root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Merge branch 'master' into sm4_cbc_opt_scalar

This commit is contained in:
Iakov Polyak 2025-10-01 09:28:39 +01:00
parent cc0c6261fd 8886960842
commit 15d7a46896
113 changed files with 1659 additions and 493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
CHANGES.md
View File

@ -41,6 +41,11 @@ OpenSSL 4.0
*Igor Ustinov*
* Enabled Server verification by default in `s_server` when option
verify_return_error is enabled.
*Ryan Hooper*
OpenSSL 3.6
-----------
@ -291,6 +296,105 @@ OpenSSL 3.6
OpenSSL 3.5
-----------
### Changes between 3.5.3 and 3.5.4 [xx XXX xxxx]
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap
Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.
The issue was reported by Stanislav Fort (Aisle Research).
([CVE-2025-9230])
*Viktor Dukhovni*
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM
Issue summary: A timing side-channel which could potentially allow remote
recovery of the private key exists in the SM2 algorithm implementation on
64 bit ARM platforms.
Impact summary: A timing side-channel in SM2 signature computations on
64 bit ARM platforms could allow recovering the private key by an attacker.
The issue was reported by Stanislav Fort (Aisle Research).
([CVE-2025-9231])
*Stanislav Fort and Tomáš Mráz*
* Fix Out-of-bounds read in HTTP client no_proxy handling
Issue summary: An application using the OpenSSL HTTP client API functions
may trigger an out-of-bounds read if the "no_proxy" environment variable is
set and the host portion of the authority component of the HTTP URL is an
IPv6 address.
Impact summary: An out-of-bounds read can trigger a crash which leads to
Denial of Service for an application.
The issue was reported by Stanislav Fort (Aisle Research).
([CVE-2025-9232])
*Stanislav Fort*
### Changes between 3.5.2 and 3.5.3 [16 Sep 2025]
* Avoided a potential race condition introduced in 3.5.1, where
`OSSL_STORE_CTX` kept open during lookup while potentially being used
by multiple threads simultaneously, that could lead to potential crashes
when multiple concurrent TLS connections are served.
*Matt Caswell*
* The FIPS provider no longer performs a PCT on key import for RSA, DH,
and EC keys (that was introduced in 3.5.2), following the latest update
on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.
*Dr Paul Dale*
* Secure memory allocation calls are no longer used for HMAC keys.
*Dr Paul Dale*
* `openssl req` no longer generates certificates with an empty extension list
when SKID/AKID are set to `none` during generation.
*David Benjamin*
* The man page date is now derived from the release date provided
in `VERSION.dat` and not the current date for the released builds.
*Enji Cooper*
* Hardened the provider implementation of the RSA public key "encrypt"
operation to add a missing check that the caller-indicated output buffer
size is at least as large as the byte count of the RSA modulus. The issue
was reported by Arash Ale Ebrahim from SYSPWN.
This operation is typically invoked via `EVP_PKEY_encrypt(3)`. Callers that
in fact provide a sufficiently large buffer, but fail to correctly indicate
its size may now encounter unexpected errors. In applications that attempt
RSA public encryption into a buffer that is too small, an out-of-bounds
write is now avoided and an error is reported instead.
*Viktor Dukhovni*
* Added FIPS 140-3 PCT on DH key generation.
*Nikola Pajkovsky*
* Fixed the synthesised `OPENSSL_VERSION_NUMBER`.
*Richard Levitte*
### Changes between 3.5.1 and 3.5.2 [5 Aug 2025]
* The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
@ -21497,6 +21601,9 @@ ndif
<!-- Links -->
[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143

13
Configurations/descrip.mms.tmpl
View File

@ -950,7 +950,9 @@ EOF
} elsif (-f $inprologue) {
my $local_scripture .= <<"EOF";
$outprologue : $inprologue
IF F$SEARCH("$outprologue") .EQS. "" SET FILE/PROT=(O:RWD) $outprologue
COPY $inprologue $outprologue
SET FILE/PROT=(O:RD) $outprologue
EOF
$includefile_cache{$outprologue} = $local_scripture;
@ -962,7 +964,9 @@ EOF
} elsif (-f $inepilogue) {
my $local_scripture .= <<"EOF";
$outepilogue : $inepilogue
IF F$SEARCH("$outepilogue") .EQS. "" SET FILE/PROT=(O:RWD) $outepilogue
COPY $inepilogue $outepilogue
SET FILE/PROT=(O:RD) $outepilogue
EOF
$includefile_cache{$outepilogue} = $local_scripture;
@ -1116,7 +1120,9 @@ EOF
return <<"EOF";
$args{src} : $gen0 $deps
IF F$SEARCH("\$\@") .EQS. "" SET FILE/PROT=(O:RWD) \$\@
\$(PERL)$perlmodules $dofile "-o$target{build_file}" $gen0$gen_args > \$\@
SET FILE/PROT=(O:RD) \$\@
$decc_include_scripture
EOF
} elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) {
@ -1479,10 +1485,11 @@ EOF
rel2abs($config{builddir}));
return <<"EOF";
$script : $sources configdata.pm
\$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile -
IF F$SEARCH("$script") .EQS. "" SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script
\$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile -
"-o$target{build_file}" $sources > $script
SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script
PURGE $script
SET FILE/PROT=(S:RWED,O:RE,G:RE,W:RE) $script
PURGE $script
EOF
}
"" # Important! This becomes part of the template result.

5
Configurations/unix-Makefile.tmpl
View File

@ -1683,7 +1683,9 @@ EOF
return <<"EOF";
$args{src}: $gen0 $deps
if [ -r "\$@" ]; then chmod u+w \$@; fi
\$(PERL)$perlmodules "$dofile" "-o$target{build_file}" $gen0$gen_args > \$@
chmod a-w \$@
EOF
} elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) {
#
@ -2040,10 +2042,11 @@ EOF
rel2abs($config{builddir}));
return <<"EOF";
$script: $sources configdata.pm
if [ -r "$script" ]; then chmod u+w $script; fi
\$(RM) "$script"
\$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
"-o$target{build_file}" $sources > "$script"
chmod a+x $script
chmod a+x,a-w $script
EOF
}
sub generatedir {

4
Configurations/windows-makefile.tmpl
View File

@ -845,7 +845,9 @@ EOF
return <<"EOF";
$args{src}: "$gen0" $deps
if exist \$@ attrib -r \$@
"\$(PERL)"$perlmodules "$dofile" "-o$target{build_file}" "$gen0"$gen_args > \$@
attrib +r \$@
EOF
} elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) {
#
@ -1054,8 +1056,10 @@ EOF
rel2abs($config{builddir}));
return <<"EOF";
$script: $sources configdata.pm
if exist $script attrib -r $script
"\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\
"-o$target{build_file}" $sources > \$@
attrib +r $script
EOF
}
sub generatedir {

51
NEWS.md
View File

@ -37,9 +37,7 @@ OpenSSL 3.6
This release incorporates the following potentially significant or incompatible
changes:
* Added PCT for key import for SLH-DSA when in FIPS mode
* Added FIPS 140-3 PCT on DH key generation
* Added FIPS 140-3 PCT on DH key generation.
* Added NIST security categories for PKEY objects.
@ -55,7 +53,7 @@ changes:
* The VxWorks platforms have been removed.
* Added an `openssl configutl` utility for processing the openssl
* Added an `openssl configutl` utility for processing the OpenSSL
configuration file and dumping the equal configuration file.
* Added support for FIPS 186-5 deterministic ECDSA signature
@ -66,12 +64,40 @@ changes:
OpenSSL 3.5
-----------
### Changes between 3.5.1 and 3.5.2 [5 Aug 2025]
### Major changes between OpenSSL 3.5.3 and OpenSSL 3.5.4 [under development]
* The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this
release is Moderate.
*Dr Paul Dale*
This release incorporates the following bug fixes and mitigations:
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
([CVE-2025-9230])
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
([CVE-2025-9231])
* Fix Out-of-bounds read in HTTP client no_proxy handling.
([CVE-2025-9232])
### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025]
OpenSSL 3.5.3 is a bug fix release.
This release incorporates the following bug fixes and mitigations:
* Added FIPS 140-3 PCT on DH key generation.
* Fixed the synthesised `OPENSSL_VERSION_NUMBER`.
* Removed PCT on key import in the FIPS provider as it is not required by
the standard.
### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025]
OpenSSL 3.5.2 is a bug fix release.
* The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025]
@ -81,9 +107,9 @@ release is Low.
This release incorporates the following bug fixes and mitigations:
* Fix x509 application adds trusted use instead of rejected use.
([CVE-2025-4575])
([CVE-2025-4575])
### Major changes between OpenSSL 3.4 and OpenSSL 3.5 [8 Apr 2025]
### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025]
OpenSSL 3.5.0 is a feature release adding significant new functionality to
OpenSSL.
@ -316,7 +342,7 @@ This release adds the following new features:
* Added X509_STORE_get1_objects to avoid issues with the existing
X509_STORE_get0_objects API in multi-threaded applications.
* Support for using certificate profiles and extened delayed delivery in CMP
* Support for using certificate profiles and extended delayed delivery in CMP
This release incorporates the following potentially significant or incompatible
changes:
@ -1949,6 +1975,9 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143

13
NOTES-C99.md
View File

@ -20,3 +20,16 @@ The list here is going to be updated by features we either
The list of C-99 features we don't support in OpenSSL project follows:
- do not use `//` for comments, stick to `/* ... */`
- do not use `<complex.h>`. MSVC doesn't quite implement it to standard.
- do not use variable length arrays, i.e. arrays where the size is
determined by another variable. MSVC doesn't implement it at all.
For clarity, this is an example of such an array:
``` C
int fun(size_t n)
{
char s[n]; /* variable size array */
...
```

1
README.md
View File

@ -8,6 +8,7 @@ Welcome to the OpenSSL Project
[![Provider Compatibility](https://github.com/openssl/openssl/actions/workflows/provider-compatibility.yml/badge.svg)](https://github.com/openssl/openssl/actions/workflows/provider-compatibility.yml)
[![Quic Interop](https://github.com/openssl/openssl/actions/workflows/run_quic_interop.yml/badge.svg)](https://github.com/openssl/openssl/actions/workflows/run_quic_interop.yml)
[![Daily checks](https://github.com/openssl/openssl/actions/workflows/run-checker-daily.yml/badge.svg)](https://github.com/openssl/openssl/actions/workflows/run-checker-daily.yml)
[![LFX Health Score](https://insights.linuxfoundation.org/api/badge/health-score?project=openssl)](https://insights.linuxfoundation.org/project/openssl)
OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit
for the TLS (formerly SSL), DTLS and QUIC protocols.

2
apps/lib/apps.c
View File

@ -932,7 +932,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
SET_EXPECT1(pparams, OSSL_STORE_INFO_PARAMS);
SET_EXPECT1(pcert, OSSL_STORE_INFO_CERT);
/*
* Up to here, the follwing holds.
* Up to here, the following holds.
* If just one of the ppkey, ppubkey, pparams, and pcert function parameters
* is nonzero, expect > 0 indicates which type of credential is expected.
* If expect == 0, more than one of them is nonzero (multiple types expected).

