/aes/asm/aesv8-armx.pl
View file

@ -152,7 +152,7 @@ $code.=<<___ if ($flavour =~ /64/);
adrp $ptr,.Lrcon
add $ptr,$ptr,:lo12:.Lrcon
___
$code.=<<___ if ($flavour =~ /32/);
$code.=<<___ if ($flavour !~ /64/);
adr $ptr,.Lrcon
___
$code.=<<___;

4
crypto/bio/bio_dump.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -47,6 +47,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
for (i = 0; i < rows; i++) {
n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "",
i * dump_width);
if (n < 0)
return -1;
for (j = 0; j < dump_width; j++) {
if (SPACE(buf, n, 3)) {
if (((i * dump_width) + j) >= len) {

25
crypto/bio/bio_print.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -535,6 +535,10 @@ static LDOUBLE abs_val(LDOUBLE value)
LDOUBLE result = value;
if (value < 0)
result = -value;
if (result > 0 && result / 2 == result) /* INF */
result = 0;
else if (result != result) /* NAN */
result = 0;
return result;
}
@ -590,6 +594,9 @@ fmtfp(char **sbuffer,
signvalue = '+';
else if (flags & DP_F_SPACE)
signvalue = ' ';
ufvalue = abs_val(fvalue);
if (ufvalue == 0 && fvalue != 0) /* INF or NAN? */
signvalue = '?';
/*
* G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
@ -597,12 +604,12 @@ fmtfp(char **sbuffer,
* that from here on.
*/
if (style == G_FORMAT) {
if (fvalue == 0.0) {
if (ufvalue == 0.0) {
realstyle = F_FORMAT;
} else if (fvalue < 0.0001) {
} else if (ufvalue < 0.0001) {
realstyle = E_FORMAT;
} else if ((max == 0 && fvalue >= 10)
|| (max > 0 && fvalue >= pow_10(max))) {
} else if ((max == 0 && ufvalue >= 10)
|| (max > 0 && ufvalue >= pow_10(max))) {
realstyle = E_FORMAT;
} else {
realstyle = F_FORMAT;
@ -612,9 +619,9 @@ fmtfp(char **sbuffer,
}
if (style != F_FORMAT) {
tmpvalue = fvalue;
tmpvalue = ufvalue;
/* Calculate the exponent */
if (fvalue != 0.0) {
if (ufvalue != 0.0) {
while (tmpvalue < 1) {
tmpvalue *= 10;
exp--;
@ -651,9 +658,9 @@ fmtfp(char **sbuffer,
}
}
if (realstyle == E_FORMAT)
fvalue = tmpvalue;
ufvalue = tmpvalue;
}
ufvalue = abs_val(fvalue);
/*
* By subtracting 65535 (2^16-1) we cancel the low order 15 bits
* of ULONG_MAX to avoid using imprecise floating point values.

16
crypto/bn/asm/rsaz-2k-avxifma.pl
View file

@ -27,7 +27,6 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
# TODO: Find out the version of NASM that supports VEX-encoded AVX-IFMA instructions
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$avxifma = ($1>=2.40);
@ -39,6 +38,11 @@ if (!$avxifma && `$ENV{CC} -v 2>&1`
$avxifma = ($ver>=16.0);
}
if ($win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?(rc[0-9]+)?/) {
$avxifma = ($1>2.16) + ($1==2.16 && ((!defined($2) && !defined($3)) || (defined($2))));
}
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""
or die "can't call $xlate: $!";
*STDOUT=*OUT;
@ -296,34 +300,34 @@ $code.=<<___;
and \$0xf, %r14
vpsubq .Lmask52x4(%rip), $_R0, $T0
shl \$5, %r14
vmovapd (%rdx, %r14), $T1
vmovapd (%rdx,%r14), $T1
vblendvpd $T1, $T0, $_R0, $_R0
shr \$4, %r13b
and \$0xf, %r13
vpsubq .Lmask52x4(%rip), $_R0h, $T0
shl \$5, %r13
vmovapd (%rdx, %r13), $T1
vmovapd (%rdx,%r13), $T1
vblendvpd $T1, $T0, $_R0h, $_R0h
mov %r12b, %r11b
and \$0xf, %r12
vpsubq .Lmask52x4(%rip), $_R1, $T0
shl \$5, %r12
vmovapd (%rdx, %r12), $T1
vmovapd (%rdx,%r12), $T1
vblendvpd $T1, $T0, $_R1, $_R1
shr \$4, %r11b
and \$0xf, %r11
vpsubq .Lmask52x4(%rip), $_R1h, $T0
shl \$5, %r11
vmovapd (%rdx, %r11), $T1
vmovapd (%rdx,%r11), $T1
vblendvpd $T1, $T0, $_R1h, $_R1h
and \$0xf, %r10
vpsubq .Lmask52x4(%rip), $_R2, $T0
shl \$5, %r10
vmovapd (%rdx, %r10), $T1
vmovapd (%rdx,%r10), $T1
vblendvpd $T1, $T0, $_R2, $_R2
# Add carries according to the obtained mask

22
crypto/bn/asm/rsaz-3k-avxifma.pl
View file

@ -27,7 +27,6 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
# TODO: Find out the version of NASM that supports VEX-encoded AVX-IFMA instructions
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$avxifma = ($1>=2.40);
@ -39,6 +38,11 @@ if (!$avxifma && `$ENV{CC} -v 2>&1`
$avxifma = ($ver>=16.0);
}
if ($win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?(rc[0-9]+)?/) {
$avxifma = ($1>2.16) + ($1==2.16 && ((!defined($2) && !defined($3)) || (defined($2))));
}
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""
or die "can't call $xlate: $!";
*STDOUT=*OUT;
@ -355,56 +359,56 @@ $code.=<<___;
and \$0xf, %r14
vpsubq .Lmask52x4(%rip), $_R0, $T0
shl \$5, %r14
vmovapd (%rdx, %r14), $T1
vmovapd (%rdx,%r14), $T1
vblendvpd $T1, $T0, $_R0, $_R0
shr \$4, %r10b
and \$0xf, %r10
vpsubq .Lmask52x4(%rip), $_R0h, $T0
shl \$5, %r10
vmovapd (%rdx, %r10), $T1
vmovapd (%rdx,%r10), $T1
vblendvpd $T1, $T0, $_R0h, $_R0h
mov %r13b, %r10b
and \$0xf, %r13
vpsubq .Lmask52x4(%rip), $_R1, $T0
shl \$5, %r13
vmovapd (%rdx, %r13), $T1
vmovapd (%rdx,%r13), $T1
vblendvpd $T1, $T0, $_R1, $_R1
shr \$4, %r10b
and \$0xf, %r10
vpsubq .Lmask52x4(%rip), $_R1h, $T0
shl \$5, %r10
vmovapd (%rdx, %r10), $T1
vmovapd (%rdx,%r10), $T1
vblendvpd $T1, $T0, $_R1h, $_R1h
mov %r12b, %r10b
and \$0xf, %r12
vpsubq .Lmask52x4(%rip), $_R2, $T0
shl \$5, %r12
vmovapd (%rdx, %r12), $T1
vmovapd (%rdx,%r12), $T1
vblendvpd $T1, $T0, $_R2, $_R2
shr \$4, %r10b
and \$0xf, %r10
vpsubq .Lmask52x4(%rip), $_R2h, $T0
shl \$5, %r10
vmovapd (%rdx, %r10), $T1
vmovapd (%rdx,%r10), $T1
vblendvpd $T1, $T0, $_R2h, $_R2h
mov %r11b, %r10b
and \$0xf, %r11
vpsubq .Lmask52x4(%rip), $_R3, $T0
shl \$5, %r11
vmovapd (%rdx, %r11), $T1
vmovapd (%rdx,%r11), $T1
vblendvpd $T1, $T0, $_R3, $_R3
shr \$4, %r10b
and \$0xf, %r10
vpsubq .Lmask52x4(%rip), $_R3h, $T0
shl \$5, %r10
vmovapd (%rdx, %r10), $T1
vmovapd (%rdx,%r10), $T1
vblendvpd $T1, $T0, $_R3h, $_R3h
vpand .Lmask52x4(%rip), $_R0, $_R0

26
crypto/bn/asm/rsaz-4k-avxifma.pl
View file

@ -27,7 +27,6 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
die "can't locate x86_64-xlate.pl";
# TODO: Find out the version of NASM that supports VEX-encoded AVX-IFMA instructions
if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
=~ /GNU assembler version ([2-9]\.[0-9]+)/) {
$avxifma = ($1>=2.40);
@ -39,6 +38,11 @@ if (!$avxifma && `$ENV{CC} -v 2>&1`
$avxifma = ($ver>=16.0);
}
if ($win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
`nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?(rc[0-9]+)?/) {
$avxifma = ($1>2.16) + ($1==2.16 && ((!defined($2) && !defined($3)) || (defined($2))));
}
open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""
or die "can't call $xlate: $!";
*STDOUT=*OUT;
@ -424,70 +428,70 @@ $code.=<<___;
and \$0xf, %r14
vpsubq .Lmask52x4(%rip), $_R0, $tmp
shl \$5, %r14
vmovapd (%r8, %r14), $tmp2
vmovapd (%r8,%r14), $tmp2
vblendvpd $tmp2, $tmp, $_R0, $_R0
shr \$4, %r9b
and \$0xf, %r9
vpsubq .Lmask52x4(%rip), $_R0h, $tmp
shl \$5, %r9
vmovapd (%r8, %r9), $tmp2
vmovapd (%r8,%r9), $tmp2
vblendvpd $tmp2, $tmp, $_R0h, $_R0h
movb %r13b,%r9b
and \$0xf, %r13
vpsubq .Lmask52x4(%rip), $_R1, $tmp
shl \$5, %r13
vmovapd (%r8, %r13), $tmp2
vmovapd (%r8,%r13), $tmp2
vblendvpd $tmp2, $tmp, $_R1, $_R1
shr \$4, %r9b
and \$0xf, %r9
vpsubq .Lmask52x4(%rip), $_R1h, $tmp
shl \$5, %r9
vmovapd (%r8, %r9), $tmp2
vmovapd (%r8,%r9), $tmp2
vblendvpd $tmp2, $tmp, $_R1h, $_R1h
movb %r12b,%r9b
and \$0xf, %r12
vpsubq .Lmask52x4(%rip), $_R2, $tmp
shl \$5, %r12
vmovapd (%r8, %r12), $tmp2
vmovapd (%r8,%r12), $tmp2
vblendvpd $tmp2, $tmp, $_R2, $_R2
shr \$4, %r9b
and \$0xf, %r9
vpsubq .Lmask52x4(%rip), $_R2h, $tmp
shl \$5, %r9
vmovapd (%r8, %r9), $tmp2
vmovapd (%r8,%r9), $tmp2
vblendvpd $tmp2, $tmp, $_R2h, $_R2h
movb %r11b,%r9b
and \$0xf, %r11
vpsubq .Lmask52x4(%rip), $_R3, $tmp
shl \$5, %r11
vmovapd (%r8, %r11), $tmp2
vmovapd (%r8,%r11), $tmp2
vblendvpd $tmp2, $tmp, $_R3, $_R3
shr \$4, %r9b
and \$0xf, %r9
vpsubq .Lmask52x4(%rip), $_R3h, $tmp
shl \$5, %r9
vmovapd (%r8, %r9), $tmp2
vmovapd (%r8,%r9), $tmp2
vblendvpd $tmp2, $tmp, $_R3h, $_R3h
movb %r10b,%r9b
and \$0xf, %r10
vpsubq .Lmask52x4(%rip), $_R4, $tmp
shl \$5, %r10
vmovapd (%r8, %r10), $tmp2
vmovapd (%r8,%r10), $tmp2
vblendvpd $tmp2, $tmp, $_R4, $_R4
shr \$4, %r9b
and \$0xf, %r9
vpsubq .Lmask52x4(%rip), $_R4h, $tmp
shl \$5, %r9
vmovapd (%r8, %r9), $tmp2
vmovapd (%r8,%r9), $tmp2
vblendvpd $tmp2, $tmp, $_R4h, $_R4h
pop %r8

22
crypto/chacha/asm/chacha-armv8-sve.pl
View file

@ -248,9 +248,6 @@ sub load_regs() {
my $next_offset = $offset + 1;
$code.=<<___;
ld1w {$reg.s},p0/z,[$inp,#$offset,MUL VL]
#ifdef __AARCH64EB__
revb $reg.s,p0/m,$reg.s
#endif
___
if (@_) {
&load_regs($next_offset, @_);
@ -272,9 +269,6 @@ sub store_regs() {
my $reg = shift;
my $next_offset = $offset + 1;
$code.=<<___;
#ifdef __AARCH64EB__
revb $reg.s,p0/m,$reg.s
#endif
st1w {$reg.s},p0,[$outp,#$offset,MUL VL]
___
if (@_) {
@ -480,13 +474,29 @@ sub SVE_TRANSFORMS() {
$code.=<<___;
#ifdef __AARCH64EB__
rev @sxx[0],@sxx[0]
revb @mx[0].s,p0/m,@mx[0].s
revb @mx[1].s,p0/m,@mx[1].s
rev @sxx[2],@sxx[2]
revb @mx[2].s,p0/m,@mx[2].s
revb @mx[3].s,p0/m,@mx[3].s
rev @sxx[4],@sxx[4]
revb @mx[4].s,p0/m,@mx[4].s
revb @mx[5].s,p0/m,@mx[5].s
rev @sxx[6],@sxx[6]
revb @mx[6].s,p0/m,@mx[6].s
revb @mx[7].s,p0/m,@mx[7].s
rev @sxx[8],@sxx[8]
revb @mx[8].s,p0/m,@mx[8].s
revb @mx[9].s,p0/m,@mx[9].s
rev @sxx[10],@sxx[10]
revb @mx[10].s,p0/m,@mx[10].s
revb @mx[11].s,p0/m,@mx[11].s
rev @sxx[12],@sxx[12]
revb @mx[12].s,p0/m,@mx[12].s
revb @mx[13].s,p0/m,@mx[13].s
rev @sxx[14],@sxx[14]
revb @mx[14].s,p0/m,@mx[14].s
revb @mx[15].s,p0/m,@mx[15].s
#endif
.if mixin == 1
add @K[6],@K[6],#1

4
crypto/cmp/cmp_http.c
View file

@ -81,11 +81,11 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
path++;
if (bios == NULL)
ossl_cmp_log4(DEBUG, ctx,
"connecting to CMP server via http%s://%s:%s%s/%s",
"connecting to CMP server via http%s://%s:%s/%s",
tls_used ? "s" : "", ctx->server, server_port, path);
else
ossl_cmp_log3(DEBUG, ctx,
"using existing connection with CMP server %s%s and HTTP path /%s",
"using existing connection with CMP server %s:%s and HTTP path /%s",
ctx->server, server_port, path);
}

2
crypto/core_namemap.c
View file

@ -13,7 +13,7 @@
#include "internal/sizes.h"
#include "crypto/context.h"
#define NAMEMAP_HT_BUCKETS 2048
#define NAMEMAP_HT_BUCKETS 512
HT_START_KEY_DEFN(namenum_key)
HT_DEF_KEY_FIELD_CHAR_ARRAY(name, 64)

4
crypto/dh/dh_pmeth.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -422,7 +422,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
ret = DH_compute_key_padded(key, dhpubbn, dh);
else
ret = DH_compute_key(key, dhpubbn, dh);
if (ret < 0)
if (ret <= 0)
return ret;
*keylen = ret;
return 1;

54
crypto/ec/ecp_nistp384.c
View file

@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in)
out[i] = acc[i];
}
static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
{
widefelem tmp;
felem_square_ref(tmp, in);
felem_reduce_ref(out, tmp);
}
static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
{
widefelem tmp;
felem_mul_ref(tmp, in1, in2);
felem_reduce_ref(out, tmp);
}
#if defined(ECP_NISTP384_ASM)
static void felem_square_wrapper(widefelem out, const felem in);
static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
static void (*felem_square_reduce_p)(felem out, const felem in) =
felem_square_reduce_ref;
static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
felem_mul_reduce_ref;
void p384_felem_square(widefelem out, const felem in);
void p384_felem_mul(widefelem out, const felem in1, const felem in2);
void p384_felem_reduce(felem out, const widefelem in);
void p384_felem_square_reduce(felem out, const felem in);
void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
# if defined(_ARCH_PPC64)
# include "crypto/ppc_arch.h"
# endif
@ -710,6 +734,8 @@ static void felem_select(void)
felem_square_p = p384_felem_square;
felem_mul_p = p384_felem_mul;
felem_reduce_p = p384_felem_reduce;
felem_square_reduce_p = p384_felem_square_reduce;
felem_mul_reduce_p = p384_felem_mul_reduce;
return;
}
@ -718,7 +744,9 @@ static void felem_select(void)
/* Default */
felem_square_p = felem_square_ref;
felem_mul_p = felem_mul_ref;
felem_reduce_p = p384_felem_reduce;
felem_reduce_p = felem_reduce_ref;
felem_square_reduce_p = felem_square_reduce_ref;
felem_mul_reduce_p = felem_mul_reduce_ref;
}
static void felem_square_wrapper(widefelem out, const felem in)
@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
# define felem_mul felem_mul_p
# define felem_reduce felem_reduce_p
void p384_felem_square_reduce(felem out, const felem in);
void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
# define felem_square_reduce p384_felem_square_reduce
# define felem_mul_reduce p384_felem_mul_reduce
# define felem_square_reduce felem_square_reduce_p
# define felem_mul_reduce felem_mul_reduce_p
#else
# define felem_square felem_square_ref
# define felem_mul felem_mul_ref
# define felem_reduce felem_reduce_ref
static ossl_inline void felem_square_reduce(felem out, const felem in)
{
widefelem tmp;
felem_square(tmp, in);
felem_reduce(out, tmp);
}
static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
{
widefelem tmp;
felem_mul(tmp, in1, in2);
felem_reduce(out, tmp);
}
# define felem_square_reduce felem_square_reduce_ref
# define felem_mul_reduce felem_mul_reduce_ref
#endif
/*-

