Merge a7d856932b into 296f1f6dd8

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28113)

apps/cmp.c

@@ -371,7 +371,7 @@ const OPTIONS cmp_options[] = {
     {"disable_confirm", OPT_DISABLE_CONFIRM, '-',
      "Do not confirm newly enrolled certificate w/o requesting implicit"},
     {OPT_MORE_STR, 0, 0,
-     "confirmation. WARNING: This leads to behavior violating RFC 4210"},
+     "confirmation. WARNING: This leads to behavior violating RFC 9810"},
     {"certout", OPT_CERTOUT, 's',
      "File to save newly enrolled certificate"},
     {"chainout", OPT_CHAINOUT, 's',
@@ -440,7 +440,7 @@ const OPTIONS cmp_options[] = {
     {OPT_MORE_STR, 0, 0,
      "certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf"},
     {OPT_MORE_STR, 0, 0,
-     "WARNING: This setting leads to behavior allowing violation of RFC 4210"},
+     "WARNING: This setting leads to behavior allowing violation of RFC 9810"},
     {"no_cache_extracerts", OPT_NO_CACHE_EXTRACERTS, '-',
      "Do not keep certificates received in the extraCerts CMP message field"},
     { "srvcertout", OPT_SRVCERTOUT, 's',
@@ -623,7 +623,7 @@ const OPTIONS cmp_options[] = {
     {OPT_MORE_STR, 0, 0,
      "certificate responses (ip/cp/kup), and revocation responses (rp)."},
     {OPT_MORE_STR, 0, 0,
-     "WARNING: This setting leads to behavior violating RFC 4210"},
+     "WARNING: This setting leads to behavior violating RFC 9810"},
     {"accept_unprotected", OPT_ACCEPT_UNPROTECTED, '-',
      "Accept missing or invalid protection of requests"},
     {"accept_unprot_err", OPT_ACCEPT_UNPROT_ERR, '-',

apps/progs.pl

@@ -93,7 +93,6 @@ EOF
 
     my %cmd_disabler = (
         ciphers  => "sock",
-        genrsa   => "rsa",
         gendsa   => "dsa",
         dsaparam => "dsa",
         gendh    => "dh",
@@ -107,7 +106,7 @@ EOF
 #   [2] = preprocessor conditional for excluding irrespective of deprecation
 #        rsa      => [ "pkey",      "3_0", "rsa" ],
 #        genrsa   => [ "genpkey",   "3_0", "rsa" ],
-        rsautl   => [ "pkeyutl",   "3_0", "rsa" ],
+        rsautl   => [ "pkeyutl",   "3_0", "" ],
 #        dhparam  => [ "pkeyparam", "3_0", "dh"  ],
 #        dsaparam => [ "pkeyparam", "3_0", "dsa" ],
 #        dsa      => [ "pkey",      "3_0", "dsa" ],

crypto/cmp/cmp_asn.c

@@ -18,7 +18,7 @@
 #include <openssl/cmp.h>
 #include <openssl/crmf.h>
 
-/* ASN.1 declarations from RFC4210 */
+/* ASN.1 declarations from RFC 9810 */
 ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
     /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
     ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER),

crypto/cmp/cmp_client.c

@@ -566,11 +566,11 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype,
  * ctx->certConf_cb_arg, which has been initialized using opt_out_trusted, and
  * ctx->untrusted, which at this point already contains msg->extraCerts.
  * Returns 0 on acceptance, else a bit field reflecting PKIFailureInfo.
- * Quoting from RFC 4210 section 5.1. Overall PKI Message:
+ * Quoting from RFC 9810 section 5.1. Overall PKI Message:
  *     The extraCerts field can contain certificates that may be useful to
  *     the recipient.  For example, this can be used by a CA or RA to
  *     present an end entity with certificates that it needs to verify its
- *     own new certificate (if, for example, the CA that issued the end
+ *     own new certificate (for example, if the CA that issued the end
  *     entity's certificate is not a root CA for the end entity).  Note that
  *     this field does not necessarily contain a certification path; the
  *     recipient may have to sort, select from, or otherwise process the

crypto/cmp/cmp_msg.c

@@ -1151,7 +1151,7 @@ X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CTX *ctx, const OSSL_CMP_CE
             crt = X509_dup(coec->value.certificate);
             break;
         case OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT:
-            /* cert encrypted for indirect PoP; RFC 4210, 5.2.8.2 */
+            /* cert encrypted for indirect PoP; RFC 9810, 5.2.8.3.2 */
             pkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1);
             /* pkey is ctx->newPkey (if private, else NULL) or ctx->pkey */
             if (pkey == NULL) {

crypto/cmp/cmp_protect.c

@@ -298,7 +298,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
         goto err;
 