1
apps/s_server.c
View File

@ -1568,6 +1568,7 @@ int s_server_main(int argc, char *argv[])
goto end;
break;
case OPT_VERIFY_RET_ERROR:
s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
verify_args.return_error = 1;
break;
case OPT_VERIFY_QUIET:

4
apps/speed.c
View File

@ -4317,7 +4317,7 @@ int speed_main(int argc, char **argv)
}
/*
* Try explicitly fetching the signature algoritm implementation to
* Try explicitly fetching the signature algorithm implementation to
* use in case the algorithm does not support EVP_PKEY_sign_init
*/
ERR_set_mark();
@ -4354,7 +4354,7 @@ int speed_main(int argc, char **argv)
}
if (EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, md, md_len) <= 0) {
BIO_printf(bio_err,
"Error while obtaining signature bufffer length for %s.\n",
"Error while obtaining signature buffer length for %s.\n",
sig_name);
goto sig_err_break;
}

17
apps/storeutl.c
View File

@ -328,25 +328,14 @@ int storeutl_main(int argc, char *argv[])
return ret;
}
static int indent_printf(int indent, BIO *bio, const char *format, ...)
static void indent_printf(int indent, BIO *bio, const char *format, ...)
{
va_list args;
int ret, vret;
ret = BIO_printf(bio, "%*s", indent, "");
if (ret < 0)
return ret;
BIO_printf(bio, "%*s", indent, "");
va_start(args, format);
vret = BIO_vprintf(bio, format, args);
BIO_vprintf(bio, format, args);
va_end(args);
if (vret < 0)
return vret;
if (vret > INT_MAX - ret)
return INT_MAX;
return ret + vret;
}
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,

8
crypto/aes/asm/aes-sha1-armv8.pl
View File

@ -413,7 +413,7 @@ $code.=<<___;
/* get outstanding bytes of the digest */
sub x8,x5,x2
/* substract loaded bytes */
/* subtract loaded bytes */
sub x5,x5,64
/*
* main combined loop CBC
@ -2443,7 +2443,7 @@ asm_sha1_hmac_aescbc_dec:
rev32 v28.16b,v28.16b /* endian swap w2 */
rev32 v29.16b,v29.16b /* endian swap w3 */
/* substract loaded bytes */
/* subtract loaded bytes */
sub x5,x5,64
/*
* now we can do the loop prolog, 1st sha1 block
@ -2567,7 +2567,7 @@ asm_sha1_hmac_aescbc_dec:
ld1 {v29.16b},[x3],16 /* next w3 */
sha1p q24,s22,v23.4s
/* substract loaded bytes */
/* subtract loaded bytes */
sub x5,x5,64
/*
* aes_blocks_left := number after the main (sha) block is done.
@ -2812,7 +2812,7 @@ $code.=<<___;
add v25.4s,v25.4s,v21.4s
/* save aes res, bump aes_out_ptr */
st1 {v3.16b},[x1],16
/* substract loaded bytes */
/* subtract loaded bytes */
sub x5,x5,64
/* loop if more to do */
cbnz x15,.Ldec_main_loop

8
crypto/aes/asm/aes-sha256-armv8.pl
View File

@ -427,7 +427,7 @@ $code.=<<___;
/* get outstanding bytes of the digest */
sub x12,x5,x2
/* substract loaded bytes */
/* subtract loaded bytes */
sub x5,x5,64
/*
@ -2590,7 +2590,7 @@ asm_sha256_hmac_aescbc_dec:
rev32 v28.16b,v28.16b /* endian swap w2 */
rev32 v29.16b,v29.16b /* endian swap w3 */
/* substract loaded bytes */
/* subtract loaded bytes */
sub x5,x5,64
/*
* now we can do the loop prolog, 1st sha256 block
@ -2746,7 +2746,7 @@ asm_sha256_hmac_aescbc_dec:
sha256h q22, q23, v7.4s
sha256h2 q23, q21, v7.4s
/* substract loaded bytes */
/* subtract loaded bytes */
sub x5,x5,64
/*
@ -3017,7 +3017,7 @@ $code.=<<___;
add v25.4s,v25.4s,v23.4s /* EFGH += working copy */
/* save aes res, bump aes_out_ptr */
st1 {v3.16b},[x1],16
/* substract loaded bytes */
/* subtract loaded bytes */
sub x5,x5,64
cbnz x15,.Ldec_main_loop /* loop if more to do */
/*

4
crypto/aes/asm/aesni-xts-avx512.pl
View File

@ -2194,7 +2194,7 @@ ___
vpxorq %zmm6,%zmm5,%zmm5{%k2}
vpxord %zmm5,%zmm7,%zmm10
# Make next 8 tweek values by all x 2^8
# Make next 8 tweak values by all x 2^8
vpsrldq \$0xf,%zmm9,%zmm13
vpclmulqdq \$0x0,%zmm25,%zmm13,%zmm14
vpslldq \$0x1,%zmm9,%zmm11
@ -2234,7 +2234,7 @@ ___
jmp .L_do_n_blocks_${rndsuffix}
.L_start_by8_${rndsuffix}:
# Make first 7 tweek values
# Make first 7 tweak values
vbroadcasti32x4 ($TW),%zmm0
vbroadcasti32x4 shufb_15_7(%rip),%zmm8
mov \$0xaa,$tmp1

2
crypto/armcap.c
View File

@ -76,7 +76,7 @@ uint32_t OPENSSL_rdtsc(void)
# endif
# if defined(__FreeBSD__) || defined(__OpenBSD__)
# include <sys/param.h>
# if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
# if (defined(__FreeBSD__) && __FreeBSD_version >= 1104000) || \
(defined(__OpenBSD__) && OpenBSD >= 202409)
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL

58
crypto/bio/bss_sock.c
View File

@ -309,53 +309,23 @@ int BIO_sock_should_retry(int i)
int BIO_sock_non_fatal_error(int err)
{
switch (err) {
# if defined(OPENSSL_SYS_WINDOWS)
# if defined(WSAEWOULDBLOCK)
case WSAEWOULDBLOCK:
return err == WSAEWOULDBLOCK
|| err == WSAENOTCONN
|| err == WSAEINTR
|| err == WSAEINPROGRESS
|| err == WSAEALREADY;
# else /* POSIX.1-2001 */
return err == EWOULDBLOCK
|| err == EAGAIN
|| err == ENOTCONN
|| err == EINTR
# if ! defined (__DJGPP__)
|| err == EPROTO
# endif
|| err == EINPROGRESS
|| err == EALREADY;
# endif
# ifdef EWOULDBLOCK
# ifdef WSAEWOULDBLOCK
# if WSAEWOULDBLOCK != EWOULDBLOCK
case EWOULDBLOCK:
# endif
# else
case EWOULDBLOCK:
# endif
# endif
# if defined(ENOTCONN)
case ENOTCONN:
# endif
# ifdef EINTR
case EINTR:
# endif
# ifdef EAGAIN
# if EWOULDBLOCK != EAGAIN
case EAGAIN:
# endif
# endif
# ifdef EPROTO
case EPROTO:
# endif
# ifdef EINPROGRESS
case EINPROGRESS:
# endif
# ifdef EALREADY
case EALREADY:
# endif
return 1;
default:
break;
}
return 0;
}
#endif /* #ifndef OPENSSL_NO_SOCK */

2
crypto/cms/cms_pwri.c
View File

@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
/* Check byte failure */
goto err;
}
if (inlen < (size_t)(tmp[0] - 4)) {
if (inlen < 4 + (size_t)tmp[0]) {
/* Invalid length value */
goto err;
}

2
crypto/cpuid.c
View File

@ -146,7 +146,7 @@ void OPENSSL_cpuid_setup(void)
OPENSSL_ia32cap_P[index + 1] = (unsigned int)(vecx >> 32);
}
}
/* skip delimeter */
/* skip delimiter */
if ((env = ossl_strchr(env, ':')) != NULL)
env++;
} else { /* zeroize the next two indexes */

101
crypto/ec/ecp_sm2p256.c
View File

@ -56,10 +56,6 @@ ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = {
0xffffffffffffffff, 0xffffffff00000000,
0xffffffffffffffff, 0xfffffffeffffffff
};
ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = {
0x53bbf40939d54123, 0x7203df6b21c6052b,
0xffffffffffffffff, 0xfffffffeffffffff
};
ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0};
@ -177,13 +173,6 @@ static ossl_inline void ecp_sm2p256_mod_inverse(BN_ULONG* out,
BN_MOD_INV(out, in, ecp_sm2p256_div_by_2, ecp_sm2p256_sub, def_p);
}
/* Modular inverse mod order |out| = |in|^(-1) % |ord|. */
static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out,
const BN_ULONG* in) {
BN_MOD_INV(out, in, ecp_sm2p256_div_by_2_mod_ord, ecp_sm2p256_sub_mod_ord,
def_ord);
}
/* Point double: R <- P + P */
static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P)
{
@ -454,52 +443,6 @@ static int ecp_sm2p256_is_affine_G(const EC_POINT *generator)
}
#endif
/*
* Convert Jacobian coordinate point into affine coordinate (x,y)
*/
static int ecp_sm2p256_get_affine(const EC_GROUP *group,
const EC_POINT *point,
BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
{
ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0};
ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0};
ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0};
ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0};
ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0};
ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0};
ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0};
if (EC_POINT_is_at_infinity(group, point)) {
ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY);
return 0;
}
if (ecp_sm2p256_bignum_field_elem(point_x, point->X) <= 0
|| ecp_sm2p256_bignum_field_elem(point_y, point->Y) <= 0
|| ecp_sm2p256_bignum_field_elem(point_z, point->Z) <= 0) {
ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
return 0;
}
ecp_sm2p256_mod_inverse(z_inv3, point_z);
ecp_sm2p256_sqr(z_inv2, z_inv3);
if (x != NULL) {
ecp_sm2p256_mul(x_aff, point_x, z_inv2);
if (!bn_set_words(x, x_aff, P256_LIMBS))
return 0;
}
if (y != NULL) {
ecp_sm2p256_mul(z_inv3, z_inv3, z_inv2);
ecp_sm2p256_mul(y_aff, point_y, z_inv3);
if (!bn_set_words(y, y_aff, P256_LIMBS))
return 0;
}
return 1;
}
/* r = sum(scalar[i]*point[i]) */
static int ecp_sm2p256_windowed_mul(const EC_GROUP *group,
P256_POINT *r,
@ -689,44 +632,6 @@ static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r,
return 1;
}
static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
const BIGNUM *x, BN_CTX *ctx)
{
int ret = 0;
ALIGN32 BN_ULONG t[P256_LIMBS] = {0};
ALIGN32 BN_ULONG out[P256_LIMBS] = {0};
if (bn_wexpand(r, P256_LIMBS) == NULL) {
ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}
if ((BN_num_bits(x) > 256) || BN_is_negative(x)) {
BIGNUM *tmp;
if ((tmp = BN_CTX_get(ctx)) == NULL
|| !BN_nnmod(tmp, x, group->order, ctx)) {
ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
goto err;
}
x = tmp;
}
if (!ecp_sm2p256_bignum_field_elem(t, x)) {
ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
goto err;
}
ecp_sm2p256_mod_ord_inverse(out, t);
if (!bn_set_words(r, out, P256_LIMBS))
goto err;
ret = 1;
err:
return ret;
}
const EC_METHOD *EC_GFp_sm2p256_method(void)
{
static const EC_METHOD ret = {
@ -747,7 +652,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ec_GFp_simple_point_copy,
ossl_ec_GFp_simple_point_set_to_infinity,
ossl_ec_GFp_simple_point_set_affine_coordinates,
ecp_sm2p256_get_affine,
ossl_ec_GFp_simple_point_get_affine_coordinates,
0, 0, 0,
ossl_ec_GFp_simple_add,
ossl_ec_GFp_simple_dbl,
@ -763,7 +668,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ecp_sm2p256_field_mul,
ecp_sm2p256_field_sqr,
0 /* field_div */,
0 /* field_inv */,
ossl_ec_GFp_simple_field_inv,
0 /* field_encode */,
0 /* field_decode */,
0 /* field_set_to_one */,
@ -779,7 +684,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ecdsa_simple_sign_setup,
ossl_ecdsa_simple_sign_sig,
ossl_ecdsa_simple_verify_sig,
ecp_sm2p256_inv_mod_ord,
0, /* use constanttime fallback for inverse mod order */
0, /* blind_coordinates */
0, /* ladder_pre */
0, /* ladder_step */

