openssl: Import OpenSSL 3.0.16

This release incorporates the following bug fixes and mitigations:
- [CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
- [CVE-2024-9143](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143)

Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html
This commit is contained in:
Enji Cooper
2025-03-06 09:49:50 -08:00
parent 108164cf95
commit 1c34280346
166 changed files with 2039 additions and 1079 deletions
+33
View File
@@ -28,6 +28,37 @@ breaking changes, and mappings for the large list of deprecated functions.
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
### Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
* Fixed timing side-channel in ECDSA signature computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the
attacker process must either be located in the same physical computer or
must have a very fast network connection with low latency.
([CVE-2024-13176])
*Tomáš Mráz*
* Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted
explicit values for the field polynomial can lead to out-of-bounds memory
reads or writes.
Applications working with "exotic" explicit binary (GF(2^m)) curve
parameters, that make it possible to represent invalid field polynomials
with a zero constant term, via the above or similar APIs, may terminate
abruptly as a result of reading or writing outside of array bounds. Remote
code execution cannot easily be ruled out.
([CVE-2024-9143])
*Viktor Dukhovni*
### Changes between 3.0.14 and 3.0.15 [3 Sep 2024] ### Changes between 3.0.14 and 3.0.15 [3 Sep 2024]
* Fixed possible denial of service in X.509 name checks. * Fixed possible denial of service in X.509 name checks.
@@ -19922,6 +19953,8 @@ ndif
<!-- Links --> <!-- Links -->
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
+1 -1
View File
@@ -1688,7 +1688,7 @@ EOF
} elsif ($makedep_scheme eq 'gcc' && !grep /\.rc$/, @srcs) { } elsif ($makedep_scheme eq 'gcc' && !grep /\.rc$/, @srcs) {
$recipe .= <<"EOF"; $recipe .= <<"EOF";
$obj: $deps $obj: $deps
$cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -MT \$\@ -c -o \$\@ $srcs $cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -c -o \$\@ $srcs
\@touch $dep.tmp \@touch $dep.tmp
\@if cmp $dep.tmp $dep > /dev/null 2> /dev/null; then \\ \@if cmp $dep.tmp $dep > /dev/null 2> /dev/null; then \\
rm -f $dep.tmp; \\ rm -f $dep.tmp; \\
+16
View File
@@ -18,6 +18,20 @@ OpenSSL Releases
OpenSSL 3.0 OpenSSL 3.0
----------- -----------
### Major changes between OpenSSL 3.0.15 and OpenSSL 3.0.16 [11 Feb 2025]
OpenSSL 3.0.16 is a security patch release. The most severe CVE fixed in this
release is Low.
This release incorporates the following bug fixes and mitigations:
* Fixed timing side-channel in ECDSA signature computation.
([CVE-2024-13176])
* Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
curve parameters.
([CVE-2024-9143])
### Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024] ### Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024]
OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this
@@ -1495,6 +1509,8 @@ OpenSSL 0.9.x
<!-- Links --> <!-- Links -->
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
+2 -5
View File
@@ -119,12 +119,9 @@ correctly, you also need the `COMP_ROOT` set, as in:
`COMP_ROOT` needs to be in Windows form. `COMP_ROOT` needs to be in Windows form.
`Configure` must specify the `no-makedepend` option otherwise errors will An example of a `Configure` command to be run from the OpenSSL directory is:
result when running the build because the c99 cross-compiler does not support
the `gcc -MT` option. An example of a `Configure` command to be run from the
OpenSSL directory is:
./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu ./Configure nonstop-nsx_64 --with-rand-seed=rdcpu
Do not forget to include any OpenSSL cross-compiling prefix and certificate Do not forget to include any OpenSSL cross-compiling prefix and certificate
options when creating your libraries. options when creating your libraries.
+8 -20
View File
@@ -59,7 +59,7 @@ For Production Use
------------------ ------------------
Source code tarballs of the official releases can be downloaded from Source code tarballs of the official releases can be downloaded from
[www.openssl.org/source](https://www.openssl.org/source). [openssl-library.org/source/](https://openssl-library.org/source/).
The OpenSSL project does not distribute the toolkit in binary form. The OpenSSL project does not distribute the toolkit in binary form.
However, for a large variety of operating systems precompiled versions However, for a large variety of operating systems precompiled versions
@@ -75,22 +75,18 @@ the source tarballs, having a local copy of the git repository with
the entire project history gives you much more insight into the the entire project history gives you much more insight into the
code base. code base.
The official OpenSSL Git Repository is located at [git.openssl.org]. The main OpenSSL Git repository is private.
There is a GitHub mirror of the repository at [github.com/openssl/openssl], There is a public GitHub mirror of it at [github.com/openssl/openssl],
which is updated automatically from the former on every commit. which is updated automatically from the former on every commit.