6
crypto/err/openssl.txt
View file

@ -803,6 +803,12 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
pkey application asn1 method already registered
EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
EVP_R_PROVIDER_ASYM_CIPHER_FAILURE:232:provider asym cipher failure
EVP_R_PROVIDER_ASYM_CIPHER_NOT_SUPPORTED:235:provider asym cipher not supported
EVP_R_PROVIDER_KEYMGMT_FAILURE:233:provider keymgmt failure
EVP_R_PROVIDER_KEYMGMT_NOT_SUPPORTED:236:provider keymgmt not supported
EVP_R_PROVIDER_SIGNATURE_FAILURE:234:provider signature failure
EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED:237:provider signature not supported
EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
EVP_R_SETTING_XOF_FAILED:227:setting xof failed
EVP_R_SET_DEFAULT_PROPERTY_FAILURE:209:set default property failure

29
crypto/evp/asymcipher.c
View file

@ -33,6 +33,7 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
int ret = 0;
void *provkey = NULL;
EVP_ASYM_CIPHER *cipher = NULL;
const char *desc;
EVP_KEYMGMT *tmp_keymgmt = NULL;
const OSSL_PROVIDER *tmp_prov = NULL;
const char *supported_ciph = NULL;
@ -159,10 +160,12 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
goto err;
}
desc = cipher->description != NULL ? cipher->description : "";
switch (operation) {
case EVP_PKEY_OP_ENCRYPT:
if (cipher->encrypt_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_NOT_SUPPORTED,
"%s encrypt_init:%s", cipher->type_name, desc);
ret = -2;
goto err;
}
@ -170,7 +173,8 @@ static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
break;
case EVP_PKEY_OP_DECRYPT:
if (cipher->decrypt_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_NOT_SUPPORTED,
"%s decrypt_init:%s", cipher->type_name, desc);
ret = -2;
goto err;
}
@ -238,6 +242,8 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
EVP_ASYM_CIPHER *cipher;
const char *desc;
int ret;
if (ctx == NULL) {
@ -253,8 +259,12 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
if (ctx->op.ciph.algctx == NULL)
goto legacy;
ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.algctx, out, outlen,
(out == NULL ? 0 : *outlen), in, inlen);
cipher = ctx->op.ciph.cipher;
desc = cipher->description != NULL ? cipher->description : "";
ret = cipher->encrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE,
"%s encrypt:%s", cipher->type_name, desc);
return ret;
legacy:
@ -280,6 +290,8 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
EVP_ASYM_CIPHER *cipher;
const char *desc;
int ret;
if (ctx == NULL) {
@ -295,8 +307,13 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
if (ctx->op.ciph.algctx == NULL)
goto legacy;
ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.algctx, out, outlen,
(out == NULL ? 0 : *outlen), in, inlen);
cipher = ctx->op.ciph.cipher;
desc = cipher->description != NULL ? cipher->description : "";
ret = cipher->decrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE,
"%s decrypt:%s", cipher->type_name, desc);
return ret;
legacy:

3
crypto/evp/bio_enc.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -161,6 +161,7 @@ static int enc_read(BIO *b, char *out, int outl)
/* Should be continue next time we are called? */
if (!BIO_should_retry(next)) {
ctx->cont = i;
ctx->finished = 1;
i = EVP_CipherFinal_ex(ctx->cipher,
ctx->buf, &(ctx->buf_len));
ctx->ok = i;

455
crypto/evp/ctrl_params_translate.c
View file

File diff suppressed because it is too large Load diff

14
crypto/evp/evp_err.c
View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -151,6 +151,18 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"private key decode error"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
"private key encode error"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE),
"provider asym cipher failure"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_ASYM_CIPHER_NOT_SUPPORTED),
"provider asym cipher not supported"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_KEYMGMT_FAILURE),
"provider keymgmt failure"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_KEYMGMT_NOT_SUPPORTED),
"provider keymgmt not supported"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_SIGNATURE_FAILURE),
"provider signature failure"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED),
"provider signature not supported"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SETTING_XOF_FAILED), "setting xof failed"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE),

13
crypto/evp/evp_rand.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -646,10 +646,8 @@ static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
{
unsigned int str = evp_rand_strength_locked(ctx);
if (ctx->meth->nonce == NULL)
return 0;
if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
return 1;
if (ctx->meth->nonce != NULL)
return ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen) > 0;
return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
}
@ -657,6 +655,11 @@ int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
{
int res;
if (ctx == NULL || out == NULL || outlen == 0) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!evp_rand_lock(ctx))
return 0;
res = evp_rand_nonce_locked(ctx, out, outlen);

15
crypto/evp/keymgmt_meth.c
View file

@ -451,9 +451,20 @@ const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt)
void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
OSSL_CALLBACK *cb, void *cbarg)
{
if (keymgmt->gen == NULL)
void *ret;
const char *desc = keymgmt->description != NULL ? keymgmt->description : "";
if (keymgmt->gen == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_NOT_SUPPORTED,
"%s key generation:%s", keymgmt->type_name, desc);
return NULL;
return keymgmt->gen(genctx, cb, cbarg);
}
ret = keymgmt->gen(genctx, cb, cbarg);
if (ret == NULL)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_FAILURE,
"%s key generation:%s", keymgmt->type_name, desc);
return ret;
}
void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx)

4
crypto/evp/legacy_sha.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -216,7 +216,7 @@ const EVP_MD *EVP_shake##bitlen(void) \
NID_shake##bitlen, \
0, \
bitlen / 8, \
EVP_MD_FLAG_XOF, \
EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT, \
EVP_ORIG_GLOBAL, \
LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \
shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8), \

110
crypto/evp/m_sigver.c
View file

@ -42,6 +42,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
{
EVP_PKEY_CTX *locpctx = NULL;
EVP_SIGNATURE *signature = NULL;
const char *desc;
EVP_KEYMGMT *tmp_keymgmt = NULL;
const OSSL_PROVIDER *tmp_prov = NULL;
const char *supported_sig = NULL;
@ -251,16 +252,19 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
}
}
desc = signature->description != NULL ? signature->description : "";
if (ver) {
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s digest_verify_init:%s", signature->type_name, desc);
goto err;
}
ret = signature->digest_verify_init(locpctx->op.sig.algctx,
mdname, provkey, params);
} else {
if (signature->digest_sign_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s digest_sign_init:%s", signature->type_name, desc);
goto err;
}
ret = signature->digest_sign_init(locpctx->op.sig.algctx,
@ -275,6 +279,9 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
goto end;
if (type == NULL) /* This check is redundant but clarifies matters */
ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
ver ? "%s digest_verify_init:%s" : "%s digest_sign_init:%s",
signature->type_name, desc);
err:
evp_pkey_ctx_free_old_ops(locpctx);
@ -395,7 +402,10 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
EVP_SIGNATURE *signature;
const char *desc;
EVP_PKEY_CTX *pctx = ctx->pctx;
int ret;
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
@ -408,13 +418,19 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|| pctx->op.sig.signature == NULL)
goto legacy;
if (pctx->op.sig.signature->digest_sign_update == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
signature = pctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->digest_sign_update == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s digest_sign_update:%s", signature->type_name, desc);
return 0;
}
return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.algctx,
data, dsize);
ret = signature->digest_sign_update(pctx->op.sig.algctx, data, dsize);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s digest_sign_update:%s", signature->type_name, desc);
return ret;
legacy:
if (pctx != NULL) {
@ -430,7 +446,10 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
{
EVP_SIGNATURE *signature;
const char *desc;
EVP_PKEY_CTX *pctx = ctx->pctx;
int ret;
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
@ -443,13 +462,19 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
|| pctx->op.sig.signature == NULL)
goto legacy;
if (pctx->op.sig.signature->digest_verify_update == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
signature = pctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->digest_verify_update == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s digest_verify_update:%s", signature->type_name, desc);
return 0;
}
return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.algctx,
data, dsize);
ret = signature->digest_verify_update(pctx->op.sig.algctx, data, dsize);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s digest_verify_update:%s", signature->type_name, desc);
return ret;
legacy:
if (pctx != NULL) {
@ -466,6 +491,8 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
size_t *siglen)
{
EVP_SIGNATURE *signature;
const char *desc;
int sctx = 0;
int r = 0;
EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
@ -481,15 +508,26 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
|| pctx->op.sig.signature == NULL)
goto legacy;
signature = pctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->digest_sign_final == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s digest_sign_final:%s", signature->type_name, desc);
return 0;
}
if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
/* try dup */
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx != NULL)
pctx = dctx;
}
r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
sigret, siglen,
sigret == NULL ? 0 : *siglen);
r = signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen,
sigret == NULL ? 0 : *siglen);
if (!r)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s digest_sign_final:%s", signature->type_name, desc);
if (dctx == NULL && sigret != NULL)
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
else
@ -574,6 +612,7 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
const unsigned char *tbs, size_t tbslen)
{
EVP_PKEY_CTX *pctx = ctx->pctx;
int ret;
if (pctx == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
@ -588,13 +627,19 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
if (pctx->operation == EVP_PKEY_OP_SIGNCTX
&& pctx->op.sig.algctx != NULL
&& pctx->op.sig.signature != NULL) {
if (pctx->op.sig.signature->digest_sign != NULL) {
EVP_SIGNATURE *signature = pctx->op.sig.signature;
if (signature->digest_sign != NULL) {
const char *desc = signature->description != NULL ? signature->description : "";
if (sigret != NULL)
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx,
sigret, siglen,
sigret == NULL ? 0 : *siglen,
tbs, tbslen);
ret = signature->digest_sign(pctx->op.sig.algctx, sigret, siglen,
sigret == NULL ? 0 : *siglen, tbs, tbslen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s digest_sign:%s", signature->type_name, desc);
return ret;
}
} else {
/* legacy */
@ -610,6 +655,8 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen)
{
EVP_SIGNATURE *signature;
const char *desc;
int vctx = 0;
unsigned int mdlen = 0;
unsigned char md[EVP_MAX_MD_SIZE];
@ -627,14 +674,25 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
|| pctx->op.sig.signature == NULL)
goto legacy;
signature = pctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->digest_verify_final == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s digest_verify_final:%s", signature->type_name, desc);
return 0;
}
if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
/* try dup */
dctx = EVP_PKEY_CTX_dup(pctx);
if (dctx != NULL)
pctx = dctx;
}
r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
sig, siglen);
r = signature->digest_verify_final(pctx->op.sig.algctx, sig, siglen);
if (!r)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s digest_verify_final:%s", signature->type_name, desc);
if (dctx == NULL)
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
else
@ -702,10 +760,16 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
&& pctx->op.sig.algctx != NULL
&& pctx->op.sig.signature != NULL) {
if (pctx->op.sig.signature->digest_verify != NULL) {
EVP_SIGNATURE *signature = pctx->op.sig.signature;
const char *desc = signature->description != NULL ? signature->description : "";
int ret;
ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
return pctx->op.sig.signature->digest_verify(pctx->op.sig.algctx,
sigret, siglen,
tbs, tbslen);
ret = signature->digest_verify(pctx->op.sig.algctx, sigret, siglen, tbs, tbslen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s digest_verify:%s", signature->type_name, desc);
return ret;
}
} else {
/* legacy */

9
crypto/evp/pmeth_lib.c
View file

@ -480,6 +480,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
}
rctx->legacy_keytype = pctx->legacy_keytype;
if (pctx->keymgmt != NULL) {
if (!EVP_KEYMGMT_up_ref(pctx->keymgmt))
goto err;
rctx->keymgmt = pctx->keymgmt;
}
if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
if (pctx->op.kex.exchange != NULL) {
rctx->op.kex.exchange = pctx->op.kex.exchange;
@ -584,6 +590,9 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
EVP_KEYMGMT *tmp_keymgmt = pctx->keymgmt;
void *provkey;
if (pctx->pkey == NULL)
return rctx;
provkey = evp_pkey_export_to_provider(pctx->pkey, pctx->libctx,
&tmp_keymgmt, pctx->propquery);
if (provkey == NULL)