23
crypto/evp/bio_ok.c
View File

@ -560,7 +560,7 @@ static int block_in(BIO *b)
{
BIO_OK_CTX *ctx;
EVP_MD_CTX *md;
unsigned long tl = 0;
size_t tl = 0;
unsigned char tmp[EVP_MAX_MD_SIZE];
int md_size;
@ -571,15 +571,18 @@ static int block_in(BIO *b)
goto berr;
assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
tl = ctx->buf[0];
tl <<= 8;
tl |= ctx->buf[1];
tl <<= 8;
tl |= ctx->buf[2];
tl <<= 8;
tl |= ctx->buf[3];
tl = ((size_t)ctx->buf[0] << 24)
| ((size_t)ctx->buf[1] << 16)
| ((size_t)ctx->buf[2] << 8)
| ((size_t)ctx->buf[3]);
if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size)
if (tl > OK_BLOCK_SIZE)
goto berr;
if (tl > SIZE_MAX - OK_BLOCK_BLOCK - (size_t)md_size)
goto berr;
if (ctx->buf_len < tl + OK_BLOCK_BLOCK + (size_t)md_size)
return 1;
if (!EVP_DigestUpdate(md,
@ -587,7 +590,7 @@ static int block_in(BIO *b)
goto berr;
if (!EVP_DigestFinal_ex(md, tmp, NULL))
goto berr;
if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) {
if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, (size_t)md_size) == 0) {
/* there might be parts from next block lurking around ! */
ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size;
ctx->buf_len_save = ctx->buf_len;

2
crypto/evp/ctrl_params_translate.c
View File

@ -2878,7 +2878,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
* function to put it to good use, or maybe affect it.
*
* NOTE: even though EVP_PKEY_CTX_ctrl return value is documented
* as return positive on Success and 0 or negative on falure. There
* as return positive on Success and 0 or negative on failure. There
* maybe parameters (e.g. ecdh_cofactor), which actually return 0
* as success value. That is why we do POST_PARAMS_TO_CTRL for 0
* value as well

15
crypto/evp/p_lib.c
View File

@ -1135,15 +1135,14 @@ int EVP_PKEY_can_sign(const EVP_PKEY *pkey)
} else {
const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
const char *supported_sig =
pkey->keymgmt->query_operation_name != NULL
? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE)
: EVP_KEYMGMT_get0_name(pkey->keymgmt);
EVP_SIGNATURE *signature = NULL;
EVP_SIGNATURE *sig;
const char *name;
signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL);
if (signature != NULL) {
EVP_SIGNATURE_free(signature);
name = evp_keymgmt_util_query_operation_name(pkey->keymgmt,
OSSL_OP_SIGNATURE);
sig = EVP_SIGNATURE_fetch(libctx, name, NULL);
if (sig != NULL) {
EVP_SIGNATURE_free(sig);
return 1;
}
}

2
crypto/http/http_client.c
View File

@ -842,7 +842,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
if (*p != '\r' && *p != '\n')
break;
}
if (*p != '\0') /* not end of headers or not end of error reponse content */
if (*p != '\0') /* not end of headers or not end of error response content */
goto next_line;
/* Found blank line(s) indicating end of headers */

1
crypto/http/http_lib.c
View File

@ -263,6 +263,7 @@ static int use_proxy(const char *no_proxy, const char *server)
/* strip leading '[' and trailing ']' from escaped IPv6 address */
sl -= 2;
strncpy(host, server + 1, sl);
host[sl] = '\0';
server = host;
}

12
crypto/info.c
View File

@ -23,6 +23,9 @@
#if defined(__arm__) || defined(__arm) || defined(__aarch64__)
# include "arm_arch.h"
# define CPU_INFO_STR_LEN 128
#elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC)
# include "crypto/ppc_arch.h"
# define CPU_INFO_STR_LEN 128
#elif defined(__s390__) || defined(__s390x__)
# include "s390x_arch.h"
# define CPU_INFO_STR_LEN 2048
@ -77,6 +80,15 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings)
BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
" env:%s", env);
# elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC)
const char *env;
BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str),
CPUINFO_PREFIX "OPENSSL_ppccap=0x%x", OPENSSL_ppccap_P);
if ((env = getenv("OPENSSL_ppccap")) != NULL)
BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
" env:%s", env);
# elif defined(__s390__) || defined(__s390x__)
const char *env;

2
crypto/lms/lm_ots_params.c
View File

@ -56,7 +56,7 @@ uint16_t ossl_lm_ots_params_checksum(const LM_OTS_PARAMS *params,
{
uint16_t sum = 0;
uint16_t i;
/* Largest size is 8 * 32 / 1 = 256 (which doesnt quite fit into 8 bits) */
/* Largest size is 8 * 32 / 1 = 256 (which doesn't quite fit into 8 bits) */
uint16_t bytes = (8 * params->n / params->w);
uint16_t end = (1 << params->w) - 1;

2
crypto/lms/lm_ots_verify.c
View File

@ -27,7 +27,7 @@ static int lm_ots_compute_pubkey_final(EVP_MD_CTX *ctx, EVP_MD_CTX *ctxIq,
* that returns a non finalized value of H(I || q)
* @param sig An LM_OTS_SIG object that contains C and y
* @param pub The public key LM_OTS_PARAMS
* @param Id A 16 byte indentifier (I) associated with a LMS tree
* @param Id A 16 byte identifier (I) associated with a LMS tree
* @param q The leaf index of the LMS tree.
* @param msg A message to verify
* @param msglen The size of |msg|

2
crypto/lms/lms_verify.c
View File

@ -51,7 +51,7 @@ int lms_sig_compute_tc_from_path(const unsigned char *paths, uint32_t n,
/*
* Calculate the public key Tc using the path
* The root hash is the hash of its 2 childrens Hash values.
* The root hash is the hash of its 2 children's Hash values.
* A child hash for each level is passed in by paths, and we have
* a leaf value that can be used with the path to calculate the parent
* hash.

4
crypto/ml_dsa/ml_dsa_key.c
View File

@ -319,6 +319,7 @@ int ossl_ml_dsa_key_has(const ML_DSA_KEY *key, int selection)
static int public_from_private(const ML_DSA_KEY *key, EVP_MD_CTX *md_ctx,
VECTOR *t1, VECTOR *t0)
{
int ret = 0;
const ML_DSA_PARAMS *params = key->params;
uint32_t k = (uint32_t)params->k, l = (uint32_t)params->l;
POLY *polys;
@ -351,9 +352,10 @@ static int public_from_private(const ML_DSA_KEY *key, EVP_MD_CTX *md_ctx,
/* Zeroize secret */
vector_zero(&s1_ntt);
ret = 1;
err:
OPENSSL_free(polys);
return 1;
return ret;
}
int ossl_ml_dsa_key_public_from_private(ML_DSA_KEY *key)

10
crypto/ml_kem/ml_kem.c
View File

@ -50,7 +50,7 @@
/*
* Return whether a value that can only be 0 or 1 is non-zero, in constant time
* in practice! The return value is a mask that is all ones if true, and all
* zeros otherwise (twos-complement arithmentic assumed for unsigned values).
* zeros otherwise (twos-complement arithmetic assumed for unsigned values).
*
* Although this is used in constant-time selects, we omit a value barrier
* here. Value barriers impede auto-vectorization (likely because it forces
@ -506,7 +506,7 @@ static void scalar_mult_const(scalar *s, uint16_t a)
}
/*-
* FIPS 203, Section 4.3, Algoritm 9: "NTT".
* FIPS 203, Section 4.3, Algorithm 9: "NTT".
* In-place number theoretic transform of a given scalar. Note that ML-KEM's
* kPrime 3329 does not have a 512th root of unity, so this transform leaves
* off the last iteration of the usual FFT code, with the 128 relevant roots of
@ -539,7 +539,7 @@ static void scalar_ntt(scalar *s)
}
/*-
* FIPS 203, Section 4.3, Algoritm 10: "NTT^(-1)".
* FIPS 203, Section 4.3, Algorithm 10: "NTT^(-1)".
* In-place inverse number theoretic transform of a given scalar, with pairs of
* entries of s->v being interpreted as elements of GF(3329^2). Just as with
* the number theoretic transform, this leaves off the first step of the normal
@ -596,7 +596,7 @@ static void scalar_sub(scalar *lhs, const scalar *rhs)
* GF(3329)[X]/(X^2 - 17^(2*bitreverse(i)+1)).
*
* The value of 17^(2*bitreverse(i)+1) mod 3329 is stored in the precomputed
* ModRoots table. Note that our Barrett transform only allows us to multipy
* ModRoots table. Note that our Barrett transform only allows us to multiply
* two reduced numbers together, so we need some intermediate reduction steps,
* even if an uint64_t could hold 3 multiplied numbers.
*/
@ -2080,5 +2080,5 @@ int ossl_ml_kem_pubkey_cmp(const ML_KEM_KEY *key1, const ML_KEM_KEY *key2)
* No match if just one of the public keys is not available, otherwise both
* are unavailable, and for now such keys are considered equal.
*/
return (ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2));
return (!(ossl_ml_kem_have_pubkey(key1) ^ ossl_ml_kem_have_pubkey(key2)));
}

4
crypto/modes/asm/aes-gcm-avx512.pl
View File

@ -2592,7 +2592,7 @@ ___
$code .= <<___;
vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]}
vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs
vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct
vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction
___
}
@ -3222,7 +3222,7 @@ ___
$code .= <<___;
vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]}
vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs
vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct
vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction
___
}

3
crypto/modes/siv128.c
View File

@ -202,9 +202,12 @@ int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
|| !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len,
sizeof(ctx->d.byte))) {
EVP_CIPHER_CTX_free(ctx->cipher_ctx);
ctx->cipher_ctx = NULL;
EVP_MAC_CTX_free(ctx->mac_ctx_init);
ctx->mac_ctx_init = NULL;
EVP_MAC_CTX_free(mac_ctx);
EVP_MAC_free(ctx->mac);
ctx->mac = NULL;
return 0;
}
EVP_MAC_CTX_free(mac_ctx);