     /*
-     * As required by RFC 4210 section 5.1.1., if the sender name is not known
+     * As required by RFC 9810 section 5.1.1., if the sender name is not known
      * to the client it set to NULL-DN. In this case for identification at least
      * the senderKID must be set, where we took the referenceValue as fallback.
      */

crypto/cmp/cmp_vfy.c

@@ -587,7 +587,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
         }
         if (verify_PBMAC(ctx, msg)) {
             /*
-             * RFC 4210, 5.3.2: 'Note that if the PKI Message Protection is
+             * RFC 9810, 5.3.2: 'Note that if the PKI message protection is
              * "shared secret information", then any certificate transported in
              * the caPubs field may be directly trusted as a root CA
              * certificate by the initiator.'
@@ -838,7 +838,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
         return 0;
 
     /*
-     * RFC 4210 section 5.1.1 states: the recipNonce is copied from
+     * RFC 9810 section 5.1.1 states: the recipNonce is copied from
      * the senderNonce of the previous message in the transaction.
      * --> Store for setting in next message
      */
@@ -847,7 +847,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
 
     if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) {
         /*
-         * RFC 4210, 5.3.2: 'Note that if the PKI Message Protection is
+         * RFC 9810, 5.3.2: 'Note that if the PKI message protection is
          * "shared secret information", then any certificate transported in
          * the caPubs field may be directly trusted as a root CA
          * certificate by the initiator.'

crypto/crmf/crmf_lib.c

@@ -866,7 +866,7 @@ unsigned char
 
 /*
  * Decrypts the certificate in the given encryptedValue using private key pkey.
- * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.
+ * This is needed for the indirect PoP method as in RFC 9810 section 5.2.8.3.2.
  *
  * returns a pointer to the decrypted certificate
  * returns NULL on error or if no certificate available
@@ -896,7 +896,7 @@ X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecer
 }
 /*-
  * Decrypts the certificate in the given encryptedKey using private key pkey.
- * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2.
+ * This is needed for the indirect PoP method as in RFC 9810 section 5.2.8.3.2.
  *
  * returns a pointer to the decrypted certificate
  * returns NULL on error or if no certificate available

crypto/evp/asymcipher.c

@@ -261,10 +261,12 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
 
     cipher = ctx->op.ciph.cipher;
     desc = cipher->description != NULL ? cipher->description : "";
+    ERR_set_mark();
     ret = cipher->encrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen);
-    if (ret <= 0)
+    if (ret <= 0 && ERR_count_to_mark() == 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE,
                        "%s encrypt:%s", cipher->type_name, desc);
+    ERR_clear_last_mark();
     return ret;
 
  legacy:
@@ -309,10 +311,12 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
 
     cipher = ctx->op.ciph.cipher;
     desc = cipher->description != NULL ? cipher->description : "";
+    ERR_set_mark();
     ret = cipher->decrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen);
-    if (ret <= 0)
+    if (ret <= 0 && ERR_count_to_mark() == 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE,
                        "%s decrypt:%s", cipher->type_name, desc);
+    ERR_clear_last_mark();
 
     return ret;
 

crypto/evp/keymgmt_meth.c

@@ -460,10 +460,12 @@ void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
         return NULL;
     }
 
+    ERR_set_mark();
     ret = keymgmt->gen(genctx, cb, cbarg);
-    if (ret == NULL)
+    if (ret == NULL && ERR_count_to_mark() == 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_FAILURE,
                        "%s key generation:%s", keymgmt->type_name, desc);
+    ERR_clear_last_mark();
     return ret;
 }
 

crypto/evp/m_sigver.c

@@ -426,10 +426,12 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
         return 0;
     }
 
+    ERR_set_mark();
     ret = signature->digest_sign_update(pctx->op.sig.algctx, data, dsize);
-    if (ret <= 0)
+    if (ret <= 0 && ERR_count_to_mark() == 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                        "%s digest_sign_update:%s", signature->type_name, desc);
+    ERR_clear_last_mark();
     return ret;
 
  legacy:
@@ -474,10 +476,12 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
         return 0;
     }
 
+    ERR_set_mark();
     ret = signature->digest_verify_update(pctx->op.sig.algctx, data, dsize);
-    if (ret <= 0)
+    if (ret <= 0 && ERR_count_to_mark() == 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                        "%s digest_verify_update:%s", signature->type_name, desc);
+    ERR_clear_last_mark();
     return ret;
 
  legacy:
@@ -527,11 +531,13 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
             pctx = dctx;
     }
 