264
crypto/evp/signature.c
View file

@ -55,6 +55,7 @@ static void *evp_signature_from_algorithm(int name_id,
{
const OSSL_DISPATCH *fns = algodef->implementation;
EVP_SIGNATURE *signature = NULL;
const char *desc;
/* Counts newctx / freectx */
int ctxfncnt = 0;
/* Counts all init functions */
@ -72,6 +73,7 @@ static void *evp_signature_from_algorithm(int name_id,
if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
goto err;
signature->description = algodef->algorithm_description;
desc = signature->description != NULL ? signature->description : "";
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
@ -290,23 +292,30 @@ static void *evp_signature_from_algorithm(int name_id,
*/
valid = 1;
/* Start with the ones where counters say enough */
if (ctxfncnt != 2)
/* newctx or freectx missing */
if (ctxfncnt != 2) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s newctx or freectx:%s", signature->type_name, desc);
valid = 0;
}
if (valid
&& ((gparamfncnt != 0 && gparamfncnt != 2)
|| (sparamfncnt != 0 && sparamfncnt != 2)
|| (gmdparamfncnt != 0 && gmdparamfncnt != 2)
|| (smdparamfncnt != 0 && smdparamfncnt != 2)))
|| (smdparamfncnt != 0 && smdparamfncnt != 2))) {
/*
* Params functions are optional, but if defined, they must
* be pairwise complete sets, i.e. a getter must have an
* associated gettable, etc
*/
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s params getter or setter:%s", signature->type_name, desc);
valid = 0;
if (valid && initfncnt == 0)
/* No init functions */
}
if (valid && initfncnt == 0) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s init:%s", signature->type_name, desc);
valid = 0;
}
/* Now we check for function combinations */
if (valid
@ -315,17 +324,23 @@ static void *evp_signature_from_algorithm(int name_id,
|| (signature->sign_message_init != NULL
&& signature->sign == NULL
&& (signature->sign_message_update == NULL
|| signature->sign_message_final == NULL))))
/* sign_init functions with no signing function? That's weird */
|| signature->sign_message_final == NULL)))) {
/* sign_init function(s) with no signing function? That's weird */
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s signing function:%s", signature->type_name, desc);
valid = 0;
}
if (valid
&& (signature->sign != NULL
|| signature->sign_message_update != NULL
|| signature->sign_message_final != NULL)
&& signature->sign_init == NULL
&& signature->sign_message_init == NULL)
/* signing functions with no sign_init? That's odd */
&& signature->sign_message_init == NULL) {
/* signing function(s) with no sign_init? That's odd */
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s sign_init or sign_message_init:%s", signature->type_name, desc);
valid = 0;
}
if (valid
&& ((signature->verify_init != NULL
@ -333,46 +348,105 @@ static void *evp_signature_from_algorithm(int name_id,
|| (signature->verify_message_init != NULL
&& signature->verify == NULL
&& (signature->verify_message_update == NULL
|| signature->verify_message_final == NULL))))
/* verify_init functions with no verification function? That's weird */
|| signature->verify_message_final == NULL)))) {
/* verify_init function(s) with no verification function? That's weird */
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s verification function:%s", signature->type_name, desc);
valid = 0;
}
if (valid
&& (signature->verify != NULL
|| signature->verify_message_update != NULL
|| signature->verify_message_final != NULL)
&& signature->verify_init == NULL
&& signature->verify_message_init == NULL)
/* verification functions with no verify_init? That's odd */
&& signature->verify_message_init == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s verify_init or verify_message_init:%s",
signature->type_name, desc);
/* verification function(s) with no verify_init? That's odd */
valid = 0;
}
if (valid
&& (signature->verify_recover_init != NULL)
&& (signature->verify_recover == NULL))
/* verify_recover_init functions with no verify_recover? How quaint */
&& (signature->verify_recover == NULL)) {
/* verify_recover_init function with no verify_recover? How quaint */
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s verify_recover:%s", signature->type_name, desc);
valid = 0;
}
if (valid
&& (signature->digest_sign_init != NULL
&& signature->digest_sign == NULL
&& (signature->digest_sign_update == NULL
|| signature->digest_sign_final == NULL)))
/*
* You can't have a digest_sign_init without *some* performing functions
*/
|| signature->digest_sign_final == NULL))) {
/* You can't have a digest_sign_init without *some* performing functions */
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s digest_sign function:%s", signature->type_name, desc);
valid = 0;
}
if (valid
&& ((signature->digest_verify_init != NULL
&& signature->digest_verify == NULL
&& (signature->digest_verify_update == NULL
|| signature->digest_verify_final == NULL))))
/*
* You can't have a digest_verify_init without *some* performing functions
*/
|| signature->digest_verify_final == NULL)))) {
/* You can't have a digest_verify_init without *some* performing functions */
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s digest_verify function:%s", signature->type_name, desc);
valid = 0;
}
if (!valid) {
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
if (!valid)
goto err;
if ((signature->digest_sign != NULL
|| signature->digest_sign_update != NULL
|| signature->digest_sign_final != NULL)
&& signature->digest_sign_init == NULL) {
/* digest signing function(s) with no digest_sign_init? That's odd */
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s digest_sign_init:%s", signature->type_name, desc);
goto err;
}
if ((signature->digest_verify != NULL
|| signature->digest_verify_update != NULL
|| signature->digest_verify_final != NULL)
&& signature->digest_verify_init == NULL) {
/* digest verification function(s) with no digest_verify_init? That's odd */
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"missing %s digest_verify_init:%s", signature->type_name, desc);
goto err;
}
if ((signature->sign_message_update == NULL) !=
(signature->sign_message_final == NULL)) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"only one of %s message signing update and final available:%s",
signature->type_name, desc);
goto err;
}
if ((signature->verify_message_update == NULL) !=
(signature->verify_message_final == NULL)) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"only one of %s message verification update and final available:%s",
signature->type_name, desc);
goto err;
}
if ((signature->digest_sign_update == NULL) !=
(signature->digest_sign_final == NULL)) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"only one of %s digest signing update and final available:%s",
signature->type_name, desc);
goto err;
}
if ((signature->digest_verify_update == NULL) !=
(signature->digest_verify_final == NULL)) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS,
"only one of %s digest verification update and final available:%s",
signature->type_name, desc);
goto err;
}
@ -499,6 +573,7 @@ const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig)
static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
int operation, const OSSL_PARAM params[])
{
const char *desc;
int ret = 0;
void *provkey = NULL;
EVP_KEYMGMT *tmp_keymgmt = NULL;
@ -557,7 +632,7 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
* ensured that the key is at least exported to a provider (above).
*/
if (signature->query_key_types != NULL) {
/* This is expect to be a NULL terminated array */
/* This is expected to be a NULL-terminated array */
const char **keytypes;
keytypes = signature->query_key_types();
@ -708,6 +783,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
/* No more legacy from here down to legacy: */
ctx->op.sig.signature = signature;
desc = signature->description != NULL ? signature->description : "";
ctx->op.sig.algctx =
signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery);
if (ctx->op.sig.algctx == NULL) {
@ -719,7 +796,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
switch (operation) {
case EVP_PKEY_OP_SIGN:
if (signature->sign_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s sign_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@ -727,7 +805,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
break;
case EVP_PKEY_OP_SIGNMSG:
if (signature->sign_message_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s sign_message_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@ -735,7 +814,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
break;
case EVP_PKEY_OP_VERIFY:
if (signature->verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s verify_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@ -743,7 +823,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
break;
case EVP_PKEY_OP_VERIFYMSG:
if (signature->verify_message_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s verify_message_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@ -751,7 +832,8 @@ static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, EVP_SIGNATURE *signature,
break;
case EVP_PKEY_OP_VERIFYRECOVER:
if (signature->verify_recover_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s verify_recover_init:%s", signature->type_name, desc);
ret = -2;
goto err;
}
@ -849,6 +931,10 @@ int EVP_PKEY_sign_message_init(EVP_PKEY_CTX *ctx,
int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
const unsigned char *in, size_t inlen)
{
EVP_SIGNATURE *signature;
const char *desc;
int ret;
if (ctx == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return -1;
@ -859,18 +945,28 @@ int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
return -1;
}
if (ctx->op.sig.signature->sign_message_update == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
signature = ctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->sign_message_update == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s sign_message_update:%s", signature->type_name, desc);
return -2;
}
return ctx->op.sig.signature->sign_message_update(ctx->op.sig.algctx,
in, inlen);
ret = signature->sign_message_update(ctx->op.sig.algctx, in, inlen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s sign_message_update:%s", signature->type_name, desc);
return ret;
}
int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen)
{
EVP_SIGNATURE *signature;
const char *desc;
int ret;
if (ctx == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return -1;
@ -881,20 +977,28 @@ int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
return -1;
}
if (ctx->op.sig.signature->sign_message_final == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
signature = ctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->sign_message_final == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s sign_message_final:%s", signature->type_name, desc);
return -2;
}
return ctx->op.sig.signature->sign_message_final(ctx->op.sig.algctx,
sig, siglen,
(sig == NULL) ? 0 : *siglen);
ret = signature->sign_message_final(ctx->op.sig.algctx, sig, siglen,
(sig == NULL) ? 0 : *siglen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s sign_message_final:%s", signature->type_name, desc);
return ret;
}
int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
unsigned char *sig, size_t *siglen,
const unsigned char *tbs, size_t tbslen)
{
EVP_SIGNATURE *signature;
const char *desc;
int ret;
if (ctx == NULL) {
@ -911,14 +1015,19 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
if (ctx->op.sig.algctx == NULL)
goto legacy;
if (ctx->op.sig.signature->sign == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
signature = ctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->sign == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s sign:%s", signature->type_name, desc);
return -2;
}
ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
(sig == NULL) ? 0 : *siglen, tbs, tbslen);
ret = signature->sign(ctx->op.sig.algctx, sig, siglen,
(sig == NULL) ? 0 : *siglen, tbs, tbslen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s sign:%s", signature->type_name, desc);
return ret;
legacy:
@ -977,6 +1086,10 @@ int EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX *ctx,
int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
const unsigned char *in, size_t inlen)
{
EVP_SIGNATURE *signature;
const char *desc;
int ret;
if (ctx == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return -1;
@ -987,17 +1100,27 @@ int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
return -1;
}
if (ctx->op.sig.signature->verify_message_update == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
signature = ctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->verify_message_update == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s verify_message_update:%s", signature->type_name, desc);
return -2;
}
return ctx->op.sig.signature->verify_message_update(ctx->op.sig.algctx,
in, inlen);
ret = signature->verify_message_update(ctx->op.sig.algctx, in, inlen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s verify_message_update:%s", signature->type_name, desc);
return ret;
}
int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx)
{
EVP_SIGNATURE *signature;
const char *desc;
int ret;
if (ctx == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return -1;
@ -1008,19 +1131,28 @@ int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx)
return -1;
}
if (ctx->op.sig.signature->verify_message_final == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
signature = ctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->verify_message_final == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s verify_message_final:%s", signature->type_name, desc);
return -2;
}
/* The signature must have been set with EVP_PKEY_CTX_set_signature() */
return ctx->op.sig.signature->verify_message_final(ctx->op.sig.algctx);
ret = signature->verify_message_final(ctx->op.sig.algctx);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s verify_message_final:%s", signature->type_name, desc);
return ret;
}
int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
const unsigned char *sig, size_t siglen,
const unsigned char *tbs, size_t tbslen)
{
EVP_SIGNATURE *signature;
const char *desc;
int ret;
if (ctx == NULL) {
@ -1037,13 +1169,19 @@ int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
if (ctx->op.sig.algctx == NULL)
goto legacy;
if (ctx->op.sig.signature->verify == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
signature = ctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->verify == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s verify:%s", signature->type_name, desc);
return -2;
}
ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen,
tbs, tbslen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s verify:%s", signature->type_name, desc);
return ret;
legacy:
@ -1076,6 +1214,8 @@ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
unsigned char *rout, size_t *routlen,
const unsigned char *sig, size_t siglen)
{
EVP_SIGNATURE *signature;
const char *desc;
int ret;
if (ctx == NULL) {
@ -1091,15 +1231,19 @@ int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
if (ctx->op.sig.algctx == NULL)
goto legacy;
if (ctx->op.sig.signature->verify_recover == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
signature = ctx->op.sig.signature;
desc = signature->description != NULL ? signature->description : "";
if (signature->verify_recover == NULL) {
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_NOT_SUPPORTED,
"%s verify_recover:%s", signature->type_name, desc);
return -2;
}
ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout,
routlen,
(rout == NULL ? 0 : *routlen),
sig, siglen);
ret = signature->verify_recover(ctx->op.sig.algctx, rout, routlen,
(rout == NULL ? 0 : *routlen), sig, siglen);
if (ret <= 0)
ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
"%s verify_recover:%s", signature->type_name, desc);
return ret;
legacy:
if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {

13
crypto/hmac/hmac_s390x.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,6 +14,7 @@
#include "hmac_local.h"
#include "openssl/obj_mac.h"
#include "openssl/evp.h"
#include "openssl/err.h"
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
# include <openssl/engine.h>
#endif
@ -189,6 +190,11 @@ int s390x_HMAC_update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
{
size_t remain, num;
if (ctx->plat.s390x.iimp != 1) {
ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR);
return 0;
}
if (len == 0)
return 1;
@ -250,6 +256,11 @@ int s390x_HMAC_final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
void *result;
unsigned int res_len;
if (ctx->plat.s390x.iimp != 1) {
ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
return 0;
}
ctx->plat.s390x.iimp = 0; /* last block */
s390x_call_kmac(ctx, ctx->plat.s390x.buf, ctx->plat.s390x.num);

10
crypto/http/http_lib.c
View file

@ -59,7 +59,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
const char *user, *user_end;
const char *host, *host_end;
const char *port, *port_end;
unsigned int portnum;
unsigned int portnum = 0;
const char *path, *path_end;
const char *query, *query_end;
const char *frag, *frag_end;
@ -107,13 +107,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
p = ++host_end;
} else {
/* look for start of optional port, path, query, or fragment */
host_end = strchr(host, ':');
if (host_end == NULL)
host_end = strchr(host, '/');
if (host_end == NULL)
host_end = strchr(host, '?');
if (host_end == NULL)
host_end = strchr(host, '#');
host_end = strpbrk(host, ":/?#");
if (host_end == NULL) /* the remaining string is just the hostname */
host_end = host + strlen(host);
p = host_end;

58
crypto/ml_kem/ml_kem.c
View file

@ -9,6 +9,7 @@
#include <openssl/byteorder.h>
#include <openssl/rand.h>
#include <openssl/proverr.h>
#include "crypto/ml_kem.h"
#include "internal/common.h"
#include "internal/constant_time.h"
@ -1278,16 +1279,26 @@ static int parse_pubkey(const uint8_t *in, EVP_MD_CTX *mdctx, ML_KEM_KEY *key)
const ML_KEM_VINFO *vinfo = key->vinfo;
/* Decode and check |t| */
if (!vector_decode_12(key->t, in, vinfo->rank))
if (!vector_decode_12(key->t, in, vinfo->rank)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY,
"%s invalid public 't' vector",
vinfo->algorithm_name);
return 0;
}
/* Save the matrix |m| recovery seed |rho| */
memcpy(key->rho, in + vinfo->vector_bytes, ML_KEM_RANDOM_BYTES);
/*
* Pre-compute the public key hash, needed for both encap and decap.
* Also pre-compute the matrix expansion, stored with the public key.
*/
return hash_h(key->pkhash, in, vinfo->pubkey_bytes, mdctx, key)
&& matrix_expand(mdctx, key);
if (!hash_h(key->pkhash, in, vinfo->pubkey_bytes, mdctx, key)
|| !matrix_expand(mdctx, key)) {
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
"internal error while parsing %s public key",
vinfo->algorithm_name);
return 0;
}
return 1;
}
/*
@ -1301,8 +1312,12 @@ static int parse_prvkey(const uint8_t *in, EVP_MD_CTX *mdctx, ML_KEM_KEY *key)
const ML_KEM_VINFO *vinfo = key->vinfo;
/* Decode and check |s|. */
if (!vector_decode_12(key->s, in, vinfo->rank))
if (!vector_decode_12(key->s, in, vinfo->rank)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY,
"%s invalid private 's' vector",
vinfo->algorithm_name);
return 0;
}
in += vinfo->vector_bytes;
if (!parse_pubkey(in, mdctx, key))
@ -1310,8 +1325,12 @@ static int parse_prvkey(const uint8_t *in, EVP_MD_CTX *mdctx, ML_KEM_KEY *key)
in += vinfo->pubkey_bytes;
/* Check public key hash. */
if (memcmp(key->pkhash, in, ML_KEM_PKHASH_BYTES) != 0)
if (memcmp(key->pkhash, in, ML_KEM_PKHASH_BYTES) != 0) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_KEY,
"%s public key hash mismatch",
vinfo->algorithm_name);
return 0;
}
in += ML_KEM_PKHASH_BYTES;
memcpy(key->z, in, ML_KEM_RANDOM_BYTES);
@ -1405,6 +1424,11 @@ int genkey(const uint8_t seed[ML_KEM_SEED_BYTES],
end:
OPENSSL_cleanse((void *)augmented_seed, ML_KEM_RANDOM_BYTES);
OPENSSL_cleanse((void *)sigma, ML_KEM_RANDOM_BYTES);
if (ret == 0) {
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
"internal error while generating %s private key",
vinfo->algorithm_name);
}
return ret;
}
@ -1430,10 +1454,14 @@ int encap(uint8_t *ctext, uint8_t secret[ML_KEM_SHARED_SECRET_BYTES],
memcpy(input + ML_KEM_RANDOM_BYTES, key->pkhash, ML_KEM_PKHASH_BYTES);
ret = hash_g(Kr, input, sizeof(input), mdctx, key)
&& encrypt_cpa(ctext, entropy, r, tmp, mdctx, key);
OPENSSL_cleanse((void *)input, sizeof(input));
if (ret)
memcpy(secret, Kr, ML_KEM_SHARED_SECRET_BYTES);
OPENSSL_cleanse((void *)input, sizeof(input));
else
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
"internal error while performing %s encapsulation",
key->vinfo->algorithm_name);
return ret;
}
@ -1477,8 +1505,12 @@ int decap(uint8_t secret[ML_KEM_SHARED_SECRET_BYTES],
* The same action is taken, if also |encrypt_cpa| should catastrophically
* fail, due to failure of the |PRF| underlying the CBD functions.
*/
if (!kdf(failure_key, key->z, ctext, vinfo->ctext_bytes, mdctx, key))
if (!kdf(failure_key, key->z, ctext, vinfo->ctext_bytes, mdctx, key)) {
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
"internal error while performing %s decapsulation",
vinfo->algorithm_name);
return 0;
}
decrypt_cpa(decrypted, ctext, tmp, key);
memcpy(decrypted + ML_KEM_SHARED_SECRET_BYTES, pkhash, ML_KEM_PKHASH_BYTES);
if (!hash_g(Kr, decrypted, sizeof(decrypted), mdctx, key)
@ -1550,7 +1582,7 @@ ossl_ml_kem_key_reset(ML_KEM_KEY *key)
*/
if (ossl_ml_kem_have_prvkey(key))
OPENSSL_cleanse(key->s,
key->vinfo->vector_bytes + 2 * ML_KEM_RANDOM_BYTES);
key->vinfo->rank * sizeof(scalar) + 2 * ML_KEM_RANDOM_BYTES);
OPENSSL_free(key->t);
key->d = key->z = (uint8_t *)(key->s = key->m = key->t = NULL);
}
@ -1582,8 +1614,11 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
const ML_KEM_VINFO *vinfo = ossl_ml_kem_get_vinfo(evp_type);
ML_KEM_KEY *key;
if (vinfo == NULL)
if (vinfo == NULL) {
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
"unsupported ML-KEM key type: %d", evp_type);
return NULL;
}
if ((key = OPENSSL_malloc(sizeof(*key))) == NULL)
return NULL;
@ -1602,9 +1637,12 @@ ML_KEM_KEY *ossl_ml_kem_key_new(OSSL_LIB_CTX *libctx, const char *properties,
&& key->shake256_md != NULL
&& key->sha3_256_md != NULL
&& key->sha3_512_md != NULL)
return key;
return key;
ossl_ml_kem_key_free(key);
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
"missing SHA3 digest algorithms while creating %s key",
vinfo->algorithm_name);
return NULL;
}