109
crypto/objects/obj_dat.c
View File

@ -39,6 +39,7 @@ struct added_obj_st {
static unsigned long added_obj_hash(const ADDED_OBJ *ca);
static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb);
static int add_object(const ASN1_OBJECT *obj, int indirect);
static LHASH_OF(ADDED_OBJ) *added = NULL;
static CRYPTO_RWLOCK *ossl_obj_lock = NULL;
@ -155,6 +156,19 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca)
return ret;
}
/*
* Compare two ASN1_OBJECTs, including SNAME and LNAME, but not NIDs.
*/
static int obj_equivalent(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
{
return a->length == b->length
&& memcmp(a->data, b->data, (size_t)a->length) == 0
&& (a->sn == NULL) == (b->sn == NULL)
&& strcmp(a->sn ? a->sn : "", b->sn ? b->sn : "") == 0
&& (a->ln == NULL) == (b->ln == NULL)
&& strcmp(a->ln ? a->ln : "", b->ln ? b->ln : "") == 0;
}
static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
{
ASN1_OBJECT *a, *b;
@ -722,15 +736,11 @@ int OBJ_create(const char *oid, const char *sn, const char *ln)
goto err;
}
tmpoid->nid = OBJ_new_nid(1);
if (tmpoid->nid == NID_undef)
goto err;
tmpoid->nid = NID_undef;
tmpoid->sn = (char *)sn;
tmpoid->ln = (char *)ln;
ok = OBJ_add_object(tmpoid);
ok = add_object(tmpoid, 1);
tmpoid->sn = NULL;
tmpoid->ln = NULL;
@ -754,14 +764,35 @@ const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj)
return obj->data;
}
int OBJ_add_object(const ASN1_OBJECT *obj)
static int add_object(const ASN1_OBJECT *obj, int indirect)
{
ASN1_OBJECT *o = NULL;
ASN1_OBJECT *o = NULL, *dup = NULL;
ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop[4];
int i;
int i, ret = NID_undef, nid = obj->nid;
/*
* Indirect calls leave the NID unspecified, in which case we generate a
* fresh NID here. Direct calls via `OBJ_add_object()` must explicity
* specify the nid, and we then also check against the compile-time bsearch
* lists that the indirect calls have checked while holding a read lock.
*/
if (indirect) {
if (nid != NID_undef
|| (nid = OBJ_new_nid(1)) < NUM_NID
|| (o = OBJ_dup(obj)) == NULL)
return ret;
o->nid = nid;
} else if (nid < NUM_NID
|| (obj->data != NULL
&& OBJ_bsearch_obj(&obj, obj_objs, NUM_OBJ) != NULL)
|| (obj->sn != NULL
&& OBJ_bsearch_sn(&obj, sn_objs, NUM_SN) != NULL)
|| (obj->ln != NULL
&& OBJ_bsearch_ln(&obj, ln_objs, NUM_LN) != NULL)
|| (o = OBJ_dup(obj)) == NULL) {
return ret;
}
if ((o = OBJ_dup(obj)) == NULL)
return NID_undef;
if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL
|| (o->length != 0
&& obj->data != NULL
@ -778,24 +809,41 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
}
for (i = ADDED_DATA; i <= ADDED_NID; i++) {
if (ao[i] != NULL) {
ao[i]->type = i;
ao[i]->obj = o;
aop[i] = lh_ADDED_OBJ_retrieve(added, ao[i]);
if (aop[i] != NULL)
aop[i]->type = -1;
(void)lh_ADDED_OBJ_insert(added, ao[i]);
if (lh_ADDED_OBJ_error(added)) {
if (aop[i] != NULL)
aop[i]->type = i;
while (i-- > ADDED_DATA) {
if (ao[i] == NULL)
continue;
ao[i]->type = i;
ao[i]->obj = o;
if ((aop[i] = lh_ADDED_OBJ_retrieve(added, ao[i])) != NULL)
dup = aop[i]->obj;
}
if (dup != NULL) {
/*
* We found a possible conflict. If the caller did not specify a NID,
* return NID_undef to signal the conflict. Otherwise, if the NID and
* parameters are unchanged, return the old NID, else NID_undef to
* signal the conflict. This ensures that object registrations are
* immutable.
*
* In the future, ideally also return an equivalent existing NID also
* when the caller did not specify a NID, as in OBJ_create().
*/
if (obj->nid == dup->nid && obj_equivalent(obj, dup))
ret = dup->nid;
goto err;
}
for (i = ADDED_DATA; i <= ADDED_NID; i++) {
if (ao[i] == NULL)
continue;
(void)lh_ADDED_OBJ_insert(added, ao[i]);
if (lh_ADDED_OBJ_error(added)) {
while (i-- > ADDED_DATA) {
if (ao[i] != NULL)
lh_ADDED_OBJ_delete(added, ao[i]);
if (aop[i] != NULL)
aop[i]->type = i;
}
ERR_raise(ERR_LIB_OBJ, ERR_R_CRYPTO_LIB);
goto err;
}
ERR_raise(ERR_LIB_OBJ, ERR_R_CRYPTO_LIB);
goto err;
}
}
o->flags &=
@ -811,7 +859,12 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
for (i = ADDED_DATA; i <= ADDED_NID; i++)
OPENSSL_free(ao[i]);
ASN1_OBJECT_free(o);
return NID_undef;
return ret;
}
int OBJ_add_object(const ASN1_OBJECT *obj)
{
return add_object(obj, 0);
}
int OBJ_obj2nid(const ASN1_OBJECT *a)

2
crypto/ppccap.c
View File

@ -101,7 +101,7 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
#if defined(__FreeBSD__) || defined(__OpenBSD__)
# include <sys/param.h>
# if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
# if (defined(__FreeBSD__) && __FreeBSD_version >= 1104000) || \
(defined(__OpenBSD__) && OpenBSD >= 202409)
# include <sys/auxv.h>
# define OSSL_IMPLEMENT_GETAUXVAL

2
crypto/property/property_parse.c
View File

@ -641,7 +641,7 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
}
quotes = quote != '\0';
if (*remain == 0) {
if (*remain <= (size_t)quotes) {
*needed += 2 * quotes;
return;
}

2
crypto/provider_core.c
View File

@ -1038,7 +1038,7 @@ static int provider_init(OSSL_PROVIDER *prov)
#ifndef FIPS_MODULE
OSSL_TRACE_BEGIN(PROVIDER) {
BIO_printf(trc_out,
"(provider %s) initalizing\n", prov->name);
"(provider %s) initializing\n", prov->name);
} OSSL_TRACE_END(PROVIDER);
#endif

15
crypto/rsa/rsa_gen.c
View File

@ -734,18 +734,3 @@ err:
return ret;
}
#ifdef FIPS_MODULE
int ossl_rsa_key_pairwise_test(RSA *rsa)
{
OSSL_CALLBACK *stcb;
void *stcbarg;
int res;
OSSL_SELF_TEST_get_callback(rsa->libctx, &stcb, &stcbarg);
res = rsa_keygen_pairwise_test(rsa, stcb, stcbarg);
if (res <= 0)
ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT);
return res;
}
#endif /* FIPS_MODULE */

2
crypto/rsa/rsa_sign.c
View File

@ -129,7 +129,7 @@ static const unsigned char digestinfo_ripemd160_der[] = {
# ifndef OPENSSL_NO_SM3
/* SM3 (1 2 156 10197 1 401) */
static const unsigned char digestinfo_sm3_der[] = {
ASN1_SEQUENCE, 0x0f + SM3_DIGEST_LENGTH,
ASN1_SEQUENCE, 0x10 + SM3_DIGEST_LENGTH,
ASN1_SEQUENCE, 0x0c,
ASN1_OID, 0x08, 1 * 40 + 2, 0x81, 0x1c, 0xcf, 0x55, 1, 0x83, 0x78,
ASN1_NULL, 0x00,

23
crypto/stack/stack.c
View File

@ -257,14 +257,25 @@ int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
return 0;
if ((loc >= st->num) || (loc < 0)) {
st->data[st->num] = data;
loc = st->num;
st->data[loc] = data;
} else {
memmove(&st->data[loc + 1], &st->data[loc],
sizeof(st->data[0]) * (st->num - loc));
st->data[loc] = data;
}
st->num++;
st->sorted = st->num <= 1;
if (st->sorted && st->num > 1) {
if (st->comp != NULL) {
if (loc > 0 && (st->comp(&st->data[loc - 1], &st->data[loc]) > 0))
st->sorted = 0;
if (loc < st->num - 1
&& (st->comp(&st->data[loc + 1], &st->data[loc]) < 0))
st->sorted = 0;
} else {
st->sorted = 0;
}
}
return st->num;
}
@ -302,7 +313,7 @@ void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
return internal_delete(st, loc);
}
static int internal_find(OPENSSL_STACK *st, const void *data,
static int internal_find(const OPENSSL_STACK *st, const void *data,
int ret_val_options, int *pnum_matched)
{
const void *r;
@ -367,17 +378,17 @@ static int internal_find(OPENSSL_STACK *st, const void *data,
return r == NULL ? -1 : (int)((const void **)r - st->data);
}
int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data)
int OPENSSL_sk_find(const OPENSSL_STACK *st, const void *data)
{
return internal_find(st, data, OSSL_BSEARCH_FIRST_VALUE_ON_MATCH, NULL);
}
int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data)
int OPENSSL_sk_find_ex(const OPENSSL_STACK *st, const void *data)
{
return internal_find(st, data, OSSL_BSEARCH_VALUE_ON_NOMATCH, NULL);
}
int OPENSSL_sk_find_all(OPENSSL_STACK *st, const void *data, int *pnum)
int OPENSSL_sk_find_all(const OPENSSL_STACK *st, const void *data, int *pnum)
{
return internal_find(st, data, OSSL_BSEARCH_FIRST_VALUE_ON_MATCH, pnum);
}

12
crypto/threads_pthread.c
View File

@ -92,8 +92,10 @@ __tsan_mutex_post_lock((x), 0, 0)
/*
* The Non-Stop KLT thread model currently seems broken in its rwlock
* implementation
* Likewise is there a problem with the glibc implementation on riscv.
*/
# if defined(PTHREAD_RWLOCK_INITIALIZER) && !defined(_KLT_MODEL_)
# if defined(PTHREAD_RWLOCK_INITIALIZER) && !defined(_KLT_MODEL_) \
&& !defined(__riscv)
# define USE_RWLOCK
# endif
@ -309,7 +311,7 @@ static struct rcu_qp *get_hold_current_qp(struct rcu_lock_st *lock)
/* if the idx hasn't changed, we're good, else try again */
if (qp_idx == ATOMIC_LOAD_N(uint32_t, &lock->reader_idx,
__ATOMIC_RELAXED))
__ATOMIC_ACQUIRE))
break;
ATOMIC_SUB_FETCH(&lock->qp_group[qp_idx].users, (uint64_t)1,
@ -440,8 +442,12 @@ static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock, uint32_t *curr_id)
*curr_id = lock->id_ctr;
lock->id_ctr++;
/*
* make the current state of everything visible by this release
* when get_hold_current_qp acquires the next qp
*/
ATOMIC_STORE_N(uint32_t, &lock->reader_idx, lock->current_alloc_idx,
__ATOMIC_RELAXED);
__ATOMIC_RELEASE);
/*
* this should make sure that the new value of reader_idx is visible in

1
crypto/x509/x509_lu.c
View File

@ -408,7 +408,6 @@ static int x509_store_add(X509_STORE *store, void *x, int crl)
}
if (!X509_STORE_lock(store)) {
obj->type = X509_LU_NONE;
X509_OBJECT_free(obj);
return 0;
}

2
crypto/x509/x509_vfy.c
View File

@ -408,7 +408,7 @@ static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert)
* Likely it would be good if build_chain() sets |check_signing_allowed|.
* Yet if |sk| is a list of trusted certs, as with X509_STORE_CTX_set0_trusted_stack(),
* better not set |check_signing_allowed|.
* Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatiblity.
* Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatibility.
*/
static X509 *get0_best_issuer_sk(X509_STORE_CTX *ctx, int check_signing_allowed,
int no_dup, STACK_OF(X509) *sk, X509 *x)

4
demos/quic/poll-server/quic-server-ssl-poll-http.c
View File

@ -75,7 +75,7 @@
* This is a simple non-blocking QUIC HTTP/1.0 server application.
* Server accepts QUIC connections. It then accepts bi-directional
* stream from client and reads request. By default it sends
* 12345 bytes back as HHTTP/1.0 response to any GET request.
* 12345 bytes back as HTTP/1.0 response to any GET request.
* If GET request comes with URL for example as follows:
* /foo/bar/file_65535.txt
* then the server sends 64kB of data in HTTP/1.0 response.
@ -216,7 +216,7 @@ struct poll_event_connection {
* Members in poll manager deserve some explanation:
* - pm_head, holds a list of poll_event structures (connections and
* streams)
* - pm_event_count number of events to montior in SSL_poll(3ossl)
* - pm_event_count number of events to monitor in SSL_poll(3ossl)
* - pm_poll_set array of events to poll on
* - pm_poll_set_sz number of slots (space) available in pm_poll_set
* - pm_need_rebuild whenever list of events to monitor in a list changes

4
doc/designs/ML-KEM.md
View File

@ -44,7 +44,7 @@ subsequent computations (encapsulation).
Since the private key includes the public key as one of its components, the matrix
is also pre-computed and stored with the private key, and then need not be
regenerated during decapsulation.
During encapsulation (typically peformed by servers), it is in principle
During encapsulation (typically performed by servers), it is in principle
possible to save space and compute the matrix elements *just-in-time*, as each
matrix element is used exactly once.
This is not currently implemented, and the matrix is pre-computed in full.
@ -90,7 +90,7 @@ Keys can be generated via the usual **EVP_PKEY_generate()** and
An explicit seed can be specified by setting the key generation
**OSSL_PKEY_PARAM_ML_KEM_SEED** parameter to a 64-byte octet-string
(concatentation of the **d** and **z** values (32-bytes each) in that order).
(concatenation of the **d** and **z** values (32-bytes each) in that order).
KEM API
-------

2
doc/designs/functions-for-explicitly-fetched-signature-algorithms.md
View File

@ -54,7 +54,7 @@ and `EVP_PKEY_verify()` remain supported.
Some more recent verification algorithms need to obtain the signature
before processing the data.
This is particularly important for streaming modes of operation.
This design proposes a mechanism to accomodate these algorithms
This design proposes a mechanism to accommodate these algorithms
and modes of operation.
New public API - API Reference

2
doc/designs/ml-dsa.md
View File

@ -103,7 +103,7 @@ the API's used should be
OpenSSL command line support
----------------------------
For backwards compatability reasons `EVP_DigestSignInit_ex()`,
For backwards compatibility reasons `EVP_DigestSignInit_ex()`,
`EVP_DigestSign()`, `EVP_DigestVerifyInit_ex()` and `EVP_DigestVerify()` may
also be used, but the digest passed in `mdname` must be NULL (i.e. it
effectively behaves the same as above).