+    ERR_set_mark();
     r = signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen,
                                      sigret == NULL ? 0 : *siglen);
-    if (!r)
+    if (!r && ERR_count_to_mark() == 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                        "%s digest_sign_final:%s", signature->type_name, desc);
+    ERR_clear_last_mark();
     if (dctx == NULL && sigret != NULL)
         ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
     else
@@ -638,11 +644,13 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
 
             if (sigret != NULL)
                 ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
+            ERR_set_mark();
             ret = signature->digest_sign(pctx->op.sig.algctx, sigret, siglen,
                                          sigret == NULL ? 0 : *siglen, tbs, tbslen);
-            if (ret <= 0)
+            if (ret <= 0 && ERR_count_to_mark() == 0)
                 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                                "%s digest_sign:%s", signature->type_name, desc);
+            ERR_clear_last_mark();
             return ret;
         }
     } else {
@@ -693,10 +701,12 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
             pctx = dctx;
     }
 
+    ERR_set_mark();
     r = signature->digest_verify_final(pctx->op.sig.algctx, sig, siglen);
-    if (!r)
+    if (!r && ERR_count_to_mark() == 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                        "%s digest_verify_final:%s", signature->type_name, desc);
+    ERR_clear_last_mark();
     if (dctx == NULL)
         ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
     else
@@ -769,10 +779,12 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
             int ret;
 
             ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
+            ERR_set_mark();
             ret = signature->digest_verify(pctx->op.sig.algctx, sigret, siglen, tbs, tbslen);
-            if (ret <= 0)
+            if (ret <= 0 && ERR_count_to_mark() == 0)
                 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                                "%s digest_verify:%s", signature->type_name, desc);
+            ERR_clear_last_mark();
             return ret;
         }
     } else {

crypto/provider_core.c

@@ -2419,6 +2419,11 @@ static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle)
     return ERR_pop_to_mark();
 }
 
+static int core_count_to_mark(const OSSL_CORE_HANDLE *handle)
+{
+    return ERR_count_to_mark();
+}
+
 static void core_indicator_get_callback(OPENSSL_CORE_CTX *libctx,
                                         OSSL_INDICATOR_CALLBACK **cb)
 {
@@ -2600,6 +2605,7 @@ static const OSSL_DISPATCH core_dispatch_[] = {
     { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK,
       (void (*)(void))core_clear_last_error_mark },
     { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark },
+    { OSSL_FUNC_CORE_COUNT_TO_MARK, (void (*)(void))core_count_to_mark },
     { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file },
     { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf },
     { OSSL_FUNC_BIO_READ_EX, (void (*)(void))ossl_core_bio_read_ex },

doc/internal/man3/ossl_cmp_certreq_new.pod

@@ -150,7 +150,7 @@ The function does not protect the message if I<unprotectedErrors> is nonzero.
 
 =head1 NOTES
 
-CMP is specified in RFC 4210 (and CRMF in RFC 4211).
+CMP is specified in RFC 9810 (and CRMF in RFC 4211).
 
 =head1 RETURN VALUES
 

doc/internal/man3/ossl_cmp_ctx_set1_caPubs.pod

@@ -54,7 +54,7 @@ ossl_cmp_ctx_set1_recipNonce() sets the given recipient nonce in the context.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810.
 
 =head1 RETURN VALUES
 

doc/internal/man3/ossl_cmp_hdr_init.pod

@@ -72,7 +72,7 @@ PKIHeader to the given X509 Name value, without consuming the pointer.
 If B<nm> is NULL, recipient is set to the NULL DN (the empty list of strings).
 
 ossl_cmp_hdr_update_messagetime() (re-)sets the messageTime to the current
-system time. As written in RFC 4210, section 5.1.1:
+system time. As written in RFC 9810, section 5.1.1:
 The messageTime field contains the time at which the sender created the message.
 This may be useful to allow end entities to correct/check their local time for
 consistency with the time on a central system.
@@ -109,13 +109,13 @@ values in the given OSSL_CMP_CTX structure.
 This starts a new transaction in case ctx->transactionID is NULL.
 The sender name is copied from the subject of the client cert, if any,
 or else from the subject name provided for certification requests.
-As required by RFC 4210 section 5.1.1., if the sender name is not known
+As required by RFC 9810 section 5.1.1., if the sender name is not known
 to the client it set to the NULL-DN. In this case for identification at least
 the senderKID must be set, which we take from any referenceValue provided.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810.
 
 =head1 RETURN VALUES
 

doc/internal/man3/ossl_cmp_mock_srv_new.pod

@@ -85,7 +85,7 @@ the client should wait for the next poll.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810 (and CRMF in RFC 4211).
 