10
crypto/params_dup.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -190,18 +190,18 @@ OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2)
while (1) {
/* If list1 is finished just tack list2 onto the end */
if (*p1cur == NULL) {
do {
while (*p2cur != NULL) {
*dst++ = **p2cur;
p2cur++;
} while (*p2cur != NULL);
}
break;
}
/* If list2 is finished just tack list1 onto the end */
if (*p2cur == NULL) {
do {
while (*p1cur != NULL) {
*dst++ = **p1cur;
p1cur++;
} while (*p1cur != NULL);
}
break;
}
/* consume the list element with the smaller key */

8
crypto/params_from_text.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -220,9 +220,9 @@ int OSSL_PARAM_print_to_bio(const OSSL_PARAM *p, BIO *bio, int print_values)
BIGNUM *bn;
#ifndef OPENSSL_SYS_UEFI
double d;
int dok;
#endif
int ok = -1;
int dok;
/*
* Iterate through each key in the array printing its key and value
@ -280,16 +280,16 @@ int OSSL_PARAM_print_to_bio(const OSSL_PARAM *p, BIO *bio, int print_values)
case OSSL_PARAM_OCTET_STRING:
ok = BIO_dump(bio, (char *)p->data, p->data_size);
break;
#ifndef OPENSSL_SYS_UEFI
case OSSL_PARAM_REAL:
dok = 0;
#ifndef OPENSSL_SYS_UEFI
dok = OSSL_PARAM_get_double(p, &d);
#endif
if (dok == 1)
ok = BIO_printf(bio, "%f\n", d);
else
ok = BIO_printf(bio, "error getting value\n");
break;
#endif
default:
ok = BIO_printf(bio, "unknown type (%u) of %zu bytes\n",
p->data_type, p->data_size);

26
crypto/perlasm/x86_64-xlate.pl
View file

@ -218,6 +218,25 @@ my @segment_stack = ();
my $current_function;
my %globals;
{ package vex_prefix; # pick up vex prefixes, example: {vex} vpmadd52luq m256, %ymm, %ymm
sub re {
my ($class, $line) = @_;
my $self = {};
my $ret;
if ($$line =~ /(^\{vex\})/) {
bless $self,$class;
$self->{value} = $1;
$ret = $self;
$$line = substr($$line,@+[0]); $$line =~ s/^\s+//;
}
$ret;
}
sub out {
my $self = shift;
$self->{value};
}
}
{ package opcode; # pick up opcodes
sub re {
my ($class, $line) = @_;
@ -1396,7 +1415,11 @@ while(defined(my $line=<>)) {
if (my $directive=directive->re(\$line)) {
printf "%s",$directive->out();
} elsif (my $opcode=opcode->re(\$line)) {
} else {
if (my $vex_prefix=vex_prefix->re(\$line)) {
printf "%s",$vex_prefix->out();
}
if (my $opcode=opcode->re(\$line)) {
my $asm = eval("\$".$opcode->mnemonic());
if ((ref($asm) eq 'CODE') && scalar(my @bytes=&$asm($line))) {
@ -1446,6 +1469,7 @@ while(defined(my $line=<>)) {
} else {
printf "\t%s",$opcode->out();
}
}
}
print $line,"\n";

6
crypto/pkcs7/pk7_smime.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -333,10 +333,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
if (flags & PKCS7_TEXT) {
if (!SMIME_text(tmpout, out)) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR);
BIO_free(tmpout);
goto err;
}
BIO_free(tmpout);
}
/* Now Verify All Signatures */
@ -354,6 +352,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
ret = 1;
err:
if (flags & PKCS7_TEXT)
BIO_free(tmpout);
X509_STORE_CTX_free(cert_ctx);
OPENSSL_free(buf);
if (indata != NULL)

2
crypto/property/property.c
View file

@ -348,7 +348,7 @@ int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov,
/* Insert into the hash table if required */
if (!ossl_property_write_lock(store)) {
OPENSSL_free(impl);
impl_free(impl);
return 0;
}

2
crypto/provider_conf.c
View file

@ -379,7 +379,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
ok = provider_conf_params(NULL, &entry, NULL, value, cnf);
if (ok >= 1 && (entry.path != NULL || entry.parameters != NULL)) {
ok = ossl_provider_info_add_to_store(libctx, &entry);
added = 1;
added = ok;
}
if (added == 0)
ossl_provider_info_clear(&entry);

22
crypto/provider_core.c
View file

@ -1511,6 +1511,16 @@ static int provider_activate_fallbacks(struct provider_store_st *store)
return ret;
}
int ossl_provider_activate_fallbacks(OSSL_LIB_CTX *ctx)
{
struct provider_store_st *store = get_provider_store(ctx);
if (store == NULL)
return 0;
return provider_activate_fallbacks(store);
}
int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx,
int (*cb)(OSSL_PROVIDER *provider,
void *cbdata),
@ -1948,12 +1958,12 @@ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
BIO_printf(trc_out,
"(provider %s) names %s, prop_def %s, desc %s\n",
prov->name,
res->algorithm_names == NULL ? "none" :
res->algorithm_names,
res->property_definition == NULL ? "none" :
res->property_definition,
res->algorithm_description == NULL ? "none" :
res->algorithm_description);
idx->algorithm_names == NULL ? "none" :
idx->algorithm_names,
idx->property_definition == NULL ? "none" :
idx->property_definition,
idx->algorithm_description == NULL ? "none" :
idx->algorithm_description);
}
} else {
BIO_printf(trc_out, "(provider %s) query_operation failed\n", prov->name);

51
crypto/rand/rand_lib.c
View file

@ -289,6 +289,9 @@ const RAND_METHOD *RAND_get_rand_method(void)
if (!RUN_ONCE(&rand_init, do_rand_init))
return NULL;
if (rand_meth_lock == NULL)
return NULL;
if (!CRYPTO_THREAD_read_lock(rand_meth_lock))
return NULL;
tmp_meth = default_RAND_meth;
@ -755,7 +758,7 @@ static EVP_RAND_CTX *rand_new_crngt(OSSL_LIB_CTX *libctx, EVP_RAND_CTX *parent)
*/
static EVP_RAND_CTX *rand_get0_primary(OSSL_LIB_CTX *ctx, RAND_GLOBAL *dgbl)
{
EVP_RAND_CTX *ret;
EVP_RAND_CTX *ret, *seed, *newseed = NULL, *primary;
if (dgbl == NULL)
return NULL;
@ -764,34 +767,26 @@ static EVP_RAND_CTX *rand_get0_primary(OSSL_LIB_CTX *ctx, RAND_GLOBAL *dgbl)
return NULL;
ret = dgbl->primary;
seed = dgbl->seed;
CRYPTO_THREAD_unlock(dgbl->lock);
if (ret != NULL)
return ret;
if (!CRYPTO_THREAD_write_lock(dgbl->lock))
return NULL;
ret = dgbl->primary;
if (ret != NULL) {
CRYPTO_THREAD_unlock(dgbl->lock);
return ret;
}
#if !defined(FIPS_MODULE) || !defined(OPENSSL_NO_FIPS_JITTER)
/* Create a seed source for libcrypto or jitter enabled FIPS provider */
if (dgbl->seed == NULL) {
if (seed == NULL) {
ERR_set_mark();
dgbl->seed = rand_new_seed(ctx);
seed = newseed = rand_new_seed(ctx);
ERR_pop_to_mark();
}
#endif /* !FIPS_MODULE || !OPENSSL_NO_FIPS_JITTER */
#if defined(FIPS_MODULE)
/* The FIPS provider has entropy health tests instead of the primary */
ret = rand_new_crngt(ctx, dgbl->seed);
ret = rand_new_crngt(ctx, seed);
#else /* FIPS_MODULE */
ret = rand_new_drbg(ctx, dgbl->seed, PRIMARY_RESEED_INTERVAL,
ret = rand_new_drbg(ctx, seed, PRIMARY_RESEED_INTERVAL,
PRIMARY_RESEED_TIME_INTERVAL);
#endif /* FIPS_MODULE */
@ -799,12 +794,30 @@ static EVP_RAND_CTX *rand_get0_primary(OSSL_LIB_CTX *ctx, RAND_GLOBAL *dgbl)
* The primary DRBG may be shared between multiple threads so we must
* enable locking.
*/
dgbl->primary = ret;
if (ret != NULL && !EVP_RAND_enable_locking(ret)) {
ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_ENABLE_LOCKING);
EVP_RAND_CTX_free(ret);
ret = dgbl->primary = NULL;
if (ret == NULL || !EVP_RAND_enable_locking(ret)) {
if (ret != NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_ENABLE_LOCKING);
EVP_RAND_CTX_free(ret);
}
if (newseed == NULL)
return NULL;
/* else carry on and store seed */
ret = NULL;
}
if (!CRYPTO_THREAD_write_lock(dgbl->lock))
return NULL;
primary = dgbl->primary;
if (primary != NULL) {
CRYPTO_THREAD_unlock(dgbl->lock);
EVP_RAND_CTX_free(ret);
EVP_RAND_CTX_free(newseed);
return primary;
}
if (newseed != NULL)
dgbl->seed = newseed;
dgbl->primary = ret;
CRYPTO_THREAD_unlock(dgbl->lock);
return ret;

4
crypto/sm3/asm/sm3-armv8.pl
View file

@ -153,13 +153,13 @@ $code.=<<___;
.Loop:
// load input
ld1 {$s0.16b-$s3.16b}, [$pdata], #64
ld1 {$s0.4s-$s3.4s}, [$pdata], #64
sub $num, $num, #1
mov $bkstate1.16b, $state1.16b
mov $bkstate2.16b, $state2.16b
#ifndef __ARMEB__
#ifndef __AARCH64EB__
rev32 $s0.16b, $s0.16b
rev32 $s1.16b, $s1.16b
rev32 $s2.16b, $s2.16b

8
crypto/sm4/asm/sm4-armv8.pl
View file

@ -32,7 +32,7 @@ sub rev32() {
my $dst = shift;
my $src = shift;
$code.=<<___;
#ifndef __ARMEB__
#ifndef __AARCH64EB__
rev32 $dst.16b,$src.16b
#endif
___
@ -404,7 +404,7 @@ ___
&enc_blk($ivec);
&rev32($ivec,$ivec);
$code.=<<___;
st1 {$ivec.16b},[$out],#16
st1 {$ivec.4s},[$out],#16
b.ne 1b
b 3f
.Ldec:
@ -485,11 +485,11 @@ ___
$code.=<<___;
eor @dat[0].16b,@dat[0].16b,$ivec.16b
mov $ivec.16b,@in[0].16b
st1 {@dat[0].16b},[$out],#16
st1 {@dat[0].4s},[$out],#16
b.ne 1b
3:
// save back IV
st1 {$ivec.16b},[$ivp]
st1 {$ivec.4s},[$ivp]
ldp d8,d9,[sp],#16
ret
.size ${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt

15
crypto/store/store_result.c
View file

@ -153,8 +153,19 @@ int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg)
goto err;
ERR_pop_to_mark();
if (*v == NULL)
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_UNSUPPORTED);
if (*v == NULL) {
const char *hint = "";
if (!OSSL_PROVIDER_available(libctx, "default"))
hint = ":maybe need to load the default provider?";
if (provider != NULL)
ERR_raise_data(ERR_LIB_OSSL_STORE, ERR_R_UNSUPPORTED, "provider=%s%s",
OSSL_PROVIDER_get0_name(provider), hint);
else if (hint[0] != '\0')
ERR_raise_data(ERR_LIB_OSSL_STORE, ERR_R_UNSUPPORTED, "%s", hint);
else
ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_UNSUPPORTED);
}
return (*v != NULL);
err:

33
crypto/threads_none.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -153,18 +153,28 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
# define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256
static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
struct thread_local_storage_entry {
void *data;
uint8_t used;
};
static struct thread_local_storage_entry thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
{
static unsigned int thread_local_key = 0;
int entry_idx = 0;
if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
for (entry_idx = 0; entry_idx < OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX; entry_idx++) {
if (!thread_local_storage[entry_idx].used)
break;
}
if (entry_idx == OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
return 0;
*key = thread_local_key++;
thread_local_storage[*key] = NULL;
*key = entry_idx;
thread_local_storage[*key].used = 1;
thread_local_storage[*key].data = NULL;
return 1;
}
@ -174,7 +184,7 @@ void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
return NULL;
return thread_local_storage[*key];
return thread_local_storage[*key].data;
}
int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
@ -182,13 +192,18 @@ int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
return 0;
thread_local_storage[*key] = val;
thread_local_storage[*key].data = val;
return 1;
}
int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
{
if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
return 0;
thread_local_storage[*key].used = 0;
thread_local_storage[*key].data = NULL;
*key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1;
return 1;
}

4
crypto/threads_pthread.c
View file

@ -624,7 +624,7 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
__owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
{
# ifdef USE_RWLOCK
if (pthread_rwlock_rdlock(lock) != 0)
if (!ossl_assert(pthread_rwlock_rdlock(lock) == 0))
return 0;
# else
if (pthread_mutex_lock(lock) != 0) {
@ -639,7 +639,7 @@ __owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
__owur int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
{
# ifdef USE_RWLOCK
if (pthread_rwlock_wrlock(lock) != 0)
if (!ossl_assert(pthread_rwlock_wrlock(lock) == 0))
return 0;
# else
if (pthread_mutex_lock(lock) != 0) {

16
crypto/ts/ts_rsp_sign.c
View file

@ -648,8 +648,12 @@ static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si,
}
OPENSSL_free(pp);
return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
V_ASN1_SEQUENCE, seq);
if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
V_ASN1_SEQUENCE, seq)) {
ASN1_STRING_free(seq);
return 0;
}
return 1;
}
static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
@ -671,8 +675,12 @@ static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
}
OPENSSL_free(pp);
return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
V_ASN1_SEQUENCE, seq);
if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
V_ASN1_SEQUENCE, seq)) {
ASN1_STRING_free(seq);
return 0;
}
return 1;
}
static int ts_RESP_sign(TS_RESP_CTX *ctx)

52
crypto/ui/ui_lib.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -205,6 +205,7 @@ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
char *result_buf, int minsize, int maxsize)
{
char *prompt_copy = NULL;
int ret;
if (prompt != NULL) {
prompt_copy = OPENSSL_strdup(prompt);
@ -212,9 +213,13 @@ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
return 0;
}
return general_allocate_string(ui, prompt_copy, 1,
UIT_PROMPT, flags, result_buf, minsize,
maxsize, NULL);
ret = general_allocate_string(ui, prompt_copy, 1,
UIT_PROMPT, flags, result_buf, minsize,
maxsize, NULL);
if (ret <= 0)
OPENSSL_free(prompt_copy);
return ret;
}
int UI_add_verify_string(UI *ui, const char *prompt, int flags,
@ -231,6 +236,7 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
const char *test_buf)
{
char *prompt_copy = NULL;
int ret;
if (prompt != NULL) {
prompt_copy = OPENSSL_strdup(prompt);
@ -238,9 +244,12 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
return -1;
}
return general_allocate_string(ui, prompt_copy, 1,
UIT_VERIFY, flags, result_buf, minsize,
maxsize, test_buf);
ret = general_allocate_string(ui, prompt_copy, 1,
UIT_VERIFY, flags, result_buf, minsize,
maxsize, test_buf);
if (ret <= 0)
OPENSSL_free(prompt_copy);
return ret;
}
int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
@ -260,6 +269,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
char *action_desc_copy = NULL;
char *ok_chars_copy = NULL;
char *cancel_chars_copy = NULL;
int ret;
if (prompt != NULL) {
prompt_copy = OPENSSL_strdup(prompt);
@ -285,9 +295,14 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
goto err;
}
return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
ok_chars_copy, cancel_chars_copy, 1,
UIT_BOOLEAN, flags, result_buf);
ret = general_allocate_boolean(ui, prompt_copy, action_desc_copy,
ok_chars_copy, cancel_chars_copy, 1,
UIT_BOOLEAN, flags, result_buf);
if (ret <= 0)
goto err;
return ret;
err:
OPENSSL_free(prompt_copy);
OPENSSL_free(action_desc_copy);
@ -305,6 +320,7 @@ int UI_add_info_string(UI *ui, const char *text)
int UI_dup_info_string(UI *ui, const char *text)
{
char *text_copy = NULL;
int ret;
if (text != NULL) {
text_copy = OPENSSL_strdup(text);
@ -312,8 +328,11 @@ int UI_dup_info_string(UI *ui, const char *text)
return -1;
}
return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
0, 0, NULL);
ret = general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
0, 0, NULL);
if (ret <= 0)
OPENSSL_free(text_copy);
return ret;
}
int UI_add_error_string(UI *ui, const char *text)
@ -325,14 +344,19 @@ int UI_add_error_string(UI *ui, const char *text)
int UI_dup_error_string(UI *ui, const char *text)
{
char *text_copy = NULL;
int ret;
if (text != NULL) {
text_copy = OPENSSL_strdup(text);
if (text_copy == NULL)
return -1;
}
return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
0, 0, NULL);
ret = general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
0, 0, NULL);
if (ret <= 0)
OPENSSL_free(text_copy);
return ret;
}
char *UI_construct_prompt(UI *ui, const char *phrase_desc,