2
doc/designs/quic-design/quic-concurrency.md
View File

@ -386,7 +386,7 @@ int ossl_cml_write(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle,
/*
* Returns the number of bytes a receiving pipe currently has waiting to be
* read. The returned value may increase over time asynchronously but will only
* decreate in response to an ossl_cml_read call.
* decrease in response to an ossl_cml_read call.
*/
size_t ossl_cml_read_available(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle);

8
doc/designs/quic-design/server/quic-polling.md
View File

@ -1072,7 +1072,7 @@ typedef struct ssl_poll_event_st {
* this, applications must still ensure no events in an SSL_POLL_EVENT
* structure recorded from a previous call to this function are left over, which
* may still reference that poll descriptor. Therefore, applications must still
* excercise caution when freeing resources which are registered, or which were
* exercise caution when freeing resources which are registered, or which were
* previously registered in a poll group.
*/
#define SSL_POLL_FLAG_NO_HANDLE_EVENTS (1U << 0)
@ -1324,13 +1324,13 @@ void process_event(const SSL_POLL_EVENT *event)
for (i = 0; i < nevents; ++i) {
process_event(&events[i]); /* do something in application */
/* We have processed the event so now reenable it. */
/* We have processed the event so now re-enable it. */
SSL_POLL_CHANGE_chflag(chg++, events[i].desc, events[i].instance,
SSL_POLL_EVENT_FLAG_DISABLE, 0);
++nchanges;
}
/* Reenable any event we processed and go to sleep again. */
/* Re-enable any event we processed and go to sleep again. */
if (!SSL_POLL_GROUP_change_poll(pg, changes, nchanges, sizeof(changes[0]),
events, OSSL_NELEM(events), sizeof(events[0]),
NULL, 0, &nevents))
@ -1419,7 +1419,7 @@ There are two kinds of polling that occur:
Firstly, the `SSL_POLL_METHOD` object is defined abstractly as follows:
```c
/* API (Psuedocode) */
/* API (Pseudocode) */
#define SSL_POLL_METHOD_CAP_IMMEDIATE (1U << 0) /* supports immediate mode */
#define SSL_POLL_METHOD_CAP_RETAINED (1U << 1) /* supports retained mode */

2
doc/designs/rfc4514.md
View File

@ -121,7 +121,7 @@ Only the entries of type "A" (Attribute Type) are potentially relevant. All
the *mainstream* attribute types are already listed in
`crypto/objects/objects.txt` and should be already supported:
| Atribute Name | OID | Reference |
| Attribute Name | OID | Reference |
|---|---|---|
| uid | 0.9.2342.19200300.100.1.1 | [RFC4519] |
| userId | 0.9.2342.19200300.100.1.1 | [RFC4519] |

23
doc/man3/DEFINE_STACK_OF.pod
View File

@ -52,9 +52,9 @@ OPENSSL_sk_sort, OPENSSL_sk_unshift, OPENSSL_sk_value, OPENSSL_sk_zero
void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc);
int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx);
TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr);
int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr);
int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr);
int sk_TYPE_find_all(STACK_OF(TYPE) *sk, TYPE *ptr, int *pnum);
int sk_TYPE_find(const STACK_OF(TYPE) *sk, TYPE *ptr);
int sk_TYPE_find_ex(const STACK_OF(TYPE) *sk, TYPE *ptr);
int sk_TYPE_find_all(const STACK_OF(TYPE) *sk, TYPE *ptr, int *pnum);
void sk_TYPE_sort(const STACK_OF(TYPE) *sk);
int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk);
STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk);
@ -170,15 +170,14 @@ B<sk_I<TYPE>_set>() sets element I<idx> of I<sk> to I<ptr> replacing the current
element. The new element value is returned or NULL if an error occurred:
this will only happen if I<sk> is NULL or I<idx> is out of range.
B<sk_I<TYPE>_find>() searches I<sk> for the element I<ptr>. In the case
where no comparison function has been specified, the function performs
a linear search for a pointer equal to I<ptr>. The index of the first
matching element is returned or B<-1> if there is no match. In the case
where a comparison function has been specified, I<sk> is sorted and
B<sk_I<TYPE>_find>() returns the index of a matching element or B<-1> if there
is no match. Note that, in this case the comparison function will usually
compare the values pointed to rather than the pointers themselves and
the order of elements in I<sk> can change.
B<sk_I<TYPE>_find>() searches I<sk> for the element I<ptr>. In the
case where no comparison function has been specified, the function
performs a linear search for a pointer equal to I<ptr>. In the case
where a comparison function has been specified, the function performs
a search for a element that the comparison function indicates is a
match. If the stack is sorted, a binary search is used, otherwise, a
linear search is used. B<sk_I<TYPE>_find>() returns the index of a
matching element or B<-1> if there is no match.
B<sk_I<TYPE>_find_ex>() operates like B<sk_I<TYPE>_find>() except when a
comparison function has been specified and no matching element is found.

2
doc/man3/EVP_SKEY.pod
View File

@ -135,7 +135,7 @@ EVP_SKEY_up_ref() returns 1 for success and 0 on failure.
EVP_SKEY_export() and EVP_SKEY_get0_raw_key() return 1 for success and 0 on failure.
EVP_SKEY_get0_skeymgmt_name() and EVP_SKEY_get0_provider_name() return the
names of the associated EVP_SKEYMGMT object and its provider correspondigly.
names of the associated EVP_SKEYMGMT object and its provider correspondingly.
EVP_SKEY_is_a() returns 1 if I<skey> has the key type I<name>,
otherwise 0.

2
doc/man3/OSSL_PROVIDER.pod
View File

@ -206,7 +206,7 @@ I<capability>. For each capability of that name supported by the provider it
will call the callback I<cb> and supply a set of L<OSSL_PARAM(3)>s describing the
capability. It will also pass back the argument I<arg>. For more details about
capabilities and what they can be used for please see
L<provider-base(7)/CAPABILTIIES>.
L<provider-base(7)/CAPABILITIES>.
=head1 RETURN VALUES

7
doc/man3/OpenSSL_version.pod
View File

@ -256,6 +256,13 @@ L<crypto(7)>
The macros and functions described here were added in OpenSSL 3.0,
except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num().
=head1 BUGS
There was a discrepancy between this manual and commentary + code
in F<< <openssl/opensslv.h> >>, where the latter suggested that the
four least significant bits of B<OPENSSL_VERSION_NUMBER> could be
C<0x0f> in released OpenSSL versions.
=head1 COPYRIGHT
Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.

2
doc/man3/PKCS12_gen_mac.pod
View File

@ -81,7 +81,7 @@ https://meganorm.ru/mega_doc/norm/prikaz/25/r_1323565_1_041-2022_rekomendatsii_p
If this environment variable is set, MAC generation that utilises
GOST R 34.11-94 or GOST 34.11-2012 hashing algorithms is performed the usual
way and not in accordance with the specification provided in the methodical
recommendation MP 26.2.002-2012 (or in its later versions, standartisation
recommendation MP 26.2.002-2012 (or in its later versions, standardisation
recommendation P 50.1.112-2016 or P 1323565.1.041-2022)
of Technical Committee 26, that specifies that the key used for MAC
generation should be the last 32 bytes of the 96-byte sequence generated

2
doc/man3/SSL_CIPHER_get_name.pod
View File

@ -37,7 +37,7 @@ SSL_CIPHER_get_protocol_id
int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
=head1 DESCRIPTION

2
doc/man3/SSL_CTX_set_domain_flags.pod
View File

@ -42,7 +42,7 @@ Specifying this flag configures the Single-Threaded Concurrency Model (SCM).
=item B<SSL_DOMAIN_FLAG_MULTI_THREAD>
Speciyfing this flag configures the Contentive Concurrency Model (CCM) (unless
Specifying this flag configures the Contentive Concurrency Model (CCM) (unless
B<SSL_DOMAIN_FLAG_THREAD_ASSISTED> is also specified).
If OpenSSL was built without thread support, this is identical to

10
doc/man3/SSL_SESSION_get0_hostname.pod
View File

@ -23,9 +23,10 @@ SSL_SESSION_set1_alpn_selected
=head1 DESCRIPTION
SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the
client when the session was created if it was accepted by the server. Otherwise
NULL is returned.
SSL_SESSION_get0_hostname() retrieves the Server Name Indication (SNI) value
that was sent by the client when the session was created if the server
acknowledged the client's SNI extension by including an empty SNI extension
in response. Otherwise NULL is returned.
The value returned is a pointer to memory maintained within B<s> and
should not be free'd.
@ -44,8 +45,7 @@ B<alpn>.
=head1 RETURN VALUES
SSL_SESSION_get0_hostname() returns either a string or NULL based on if there
is the SNI value sent by client.
SSL_SESSION_get0_hostname() returns the SNI string if available, or NULL if not.
SSL_SESSION_set1_hostname() returns 1 on success or 0 on error.

4
engines/e_padlock.c
View File

@ -203,9 +203,9 @@ struct padlock_cipher_data {
int rounds:4;
int dgst:1; /* n/a in C3 */
int align:1; /* n/a in C3 */
int ciphr:1; /* n/a in C3 */
int cipher:1; /* n/a in C3 */
unsigned int keygen:1;
int interm:1;
int intern:1;
unsigned int encdec:1;
int ksize:2;
} b;

2
fuzz/ml-kem.c
View File

@ -640,7 +640,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
return -1;
/*
* Get the first byte of the buffer to tell us what operation
* to preform
* to perform
*/
buffer_cursor = consume_uint8t(buf, &len, &operation);
if (buffer_cursor == NULL)

6
fuzz/slh-dsa.c
View File

@ -378,7 +378,7 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1,
/*
* the context_string parameter can be no more than 255 bytes, so if
* our random input buffer is greater than that, we expect failure above,
* which we check for. In that event, theres nothing more we can do here
* which we check for. In that event, there's nothing more we can do here
* so bail out
*/
if (expect_init_rc == 0)
@ -439,7 +439,7 @@ static void slh_dsa_export_import(uint8_t **buf, size_t *len, void *key1,
* EVP_PKEY returns:
* 1 if the keys are equivalent
* 0 if the keys are not equivalent
* -1 if the key types are differnt
* -1 if the key types are different
* -2 if the operation is not supported
*/
OPENSSL_assert(EVP_PKEY_eq(alice, new) == 1);
@ -578,7 +578,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
return -1;
/*
* Get the first byte of the buffer to tell us what operation
* to preform
* to perform
*/
buffer_cursor = consume_uint8t(buf, &len, &operation);
if (buffer_cursor == NULL)

2
include/crypto/ml_kem.h
View File

@ -154,7 +154,7 @@ typedef struct {
int security_category;
} ML_KEM_VINFO;
/* Retrive global variant-specific parameters */
/* Retrieve global variant-specific parameters */
const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type);
/* Known as ML_KEM_KEY via crypto/types.h */

4
include/crypto/rsa.h
View File

@ -124,10 +124,6 @@ ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx);
int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
const X509_ALGOR *sigalg, EVP_PKEY *pkey);
# ifdef FIPS_MODULE
int ossl_rsa_key_pairwise_test(RSA *rsa);