 =head1 RETURN VALUES
 

doc/internal/man3/ossl_cmp_msg_check_update.pod

@@ -64,7 +64,7 @@ If all checks pass then ossl_cmp_msg_check_update()
 records in B<ctx> the senderNonce of the received message as the new recipNonce
 and learns the transaction ID if none is currently present in B<ctx>.
 
-Moreover, according to RFC 4210 section 5.3.2, if the message protection is
+Moreover, according to RFC 9810 section 5.3.2, if the message protection is
 PBM-based then any certificates in the caPubs field are added to the list of
 trusted certificates (if set via L<OSSL_CMP_CTX_set0_trusted(3)>).
 This way these certs are available for validating subsequent messages in the

doc/internal/man3/ossl_cmp_msg_create.pod

@@ -107,7 +107,7 @@ Returns 1 on success, 0 on error.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810.
 
 =head1 RETURN VALUES
 

doc/internal/man3/ossl_cmp_msg_protect.pod

@@ -41,7 +41,7 @@ of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810.
 
 The I<ctx> parameter of ossl_cmp_msg_add_extraCerts()
 and thus also of ossl_cmp_msg_protect() cannot be made I<const>

doc/internal/man3/ossl_cmp_pkisi_get_status.pod

@@ -60,7 +60,7 @@ Uses data from I<ctx>, which in case of indirect POPO includes the private key.
 ossl_cmp_pkisi_get_status() returns the PKIStatus of I<si>, or -1 on error.
 
 ossl_cmp_PKIStatus_to_string() returns a human-readable string representing
-the PKIStatus values as specified in RFC 4210, Appendix F.
+the PKIStatus values as specified in RFC 9810, Appendix F.
 
 ossl_cmp_pkisi_get0_statusString() returns a direct pointer to the statusString
 field contained in I<si>.
@@ -73,7 +73,7 @@ with index I<index> in the PKIFailureInfo of the I<si>, or -1 on error.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810.
 
 =head1 RETURN VALUES
 

doc/man1/openssl-cmp.pod.in

@@ -3,7 +3,7 @@
 
 =head1 NAME
 
-openssl-cmp - Certificate Management Protocol (CMP, RFC 4210) application
+openssl-cmp - Certificate Management Protocol (CMP, RFCs 9810 and 9811) application
 
 =head1 SYNOPSIS
 
@@ -171,7 +171,8 @@ Certificate verification options, for both CMP and TLS:
 =head1 DESCRIPTION
 
 The B<cmp> command is a client implementation for the Certificate
-Management Protocol (CMP) as defined in RFC4210.
+Management Protocol (CMP) as defined in RFCs 9810 and
+its HTTP(S) transfer as defined in RFC 9811.
 It can be used to request certificates from a CA server,
 update their certificates,
 request certificates to be revoked, and perform other types of CMP requests.
@@ -439,7 +440,7 @@ Request implicit confirmation of newly enrolled certificates.
 Do not send certificate confirmation message for newly enrolled certificate
 without requesting implicit confirmation
 to cope with broken servers not supporting implicit confirmation correctly.
-B<WARNING:> This leads to behavior violating RFC 4210.
+B<WARNING:> This leads to behavior violating RFC 9810.
 
 =item B<-certout> I<filename>
 
@@ -697,7 +698,7 @@ This applies to the following message types and contents:
 
 B<WARNING:> This setting leads to unspecified behavior and it is meant
 exclusively to allow interoperability with server implementations violating
-RFC 4210, e.g.:
+RFC 9810, e.g.:
 
 =over 4
 
@@ -813,7 +814,7 @@ This takes precedence over the B<-cert> and B<-key> options.
 The secret is used for creating MAC-based protection of outgoing messages
 and for validating incoming messages that have MAC-based protection.
 The algorithm used by default is Password-Based Message Authentication Code (PBM)
-as defined in RFC 4210 section 5.1.3.1.
+as defined in RFC 9810 section 5.1.3.1.
 
 For more information about the format of I<arg> see
 L<openssl-passphrase-options(1)>.
@@ -837,7 +838,7 @@ this "protection certificate", also called "signer certificate",
 will be included first in the extraCerts field of outgoing messages
 and the signature is done with the corresponding key.
 In Initialization Request (IR) messages this can be used for authenticating
-using an external entity certificate as defined in appendix E.7 of RFC 4210.
+using an external entity certificate as defined in appendix D.7 of RFC 9810.
 
 For Key Update Request (KUR) messages this is also used as
 the certificate to be updated if the B<-oldcert> option is not given.
@@ -880,7 +881,7 @@ L<openssl-passphrase-options(1)>.
 