118
crypto/x509/by_store.c
View file

@ -7,23 +7,34 @@
* https://www.openssl.org/source/license.html
*/
#include <openssl/safestack.h>
#include <openssl/store.h>
#include "internal/cryptlib.h"
#include "crypto/x509.h"
#include "x509_local.h"
typedef struct cached_store_st {
char *uri;
OSSL_LIB_CTX *libctx;
char *propq;
OSSL_STORE_CTX *ctx;
} CACHED_STORE;
DEFINE_STACK_OF(CACHED_STORE)
/* Generic object loader, given expected type and criterion */
static int cache_objects(X509_LOOKUP *lctx, const char *uri,
const OSSL_STORE_SEARCH *criterion,
int depth, OSSL_LIB_CTX *libctx, const char *propq)
static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store,
const OSSL_STORE_SEARCH *criterion, int depth)
{
int ok = 0;
OSSL_STORE_CTX *ctx = NULL;
OSSL_STORE_CTX *ctx = store->ctx;
X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL,
NULL, NULL)) == NULL)
if (ctx == NULL
&& (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq,
NULL, NULL, NULL, NULL, NULL)) == NULL)
return 0;
store->ctx = ctx;
/*
* We try to set the criterion, but don't care if it was valid or not.
@ -62,9 +73,15 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
* This is an entry in the "directory" represented by the current
* uri. if |depth| allows, dive into it.
*/
if (depth > 0)
ok = cache_objects(lctx, OSSL_STORE_INFO_get0_NAME(info),
criterion, depth - 1, libctx, propq);
if (depth > 0) {
CACHED_STORE substore;
substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info);
substore.libctx = store->libctx;
substore.propq = store->propq;
substore.ctx = NULL;
ok = cache_objects(lctx, &substore, criterion, depth - 1);
}
} else {
/*
* We know that X509_STORE_add_{cert|crl} increments the object's
@ -88,21 +105,26 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
break;
}
OSSL_STORE_close(ctx);
store->ctx = NULL;
return ok;
}
/* Because OPENSSL_free is a macro and for C type match */
static void free_uri(OPENSSL_STRING data)
static void free_store(CACHED_STORE *store)
{
OPENSSL_free(data);
if (store != NULL) {
OSSL_STORE_close(store->ctx);
OPENSSL_free(store->uri);
OPENSSL_free(store->propq);
OPENSSL_free(store);
}
}
static void by_store_free(X509_LOOKUP *ctx)
{
STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
sk_OPENSSL_STRING_pop_free(uris, free_uri);
STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
sk_CACHED_STORE_pop_free(stores, free_store);
}
static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
@ -112,27 +134,49 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
switch (cmd) {
case X509_L_ADD_STORE:
if (argp != NULL) {
STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
char *data = OPENSSL_strdup(argp);
STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store));
if (data == NULL) {
if (store == NULL) {
return 0;
}
if (uris == NULL) {
uris = sk_OPENSSL_STRING_new_null();
X509_LOOKUP_set_method_data(ctx, uris);
store->uri = OPENSSL_strdup(argp);
store->libctx = libctx;
if (propq != NULL)
store->propq = OPENSSL_strdup(propq);
store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL,
NULL, NULL, NULL);
if (store->ctx == NULL
|| (propq != NULL && store->propq == NULL)
|| store->uri == NULL) {
free_store(store);
return 0;
}
if (sk_OPENSSL_STRING_push(uris, data) <= 0) {
OPENSSL_free(data);
if (stores == NULL) {
stores = sk_CACHED_STORE_new_null();
if (stores != NULL)
X509_LOOKUP_set_method_data(ctx, stores);
}
if (stores == NULL || sk_CACHED_STORE_push(stores, store) <= 0) {
free_store(store);
return 0;
}
return 1;
}
/* NOP if no URI is given. */
return 1;
case X509_L_LOAD_STORE:
case X509_L_LOAD_STORE: {
/* This is a shortcut for quick loading of specific containers */
return cache_objects(ctx, argp, NULL, 0, libctx, propq);
CACHED_STORE store;
store.uri = (char *)argp;
store.libctx = libctx;
store.propq = (char *)propq;
store.ctx = NULL;
return cache_objects(ctx, &store, NULL, 0);
}
default:
/* Unsupported command */
return 0;
@ -146,16 +190,15 @@ static int by_store_ctrl(X509_LOOKUP *ctx, int cmd,
}
static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret,
OSSL_LIB_CTX *libctx, const char *propq)
const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret)
{
STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
int i;
int ok = 0;
for (i = 0; i < sk_OPENSSL_STRING_num(uris); i++) {
ok = cache_objects(ctx, sk_OPENSSL_STRING_value(uris, i), criterion,
1 /* depth */, libctx, propq);
for (i = 0; i < sk_CACHED_STORE_num(stores); i++) {
ok = cache_objects(ctx, sk_CACHED_STORE_value(stores, i), criterion,
1 /* depth */);
if (ok)
break;
@ -163,13 +206,12 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
return ok;
}
static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
const X509_NAME *name, X509_OBJECT *ret,
OSSL_LIB_CTX *libctx, const char *propq)
static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
const X509_NAME *name, X509_OBJECT *ret)
{
OSSL_STORE_SEARCH *criterion =
OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */
int ok = by_store(ctx, type, criterion, ret, libctx, propq);
int ok = by_store(ctx, type, criterion, ret);
STACK_OF(X509_OBJECT) *store_objects =
X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx));
X509_OBJECT *tmp = NULL;
@ -217,12 +259,6 @@ static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
return ok;
}
static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
const X509_NAME *name, X509_OBJECT *ret)
{
return by_store_subject_ex(ctx, type, name, ret, NULL, NULL);
}
/*
* We lack the implementations for get_by_issuer_serial, get_by_fingerprint
* and get_by_alias. There's simply not enough support in the X509_LOOKUP
@ -240,7 +276,7 @@ static X509_LOOKUP_METHOD x509_store_lookup = {
NULL, /* get_by_issuer_serial */
NULL, /* get_by_fingerprint */
NULL, /* get_by_alias */
by_store_subject_ex,
NULL, /* get_by_subject_ex */
by_store_ctrl_ex
};

8
crypto/x509/v3_lib.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -100,7 +100,11 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
*tmpext = *ext;
tmpext->ext_nid = nid_to;
tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
return X509V3_EXT_add(tmpext);
if (!X509V3_EXT_add(tmpext)) {
OPENSSL_free(tmpext);
return 0;
}
return 1;
}
void X509V3_EXT_cleanup(void)

6
demos/bio/sconnect.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -74,8 +74,10 @@ int main(int argc, char *argv[])
/* The BIO has parsed the host:port and even IPv6 literals in [] */
hostname = BIO_get_conn_hostname(out);
if (!hostname || SSL_set1_host(ssl, hostname) <= 0)
if (!hostname || SSL_set1_host(ssl, hostname) <= 0) {
BIO_free(ssl_bio);
goto err;
}
BIO_set_nbio(out, 1);
out = BIO_push(ssl_bio, out);

4
demos/guide/tls-client-block.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -174,7 +174,7 @@ int main(int argc, char *argv[])
*/
bio = create_socket_bio(hostname, port, ipv6 ? AF_INET6 : AF_INET);
if (bio == NULL) {
printf("Failed to crete the BIO\n");
printf("Failed to create the BIO\n");
goto end;
}
SSL_set_bio(ssl, bio, bio);

17
demos/sslecho/main.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -23,7 +23,7 @@
static const int server_port = 4433;
typedef unsigned char bool;
typedef unsigned char flag;
#define true 1
#define false 0
@ -31,9 +31,9 @@ typedef unsigned char bool;
* This flag won't be useful until both accept/read (TCP & SSL) methods
* can be called with a timeout. TBD.
*/
static volatile bool server_running = true;
static volatile flag server_running = true;
static int create_socket(bool isServer)
static int create_socket(flag isServer)
{
int s;
int optval = 1;
@ -71,7 +71,7 @@ static int create_socket(bool isServer)
return s;
}
static SSL_CTX* create_context(bool isServer)
static SSL_CTX *create_context(flag isServer)
{
const SSL_METHOD *method;
SSL_CTX *ctx;
@ -135,7 +135,7 @@ static void usage(void)
#define BUFFERSIZE 1024
int main(int argc, char **argv)
{
bool isServer;
flag isServer;
int result;
SSL_CTX *ssl_ctx = NULL;
@ -264,6 +264,11 @@ int main(int argc, char **argv)
SSL_shutdown(ssl);
SSL_free(ssl);
close(client_skt);
/*
* Set client_skt to -1 to avoid double close when
* server_running become false before next accept
*/
client_skt = -1;
}
}
printf("Server exiting...\n");

86
doc/designs/fetching-composite-algorithms.md
View file

@ -20,19 +20,19 @@ Public API - Add variants of `EVP_PKEY_CTX` initializers
As far as this design is concerned, these API sets are affected:
- SIGNATURE (DigestSign and DigestVerify)
- SIGNATURE
- ASYM_CIPHER
- KEYEXCH
The proposal is to add these functions:
The proposal is to add these initializer functions:
``` C
EVP_DigestSignInit_ex2(EVP_PKEY_CTX **pctx,
EVP_SIGNATURE *sig, EVP_PKEY *pkey,
OSSL_LIB_CTX *libctx, const OSSL_PARAM params[]);
EVP_DigestVerifyInit_ex2(EVP_PKEY_CTX **pctx,
EVP_SIGNATURE *sig, EVP_PKEY *pkey,
OSSL_LIB_CTX *libctx, const OSSL_PARAM params[]);
int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *pctx,
EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *pctx,
EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *pctx,
EVP_SIGNATURE *algo, const OSSL_PARAM params[]);
int EVP_PKEY_encrypt_init_ex2(EVP_PKEY_CTX *ctx, EVP_ASYM_CIPHER *asymciph,
const OSSL_PARAM params[]);
@ -43,68 +43,12 @@ int EVP_PKEY_derive_init_ex2(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange,
const OSSL_PARAM params[]);
```
Because `EVP_SIGNATURE`, `EVP_ASYM_CIPHER` and `EVP_KEYEXCH` aren't limited
to composite algorithms, these functions can be used just as well with
explicit fetches of simple algorithms, say "RSA". In that case, the caller
will need to pass necessary auxiliary parameters through the `OSSL_PARAM` or
a call to a corresponding `set_params` function.
Detailed proposal for these APIs will be or are prepared in other design
documents:
Requirements on the providers
-----------------------------
Because it's not immediately obvious from a composite algorithm name what
key type it requires / supports, at least in code, allowing the use of an
explicitly fetched implementation of a composite algorithm requires that
providers cooperate by declaring what key type is required / supported by
each algorithm.
For non-composite operation algorithms (like "RSA"), this is not necessary,
see the fallback strategies below.
There are two ways this could be implemented:
1. through an added provider function that would work like keymgmt's
`query_operation_name` function, but would return a key type name
instead:
``` C
# define OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPE 26
OSSL_CORE_MAKE_FUNC(const char *, signature_query_key_type, (void))
# define OSSL_FUNC ASYM_CIPHER_QUERY_KEY_TYPE 12
OSSL_CORE_MAKE_FUNC(const char *, asym_cipher_query_key_type, (void))
# define OSSL_FUNC_KEYEXCH_QUERY_KEY_TYPE 11
OSSL_CORE_MAKE_FUNC(const char *, keyexch_query_key_type, (void))
```
2. through a gettable `OSSL_PARAM`, using the param identity "keytype"
Fallback strategies
-------------------
Because existing providers haven't been updated to declare composite
algorithms, or to respond to the key type query, some fallback strategies
will be needed to find out if the `EVP_PKEY` key type is possible to use
with the fetched algorithm:
- Check if the fetched operation name matches the key type (keymgmt name)
of the `EVP_PKEY` that's involved in the operation. For example, this
is useful when someone fetched the `EVP_SIGNATURE` "RSA".
- Check if the fetched algorithm name matches the name returned by the
keymgmt's `query_operation_name` function. For example, this is useful
when someone fetched the `EVP_SIGNATURE` "ECDSA", for which the key type
to use is "EC".
- libcrypto currently has knowledge of some composite algorithm names and
what they are composed of, accessible with `OBJ_find_sigid_algs` and
similar functionality. This knowledge is regarded legacy, but can be
used to figure out the key type.
If none of these strategies work out, the operation initialization should
fail.
These strategies have their limitations, but the built-in legacy knowledge
we currently have in libcrypto should be enough to cover most bases.
- [Functions for explicitly fetched signature algorithms]
- [Functions for explicitly fetched asym-cipher algorithms] (not yet designed)
- [Functions for explicitly fetched keyexch algorithms] (not yet designed)
-----
@ -185,3 +129,7 @@ This is hurtful in multiple ways:
use the result.
- It fails discoverability, for example through the `openssl list`
command.
<!-- links -->
[Functions for explicitly fetched signature algorithms]:
functions-for-explicitly-fetched-signature-algorithms.md

205
doc/designs/functions-for-explicitly-fetched-signature-algorithms.md Normal file
View file