# endif /* FIPS_MODULE */
# if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]);
void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst);

4
include/openssl/opensslv.h.in
View File

@ -89,12 +89,12 @@ extern "C" {
# define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}"
/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PP0L */
# define OPENSSL_VERSION_NUMBER \
( (OPENSSL_VERSION_MAJOR<<28) \
|(OPENSSL_VERSION_MINOR<<20) \
|(OPENSSL_VERSION_PATCH<<4) \
|{- @config{prerelease} ? "0x0L" : "0xfL" -} )
|0x0L )
# ifdef __cplusplus
}

13
include/openssl/safestack.h.in
View File

@ -161,17 +161,18 @@ extern "C" {
{ \
return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \
} \
static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \
static ossl_unused ossl_inline int sk_##t1##_find(const STACK_OF(t1) *sk, t2 *ptr) \
{ \
return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \
return OPENSSL_sk_find((const OPENSSL_STACK *)sk, (const void *)ptr); \
} \
static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \
static ossl_unused ossl_inline int sk_##t1##_find_ex(const STACK_OF(t1) *sk, t2 *ptr) \
{ \
return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \
return OPENSSL_sk_find_ex((const OPENSSL_STACK *)sk, (const void *)ptr); \
} \
static ossl_unused ossl_inline int sk_##t1##_find_all(STACK_OF(t1) *sk, t2 *ptr, int *pnum) \
static ossl_unused ossl_inline int sk_##t1##_find_all(const STACK_OF(t1) *sk, t2 *ptr, \
int *pnum) \
{ \
return OPENSSL_sk_find_all((OPENSSL_STACK *)sk, (const void *)ptr, pnum); \
return OPENSSL_sk_find_all((const OPENSSL_STACK *)sk, (const void *)ptr, pnum); \
} \
static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \
{ \

6
include/openssl/stack.h
View File

@ -45,9 +45,9 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *,
int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where);
void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc);
void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p);
int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data);
int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data);
int OPENSSL_sk_find_all(OPENSSL_STACK *st, const void *data, int *pnum);
int OPENSSL_sk_find(const OPENSSL_STACK *st, const void *data);
int OPENSSL_sk_find_ex(const OPENSSL_STACK *st, const void *data);
int OPENSSL_sk_find_all(const OPENSSL_STACK *st, const void *data, int *pnum);
int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data);
int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data);
void *OPENSSL_sk_shift(OPENSSL_STACK *st);

42
providers/fips/self_test_data.inc
View File

@ -1450,6 +1450,18 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
ST_KAT_PARAM_END()
};
/*-
* Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
* ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
* HP/UX PA-RISC compilers.
*/
static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
static const ST_KAT_PARAM rsa_enc_params[] = {
ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
ST_KAT_PARAM_END()
};
static const unsigned char rsa_sig_msg[] = "Hello World!";
static const unsigned char rsa_expected_sig[256] = {
@ -3664,3 +3676,33 @@ static const ST_KAT_ASYM_KEYGEN st_kat_asym_keygen_tests[] = {
# endif
};
#endif /* !OPENSSL_NO_ML_DSA || !OPENSSL_NO_SLH_DSA */
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
{
OSSL_SELF_TEST_DESC_ASYM_RSA_ENC,
"RSA",
1,
rsa_pub_key,
rsa_enc_params,
ITM(rsa_asym_plaintext_encrypt),
ITM(rsa_asym_expected_encrypt),
},
{
OSSL_SELF_TEST_DESC_ASYM_RSA_DEC,
"RSA",
0,
rsa_priv_key,
rsa_enc_params,
ITM(rsa_asym_expected_encrypt),
ITM(rsa_asym_plaintext_encrypt),
},
{
OSSL_SELF_TEST_DESC_ASYM_RSA_DEC,
"RSA",
0,
rsa_crt_key,
rsa_enc_params,
ITM(rsa_asym_expected_encrypt),
ITM(rsa_asym_plaintext_encrypt),
},
};

100
providers/fips/self_test_kats.c
View File

@ -858,6 +858,93 @@ err:
}
#endif
/*
* Test an encrypt or decrypt KAT..
*
* FIPS 140-2 IG D.9 states that separate KAT tests are needed for encrypt
* and decrypt..
*/
static int self_test_asym_cipher(const ST_KAT_ASYM_CIPHER *t, OSSL_SELF_TEST *st,
OSSL_LIB_CTX *libctx)
{
int ret = 0;
OSSL_PARAM *keyparams = NULL, *initparams = NULL;
OSSL_PARAM_BLD *keybld = NULL, *initbld = NULL;
EVP_PKEY_CTX *encctx = NULL, *keyctx = NULL;
EVP_PKEY *key = NULL;
BN_CTX *bnctx = NULL;
unsigned char out[256];
size_t outlen = sizeof(out);
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER, t->desc);
bnctx = BN_CTX_new_ex(libctx);
if (bnctx == NULL)
goto err;
/* Load a public or private key from data */
keybld = OSSL_PARAM_BLD_new();
if (keybld == NULL
|| !add_params(keybld, t->key, bnctx))
goto err;
keyparams = OSSL_PARAM_BLD_to_param(keybld);
keyctx = EVP_PKEY_CTX_new_from_name(libctx, t->algorithm, NULL);
if (keyctx == NULL || keyparams == NULL)
goto err;
if (EVP_PKEY_fromdata_init(keyctx) <= 0
|| EVP_PKEY_fromdata(keyctx, &key, EVP_PKEY_KEYPAIR, keyparams) <= 0)
goto err;
/* Create a EVP_PKEY_CTX to use for the encrypt or decrypt operation */
encctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);
if (encctx == NULL
|| (t->encrypt && EVP_PKEY_encrypt_init(encctx) <= 0)
|| (!t->encrypt && EVP_PKEY_decrypt_init(encctx) <= 0))
goto err;
/* Add any additional parameters such as padding */
if (t->postinit != NULL) {
initbld = OSSL_PARAM_BLD_new();
if (initbld == NULL)
goto err;
if (!add_params(initbld, t->postinit, bnctx))
goto err;
initparams = OSSL_PARAM_BLD_to_param(initbld);
if (initparams == NULL)
goto err;
if (EVP_PKEY_CTX_set_params(encctx, initparams) <= 0)
goto err;
}
if (t->encrypt) {
if (EVP_PKEY_encrypt(encctx, out, &outlen,
t->in, t->in_len) <= 0)
goto err;
} else {
if (EVP_PKEY_decrypt(encctx, out, &outlen,
t->in, t->in_len) <= 0)
goto err;
}
/* Check the KAT */
OSSL_SELF_TEST_oncorrupt_byte(st, out);
if (outlen != t->expected_len
|| memcmp(out, t->expected, t->expected_len) != 0)
goto err;
ret = 1;
err:
BN_CTX_free(bnctx);
EVP_PKEY_free(key);
EVP_PKEY_CTX_free(encctx);
EVP_PKEY_CTX_free(keyctx);
OSSL_PARAM_free(keyparams);
OSSL_PARAM_BLD_free(keybld);
OSSL_PARAM_free(initparams);
OSSL_PARAM_BLD_free(initbld);
OSSL_SELF_TEST_onend(st, ret);
return ret;
}
/*
* Test a data driven list of KAT's for digest algorithms.
* All tests are run regardless of if they fail or not.
@ -899,6 +986,17 @@ static int self_test_kems(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
return ret;
}
static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
{
int i, ret = 1;
for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
ret = 0;
}
return ret;
}
static int self_test_kdfs(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
{
int i, ret = 1;
@ -1151,6 +1249,8 @@ int SELF_TEST_kats(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
ret = 0;
if (!self_test_kems(st, libctx))
ret = 0;
if (!self_test_asym_ciphers(st, libctx))
ret = 0;
RAND_set0_private(libctx, saved_rand);
return ret;

2
providers/implementations/encode_decode/ml_common_codecs.c
View File

@ -57,7 +57,7 @@ ossl_ml_common_pkcs8_fmt_order(const char *algorithm_name,
/*
* Formats are case-insensitive, separated by spaces, tabs or commas.
* Duplicate formats are allowed, the first occurence determines the order.
* Duplicate formats are allowed, the first occurrence determines the order.
*/
do {
if (*(fmt += strspn(fmt, sep)) == '\0')

2
providers/implementations/encode_decode/ml_dsa_codecs.c
View File

@ -126,7 +126,7 @@ ossl_ml_dsa_d2i_PUBKEY(const uint8_t *pk, int pk_len, int evp_type,
if (!ossl_ml_dsa_pk_decode(ret, pk, (size_t) pk_len)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
"errror parsing %s public key from input SPKI",
"error parsing %s public key from input SPKI",
params->alg);
ossl_ml_dsa_key_free(ret);
return NULL;

2
providers/implementations/encode_decode/ml_kem_codecs.c
View File

@ -125,7 +125,7 @@ ossl_ml_kem_d2i_PUBKEY(const uint8_t *pubenc, int publen, int evp_type,
if (!ossl_ml_kem_parse_public_key(pubenc, (size_t) publen, ret)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
"errror parsing %s public key from input SPKI",
"error parsing %s public key from input SPKI",
v->algorithm_name);
ossl_ml_kem_key_free(ret);
return NULL;

5
providers/implementations/kdfs/krb5kdf.c.in
View File

@ -359,7 +359,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx,
{
int klen, ret;
ret = EVP_EncryptInit_ex(ctx, cipher, engine, key, NULL);
ret = EVP_EncryptInit_ex(ctx, cipher, engine, NULL, NULL);
if (!ret)
goto out;
/* set the key len for the odd variable key len cipher */
@ -371,6 +371,9 @@ static int cipher_init(EVP_CIPHER_CTX *ctx,
goto out;
}
}
ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
if (!ret)
goto out;
/* we never want padding, either the length requested is a multiple of
* the cipher block size or we are passed a cipher that can cope with
* partial blocks via techniques like cipher text stealing */

4
providers/implementations/kem/rsa_kem.c.in
View File

@ -302,7 +302,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
/*
* If outlen is specified, then it must report the length
* of the out buffer on input so that we can confirm
* its size is sufficent for encapsulation
* its size is sufficient for encapsulation
*/
if (outlen != NULL && *outlen < nlen) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
@ -334,7 +334,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
/**
* rsasve_recover - Recovers a secret value from ciphertext using an RSA
* private key. Once, recovered, the secret value is considered to be a
* shared secret. Algorithm is preformed as per
* shared secret. Algorithm is performed as per
* NIST SP 800-56B Rev 2
* 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).
*

8
providers/implementations/keymgmt/ecx_kmgmt.c.in
View File

@ -229,14 +229,6 @@ static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[])
include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
ok = ok && ossl_ecx_key_fromdata(key, p.pub, p.priv, include_private);
#ifdef FIPS_MODULE
if (ok > 0 && ecx_key_type_is_ed(key->type) && !ossl_fips_self_testing())
if (key->haspubkey && key->privkey != NULL) {
ok = ecd_fips140_pairwise_test(key, key->type, 1);
if (ok <= 0)
ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT_IMPORT);
}
#endif /* FIPS_MODULE */
return ok;
}

2
providers/implementations/macs/blake2_mac_impl.c
View File

@ -146,7 +146,7 @@ static int blake2_mac_final(void *vmacctx,
return BLAKE2_FINAL(out, &macctx->ctx);
}
/* See blake2.h for parameter defintion */
/* See blake2.h for parameter definition */
static const OSSL_PARAM *blake2_gettable_ctx_params(ossl_unused void *ctx,
ossl_unused void *provctx)
{

2
providers/implementations/signature/rsa_sig.c.in
View File

@ -111,7 +111,7 @@ typedef struct {
unsigned int mgf1_md_set : 1;
/*
* Flags to say what are the possible next external calls in what
* consitutes the life cycle of an algorithm. The relevant calls are:
* constitutes the life cycle of an algorithm. The relevant calls are:
* - init