 =item B<-digest> I<name>
 
-Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG
+Specifies name of supported digest to use in RFC 9810's MSG_SIG_ALG
 and as the one-way function (OWF) in C<MSG_MAC_ALG>.
 If applicable, this is used for message protection and
 proof-of-possession (POPO) signatures.
@@ -893,7 +894,7 @@ Specifies the name of the MAC algorithm in C<MSG_MAC_ALG>.
 To get the names of supported MAC algorithms use C<openssl list -mac-algorithms>
 and possibly combine such a name with the name of a supported digest algorithm,
 e.g., hmacWithSHA256.
-Defaults to C<hmac-sha1> as per RFC 4210.
+Defaults to C<hmac-sha1>, for backward compatibility with RFC 4210.
 
 =item B<-extracerts> I<filenames>|I<uris>
 
@@ -1283,7 +1284,7 @@ Send response messages without CMP-level protection.
 
 In case of negative responses, server shall send unprotected error messages,
 certificate responses (IP/CP/KUP), and revocation responses (RP).
-WARNING: This setting leads to behavior violating RFC 4210.
+WARNING: This setting leads to behavior violating RFC 9810.
 
 =item B<-accept_unprotected>
 

doc/man3/OSSL_CMP_ATAV_set0.pod

@@ -80,7 +80,7 @@ OSSL_CMP_ATAV_free() deallocates I<atav>. It is defined as a macro.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210. CRMF is defined in RFC 4211.
+CMP is defined in RFC 9810. CRMF is defined in RFC 4211.
 
 =head1 RETURN VALUES
 

doc/man3/OSSL_CMP_CTX_new.pod

@@ -287,19 +287,19 @@ is provided as the newPkey or client's pkey component of the CMP context.
 
 =item B<OSSL_CMP_OPT_DIGEST_ALGNID>
 
-The NID of the digest algorithm to be used in RFC 4210's MSG_SIG_ALG
+The NID of the digest algorithm to be used in RFC 9810's MSG_SIG_ALG
 for signature-based message protection and Proof-of-Possession (POPO).
 Default is SHA256.
 
 =item B<OSSL_CMP_OPT_OWF_ALGNID>
 The NID of the digest algorithm to be used as one-way function (OWF)
 for MAC-based message protection with password-based MAC (PBM).
-See RFC 4210 section 5.1.3.1 for details.
+See RFC 9810 section 5.1.3.1 for details.
 Default is SHA256.
 
 =item B<OSSL_CMP_OPT_MAC_ALGNID>
 The NID of the MAC algorithm to be used for message protection with PBM.
-Default is HMAC-SHA1 as per RFC 4210.
+Default is HMAC-SHA1, for backward compatibility with RFC 4210.
 
 =item B<OSSL_CMP_OPT_REVOCATION_REASON>
 
@@ -319,7 +319,7 @@ Do not confirm enrolled certificates, to cope with broken servers
 not supporting implicit confirmation correctly.
 B<WARNING:> This setting leads to unspecified behavior and it is meant
 exclusively to allow interoperability with server implementations violating
-RFC 4210.
+RFC 9810.
 
 =item B<OSSL_CMP_OPT_UNPROTECTED_SEND>
 
@@ -333,7 +333,7 @@ error messages as well as certificate responses (IP/CP/KUP) and
 revocation responses (RP) with rejection.
 B<WARNING:> This setting leads to unspecified behavior and it is meant
 exclusively to allow interoperability with server implementations violating
-RFC 4210.
+RFC 9810.
 
 =item B<OSSL_CMP_OPT_IGNORE_KEYUSAGE>
 
@@ -543,7 +543,7 @@ messages that have MAC-based protection (protectionAlg = C<MSG_MAC_ALG>).
 
 OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue I<ref> with
 length I<len> in the given I<ctx> or clears it if the I<ref> argument is NULL.
-According to RFC 4210 section 5.1.1, if no value for the sender field in
+According to RFC 9810 section 5.1.1, if no value for the sender field in
 CMP message headers can be determined (i.e., no CMP signer certificate
 and no subject DN is set via OSSL_CMP_CTX_set1_subjectName()
 then the sender field will contain the NULL-DN
@@ -756,7 +756,7 @@ the I<ctx>. This will be used to validate the recipNonce in incoming messages.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810 (and CRMF in RFC 4211).
 
 =head1 RETURN VALUES
 

doc/man3/OSSL_CMP_HDR_get0_transactionID.pod

@@ -30,7 +30,7 @@ in the generalInfo field of the given PKIHeader.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210.
+CMP is defined in RFC 9810.
 