@ -0,0 +1,205 @@
Functions for explicitly fetched PKEY algorithms
================================================
Quick background
----------------
There are several proposed designs that end up revolving around the same
basic need, explicitly fetched signature algorithms. The following method
type is affected by this document:
- `EVP_SIGNATURE`
Public API - Add variants of `EVP_PKEY_CTX` functionality
---------------------------------------------------------
Through OTC discussions, it's been determined that the most suitable APIs to
touch are the of `EVP_PKEY_` functions.
Specifically, `EVP_PKEY_sign()`, `EVP_PKEY_verify()`, `EVP_PKEY_verify_recover()`
and related functions.
They can be extended to accept an explicitly fetched algorithm of the right
type, and to be able to incrementally process indefinite length data streams
when the fetched algorithm permits it (for example, RSA-SHA256).
It must be made clear that the added functionality cannot be used to compose
an algorithm from different parts. For example, it's not possible to specify
a `EVP_SIGNATURE` "RSA" and combine it with a parameter that specifies the
hash "SHA256" to get the "RSA-SHA256" functionality. For an `EVP_SIGNATURE`
"RSA", the input is still expected to be a digest, or some other input that's
limited to the modulus size of the RSA pkey.
### Making things less confusing with distinct function names
Until now, `EVP_PKEY_sign()` and friends were only expected to act on the
pre-computed digest of a message (under the condition that proper flags
and signature md are specified using functions like
`EVP_PKEY_CTX_set_rsa_padding()` and `EVP_PKEY_CTX_set_signature_md()`),
or to act as "primitive" [^1] functions (under the condition that proper
flags are specified, like `RSA_NO_PADDING` for RSA signatures).
This design proposes an extension to also allow full (not pre-hashed)
messages to be passed, in a streaming style through an *update* and a
*final* function.
Discussions have revealed that it is potentially confusing to conflate the
current functionality with streaming style functionality into the same name,
so this design separates those out with specific init / update / final
functions for that purpose. For oneshot functionality, `EVP_PKEY_sign()`
and `EVP_PKEY_verify()` remain supported.
[^1]: the term "primitive" is borrowed from [PKCS#1](https://www.rfc-editor.org/rfc/rfc8017#section-5)
### Making it possible to verify with an early signature
Some more recent verification algorithms need to obtain the signature
before processing the data.
This is particularly important for streaming modes of operation.
This design proposes a mechanism to accomodate these algorithms
and modes of operation.
New public API - API Reference
------------------------------
### For limited input size / oneshot signing with `EVP_SIGNATURE`
``` C
int EVP_PKEY_sign_init_ex2(EVP_PKEY_CTX *pctx,
EVP_SIGNATURE *algo,
const OSSL_PARAM params[]);
```
### For signing a stream with `EVP_SIGNATURE`
``` C
int EVP_PKEY_sign_message_init(EVP_PKEY_CTX *pctx,
EVP_SIGNATURE *algo,
const OSSL_PARAM params[]);
int EVP_PKEY_sign_message_update(EVP_PKEY_CTX *ctx,
const unsigned char *in,
size_t inlen);
int EVP_PKEY_sign_message_final(EVP_PKEY_CTX *ctx,
unsigned char *sig,
size_t *siglen);
#define EVP_PKEY_sign_message(ctx,sig,siglen,tbs,tbslen) \
EVP_PKEY_sign(ctx,sig,siglen,tbs,tbslen)
```
### For limited input size / oneshot verification with `EVP_SIGNATURE`
``` C
int EVP_PKEY_verify_init_ex2(EVP_PKEY_CTX *pctx,
EVP_SIGNATURE *algo,
const OSSL_PARAM params[]);
```
### For verifying a stream with `EVP_SIGNATURE`
``` C
/* Initializers */
int EVP_PKEY_verify_message_init(EVP_PKEY_CTX *pctx,
EVP_SIGNATURE *algo,
const OSSL_PARAM params[]);
/* Signature setter */
int EVP_PKEY_CTX_set_signature(EVP_PKEY_CTX *pctx,
unsigned char *sig, size_t siglen,
size_t sigsize);
/* Update and final */
int EVP_PKEY_verify_message_update(EVP_PKEY_CTX *ctx,
const unsigned char *in,
size_t inlen);
int EVP_PKEY_verify_message_final(EVP_PKEY_CTX *ctx);
#define EVP_PKEY_verify_message(ctx,sig,siglen,tbs,tbslen) \
EVP_PKEY_verify(ctx,sig,siglen,tbs,tbslen)
```
### For verify_recover with `EVP_SIGNATURE`
Preliminary feedback suggests that a streaming interface is uninteresting for
verify_recover, so we only specify a new init function.
``` C
/* Initializers */
int EVP_PKEY_verify_recover_init_ex2(EVP_PKEY_CTX *pctx,
EVP_SIGNATURE *algo,
const OSSL_PARAM params[]);
```
Requirements on the providers
-----------------------------
Because it's not immediately obvious from a composite algorithm name what
key type ("RSA", "EC", ...) it requires / supports, at least in code, allowing
the use of an explicitly fetched implementation of a composite algorithm
requires that providers cooperate by declaring what key type is required /
supported by each algorithm.
For non-composite operation algorithms (like "RSA"), this is not necessary,
see the fallback strategies below.
This is to be implemented through an added provider function that would work
like keymgmt's `query_operation_name` function, but would return a NULL
terminated array of key type name instead:
``` C
# define OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPE 26
OSSL_CORE_MAKE_FUNC(const char **, signature_query_key_type, (void))
```
Furthermore, the distinction of intent, i.e. whether the input is expected
to be a pre-hashed digest or the original message, must be passed on to the
provider. Because we already distinguish that with function names in the
public API, we use the same mapping in the provider interface.
The already existing `signature_sign` and `signature_verify` remain as they
are, and can be combined with message init calls.
``` C
# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT 27
# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE 28
# define OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL 29
OSSL_CORE_MAKE_FUNC(int, signature_sign_message_init,
(void *ctx, void *provkey, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, signature_sign_message_update,
(void *ctx, const unsigned char *in, size_t inlen))
OSSL_CORE_MAKE_FUNC(int, signature_sign_message_final,
(void *ctx, unsigned char *sig, size_t *siglen, size_t sigsize))
# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT 30
# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE 31
# define OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL 32
OSSL_CORE_MAKE_FUNC(int, signature_verify_message_init,
(void *ctx, void *provkey, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, signature_verify_message_update,
(void *ctx, const unsigned char *in, size_t inlen))
/*
* signature_verify_message_final requires that the signature to be verified
* against is specified via an OSSL_PARAM.
*/
OSSL_CORE_MAKE_FUNC(int, signature_verify_message_final, (void *ctx))
```
Fallback strategies
-------------------
Because existing providers haven't been updated to respond to the key type
query, some fallback strategies will be needed for the init calls that take
an explicitly fetched `EVP_SIGNATURE` argument (they can at least be used
for pre-hashed digest operations). To find out if the `EVP_PKEY` key type
is possible to use with the explicitly fetched algorithm, the following
fallback strategies may be used.
- Check if the fetched operation name matches the key type (keymgmt name)
of the `EVP_PKEY` that's involved in the operation. For example, this
is useful when someone fetched the `EVP_SIGNATURE` "RSA". This requires
very little modification, as this is already done with the initializer
functions that fetch the algorithm implicitly.
- Check if the fetched algorithm name matches the name returned by the
keymgmt's `query_operation_name` function. For example, this is useful
when someone fetched the `EVP_SIGNATURE` "ECDSA", for which the key type
to use is "EC". This requires very little modification, as this is
already done with the initializer functions that fetch the algorithm
implicitly.
If none of these strategies work out, the operation initialization should
fail.

124
doc/man1/openssl-pkeyutl.pod.in
View file

@ -437,10 +437,100 @@ for the B<-pkeyopt> B<digest> option.
The X25519 and X448 algorithms support key derivation only. Currently there are
no additional options.
=head2 SLH-DSA ALGORITHMS
The SLH-DSA algorithms (SLH-DSA-SHA2-128s, SLH-DSA-SHA2-128f, SLH-DSA-SHA2-192s, SLH-DSA-SHA2-192f, SLH-DSA-SHA2-256s, SLH-DSA-SHA2-256f) are post-quantum signature algorithms. When using SLH-DSA with pkeyutl, the following options are available:
=over 4
=item B<-sign>
Sign the input data using an SLH-DSA private key. For example:
$ openssl pkeyutl -sign -in file.txt -inkey slhdsa.pem -out sig
=item B<-verify>
Verify the signature using an SLH-DSA public key. For example:
$ openssl pkeyutl -verify -in file.txt -inkey slhdsa.pem -sigfile sig
=back
See L<EVP_PKEY-SLH-DSA(7)> and L<EVP_SIGNATURE-SLH-DSA(7)> for additional details about the SLH-DSA algorithm and its implementation.
=head1 ML-DSA-44, ML-DSA-65 AND ML-DSA-87 ALGORITHMS
The B<ML-DSA> algorithms support signing and verification of "raw" messages.
No preliminary hashing is performed.
The ML-DSA algorithms are post-quantum signature algorithms that support signing and verification of "raw" messages.
No preliminary hashing is performed. When using ML-DSA with pkeyutl, the following options are available:
=over 4
=item B<-sign>
Sign the input data using an ML-DSA private key. For example:
$ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig
=item B<-verify>
Verify the signature using an ML-DSA public key. For example:
$ openssl pkeyutl -verify -in file.txt -inkey mldsa65.pem -sigfile sig
=item B<-pkeyopt> I<opt>:I<value>
Additional options for ML-DSA signing and verification:
=over 4
=item B<message-encoding>:I<value>
Specifies the message encoding mode used for signing. This controls how the input message is processed before signing. Valid values are described in L<EVP_SIGNATURE-ML-DSA(7)>. For example:
$ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt message-encoding:1
=item B<test-entropy>:I<value>
Specifies a test entropy value for deterministic signing. For example:
$ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt test-entropy:abcdefghijklmnopqrstuvwxyz012345
=item B<hextest-entropy>:I<value>
Specifies a test entropy value in hex format. For example:
$ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt hextest-entropy:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
=item B<deterministic>:I<value>
Enables deterministic signing. For example:
$ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt deterministic:1
=item B<mu>:I<value>
Specifies the mu parameter. For example:
$ echo -n "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" >file.txt
$ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt mu:1
=back
=item B<context-string>:I<string>
Specifies a context string for both signing and verification operations. The context string must be the same for verification to succeed. For example:
$ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt context-string:mycontext
$ openssl pkeyutl -verify -in file.txt -inkey mldsa65.pem -sigfile sig -pkeyopt context-string:mycontext
=item B<hexcontext-string>:I<string>
Specifies a context string in hex format, allowing binary control values. For example:
$ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt hexcontext-string:6d79636f6e74657874
=back
The signing operation supports a B<deterministic>:I<bool> option,
with I<bool> set to C<1> if a deterministic signature is to be generated
@ -450,7 +540,7 @@ A deterministic result can also be obtained by specifying an explicit
entropy value via the B<hextest-entropy>:I<value> parameter.
Deterministic B<ML-DSA> signing should only be used in tests.
See L<EVP_SIGNATURE-ML-DSA(7)> for additional options and detail.
See L<EVP_SIGNATURE-ML-DSA(7)> for additional details about the ML-DSA algorithms and their implementation.
=head1 ML-KEM-512, ML-KEM-768 AND ML-KEM-1024 ALGORITHMS
@ -549,6 +639,34 @@ Decrypt some data using a private key with OAEP padding using SHA256:
openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \
-pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
Create an ML-DSA key pair and sign data with a specific context string:
$ openssl genpkey -algorithm ML-DSA-65 -out mldsa65.pem
$ openssl pkeyutl -sign -in file.txt -inkey mldsa65.pem -out sig -pkeyopt context-string:example
Verify a signature using ML-DSA with the same context string:
$ openssl pkeyutl -verify -in file.txt -inkey mldsa65.pem -sigfile sig -pkeyopt context-string:example
Generate an ML-KEM key pair and use it for encapsulation:
$ openssl genpkey -algorithm ML-KEM-768 -out mlkem768.pem
$ openssl pkey -in mlkem768.pem -pubout -out mlkem768_pub.pem
$ openssl pkeyutl -encap -inkey mlkem768_pub.pem -pubin -out ciphertext -secret shared_secret.bin
Decapsulate a shared secret using an ML-KEM private key:
$ openssl pkeyutl -decap -inkey mlkem768.pem -in ciphertext -secret decapsulated_secret.bin
Create an SLH-DSA key pair and sign data:
$ openssl genpkey -algorithm SLH-DSA-SHA2-128s -out slh-dsa.pem
$ openssl pkeyutl -sign -in file.txt -inkey slh-dsa.pem -out sig
Verify a signature using SLH-DSA:
$ openssl pkeyutl -verify -in file.txt -inkey slh-dsa.pem -sigfile sig
=head1 SEE ALSO
L<openssl(1)>,

4
doc/man1/openssl-s_client.pod.in
View file

@ -507,12 +507,12 @@ by some servers.
=item B<-ign_eof>
Inhibit shutting down the connection when end of file is reached in the
input.
input. This implicitly turns on B<-nocommands> as well.
=item B<-quiet>
Inhibit printing of session and certificate information. This implicitly
turns on B<-ign_eof> as well.
turns on B<-ign_eof> and B<-nocommands> as well.
=item B<-no_ign_eof>

4
doc/man3/CMS_get0_SignerInfos.pod
View file

@ -38,7 +38,7 @@ CMS_SignerInfo_cert_cmp() compares the certificate B<cert> against the signer
identifier B<si>. It returns zero if the comparison is successful and non zero
if not.
CMS_SignerInfo_set1_signer_cert() sets the signers certificate of B<si> to
CMS_SignerInfo_set1_signer_cert() sets the signer's certificate of B<si> to
B<signer>.
=head1 NOTES
@ -80,7 +80,7 @@ L<ERR_get_error(3)>, L<CMS_verify(3)>
=head1 COPYRIGHT
Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
doc/man3/CMS_sign.pod
View file

@ -97,7 +97,7 @@ can be performed by obtaining the streaming ASN1 B<BIO> directly using
BIO_new_CMS().
If a signer is specified it will use the default digest for the signing
algorithm. This is B<SHA1> for both RSA and DSA keys.
algorithm. This is B<SHA256> for both RSA and DSA keys.
If B<signcert> and B<pkey> are NULL then a certificates only CMS structure is
output.
@ -136,7 +136,7 @@ certificates in their I<certs> argument and no longer throw an error for them.
=head1 COPYRIGHT
Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

13
doc/man3/DTLS_set_timer_cb.pod
View file

@ -20,6 +20,17 @@ This function sets an optional callback function for controlling the
timeout interval on the DTLS protocol. The callback function will be
called by DTLS for every new DTLS packet that is sent.
The callback should return the timeout interval in micro seconds.
The I<timer_us> parameter of the callback is the last set timeout
interval returned. On the first invocation of the callback,
this value will be 0.
At the beginning of the connection, if no timeout callback has been
set via DTLS_set_timer_cb(), the default timeout value is 1 second.
For all subsequent timeouts, the default behavior is to double the
duration up to a maximum of 1 minute.
=head1 RETURN VALUES
Returns void.
@ -30,7 +41,7 @@ The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

9
doc/man3/EVP_PKEY_CTX_new.pod
View file

@ -49,8 +49,11 @@ used when no B<EVP_PKEY> structure is associated with the operations,
for example during parameter generation or key generation for some
algorithms.
EVP_PKEY_CTX_dup() duplicates the context I<ctx>. It is not supported for a
keygen operation.
EVP_PKEY_CTX_dup() duplicates the context I<ctx>.
It is not supported for a keygen operation.
It is however possible to duplicate a context freshly created via any of the
above C<new> functions, provided L<EVP_PKEY_keygen_init(3)> has not yet been
called on the source context, and then use the copy for key generation.
EVP_PKEY_CTX_free() frees up the context I<ctx>.
If I<ctx> is NULL, nothing is done.
@ -122,7 +125,7 @@ added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
doc/man3/EVP_PKEY_encapsulate.pod
View file

@ -30,14 +30,14 @@ key that is used during encapsulation.
The EVP_PKEY_encapsulate() function performs a public key encapsulation
operation using I<ctx>.
The shared secret writen to I<genkey> can be used as an input for key
The shared secret written to I<genkey> can be used as an input for key
derivation, typically for various symmetric algorithms.
Its size is written to I<genkeylen>, which must be initialised to the
size of the provided buffer.
The ciphertext written to I<wrappedkey> is an encapsulated form, which
is expected to be only usable by the holder of the private key corresponding
to wthe public key associated with I<ctx>.
to the public key associated with I<ctx>.
This ciphertext is then communicated to the private-key holder, who can use
L<EVP_PKEY_decapsulate(3)> to securely recover the same shared secret.

4
doc/man3/EVP_PKEY_new.pod
View file

@ -174,7 +174,7 @@ C<ML-DSA-87>,
B<ML-KEM-512>,
B<ML-KEM-768> and
B<ML-KEM-1024>
keys, which don't have legacy numeric I<NID> assigments, but their raw form is
keys, which don't have legacy numeric I<NID> assignments, but their raw form is
nevertheless available.
@ -198,7 +198,7 @@ C<ML-DSA-87>,
B<ML-KEM-512>,
B<ML-KEM-768> and
B<ML-KEM-1024>
keys, which don't have legacy numeric I<NID> assigments, but their raw form is
keys, which don't have legacy numeric I<NID> assignments, but their raw form is
nevertheless available.
EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key()

4
doc/man3/EVP_PKEY_sign.pod
View file

@ -40,7 +40,7 @@ signing a pre-computed message digest using the algorithm given by I<algo> and
the key given through L<EVP_PKEY_CTX_new(3)> or L<EVP_PKEY_CTX_new_from_pkey(3)>.
A context I<ctx> without a pre-loaded key cannot be used with this function.
This function provides almost the same functionality as EVP_PKEY_sign_init_ex(),
but is uniquely intended to be used with a pre-computed messsage digest, and
but is uniquely intended to be used with a pre-computed message digest, and
allows pre-determining the exact conditions for that message digest, if a
composite signature algorithm (such as RSA-SHA256) was fetched.
Following a call to this function, setting parameters that modifies the digest
@ -358,7 +358,7 @@ where added in OpenSSL 3.4.
=head1 COPYRIGHT
Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

11
doc/man3/EVP_RAND.pod
View file

@ -152,11 +152,8 @@ operating system. If I<prediction_resistance> is specified, fresh entropy
from a live source will be sought. This call operates as per NIST SP 800-90A
and SP 800-90C.
EVP_RAND_nonce() creates a nonce in I<out> of maximum length I<outlen>
bytes from the RAND I<ctx>. The function returns the length of the generated
nonce. If I<out> is NULL, the length is still returned but no generation
takes place. This allows a caller to dynamically allocate a buffer of the
appropriate size.
EVP_RAND_nonce() creates a nonce in I<out> of length I<outlen>
bytes from the RAND I<ctx>.
EVP_RAND_enable_locking() enables locking for the RAND I<ctx> and all of
its parents. After this I<ctx> will operate in a thread safe manner, albeit
@ -385,7 +382,7 @@ EVP_RAND_CTX_free() does not return a value.
EVP_RAND_CTX_up_ref() returns 1 on success, 0 on error.
EVP_RAND_nonce() returns the length of the nonce.
EVP_RAND_nonce() returns 1 on success, 0 on error.
EVP_RAND_get_strength() returns the strength of the random number generator
in bits.
@ -417,7 +414,7 @@ The remaining functions were added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