* - update
* - final

2
ssl/quic/quic_channel.c
View File

@ -2478,7 +2478,7 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch, int channel_only)
while (PACKET_remaining(&vpkt) > 0) {
/*
* We only support quic version 1 at the moment, so
* look to see if thats offered
* look to see if that's offered
*/
if (!PACKET_get_net_4(&vpkt, &supported_ver))
return;

7
ssl/quic/quic_impl.c
View File

@ -3241,6 +3241,7 @@ int ossl_quic_conn_stream_conclude(SSL *s)
QCTX ctx;
QUIC_STREAM *qs;
int err;
int ret;
if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
return 0;
@ -3248,13 +3249,15 @@ int ossl_quic_conn_stream_conclude(SSL *s)
qs = ctx.xso->stream;
if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
qctx_unlock(&ctx);
return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
return ret;
}
if (!quic_validate_for_write(ctx.xso, &err)) {
ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
qctx_unlock(&ctx);
return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
return ret;
}
if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {

8
ssl/quic/quic_port.c
View File

@ -520,9 +520,9 @@ static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, OSSL_QRX *qrx,
/*
* Creating a a new channel is made a bit tricky here as there is a
* bit of a circular dependency. Initalizing a channel requires that
* bit of a circular dependency. Initializing a channel requires that
* the ch->tls and optionally the qlog_title be configured prior to
* initalization, but we need the channel at least partially configured
* initialization, but we need the channel at least partially configured
* to create the new handshake layer, so we have to do this in a few steps.
*/
@ -1033,7 +1033,7 @@ err:
/**
* @brief Parses contents of a buffer into a validation token.
*
* VALIDATION_TOKEN should already be initalized. Does some basic sanity checks.
* VALIDATION_TOKEN should already be initialized. Does some basic sanity checks.
*
* @param token Validation token to fill data in.
* @param buf Buffer of previously marshaled validation token.
@ -1291,7 +1291,7 @@ static void port_send_version_negotiation(QUIC_PORT *port, BIO_ADDR *peer,
}
/**
* @brief defintions of token lifetimes
* @brief definitions of token lifetimes
*
* RETRY tokens are only valid for 10 seconds
* NEW_TOKEN tokens have a lifetime of 3600 sec (1 hour)

2
ssl/quic/quic_record_util.c
View File

@ -44,7 +44,7 @@ int ossl_quic_hkdf_extract(OSSL_LIB_CTX *libctx,
* at least 8 bytes. It means that the length of destination connection ID
* may be less than the minimum length for HKDF required by FIPS provider.
*
* Therefore, we need to set `key-check` to zero to allow using destionation
* Therefore, we need to set `key-check` to zero to allow using destination
* connection ID as IKM.
*/
*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_KEY_CHECK, &key_check);

9
ssl/record/methods/tls_common.c
View File

@ -1093,9 +1093,12 @@ int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
return 0;
}
if (rl->msg_callback != NULL)
rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &rec->type,
1, rl->cbarg);
if (rl->msg_callback != NULL) {
unsigned char ctype = (unsigned char)rec->type;
rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &ctype,
1, rl->cbarg);
}
/*
* TLSv1.3 alert and handshake records are required to be non-zero in

4
ssl/rio/rio_notifier.c
View File

@ -83,7 +83,7 @@ static int create_socket(int domain, int socktype, int protocol)
/*
* Its also possible that someone is building a binary on a newer windows
* SDK, but running it on a runtime that doesn't support inheritance
* supression. In that case the above will return INVALID_SOCKET, and
* suppression. In that case the above will return INVALID_SOCKET, and
* our response for those older platforms is to try the call again
* without the flag
*/
@ -142,7 +142,7 @@ static int create_socket(int domain, int socktype, int protocol)
*
* Win32 does not support socketpair(2), and Win32 pipes are not compatible with
* Winsock select(2). This means our only means of making select(2) wakeable is
* to artifically create a loopback TCP connection and send bytes to it.
* to artificially create a loopback TCP connection and send bytes to it.
*/
int ossl_rio_notifier_init(RIO_NOTIFIER *nfy)
{

6
ssl/ssl_lib.c
View File

@ -3962,8 +3962,8 @@ static long check_keylog_bio_free(BIO *b, int oper, const char *argp,
/*
* Note we _dont_ take the keylog_lock here
* This is intentional, because we only free the keylog lock
* During SSL_CTX_free, in which we already posess the lock, so
* Theres no need to grab it again here
* During SSL_CTX_free, in which we already possess the lock, so
* There's no need to grab it again here
*/
if (oper == BIO_CB_FREE)
keylog_bio = NULL;
@ -4319,7 +4319,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
/* Make sure we have a global lock allocated */
if (!RUN_ONCE(&ssl_keylog_once, ssl_keylog_init)) {
/* use a trace message as a warning */
OSSL_TRACE(TLS, "Unable to initalize keylog data\n");
OSSL_TRACE(TLS, "Unable to initialize keylog data\n");
goto out;
}

5
ssl/ssl_rsa.c
View File

@ -1056,10 +1056,13 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
}
}
if (!X509_up_ref(x509))
if (!X509_up_ref(x509)) {
OSSL_STACK_OF_X509_free(dup_chain);
goto out;
}
if (!EVP_PKEY_up_ref(privatekey)) {
OSSL_STACK_OF_X509_free(dup_chain);
X509_free(x509);
goto out;
}

2
ssl/statem/extensions_srvr.c
View File

@ -901,7 +901,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
goto end;
/*
* We now have the folowing lists available to make a decision for
* We now have the following lists available to make a decision for
* which group the server should use for key exchange :
* From client: clntgroups[clnt_num_groups],
* keyshares_arr[keyshares_cnt], encoded_pubkey_arr[keyshares_cnt]

2
ssl/t1_enc.c
View File

@ -72,7 +72,7 @@ static int tls1_PRF(SSL_CONNECTION *s,
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
(void *)seed5, (size_t)seed5_len);
/*
* If we have a propery query string, the kdf needs to know about it in the event
* If we have a property query string, the kdf needs to know about it in the event
* the specific kdf in use allocated a digest as part of its implementation
*/
if (SSL_CONNECTION_GET_CTX(s)->propq != NULL)

8
ssl/t1_lib.c
View File

@ -1583,10 +1583,10 @@ static int tuple_cb(const char *tuple, int len, void *arg)
/*
* Set groups and prepare generation of keyshares based on a string of groupnames,
* names separated by the group or the tuple delimiter, with per-group prefixes to
* (1) add a key share for this group, (2) ignore the group if unkown to the current
* (1) add a key share for this group, (2) ignore the group if unknown to the current
* context, (3) delete a previous occurrence of the group in the current tuple.
*
* The list parsing is done in two hierachical steps: The top-level step extracts the
* The list parsing is done in two hierarchical steps: The top-level step extracts the
* string of a tuple using tuple_cb, while the next lower step uses gid_cb to
* parse and process the groups inside a tuple
*/
@ -1646,7 +1646,7 @@ int tls1_set_groups_list(SSL_CTX *ctx,
}
/*
* We check whether a tuple was completly emptied by using "-" prefix
* We check whether a tuple was completely emptied by using "-" prefix
* excessively, in which case we remove the tuple
*/
for (i = j = 0; j < gcb.tplcnt; j++) {
@ -1693,7 +1693,7 @@ int tls1_set_groups_list(SSL_CTX *ctx,
/*
* tuple_cb and gid_cb combo ensures there are no duplicates or unknown groups so we
* can just go ahead and set the results (after diposing the existing)
* can just go ahead and set the results (after disposing the existing)
*/
OPENSSL_free(*grpext);
*grpext = gcb.gid_arr;

8
ssl/t1_trce.c
View File

@ -548,8 +548,12 @@ static const ssl_trace_tbl ssl_groups_tbl[] = {
{258, "ffdhe4096"},
{259, "ffdhe6144"},
{260, "ffdhe8192"},
{512, "MLKEM512"},
{513, "MLKEM768"},
{514, "MLKEM1024"},
{4587, "SecP256r1MLKEM768"},
{4588, "X25519MLKEM768"},
{4589, "SecP384r1MLKEM1024"},
{25497, "X25519Kyber768Draft00"},
{25498, "SecP256r1Kyber768Draft00"},
{0xFF01, "arbitrary_explicit_prime_curves"},
@ -1306,7 +1310,7 @@ static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent,
x = NULL;
}
if (x == NULL)
BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n");
BIO_puts(bio, "<UNPARSABLE CERTIFICATE>\n");
else {
BIO_puts(bio, "\n------details-----\n");
X509_print_ex(bio, x, XN_FLAG_ONELINE, 0);
@ -1537,7 +1541,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc
p = msg;
nm = d2i_X509_NAME(NULL, &p, (long)dlen);
if (!nm) {
BIO_puts(bio, "<UNPARSEABLE DN>\n");
BIO_puts(bio, "<UNPARSABLE DN>\n");
} else {
X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE);
BIO_puts(bio, "\n");

3
test/build.info
View File

@ -31,7 +31,8 @@ IF[{- !$disabled{tests} -}]
testutil/format_output.c testutil/load.c testutil/fake_random.c \
testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \
testutil/options.c testutil/test_options.c testutil/provider.c \
testutil/apps_shims.c testutil/random.c testutil/helper.c $LIBAPPSSRC
testutil/apps_shims.c testutil/random.c testutil/helper.c \
testutil/compare.c $LIBAPPSSRC
INCLUDE[libtestutil.a]=../include ../apps/include ..
DEPEND[libtestutil.a]=../libcrypto

4
test/fake_rsaprov.c
View File

@ -35,6 +35,8 @@ static int exptypes_selection;
static int query_id;
static int key_deleted;
unsigned fake_rsa_query_operation_name = 0;
typedef struct {
OSSL_LIB_CTX *libctx;
} PROV_FAKE_RSA_CTX;
@ -90,7 +92,7 @@ static const char *fake_rsa_keymgmt_query(int id)
/* record global for checking */
query_id = id;
return "RSA";
return fake_rsa_query_operation_name ? NULL: "RSA";
}
static int fake_rsa_keymgmt_import(void *keydata, int selection,

9
test/fake_rsaprov.h
View File

@ -14,5 +14,14 @@
/* Fake RSA provider implementation */
OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx);
void fake_rsa_finish(OSSL_PROVIDER *p);
OSSL_PARAM *fake_rsa_key_params(int priv);
void fake_rsa_restore_store_state(void);
/*
* When fake_rsa_query_operation_name is set to a non-zero value,
* query_operation_name() will return NULL.
*
* By default, it is 0, in which case query_operation_name() will return "RSA".
*/
extern unsigned fake_rsa_query_operation_name;

6
test/lms_test.c
View File

@ -551,6 +551,7 @@ int setup_tests(void)
{
OPTION_CHOICE o;
char *config_file = NULL;
EVP_PKEY_CTX *ctx = NULL;
/* Swap the libctx to test non-default context only */
propq = "provider=default";
@ -571,6 +572,11 @@ int setup_tests(void)
if (!test_get_libctx(&libctx, &nullprov, config_file, &libprov, NULL))
return 0;
ctx = EVP_PKEY_CTX_new_from_name(libctx, "LMS", propq);
if (ctx == NULL && ERR_get_error() == EVP_R_UNSUPPORTED_ALGORITHM)
return TEST_skip("LMS algorithm is not available in provider");
EVP_PKEY_CTX_free(ctx);
ADD_TEST(lms_bad_pub_len_test);
ADD_TEST(lms_key_validate_test);
ADD_TEST(lms_key_eq_test);