 =head1 RETURN VALUES
 

doc/man3/OSSL_CMP_ITAV_new_caCerts.pod

@@ -173,7 +173,7 @@ B<algId> or B<rsaKeyLen> and assigns to I<*keySpec> a copy of the keySpec field.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210.
+CMP is defined in RFC 9810.
 
 =head1 RETURN VALUES
 

doc/man3/OSSL_CMP_ITAV_set0.pod

@@ -29,7 +29,7 @@ OSSL_CMP_ITAV_get0_certProfile
 
 =head1 DESCRIPTION
 
-ITAV is short for InfoTypeAndValue. This type is defined in RFC 4210
+ITAV is short for InfoTypeAndValue. This type is defined in RFC 9810
 section 5.3.19 and Appendix F. It is used at various places in CMP messages,
 e.g., in the generalInfo PKIHeader field, to hold a key-value pair.
 
@@ -61,7 +61,7 @@ It is an error if the infoType of I<itav> is not B<certProfile>.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 and RFC 9480 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810.
 
 OIDs to use as types in B<OSSL_CMP_ITAV> can be found at
 L<https://datatracker.ietf.org/doc/html/rfc9480#section-4.2.2>.

doc/man3/OSSL_CMP_MSG_get0_header.pod

@@ -114,7 +114,7 @@ to BIO I<bio>.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210.
+CMP is defined in RFC 9810.
 
 =head1 RETURN VALUES
 

doc/man3/OSSL_CMP_MSG_http_perform.pod

@@ -43,8 +43,8 @@ such as L<OSSL_HTTP_proxy_connect(3)>.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210.
-HTTP transfer for CMP is defined in RFC 6712.
+CMP is defined in RFC 9810.
+HTTP transfer for CMP is defined in RFC 9811.
 
 =head1 RETURN VALUES
 

doc/man3/OSSL_CMP_SRV_CTX_new.pod

@@ -157,7 +157,7 @@ confirmation of newly enrolled certificates if requested.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810 (and CRMF in RFC 4211).
 
 So far the CMP server implementation is limited to one request per CMP message
 (and consequently to at most one response component per CMP message).

doc/man3/OSSL_CMP_STATUSINFO_new.pod

@@ -39,7 +39,7 @@ in the given buffer, with the given maximal length.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810.
 
 =head1 RETURN VALUES
 

doc/man3/OSSL_CMP_exec_certreq.pod

@@ -119,7 +119,7 @@ otherwise the issuer DN and serial number
 of the certificate set by L<OSSL_CMP_CTX_set1_oldCert(3)>,
 otherwise the subject DN and public key
 of the certificate signing request set by L<OSSL_CMP_CTX_set1_p10CSR(3)>.
-RFC 4210 is vague in which PKIStatus should be returned by the server.
+RFC 9810 is vague in which PKIStatus should be returned by the server.
 We take "accepted" and "grantedWithMods" as clear success and handle
 "revocationWarning" and "revocationNotification" just as warnings because CAs
 typically return them as an indication that the certificate was already revoked.
@@ -138,7 +138,7 @@ and returns the list of B<ITAV>s received in a genp response message.
 This can be used, for instance,
 with infoType C<signKeyPairTypes> to obtain the set of signature
 algorithm identifiers that the CA will certify for subject public keys.
-See RFC 4210 section 5.3.19 and appendix E.5 for details.
+See RFC 9810 section 5.3.19 and appendix D.5 for details.
 Functions implementing more specific genm/genp exchanges are described next.
 
 OSSL_CMP_get1_caCerts() uses a genm/genp message exchange with infoType caCerts
@@ -151,7 +151,7 @@ OSSL_CMP_get1_rootCaKeyUpdate() uses a genm request message
 with infoType rootCaCert to obtain from the CMP server referenced by I<ctx>
 in a genp response message with infoType rootCaKeyUpdate any update of the
 given root CA certificate I<oldWithOld> and verifies it as far as possible.
-See RFC 4210 section 4.4 for details.
+See RFC 9810 section 4.4 for details.
 On success it assigns to I<*newWithNew> the root certificate received.
 When the I<newWithOld> and I<oldWithNew> output parameters are not NULL,
 it assigns to them the corresponding transition certificates.
@@ -183,7 +183,7 @@ Both must be freed by the caller.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810 (and CRMF in RFC 4211).
 
 The CMP client implementation is limited to one request per CMP message
 (and consequently to at most one response component per CMP message).

doc/man3/OSSL_CMP_validate_msg.pod

@@ -60,7 +60,7 @@ verification callback) and non-trusted intermediate certs from the I<ctx>.
 
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 9810.
 