150
doc/man3/OSSL_CMP_CTX_new.pod
View file

@ -106,7 +106,7 @@ OSSL_CMP_CTX_set1_senderNonce
/* server authentication: */
int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx,
const X509_NAME *name);
const X509_NAME *name);
#define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
#define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
@ -214,147 +214,147 @@ The following options can be set:
=item B<OSSL_CMP_OPT_LOG_VERBOSITY>
The level of severity needed for actually outputting log messages
due to errors, warnings, general info, debugging, etc.
Default is OSSL_CMP_LOG_INFO. See also L<OSSL_CMP_log_open(3)>.
The level of severity needed for actually outputting log messages
due to errors, warnings, general info, debugging, etc.
Default is OSSL_CMP_LOG_INFO. See also L<OSSL_CMP_log_open(3)>.
=item B<OSSL_CMP_OPT_KEEP_ALIVE>
If the given value is 0 then HTTP connections are not kept open
after receiving a response, which is the default behavior for HTTP 1.0.
If the value is 1 or 2 then persistent connections are requested.
If the value is 2 then persistent connections are required,
i.e., in case the server does not grant them an error occurs.
The default value is 1: prefer to keep the connection open.
If the given value is 0 then HTTP connections are not kept open
after receiving a response, which is the default behavior for HTTP 1.0.
If the value is 1 or 2 then persistent connections are requested.
If the value is 2 then persistent connections are required,
i.e., in case the server does not grant them an error occurs.
The default value is 1: prefer to keep the connection open.
=item B<OSSL_CMP_OPT_MSG_TIMEOUT>
Number of seconds a CMP request-response message round trip
is allowed to take before a timeout error is returned.
A value <= 0 means no limitation (waiting indefinitely).
Default is to use the B<OSSL_CMP_OPT_TOTAL_TIMEOUT> setting.
Number of seconds a CMP request-response message round trip
is allowed to take before a timeout error is returned.
A value <= 0 means no limitation (waiting indefinitely).
Default is to use the B<OSSL_CMP_OPT_TOTAL_TIMEOUT> setting.
=item B<OSSL_CMP_OPT_TOTAL_TIMEOUT>
Maximum total number of seconds a transaction may take,
including polling etc.
A value <= 0 means no limitation (waiting indefinitely).
Default is 0.
Maximum total number of seconds a transaction may take,
including polling etc.
A value <= 0 means no limitation (waiting indefinitely).
Default is 0.
=item B<OSSL_CMP_OPT_USE_TLS>
Use this option to indicate to the HTTP implementation
whether TLS is going to be used for the connection (resulting in HTTPS).
The value 1 indicates that TLS is used for client-side HTTP connections,
which needs to be implemented via a callback function set by
OSSL_CMP_CTX_set_http_cb().
The value 0 indicates that TLS is not used.
Default is -1 for backward compatibility: TLS is used by the client side
if and only if OSSL_CMP_CTX_set_http_cb_arg() sets a non-NULL I<arg>.
Use this option to indicate to the HTTP implementation
whether TLS is going to be used for the connection (resulting in HTTPS).
The value 1 indicates that TLS is used for client-side HTTP connections,
which needs to be implemented via a callback function set by
OSSL_CMP_CTX_set_http_cb().
The value 0 indicates that TLS is not used.
Default is -1 for backward compatibility: TLS is used by the client side
if and only if OSSL_CMP_CTX_set_http_cb_arg() sets a non-NULL I<arg>.
=item B<OSSL_CMP_OPT_VALIDITY_DAYS>
Number of days new certificates are asked to be valid for.
Number of days new certificates are asked to be valid for.
=item B<OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT>
Do not take default Subject Alternative Names
from the reference certificate.
Do not take default Subject Alternative Names
from the reference certificate.
=item B<OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL>
Demand that the given Subject Alternative Names are flagged as critical.
Demand that the given Subject Alternative Names are flagged as critical.
=item B<OSSL_CMP_OPT_POLICIES_CRITICAL>
Demand that the given policies are flagged as critical.
Demand that the given policies are flagged as critical.
=item B<OSSL_CMP_OPT_POPO_METHOD>
Select the proof of possession method to use. Possible values are:
Select the proof of possession method to use. Possible values are:
OSSL_CRMF_POPO_NONE - ProofOfPossession field omitted,
which implies central key generation
OSSL_CRMF_POPO_RAVERIFIED - assert that the RA has already
verified the PoPo
OSSL_CRMF_POPO_SIGNATURE - sign a value with private key,
which is the default.
OSSL_CRMF_POPO_KEYENC - decrypt the encrypted certificate
("indirect method")
OSSL_CRMF_POPO_NONE - ProofOfPossession field omitted,
which implies central key generation
OSSL_CRMF_POPO_RAVERIFIED - assert that the RA has already
verified the PoPo
OSSL_CRMF_POPO_SIGNATURE - sign a value with private key,
which is the default.
OSSL_CRMF_POPO_KEYENC - decrypt the encrypted certificate
("indirect method")
Note that a signature-based POPO can only be produced if a private key
is provided as the newPkey or client's pkey component of the CMP context.
Note that a signature-based POPO can only be produced if a private key
is provided as the newPkey or client's pkey component of the CMP context.
=item B<OSSL_CMP_OPT_DIGEST_ALGNID>
The NID of the digest algorithm to be used in RFC 4210's MSG_SIG_ALG
for signature-based message protection and Proof-of-Possession (POPO).
Default is SHA256.
The NID of the digest algorithm to be used in RFC 4210's MSG_SIG_ALG
for signature-based message protection and Proof-of-Possession (POPO).
Default is SHA256.
=item B<OSSL_CMP_OPT_OWF_ALGNID>
The NID of the digest algorithm to be used as one-way function (OWF)
for MAC-based message protection with password-based MAC (PBM).
See RFC 4210 section 5.1.3.1 for details.
Default is SHA256.
The NID of the digest algorithm to be used as one-way function (OWF)
for MAC-based message protection with password-based MAC (PBM).
See RFC 4210 section 5.1.3.1 for details.
Default is SHA256.
=item B<OSSL_CMP_OPT_MAC_ALGNID>
The NID of the MAC algorithm to be used for message protection with PBM.
Default is HMAC-SHA1 as per RFC 4210.
The NID of the MAC algorithm to be used for message protection with PBM.
Default is HMAC-SHA1 as per RFC 4210.
=item B<OSSL_CMP_OPT_REVOCATION_REASON>
The reason code to be included in a Revocation Request (RR);
values: 0..10 (RFC 5210, 5.3.1) or -1 for none, which is the default.
The reason code to be included in a Revocation Request (RR);
values: 0..10 (RFC 5210, 5.3.1) or -1 for none, which is the default.
=item B<OSSL_CMP_OPT_IMPLICIT_CONFIRM>
Request server to enable implicit confirm mode, where the client
does not need to send confirmation upon receiving the
certificate. If the server does not enable implicit confirmation
in the return message, then confirmation is sent anyway.
Request server to enable implicit confirm mode, where the client
does not need to send confirmation upon receiving the
certificate. If the server does not enable implicit confirmation
in the return message, then confirmation is sent anyway.
=item B<OSSL_CMP_OPT_DISABLE_CONFIRM>
Do not confirm enrolled certificates, to cope with broken servers
not supporting implicit confirmation correctly.
Do not confirm enrolled certificates, to cope with broken servers
not supporting implicit confirmation correctly.
B<WARNING:> This setting leads to unspecified behavior and it is meant
exclusively to allow interoperability with server implementations violating
RFC 4210.
=item B<OSSL_CMP_OPT_UNPROTECTED_SEND>
Send request or response messages without CMP-level protection.
Send request or response messages without CMP-level protection.
=item B<OSSL_CMP_OPT_UNPROTECTED_ERRORS>
Accept unprotected error responses which are either explicitly
unprotected or where protection verification failed. Applies to regular
error messages as well as certificate responses (IP/CP/KUP) and
revocation responses (RP) with rejection.
Accept unprotected error responses which are either explicitly
unprotected or where protection verification failed. Applies to regular
error messages as well as certificate responses (IP/CP/KUP) and
revocation responses (RP) with rejection.
B<WARNING:> This setting leads to unspecified behavior and it is meant
exclusively to allow interoperability with server implementations violating
RFC 4210.
=item B<OSSL_CMP_OPT_IGNORE_KEYUSAGE>
Ignore key usage restrictions in the signer's certificate when
validating signature-based protection in received CMP messages.
Else, 'digitalSignature' must be allowed by CMP signer certificates.
Ignore key usage restrictions in the signer's certificate when
validating signature-based protection in received CMP messages.
Else, 'digitalSignature' must be allowed by CMP signer certificates.
=item B<OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR>
Allow retrieving a trust anchor from extraCerts and using that
to validate the certificate chain of an IP message.
This is a quirk option added to support 3GPP TS 33.310.
Allow retrieving a trust anchor from extraCerts and using that
to validate the certificate chain of an IP message.
This is a quirk option added to support 3GPP TS 33.310.
Note that using this option is dangerous as the certificate obtained
this way has not been authenticated (at least not at CMP level).
Taking it over as a trust anchor implements trust-on-first-use (TOFU).
Note that using this option is dangerous as the certificate obtained
this way has not been authenticated (at least not at CMP level).
Taking it over as a trust anchor implements trust-on-first-use (TOFU).
=item B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS>
Do not cache certificates received in the extraCerts CMP message field.
Otherwise they are stored to potentially help validate further messages.
Do not cache certificates received in the extraCerts CMP message field.
Otherwise they are stored to potentially help validate further messages.
=back

2
doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
View file

@ -109,7 +109,7 @@ On success, the function verifies the decrypted data as signed data,
using the trust store I<ts> and any untrusted certificates in I<extra>.
Doing so, it checks for the purpose "CMP Key Generation Authority" (cmKGA).
OSSL_CRMF_ENCRYPTEDKEY_init_envdata() returns I<OSSL_CRMF_ENCRYPTEDKEY>, intialized with
OSSL_CRMF_ENCRYPTEDKEY_init_envdata() returns I<OSSL_CRMF_ENCRYPTEDKEY>, initialized with
the enveloped data I<envdata>.
OSSL_CRMF_ENCRYPTEDVALUE_decrypt() decrypts the encrypted value in the given

4
doc/man3/OSSL_PARAM.pod
View file

@ -356,7 +356,7 @@ could fill in the parameters like this:
=head1 SEE ALSO
L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>
L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>, L<OSSL_PARAM_construct_utf8_string(3)>
=head1 HISTORY
@ -364,7 +364,7 @@ B<OSSL_PARAM> was added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

25
doc/man3/OSSL_PARAM_int.pod
View file

@ -392,6 +392,29 @@ could fill in the parameters like this:
if ((p = OSSL_PARAM_locate(params, "cookie")) != NULL)
OSSL_PARAM_set_utf8_ptr(p, "cookie value");
=head2 Example 3
This example shows a special case where
I<-Wincompatible-pointer-types-discards-qualifiers> may be set during
compilation. The value for I<buf> cannot be a I<const char *> type string. An
alternative in this case would be to use B<OSSL_PARAM> macro abbreviated calls
rather than the specific callers which allows you to define the sha1 argument
as a standard character array (I<char[]>).
For example, this code:
OSSL_PARAM params[2];
params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA1", 0);
params[1] = OSSL_PARAM_construct_end();
Can be made compatible with the following version:
char sha1[] = "SHA1"; /* sha1 is defined as char[] in this case */
OSSL_PARAM params[2];
params[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0);
params[1] = OSSL_PARAM_construct_end();
=head1 SEE ALSO
L<openssl-core.h(7)>, L<OSSL_PARAM(3)>
@ -402,7 +425,7 @@ These APIs were introduced in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
doc/man3/PKCS7_sign.pod
View file

@ -80,7 +80,7 @@ can be performed by obtaining the streaming ASN1 B<BIO> directly using
BIO_new_PKCS7().
If a signer is specified it will use the default digest for the signing
algorithm. This is B<SHA1> for both RSA and DSA keys.
algorithm. This is B<SHA256> for both RSA and DSA keys.
The I<certs>, I<signcert> and I<pkey> parameters can all be
NULL if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
@ -122,7 +122,7 @@ The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0.
=head1 COPYRIGHT
Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

2
doc/man3/SSL_CONF_cmd.pod
View file

@ -74,7 +74,7 @@ B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
=item B<-no_renegotiation>
Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
Disables all attempts at renegotiation in (D)TLSv1.2 and earlier, same as setting
B<SSL_OP_NO_RENEGOTIATION>.
=item B<-no_resumption_on_reneg>

7
doc/man3/SSL_CTX_set_min_proto_version.pod
View file

@ -31,9 +31,10 @@ L<SSL_CTX_set_options(3)> that also make it possible to disable
specific protocol versions.
Use these functions instead of disabling specific protocol versions.
Setting the minimum or maximum version to 0, will enable protocol
Setting the minimum or maximum version to 0 (default), will enable protocol
versions down to the lowest version, or up to the highest version
supported by the library, respectively.
supported by the library, respectively. The supported versions might be
controlled by system configuration.
Getters return 0 in case B<ctx> or B<ssl> have been configured to
automatically use the lowest or highest version supported by the library.
@ -67,7 +68,7 @@ were added in OpenSSL 1.1.1.
=head1 COPYRIGHT
Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
doc/man3/SSL_CTX_set_options.pod
View file

@ -286,7 +286,7 @@ Do not query the MTU. Only affects DTLS connections.
=item SSL_OP_NO_RENEGOTIATION
Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
Disable all renegotiation in (D)TLSv1.2 and earlier. Do not send HelloRequest
messages, and ignore renegotiation requests via ClientHello.
=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
@ -542,7 +542,7 @@ whether these macros are defined or not.
=head1 COPYRIGHT
Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

6
doc/man3/SSL_key_update.pod
View file

@ -53,7 +53,9 @@ such as SSL_read_ex() or SSL_write_ex() takes place on the connection a check
will be performed to confirm that it is a suitable time to start a
renegotiation. If so, then it will be initiated immediately. OpenSSL will not
attempt to resume any session associated with the connection in the new
handshake.
handshake. Note that some servers will respond to reneogitation attempts with
a "no_renegotiation" alert. An OpenSSL will immediately fail the connection in
this case.
When called from the client side, SSL_renegotiate_abbreviated() works in the
same was as SSL_renegotiate() except that OpenSSL will attempt to resume the
@ -118,7 +120,7 @@ OpenSSL 1.1.1.
=head1 COPYRIGHT
Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

8
doc/man3/SSL_new_listener.pod
View file

@ -130,6 +130,14 @@ connection is created and returned on success. If no incoming connection is
available and the listener SSL object is configured in nonblocking mode, NULL is
returned.
The new SSL object returned from SSL_accept_connection() may or may not have
completed its handshake at the point it is returned. Optionally, you may use the
function L<SSL_is_init_finished(3)> to determine this. You may call the
functions L<SSL_accept(3)>, L<SSL_do_handshake(3)> or L<SSL_handle_events(3)> to
progress the state of the SSL object towards handshake completion. Other "I/O"
functions may also implicitly progress the state of the handshake such as
L<SSL_poll(3)>, L<SSL_read(3)> and L<SSL_write(3)>.
The B<SSL_ACCEPT_CONNECTION_NO_BLOCK> flag may be specified to
SSL_accept_connection(). If specified, the call does not block even if the
listener SSL object is configured in blocking mode.