10
test/ml_kem_evp_extra_test.c
View File

@ -140,9 +140,19 @@ static int test_ml_kem(void)
if (!TEST_int_gt(EVP_PKEY_copy_parameters(bkey, akey), 0))
goto err;
/* Bob's empty key is not equal to Alice's */
if (!TEST_false(EVP_PKEY_eq(akey, bkey))
|| !TEST_false(EVP_PKEY_eq(bkey, akey)))
goto err;
if (!TEST_true(EVP_PKEY_set1_encoded_public_key(bkey, rawpub, publen)))
goto err;
/* Bob's copy of Alice's public key makes the two equal */
if (!TEST_true(EVP_PKEY_eq(akey, bkey))
|| !TEST_true(EVP_PKEY_eq(bkey, akey)))
goto err;
/* Encapsulate Bob's key */
ctx = EVP_PKEY_CTX_new_from_pkey(testctx, bkey, NULL);
if (!TEST_ptr(ctx))

9
test/p_ossltest.c
View File

@ -1369,7 +1369,8 @@ static int ossl_test_aes128cbchmacsha1_set_ctx_params(void *vprovctx, const OSSL
p = OSSL_PARAM_locate((OSSL_PARAM *)params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
if (p != NULL) {
OSSL_PARAM_get_octet_string_ptr(p, (const void **)&val, &vlen);
if (OSSL_PARAM_get_octet_string_ptr(p, (const void **)&val, &vlen) != 1)
return 0;
len = val[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | val[EVP_AEAD_TLS1_AAD_LEN - 1];
ctx->tls_ver = val[EVP_AEAD_TLS1_AAD_LEN - 4] << 8 | val[EVP_AEAD_TLS1_AAD_LEN -3];
@ -1665,8 +1666,10 @@ static int drbg_ctr_get_ctx_params(void *vdrbg, OSSL_PARAM params[])
{
OSSL_PARAM *p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST);
if (p != NULL)
OSSL_PARAM_set_size_t(p, (size_t)(1 << 16));
if (p != NULL && !OSSL_PARAM_set_size_t(p, (size_t)(1 << 16))) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
return 0;
}
return 1;
}

17
test/property_test.c
View File

@ -687,6 +687,22 @@ static int test_property_list_to_string(int i)
return ret;
}
static int test_property_list_to_string_bounds(void)
{
OSSL_PROPERTY_LIST *pl = NULL;
char buf[16];
int ret = 0;
if (!TEST_ptr(pl = ossl_parse_query(NULL, "provider='$1'", 1)))
goto err;
if (!TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf, 10), 14))
goto err;
ret = 1;
err:
ossl_property_free(pl);
return ret;
}
int setup_tests(void)
{
ADD_TEST(test_property_string);
@ -701,5 +717,6 @@ int setup_tests(void)
ADD_TEST(test_query_cache_stochastic);
ADD_TEST(test_fips_mode);
ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
ADD_TEST(test_property_list_to_string_bounds);
return 1;
}

72
test/provider_pkey_test.c
View File

@ -239,6 +239,77 @@ end:
return ret;
}
static int test_pkey_can_sign(void)
{
OSSL_PROVIDER *fake_rsa = NULL;
EVP_PKEY *pkey_fake = NULL;
EVP_PKEY_CTX *ctx = NULL;
OSSL_PARAM *params = NULL;
int ret = 0;
if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
return 0;
/*
* Ensure other tests did not forget to reset fake_rsa_query_operation_name
* to its default value: 0
*/
if (!TEST_int_eq(fake_rsa_query_operation_name, 0))
goto end;
if (!TEST_ptr(params = fake_rsa_key_params(0))
|| !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
"provider=fake-rsa"))
|| !TEST_true(EVP_PKEY_fromdata_init(ctx))
|| !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY,
params))
|| !TEST_true(EVP_PKEY_can_sign(pkey_fake))
|| !TEST_ptr(pkey_fake))
goto end;
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
EVP_PKEY_free(pkey_fake);
pkey_fake = NULL;
OSSL_PARAM_free(params);
params = NULL;
/*
* Documented behavior for OSSL_FUNC_keymgmt_query_operation_name()
* allows it to return NULL, in which case the fallback should be to use
* EVP_KEYMGMT_get0_name(). That is exactly the thing we are testing here.
*/
fake_rsa_query_operation_name = 1;
if (!TEST_ptr(params = fake_rsa_key_params(0))
|| !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
"provider=fake-rsa"))
|| !TEST_true(EVP_PKEY_fromdata_init(ctx))
|| !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY,
params))
|| !TEST_true(EVP_PKEY_can_sign(pkey_fake))
|| !TEST_ptr(pkey_fake))
goto end;
EVP_PKEY_CTX_free(ctx);
ctx = NULL;
EVP_PKEY_free(pkey_fake);
pkey_fake = NULL;
OSSL_PARAM_free(params);
params = NULL;
ret = 1;
end:
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(pkey_fake);
OSSL_PARAM_free(params);
fake_rsa_query_operation_name = 0;
fake_rsa_finish(fake_rsa);
return ret;
}
static int test_pkey_store(int idx)
{
OSSL_PROVIDER *deflt = NULL;
@ -719,6 +790,7 @@ int setup_tests(void)
ADD_TEST(test_pkey_sig);
ADD_TEST(test_alternative_keygen_init);
ADD_TEST(test_pkey_eq);
ADD_TEST(test_pkey_can_sign);
ADD_ALL_TESTS(test_pkey_store, 2);
ADD_TEST(test_pkey_delete);
ADD_TEST(test_pkey_store_open_ex);

95
test/quicapitest.c
View File

@ -429,91 +429,6 @@ static int test_version(void)
}
#if defined(DO_SSL_TRACE_TEST)
static void strip_line_ends(char *str)
{
size_t i;
for (i = strlen(str);
i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
i--);
str[i] = '\0';
}
static int compare_with_file(BIO *membio)
{
BIO *file = NULL, *newfile = NULL;
char buf1[8192], buf2[8192];
char *reffile;
int ret = 0;
size_t i;
#ifdef OPENSSL_NO_ZLIB
reffile = test_mk_file_path(datadir, "ssltraceref.txt");
#else
reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt");
#endif
if (!TEST_ptr(reffile))
goto err;
file = BIO_new_file(reffile, "rb");
if (!TEST_ptr(file))
goto err;
newfile = BIO_new_file("ssltraceref-new.txt", "wb");
if (!TEST_ptr(newfile))
goto err;
while (BIO_gets(membio, buf2, sizeof(buf2)) > 0)
if (BIO_puts(newfile, buf2) <= 0) {
TEST_error("Failed writing new file data");
goto err;
}
if (!TEST_int_ge(BIO_seek(membio, 0), 0))
goto err;
while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
size_t line_len;
if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
TEST_error("Failed reading mem data");
goto err;
}
strip_line_ends(buf1);
strip_line_ends(buf2);
line_len = strlen(buf1);
if (line_len > 0 && buf1[line_len - 1] == '?') {
/* Wildcard at the EOL means ignore anything after it */
if (strlen(buf2) > line_len)
buf2[line_len] = '\0';
}
if (line_len != strlen(buf2)) {
TEST_error("Actual and ref line data length mismatch");
TEST_info("%s", buf1);
TEST_info("%s", buf2);
goto err;
}
for (i = 0; i < line_len; i++) {
/* '?' is a wild card character in the reference text */
if (buf1[i] == '?')
buf2[i] = '?';
}
if (!TEST_str_eq(buf1, buf2))
goto err;
}
if (!TEST_true(BIO_eof(file))
|| !TEST_true(BIO_eof(membio)))
goto err;
ret = 1;
err:
OPENSSL_free(reffile);
BIO_free(file);
BIO_free(newfile);
return ret;
}
/*
* Tests that the SSL_trace() msg_callback works as expected with a QUIC
* connection. This also provides testing of the msg_callback at the same time.
@ -525,6 +440,7 @@ static int test_ssl_trace(void)
QUIC_TSERVER *qtserv = NULL;
int testresult = 0;
BIO *bio = NULL;
char *reffile = NULL;
if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
|| !TEST_ptr(bio = BIO_new(BIO_s_mem()))
@ -548,7 +464,13 @@ static int test_ssl_trace(void)
if (!TEST_int_gt(BIO_pending(bio), 0))
goto err;
} else {
if (!TEST_true(compare_with_file(bio)))
# ifdef OPENSSL_NO_ZLIB
reffile = test_mk_file_path(datadir, "ssltraceref.txt");
# else
reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt");
# endif
if (!TEST_true(compare_with_reference_file(bio, reffile)))
goto err;
}
@ -558,6 +480,7 @@ static int test_ssl_trace(void)
SSL_free(clientquic);
SSL_CTX_free(cctx);
BIO_free(bio);
OPENSSL_free(reffile);
return testresult;
}

12
test/recipes/03-test_fipsinstall.t
View File

@ -63,7 +63,7 @@ my @commandline =
( 'x942kdf_key_check', 'x942kdf-key-check' )
);
plan tests => 40 + (scalar @pedantic_okay) + (scalar @pedantic_fail)
plan tests => 41 + (scalar @pedantic_okay) + (scalar @pedantic_fail)
+ 4 * (scalar @commandline);
my $infile = bldtop_file('providers', platform->dso('fips'));
@ -392,6 +392,16 @@ SKIP: {
"fipsinstall fails when the ML-KEM decapsulate implicit failure result is corrupted");
}
# corrupt an Asymmetric cipher test
SKIP: {
skip "Skipping Asymmetric RSA corruption test because of no rsa in this build", 1
if disabled("rsa") || disabled("fips-post");
ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
'-corrupt_desc', 'RSA_Encrypt',
'-corrupt_type', 'KAT_AsymmetricCipher'])),
"fipsinstall fails when the asymmetric cipher result is corrupted");
}
# 'local' ensures that this change is only done in this file.
local $ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir());

8
test/recipes/30-test_evp_data/evpkdf_krb5.txt
View File

@ -129,3 +129,11 @@ Ctrl.cipher = cipher:DES-EDE3-CBC
Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92
Ctrl.hexconstant = hexconstant:0000000155
Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705
#Erroneous key size for the cipher as XTS has double key size
KDF = KRB5KDF
Ctrl.cipher = cipher:AES-256-XTS
Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161
Ctrl.hexconstant = hexconstant:0000000255
Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA
Result = KDF_DERIVE_ERROR

2
test/recipes/30-test_evp_data/evppkey_rsa_sigalg.txt
View File

@ -186,4 +186,4 @@ Output = 6a7fc08e9999fc9d50cda476e973a01a06efeb52eece1c78cb1422950476cbff67408c6
Availablein = default
Sign-Message = RSA-SM3:RSA-2048
Input = "Hello World"
Output = 92657e22036214c343d8e95d129c0c47430d5a1ae452371a7847a963f533f96e018aa6658958e6a584cf0d380aa9435175cf2de3dfa60100aca893b76aa6d8f0cc9154ee982cb5ea8f19153fe8a9c801aa2da8bb4451c7ec6fd836e81ecdacf022b68294db068efa47decf3a7c548ea7088a16433029b8733b9573053b7e7122ea10b662726fc97bd149c663617434a9707b672b024f95865d91077edfb79c8ed4c8528032204c46c984a6c82b17794cbf9c4dfe4c1af1d59535f7755540ff36d6a2b55accbf046896c4aae9287a33f38c2a269a02abdac46c17b1b55ee89cc9eb3011a84916596f982c5375dd2110633be6dc43532919466d83bd0f3e406978
Output = b74e03c18050807541bde949aa0ac91d43fb9730f0b529d5100d5776f4f446d0ca0f0992359dc5f89386ed45bc3bf52cac1f75fbcc088fc2ea77624fd962569d2d317e90886dec424fb6757c4eba1e881ddf4f7942e8003b54e05cc974558dea171ce23a2fc158f71a5621c9a2c3ce45c9af4c706d3f60efe0c0f087a6ec504f771b08e2a1d78e0316c74706c678869bf121d5da00e2e8c8dc1cd273315b4ad8ab9962c62f81cebc5fb393b7f8860ee68545578413feada82b1c2bbfabfa157e298f0354bffc1cc6aa68f058a5d34b6b70ffacd3532c6b2c6a0de059bf605edf392ac8adbf1769555a0a50b2b13c63cae98a461498fae7f0d1729b710f05f39e

15
test/recipes/90-test_sslapi.t
View File

@ -45,7 +45,10 @@ ok(run(test(["sslapitest", srctop_dir("test", "certs"),
srctop_file("test",
"recipes",
"90-test_sslapi_data",
"dhparams.pem")])),
"dhparams.pem"),
srctop_dir("test",
"recipes",
"90-test_sslapi_data")])),
"running sslapitest");
SKIP: {
@ -62,7 +65,10 @@ SKIP: {
srctop_file("test",
"recipes",
"90-test_sslapi_data",
"dhparams.pem")])),
"dhparams.pem"),
srctop_dir("test",
"recipes",
"90-test_sslapi_data")])),
"running sslapitest with default fips config");
run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]),
@ -140,7 +146,10 @@ SKIP: {
srctop_file("test",
"recipes",
"90-test_sslapi_data",
"dhparams.pem")])),
"dhparams.pem"),
srctop_dir("test",
"recipes",
"90-test_sslapi_data")])),
"running sslapitest with modified fips config");
}

Some files were not shown because too many files have changed in this diff Show More