A local copy of the Git Repository can be obtained by cloning it from A local copy of the Git repository can be obtained by cloning it from
the original OpenSSL repository using the GitHub mirror using
git clone git://git.openssl.org/openssl.git
or from the GitHub mirror using
git clone https://github.com/openssl/openssl.git git clone https://github.com/openssl/openssl.git
If you intend to contribute to OpenSSL, either to fix bugs or contribute If you intend to contribute to OpenSSL, either to fix bugs or contribute
new features, you need to fork the OpenSSL repository openssl/openssl on new features, you need to fork the GitHub mirror and clone your public fork
GitHub and clone your public fork instead. instead.
git clone https://github.com/yourname/openssl.git git clone https://github.com/yourname/openssl.git
@@ -166,7 +162,7 @@ attempting to develop or distribute cryptographic code.
Copyright Copyright
========= =========
Copyright (c) 1998-2024 The OpenSSL Project Copyright (c) 1998-2025 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -178,14 +174,6 @@ All rights reserved.
<https://www.openssl.org> <https://www.openssl.org>
"OpenSSL Homepage" "OpenSSL Homepage"
[git.openssl.org]:
<https://git.openssl.org>
"OpenSSL Git Repository"
[git.openssl.org]:
<https://git.openssl.org>
"OpenSSL Git Repository"
[github.com/openssl/openssl]: [github.com/openssl/openssl]:
<https://github.com/openssl/openssl> <https://github.com/openssl/openssl>
"OpenSSL GitHub Mirror" "OpenSSL GitHub Mirror"
+2 -2
View File
@@ -1,7 +1,7 @@
MAJOR=3 MAJOR=3
MINOR=0 MINOR=0
PATCH=15 PATCH=16
PRE_RELEASE_TAG= PRE_RELEASE_TAG=
BUILD_METADATA= BUILD_METADATA=
RELEASE_DATE="3 Sep 2024" RELEASE_DATE="11 Feb 2025"
SHLIB_VERSION=3 SHLIB_VERSION=3
+3 -2
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv)
dump = strtol(opt_arg(), NULL, 0); dump = strtol(opt_arg(), NULL, 0);
break; break;
case OPT_STRPARSE: case OPT_STRPARSE:
sk_OPENSSL_STRING_push(osk, opt_arg()); if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0)
goto end;
break; break;
case OPT_GENSTR: case OPT_GENSTR:
genstr = opt_arg(); genstr = opt_arg();
+28 -11
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -494,13 +494,15 @@ int cms_main(int argc, char **argv)
if (rr_from == NULL if (rr_from == NULL
&& (rr_from = sk_OPENSSL_STRING_new_null()) == NULL) && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(rr_from, opt_arg()); if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
goto end;
break; break;
case OPT_RR_TO: case OPT_RR_TO:
if (rr_to == NULL if (rr_to == NULL
&& (rr_to = sk_OPENSSL_STRING_new_null()) == NULL) && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(rr_to, opt_arg()); if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
goto end;
break; break;
case OPT_PRINT: case OPT_PRINT:
noout = print = 1; noout = print = 1;
@@ -577,13 +579,15 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile); if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (keyfile == NULL) if (keyfile == NULL)
keyfile = signerfile; keyfile = signerfile;
if (skkeys == NULL if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile); if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
keyfile = NULL; keyfile = NULL;
} }
signerfile = opt_arg(); signerfile = opt_arg();
@@ -601,12 +605,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile); if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
signerfile = NULL; signerfile = NULL;
if (skkeys == NULL if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile); if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
} }
keyfile = opt_arg(); keyfile = opt_arg();
break; break;
@@ -660,7 +666,8 @@ int cms_main(int argc, char **argv)
key_param->next = nparam; key_param->next = nparam;
key_param = nparam; key_param = nparam;
} }
sk_OPENSSL_STRING_push(key_param->param, opt_arg()); if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
goto end;
break; break;
case OPT_V_CASES: case OPT_V_CASES:
if (!opt_verify(o, vpm)) if (!opt_verify(o, vpm))
@@ -749,12 +756,14 @@ int cms_main(int argc, char **argv)
if (sksigners == NULL if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile); if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
if (keyfile == NULL) if (keyfile == NULL)
keyfile = signerfile; keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile); if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
} }
if (sksigners == NULL) { if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n"); BIO_printf(bio_err, "No signer certificate specified\n");
@@ -1014,9 +1023,16 @@ int cms_main(int argc, char **argv)
pwri_tmp = NULL; pwri_tmp = NULL;
} }
if (!(flags & CMS_STREAM)) { if (!(flags & CMS_STREAM)) {
if (!CMS_final(cms, in, NULL, flags)) if (!CMS_final(cms, in, NULL, flags)) {
if (originator != NULL
&& ERR_GET_REASON(ERR_peek_error())
== CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) {
BIO_printf(bio_err, "Cannot use originator for encryption\n");
goto end; goto end;
} }
goto end;
}
}
} else if (operation == SMIME_ENCRYPTED_ENCRYPT) { } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key, cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
secret_keylen, flags, libctx, app_get0_propq()); secret_keylen, flags, libctx, app_get0_propq());
@@ -1261,6 +1277,7 @@ int cms_main(int argc, char **argv)
X509_free(cert); X509_free(cert);
X509_free(recip); X509_free(recip);
X509_free(signer); X509_free(signer);
X509_free(originator);
EVP_PKEY_free(key); EVP_PKEY_free(key);
EVP_CIPHER_free(cipher); EVP_CIPHER_free(cipher);
EVP_CIPHER_free(wrap_cipher); EVP_CIPHER_free(wrap_cipher);
+5 -3
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -352,10 +352,12 @@ int engine_main(int argc, char **argv)
test_avail++; test_avail++;
break; break;
case OPT_PRE: case OPT_PRE:
sk_OPENSSL_STRING_push(pre_cmds, opt_arg()); if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
goto end;
break; break;
case OPT_POST: case OPT_POST:
sk_OPENSSL_STRING_push(post_cmds, opt_arg()); if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
goto end;
break; break;
} }
} }
+5 -2
View File
@@ -220,14 +220,17 @@ BIO *http_server_init_bio(const char *prog, const char *port)
{ {
BIO *acbio = NULL, *bufbio; BIO *acbio = NULL, *bufbio;
int asock; int asock;
char name[40];
snprintf(name, sizeof(name), "[::]:%s", port); /* port may be "0" */
bufbio = BIO_new(BIO_f_buffer()); bufbio = BIO_new(BIO_f_buffer());
if (bufbio == NULL) if (bufbio == NULL)
goto err; goto err;
acbio = BIO_new(BIO_s_accept()); acbio = BIO_new(BIO_s_accept());
if (acbio == NULL if (acbio == NULL
|| BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0 || BIO_set_accept_ip_family(acbio, BIO_FAMILY_IPANY) <= 0 /* IPv4/6 */
|| BIO_set_accept_port(acbio, port) < 0) { || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) <= 0
|| BIO_set_accept_name(acbio, name) <= 0) {
log_message(prog, LOG_ERR, "Error setting up accept BIO"); log_message(prog, LOG_ERR, "Error setting up accept BIO");
goto err; goto err;
} }
+22 -2
View File
@@ -240,10 +240,10 @@ static const char *get_sigtype(int nid)
return "ECDSA"; return "ECDSA";
case NID_ED25519: case NID_ED25519:
return "Ed25519"; return "ed25519";
case NID_ED448: case NID_ED448:
return "Ed448"; return "ed448";
case NID_id_GostR3410_2001: case NID_id_GostR3410_2001:
return "gost2001"; return "gost2001";
@@ -288,6 +288,26 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)
SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash); SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
if (i) if (i)
BIO_puts(out, ":"); BIO_puts(out, ":");
switch (rsign | rhash << 8) {
case 0x0809:
BIO_puts(out, "rsa_pss_pss_sha256");
continue;
case 0x080a:
BIO_puts(out, "rsa_pss_pss_sha384");
continue;
case 0x080b:
BIO_puts(out, "rsa_pss_pss_sha512");
continue;
case 0x081a:
BIO_puts(out, "ecdsa_brainpoolP256r1_sha256");
continue;
case 0x081b:
BIO_puts(out, "ecdsa_brainpoolP384r1_sha384");
continue;
case 0x081c:
BIO_puts(out, "ecdsa_brainpoolP512r1_sha512");
continue;
}
sstr = get_sigtype(sign_nid); sstr = get_sigtype(sign_nid);
if (sstr) if (sstr)
BIO_printf(out, "%s", sstr); BIO_printf(out, "%s", sstr);
+10 -3
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -380,6 +380,12 @@ int do_server(int *accept_sock, const char *host, const char *port,
BIO_closesocket(asock); BIO_closesocket(asock);
break; break;
} }
if (naccept != -1)
naccept--;
if (naccept == 0)
BIO_closesocket(asock);
BIO_set_tcp_ndelay(sock, 1); BIO_set_tcp_ndelay(sock, 1);
i = (*cb)(sock, type, protocol, context); i = (*cb)(sock, type, protocol, context);
@@ -410,11 +416,12 @@ int do_server(int *accept_sock, const char *host, const char *port,
BIO_closesocket(sock); BIO_closesocket(sock);
} else { } else {
if (naccept != -1)
naccept--;
i = (*cb)(asock, type, protocol, context); i = (*cb)(asock, type, protocol, context);
} }
if (naccept != -1)
naccept--;
if (i < 0 || naccept == 0) { if (i < 0 || naccept == 0) {
BIO_closesocket(asock); BIO_closesocket(asock);
ret = i; ret = i;
+2 -2
View File
@@ -353,7 +353,7 @@ static int CreateSocketPair (int SocketFamily,
/* /*
** Get the binary (64-bit) time of the specified timeout value ** Get the binary (64-bit) time of the specified timeout value
*/ */
sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE); BIO_snprintf(AscTimeBuff, sizeof(AscTimeBuff), "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
AscTimeDesc.dsc$w_length = strlen (AscTimeBuff); AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
AscTimeDesc.dsc$a_pointer = AscTimeBuff; AscTimeDesc.dsc$a_pointer = AscTimeBuff;
status = sys$bintim (&AscTimeDesc, BinTimeBuff); status = sys$bintim (&AscTimeDesc, BinTimeBuff);
@@ -567,7 +567,7 @@ static void LogMessage (char *msg, ...)