 =head1 RETURN VALUES
 

doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod

@@ -92,7 +92,7 @@ of the given CertId I<cid>, which must be of ASN.1 type GEN_DIRNAME.
 OSSL_CRMF_ENCRYPTEDKEY_get1_encCert() decrypts the certificate in the given
 encryptedKey I<ecert>, using the private key I<pkey>, library context
 I<libctx> and property query string I<propq> (see L<OSSL_LIB_CTX(3)>).
-This is needed for the indirect POPO method as in RFC 4210 section 5.2.8.2.
+This is needed for the indirect POPO method as in RFC 9810 section 5.2.8.3.2.
 The function returns the decrypted certificate as a copy, leaving its ownership
 with the caller, who is responsible for freeing it.
 
@@ -119,7 +119,7 @@ I<libctx> and property query string I<propq> (see L<OSSL_LIB_CTX(3)>).
 OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert() decrypts the certificate in the given
 encryptedValue I<ecert>, using the private key I<pkey>, library context
 I<libctx> and property query string I<propq> (see L<OSSL_LIB_CTX(3)>).
-This is needed for the indirect POPO method as in RFC 4210 section 5.2.8.2.
+This is needed for the indirect POPO method as in RFC 9810 section 5.2.8.3.2.
 The function returns the decrypted certificate as a copy, leaving its ownership
 with the caller, who is responsible for freeing it.
 

doc/man3/OSSL_CRMF_pbmp_new.pod

@@ -43,14 +43,15 @@ for the random number generation (DRBG) and may be NULL for the default.
 
 The algorithms for the OWF (one-way function) and for the MAC (message
 authentication code) may be any with a NID defined in F<< <openssl/objects.h> >>.
-As specified by RFC 4210, these should include NID_hmac_sha1.
+For backward compatibility with RFC 4210, these should include NID_hmac_sha1.
 
-RFC 4210 recommends that the salt SHOULD be at least 8 bytes (64 bits) long,
+RFC 4210 recommended that the salt SHOULD be at least 8 bytes (64 bits) long,
 where 16 bytes is common.
 
 The iteration count must be at least 100, as stipulated by RFC 4211, and is
 limited to at most 100000 to avoid DoS through manipulated or otherwise
 malformed input.
+See RFC 9045 for currently suggested values.
 
 =head1 RETURN VALUES
 

doc/man7/ossl-guide-migration.pod

@@ -191,9 +191,9 @@ For more information, see L<OpenSSL_version(3)>.
 
 =head3 Other major new features
 
-=head4 Certificate Management Protocol (CMP, RFC 4210)
+=head4 Certificate Management Protocol (CMP, RFC 9810)
 
-This also covers CRMF (RFC 4211) and HTTP transfer (RFC 6712)
+This also covers CRMF (RFC 4211) and HTTP transfer (RFC 9811)
 See L<openssl-cmp(1)> and L<OSSL_CMP_exec_certreq(3)> as starting points.
 
 =head4 HTTP(S) client

doc/man7/provider-base.pod

@@ -154,6 +154,10 @@ provider):
  core_new_error                 OSSL_FUNC_CORE_NEW_ERROR
  core_set_error_debug           OSSL_FUNC_CORE_SET_ERROR_DEBUG
  core_vset_error                OSSL_FUNC_CORE_VSET_ERROR
+ core_set_error_mark            OSSL_FUNC_CORE_SET_ERROR_MARK
+ core_clear_last_error_mark     OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK
+ core_pop_error_to_mark         OSSL_FUNC_CORE_POP_ERROR_TO_MARK
+ core_count_to_mark             OSSL_FUNC_CORE_COUNT_TO_MARK
  core_obj_add_sigid             OSSL_FUNC_CORE_OBJ_ADD_SIGID
  core_obj_create                OSSL_FUNC_CORE_OBJ_CREATE
  CRYPTO_malloc                  OSSL_FUNC_CRYPTO_MALLOC
@@ -270,6 +274,33 @@ error occurred or was reported.
 
 This corresponds to the OpenSSL function L<ERR_vset_error(3)>.
 
+=item core_set_error_mark()
+
+sets a mark on the current topmost error record if there is one.
+
+This corresponds to the OpenSSL function L<ERR_set_mark(3)>.
+
+=item core_clear_last_error_mark()
+
+removes the last mark added if there is one.
+
+This corresponds to the OpenSSL function L<ERR_clear_last_mark(3)>.
+
+=item core_pop_error_to_mark()
+
+pops the top of the error stack until a mark is found. The mark is then removed.
+If there is no mark, the whole stack is removed.
+
+This corresponds to the OpenSSL function L<ERR_pop_to_mark(3)>.
+
+=item core_count_to_mark()
+
+returns the number of entries on the error stack above the most recently
+marked entry, not including that entry. If there is no mark in the error stack,
+the number of entries in the error stack is returned.
+
+This corresponds to the OpenSSL function L<ERR_count_to_mark(3)>.
+
 =back
 