58
doc/man3/SSL_set1_host.pod
View file

@ -9,8 +9,8 @@ SSL server verification parameters
#include <openssl/ssl.h>
int SSL_set1_host(SSL *s, const char *hostname);
int SSL_add1_host(SSL *s, const char *hostname);
int SSL_set1_host(SSL *s, const char *host);
int SSL_add1_host(SSL *s, const char *host);
void SSL_set_hostflags(SSL *s, unsigned int flags);
const char *SSL_get0_peername(SSL *s);
@ -18,29 +18,36 @@ SSL server verification parameters
These functions configure server hostname checks in the SSL client.
SSL_set1_host() sets the expected DNS hostname to B<name> clearing
any previously specified hostname. If B<name> is NULL
or the empty string, the list of hostnames is cleared and name
checks are not performed on the peer certificate. When a nonempty
B<name> is specified, certificate verification automatically checks
the peer hostname via L<X509_check_host(3)> with B<flags> as specified
SSL_set1_host() sets in the verification parameters of I<s>
the expected DNS hostname or IP address to I<host>,
clearing any previously specified IP address and hostnames.
If I<host> is NULL or the empty string, IP address
and hostname checks are not performed on the peer certificate.
When a nonempty I<host> is specified, certificate verification automatically
checks the peer hostname via L<X509_check_host(3)> with I<flags> as specified
via SSL_set_hostflags(). Clients that enable DANE TLSA authentication
via L<SSL_dane_enable(3)> should leave it to that function to set
the primary reference identifier of the peer, and should not call
SSL_set1_host().
SSL_add1_host() adds B<name> as an additional reference identifier
that can match the peer's certificate. Any previous names set via
SSL_set1_host() or SSL_add1_host() are retained, no change is made
if B<name> is NULL or empty. When multiple names are configured,
the peer is considered verified when any name matches. This function
is required for DANE TLSA in the presence of service name indirection
via CNAME, MX or SRV records as specified in RFC7671, RFC7672 or
RFC7673.
SSL_add1_host() adds I<host> as an additional reference identifier
that can match the peer's certificate. Any previous hostnames
set via SSL_set1_host() or SSL_add1_host() are retained.
Adding an IP address is allowed only if no IP address has been set before.
No change is made if I<host> is NULL or empty.
When an IP address and/or multiple hostnames are configured,
the peer is considered verified when any of these matches.
This function is required for DANE TLSA in the presence of service name indirection
via CNAME, MX or SRV records as specified in RFCs 7671, 7672, and 7673.
SSL_set_hostflags() sets the B<flags> that will be passed to
TLS clients are recommended to use SSL_set1_host() or SSL_add1_host()
for server hostname or IP address validation,
as well as L<SSL_set_tlsext_host_name(3)> for Server Name Indication (SNI),
which may be crucial also for correct routing of the connection request.
SSL_set_hostflags() sets the I<flags> that will be passed to
L<X509_check_host(3)> when name checks are applicable, by default
the B<flags> value is 0. See L<X509_check_host(3)> for the list
the I<flags> value is 0. See L<X509_check_host(3)> for the list
of available flags and their meaning.
SSL_get0_peername() returns the DNS hostname or subject CommonName
@ -51,13 +58,13 @@ of the reference identifiers configured via SSL_set1_host() or
SSL_add1_host() starts with ".", which indicates a parent domain prefix
rather than a fixed name, the matched peer name may be a sub-domain
of the reference identifier. The returned string is allocated by
the library and is no longer valid once the associated B<ssl> handle
the library and is no longer valid once the associated I<ssl> handle
is cleared or freed, or a renegotiation takes place. Applications
must not free the return value.
SSL clients are advised to use these functions in preference to
explicitly calling L<X509_check_host(3)>. Hostname checks may be out
of scope with the RFC7671 DANE-EE(3) certificate usage, and the
of scope with the RFC 7671 DANE-EE(3) certificate usage, and the
internal check will be suppressed as appropriate when DANE is
enabled.
@ -66,8 +73,10 @@ enabled.
SSL_set1_host() and SSL_add1_host() return 1 for success and 0 for
failure.
SSL_set_hostflags() returns nothing at all.
SSL_get0_peername() returns NULL if peername verification is not
applicable (as with RFC7671 DANE-EE(3)), or no trusted peername was
applicable (as with RFC 7671 DANE-EE(3)), or no trusted peername was
matched. Otherwise, it returns the matched peername. To determine
whether verification succeeded call L<SSL_get_verify_result(3)>.
@ -99,9 +108,8 @@ the lifetime of the SSL connection.
=head1 SEE ALSO
L<ssl(7)>,
L<X509_check_host(3)>,
L<SSL_get_verify_result(3)>.
L<SSL_dane_enable(3)>.
L<X509_check_host(3)>, L<SSL_set_tlsext_host_name(3)>,
L<SSL_get_verify_result(3)>, L<SSL_dane_enable(3)>
=head1 HISTORY
@ -109,7 +117,7 @@ These functions were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

2
doc/man3/SSL_set_quic_tls_cbs.pod
View file

@ -110,7 +110,7 @@ ever be read by OpenSSL.
The OSSL_FUNC_SSL_QUIC_TLS_yield_secret_fn callback (function id
B<OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET>) is called when a new secret has been
established. The I<prot_level> argument identies the TLS protection level and
established. The I<prot_level> argument identities the TLS protection level and
will be one of B<OSSL_RECORD_PROTECTION_LEVEL_NONE>,
B<OSSL_RECORD_PROTECTION_LEVEL_EARLY>, B<OSSL_RECORD_PROTECTION_LEVEL_HANDSHAKE>
or B<OSSL_RECORD_PROTECTION_LEVEL_APPLICATION>. The I<direction> will either be

4
doc/man3/X509_STORE_CTX_new.pod
View file

@ -85,7 +85,7 @@ If I<ctx> is NULL nothing is done.
X509_STORE_CTX_init() sets up I<ctx> for a subsequent verification operation.
X509_STORE_CTX_init() initializes the internal state and resources of the
given I<ctx>. Among others, it sets the verification parameters associcated
given I<ctx>. Among others, it sets the verification parameters associated
with the method name C<default>, which includes the C<any> purpose,
and takes over callback function pointers from I<trust_store> (unless NULL).
It must be called before each call to L<X509_verify_cert(3)> or
@ -319,7 +319,7 @@ There is no need to call X509_STORE_CTX_cleanup() explicitly since OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2009-2024 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

2
doc/man3/X509_check_purpose.pod
View file

@ -80,7 +80,7 @@ Unless the id stays the same for an existing entry, I<id> must be fresh,
which can be achieved by using the result of X509_PURPOSE_get_unused_id().
The function also sets in the entry the trust id I<trust>, the given I<flags>,
the purpose (long) name I<name>, the short name I<sname>, the purpose checking
funktion I<ck> of type B<int (*) (const X509_PURPOSE *, const X509 *, int)>,
function I<ck> of type B<int (*) (const X509_PURPOSE *, const X509 *, int)>,
and its user data I<arg> which may be retrieved via the B<X509_PURPOSE> pointer.
X509_PURPOSE_cleanup() removes all purposes that are not pre-defined.

13
doc/man7/OSSL_PROVIDER-FIPS.pod
View file

@ -573,6 +573,19 @@ want to operate in a FIPS approved manner. The algorithms are:
=back
You can load the FIPS provider into multiple library contexts as any other
provider. However the following restriction applies. The FIPS provider cannot
be used by multiple copies of OpenSSL libcrypto in a single process.
As the provider saves core callbacks to the libcrypto obtained in the
OSSL_provider_init() call to global data it will fail if subsequent
invocations of its OSSL_provider_init() function yield different addresses
of these callbacks than in the initial call. This happens when different
copies of libcrypto are present in the memory of the process and both try
to load the same FIPS provider. A workaround is to have a different copy
of the FIPS provider loaded for each of the libcrypto instances in the
process.
=head1 SEE ALSO
L<openssl-fipsinstall(1)>,

4
doc/man7/ossl-guide-tls-introduction.pod
View file

@ -74,7 +74,7 @@ TLSv1.2 is chosen.
=head1 CERTIFICATES
In order for a client to establish a connection to a server it must authenticate
the identify of that server, i.e. it needs to confirm that the server is really
the identity of that server, i.e. it needs to confirm that the server is really
the server that it claims to be and not some imposter. In order to do this the
server will send to the client a digital certificate (also commonly referred to
as an X.509 certificate). The certificate contains various information about the
@ -311,7 +311,7 @@ L<ossl-guide-tls-server-block(7)>, L<ossl-guide-quic-introduction(7)>
=head1 COPYRIGHT
Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
doc/man7/provider-cipher.pod
View file

@ -134,8 +134,8 @@ In order to be a consistent set of functions there must at least be a complete
set of "encrypt" functions, or a complete set of "decrypt" functions, or a
single "cipher" function. Similarly, there can be a complete set of pipeline
"encrypt" functions, and/or a complete set of pipeline "decrypt" functions.
In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be
present.
In all cases the OSSL_FUNC_cipher_get_params and both OSSL_FUNC_cipher_newctx
and OSSL_FUNC_cipher_freectx functions must be present.
All other functions are optional.
=head2 Context Management Functions

2
doc/man7/provider-keymgmt.pod
View file

@ -32,7 +32,7 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
void OSSL_FUNC_keymgmt_gen_cleanup(void *genctx);
/* Key loading by object reference, also a constructor */
void *OSSL_FUNC_keymgmt_load(const void *reference, size_t *reference_sz);
void *OSSL_FUNC_keymgmt_load(const void *reference, size_t reference_sz);
/* Key object information */
int OSSL_FUNC_keymgmt_get_params(void *keydata, OSSL_PARAM params[]);

51
doc/man7/provider-signature.pod
View file

@ -107,8 +107,7 @@ for further information.
The signature (OSSL_OP_SIGNATURE) operation enables providers to implement
signature algorithms and make them available to applications via the API
functions L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)>,
and L<EVP_PKEY_verify_recover(3)> (as well
as other related functions).
and L<EVP_PKEY_verify_recover(3)> (as well as other related functions).
All "functions" mentioned here are passed as function pointers between
F<libcrypto> and the provider in L<OSSL_DISPATCH(3)> arrays via
@ -201,10 +200,22 @@ set of "signature" functions, i.e. at least one of:
=back
OSSL_FUNC_signature_set_ctx_params and OSSL_FUNC_signature_settable_ctx_params are optional,
but if one of them is present then the other one must also be present. The same
applies to OSSL_FUNC_signature_get_ctx_params and OSSL_FUNC_signature_gettable_ctx_params, as
well as the "md_params" functions. The OSSL_FUNC_signature_dupctx function is optional.
The OSSL_FUNC_signature_set_ctx_params() and
OSSL_FUNC_signature_settable_ctx_params() functions are optional,
but if one of them is provided then the other one must also be provided.
The same applies to the OSSL_FUNC_signature_get_ctx_params() and
OSSL_FUNC_signature_gettable_ctx_params() functions,
as well as the "md_params" functions.
The OSSL_FUNC_signature_dupctx() function is optional.
It is not yet used by OpenSSL.
The OSSL_FUNC_signature_query_key_types() function is optional.
When present, it should return a NULL-terminated array of strings
indicating the key types supported by the provider for signature operations.
Otherwise the signature algorithm name must match the given key
or match the default signature algorithm name of the key,
both checked using L<EVP_SIGNATURE_is_a(3)>.
A signature algorithm must also implement some mechanism for generating,
loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation.
@ -378,7 +389,7 @@ should be written to I<*siglen>. If I<sig> is NULL then the maximum length of
the signature should be written to I<*siglen>.
OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation
previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously
previously started through OSSL_FUNC_signature_digest_sign_init(). A previously
initialised signature context is passed in the I<ctx> parameter. The data to be
signed is in I<tbs> which should be I<tbslen> bytes long. Unless I<sig> is NULL,
the signature should be written to the location pointed to by the I<sig>
@ -388,7 +399,7 @@ length of the signature should be written to I<*siglen>.
=head2 Digest Verify Functions
OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a
OSSL_FUNC_signature_digest_verify_init() initialises a context for verifying given a
provider side verification context in the I<ctx> parameter, and a pointer to a
provider key object in the I<provkey> parameter.
The I<params>, if not NULL, should be set on the context in a manner similar to
@ -412,7 +423,7 @@ verification context is passed in the I<ctx> parameter. The signature to be
verified is in I<sig> which is I<siglen> bytes long.
OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation
previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously
previously started through OSSL_FUNC_signature_digest_verify_init(). A previously
initialised verification context is passed in the I<ctx> parameter. The data to be
verified is in I<tbs> which should be I<tbslen> bytes long. The signature to be
verified is in I<sig> which is I<siglen> bytes long.
@ -470,8 +481,13 @@ The length of the "digest-size" parameter should not exceed that of a B<size_t>.
=item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of
signature algorithm and digest algorithm for the signature operation.
Gets the DER-encoded AlgorithmIdentifier for the signature operation.
This typically corresponds to the combination of a digest algorithm
with a purely asymmetric signature algorithm, such as SHA256WithECDSA.
The L<ASN1_item_sign_ctx(3)> function relies on this operation and is used by
many other functions that sign ASN.1 structures such as X.509 certificates,
certificate requests, and CRLs, as well as OCSP, CMP, and CMS messages.
=item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer>
@ -599,11 +615,20 @@ OSSL_FUNC_signature_gettable_ctx_params(), OSSL_FUNC_signature_settable_ctx_para
OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params(),
return the gettable or settable parameters in a constant L<OSSL_PARAM(3)> array.
All other functions should return 1 for success or 0 on error.
OSSL_FUNC_signature_query_key_types() should return a NULL-terminated array of strings.
All verification functions should return 1 for success,
0 for a non-matching signature, and a negative value for operation failure.
All other functions should return 1 for success
and 0 or a negative value for failure.
=head1 SEE ALSO
L<provider(7)>
L<provider(7)>, L<provider-base(7)/Provider Functions>,
L<OSSL_PARAM(3)>, L<OSSL_DISPATCH(3)>, L<OSSL_ALGORITHM(3)>,
L<EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)>, L<EVP_PKEY_verify_recover(3)>,
L<EVP_SIGNATURE_is_a(3)>, L<ASN1_item_sign_ctx(3)>
=head1 HISTORY

6
include/internal/common.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -22,8 +22,8 @@
# define ossl_likely(x) __builtin_expect(!!(x), 1)
# define ossl_unlikely(x) __builtin_expect(!!(x), 0)
# else
# define ossl_likely(x) x
# define ossl_unlikely(x) x
# define ossl_likely(x) (x)
# define ossl_unlikely(x) (x)
# endif
# if defined(__GNUC__) || defined(__clang__)

18
include/internal/constant_time.h
View file

@ -322,6 +322,18 @@ static ossl_inline size_t value_barrier_s(size_t a)
return r;
}
/* Convenience method for unsigned char. */
static ossl_inline unsigned char value_barrier_8(unsigned char a)
{
#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
unsigned char r;
__asm__("" : "=r"(r) : "0"(a));
#else
volatile unsigned char r = a;
#endif
return r;
}
static ossl_inline unsigned int constant_time_select(unsigned int mask,
unsigned int a,
unsigned int b)
@ -382,7 +394,7 @@ static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a,
{
uint32_t xor = *a ^ *b;
xor &= mask;
xor &= value_barrier_32(mask);
*a ^= xor;
*b ^= xor;
}
@ -402,7 +414,7 @@ static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a,
{
uint64_t xor = *a ^ *b;
xor &= mask;
xor &= value_barrier_64(mask);
*a ^= xor;
*b ^= xor;
}
@ -429,7 +441,7 @@ static ossl_inline void constant_time_cond_swap_buff(unsigned char mask,
for (i = 0; i < len; i++) {
tmp = a[i] ^ b[i];
tmp &= mask;
tmp &= value_barrier_8(mask);
a[i] ^= tmp;
b[i] ^= tmp;
}

13
include/internal/e_os.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -106,17 +106,6 @@
# define EACCES 13
# endif
# include <string.h>
# ifdef _WIN64
# define strlen(s) _strlen31(s)
/* cut strings to 2GB */
static __inline unsigned int _strlen31(const char *str)
{
unsigned int len = 0;
while (*str && len < 0x80000000U)
str++, len++;
return len & 0x7FFFFFFF;
}
# endif /* def(_WIN64) */
# include <malloc.h>
# if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
# if _MSC_VER>=1300 && _MSC_VER<1600

1
include/internal/hashfunc.h
View file

@ -11,6 +11,7 @@
# define OPENSSL_HASHFUNC_H
# include <openssl/e_os2.h>
# include <stddef.h>
/**
* Generalized fnv1a 64 bit hash function
*/

5
include/internal/json_enc.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -202,9 +202,6 @@ void ossl_json_u64(OSSL_JSON_ENC *json, uint64_t value);
/* Encode a JSON integer from an int64_t. */
void ossl_json_i64(OSSL_JSON_ENC *json, int64_t value);
/* Encode a JSON number from a 64-bit floating point value. */
void ossl_json_f64(OSSL_JSON_ENC *json, double value);
/*
* Encode a JSON UTF-8 string from a zero-terminated string. The string passed
* can be freed immediately following the call to this function.

3
include/internal/provider.h
View file

@ -61,6 +61,9 @@ int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov,
/* Return pointer to the provider's context */
void *ossl_provider_ctx(const OSSL_PROVIDER *prov);
/* Force loading of fallback providers if necessary */
int ossl_provider_activate_fallbacks(OSSL_LIB_CTX *ctx);
/* Iterate over all loaded providers */
int ossl_provider_doall_activated(OSSL_LIB_CTX *,
int (*cb)(OSSL_PROVIDER *provider,

4
include/internal/quic_ssl.h
View file

@ -72,8 +72,8 @@ __owur const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u);
int ossl_quic_renegotiate_check(SSL *ssl, int initok);
int ossl_quic_do_handshake(SSL *s);
void ossl_quic_set_connect_state(SSL *s);
void ossl_quic_set_accept_state(SSL *s);
int ossl_quic_set_connect_state(SSL *s, int raiseerrs);
int ossl_quic_set_accept_state(SSL *s, int raiseerrs);
__owur int ossl_quic_has_pending(const SSL *s);
__owur int ossl_quic_handle_events(SSL *s);

2
include/internal/quic_tls.h
View file

@ -96,6 +96,8 @@ int ossl_quic_tls_configure(QUIC_TLS *qtls);
/* Advance the state machine */
int ossl_quic_tls_tick(QUIC_TLS *qtls);
void ossl_quic_tls_clear(QUIC_TLS *qtls);
int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls,
const unsigned char *transport_params,
size_t transport_params_len);

Some files were not shown because too many files have changed in this diff Show more