 The core_obj_create() function registers a new OID and associated short name

fuzz/dtlsserver.c

@@ -590,10 +590,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     SSL *server;
     BIO *in;
     BIO *out;
-#if !defined(OPENSSL_NO_EC)                     \
-    || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0))
     BIO *bio_buf;
-#endif
     SSL_CTX *ctx;
     int ret;
 #ifndef OPENSSL_NO_DEPRECATED_3_0

include/openssl/core_dispatch.h

@@ -253,6 +253,10 @@ OSSL_CORE_MAKE_FUNC(int, provider_up_ref,
 OSSL_CORE_MAKE_FUNC(int, provider_free,
                     (const OSSL_CORE_HANDLE *prov, int deactivate))
 
+/* Additional error functions provided by the core */
+# define OSSL_FUNC_CORE_COUNT_TO_MARK          120
+OSSL_CORE_MAKE_FUNC(int, core_count_to_mark, (const OSSL_CORE_HANDLE *prov))
+
 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
 # define OSSL_FUNC_PROVIDER_TEARDOWN           1024
 OSSL_CORE_MAKE_FUNC(void, provider_teardown, (void *provctx))

providers/fips/fipsprov.c

@@ -65,6 +65,7 @@ static OSSL_FUNC_core_vset_error_fn *c_vset_error;
 static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark;
 static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark;
 static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark;
+static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark;
 static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc;
 static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
 static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free;
@@ -834,6 +835,9 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
         case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
             set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(in));
             break;
+        case OSSL_FUNC_CORE_COUNT_TO_MARK:
+            set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in));
+            break;
         case OSSL_FUNC_CRYPTO_MALLOC:
             set_func(c_CRYPTO_malloc, OSSL_FUNC_CRYPTO_malloc(in));
             break;
@@ -1072,6 +1076,11 @@ int ERR_pop_to_mark(void)
     return c_pop_error_to_mark(NULL);
 }
 
+int ERR_count_to_mark(void)
+{
+    return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0;
+}
+
 /*
  * This must take a library context, since it's called from the depths
  * of crypto/initthread.c code, where it's (correctly) assumed that the

providers/legacyprov.c

@@ -48,6 +48,7 @@ static OSSL_FUNC_core_vset_error_fn *c_vset_error;
 static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark;
 static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark;
 static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark;
+static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark;
 #endif
 
 /* Parameters we provide to the core */
@@ -234,6 +235,9 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
             set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(tmp));
             break;
+        case OSSL_FUNC_CORE_COUNT_TO_MARK:
+            set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in));
+            break;
         }
     }
 #endif
@@ -301,4 +305,9 @@ int ERR_pop_to_mark(void)
 {
     return c_pop_error_to_mark(NULL);
 }
+
+int ERR_count_to_mark(void)
+{
+    return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0;
+}
 #endif

test/generate_buildtest.pl

@@ -23,9 +23,19 @@ print <<"_____";
 #ifndef OPENSSL_NO_STDIO
 # include <stdio.h>
 #endif
+_____
+
+if (${name_uc} eq "RSA") {
+    print("#include <openssl/rsa.h>");
+}
+else {
+    print <<"_____";
 #ifndef OPENSSL_NO_${name_uc}
 # include <openssl/$name.h>
 #endif
+_____
+}
+print <<"_____";
 
 int main(void)
 {

test/recipes/95-test_external_cf_quiche_data/quiche-server.sh

@@ -24,6 +24,6 @@ test -d "$QUICHE_TARGET_PATH" || exit 1
 
 "$QUICHE_TARGET_PATH/debug/quiche-server" --cert "$SRCTOP/test/certs/servercert.pem" \
     --key "$SRCTOP/test/certs/serverkey.pem" --disable-gso \
-    --http-version HTTP/0.9 --root "$SRCTOP" --no-grease --disable-hystart &
+    --http-version HTTP/0.9 --root "$SRCTOP" --no-grease --disable-hystart > quiche_server_log 2>&1 &
 
 echo $! >server.pid

test/sslapitest.c

@@ -1984,7 +1984,7 @@ static int test_tlsext_status_type(void)
     if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(),
                              TLS1_VERSION, 0,
                              &sctx, &cctx, leaf, skey))
-        return 0;
+        goto end;
     if (SSL_CTX_use_certificate_chain_file(sctx, leaf_chain) <= 0)
         goto end;
     if (SSL_CTX_get_tlsext_status_type(cctx) != -1)