/* /*
** Format the message buffer ** Format the message buffer
*/ */
sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n", BIO_snprintf(MsgBuff, sizeof(MsgBuff), "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
LocTime->tm_mday, Month[LocTime->tm_mon], LocTime->tm_mday, Month[LocTime->tm_mon],
(LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min, (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
LocTime->tm_sec, pid, msg); LocTime->tm_sec, pid, msg);
+2 -1
View File
@@ -589,7 +589,8 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
if (rounds_custom) { if (rounds_custom) {
char tmp_buf[80]; /* "rounds=999999999" */ char tmp_buf[80]; /* "rounds=999999999" */
sprintf(tmp_buf, "rounds=%u", rounds);
BIO_snprintf(tmp_buf, sizeof(tmp_buf), "rounds=%u", rounds);
#ifdef CHARSET_EBCDIC #ifdef CHARSET_EBCDIC
/* In case we're really on a ASCII based platform and just pretend */ /* In case we're really on a ASCII based platform and just pretend */
if (tmp_buf[0] != 0x72) /* ASCII 'r' */ if (tmp_buf[0] != 0x72) /* ASCII 'r' */
+3 -2
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -305,7 +305,8 @@ int pkcs12_main(int argc, char **argv)
if (canames == NULL if (canames == NULL
&& (canames = sk_OPENSSL_STRING_new_null()) == NULL) && (canames = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(canames, opt_arg()); if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0)
goto end;
break; break;
case OPT_IN: case OPT_IN:
infile = opt_arg(); infile = opt_arg();
+3 -2
View File
@@ -81,10 +81,11 @@ const OPTIONS pkeyutl_options[] = {
OPT_SECTION("Output"), OPT_SECTION("Output"),
{"out", OPT_OUT, '>', "Output file - default stdout"}, {"out", OPT_OUT, '>', "Output file - default stdout"},
{"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"}, {"asn1parse", OPT_ASN1PARSE, '-',
"parse the output as ASN.1 data to check its DER encoding and print errors"},
{"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
{"verifyrecover", OPT_VERIFYRECOVER, '-', {"verifyrecover", OPT_VERIFYRECOVER, '-',
"Verify with public key, recover original data"}, "Verify RSA signature, recovering original signature input data"},
OPT_SECTION("Signing/Derivation"), OPT_SECTION("Signing/Derivation"),
{"digest", OPT_DIGEST, 's', {"digest", OPT_DIGEST, 's',
+5
View File
@@ -559,6 +559,11 @@ int rehash_main(int argc, char **argv)
} else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) { } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' }; char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
m = OPENSSL_strdup(env); m = OPENSSL_strdup(env);
if (m == NULL) {
BIO_puts(bio_err, "out of memory\n");
errs = 1;
goto end;
}
for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc)) for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
errs += do_dir(e, h); errs += do_dir(e, h);
OPENSSL_free(m); OPENSSL_free(m);
+13 -7
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -279,13 +279,15 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile); if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (keyfile == NULL) if (keyfile == NULL)
keyfile = signerfile; keyfile = signerfile;
if (skkeys == NULL if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile); if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
keyfile = NULL; keyfile = NULL;
} }
signerfile = opt_arg(); signerfile = opt_arg();
@@ -310,12 +312,14 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile); if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
signerfile = NULL; signerfile = NULL;
if (skkeys == NULL if (skkeys == NULL
&& (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(skkeys, keyfile); if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
} }
keyfile = opt_arg(); keyfile = opt_arg();
break; break;
@@ -390,12 +394,14 @@ int smime_main(int argc, char **argv)
if (sksigners == NULL if (sksigners == NULL
&& (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
sk_OPENSSL_STRING_push(sksigners, signerfile); if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
goto end;
if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
goto end; goto end;
if (!keyfile) if (!keyfile)
keyfile = signerfile; keyfile = signerfile;
sk_OPENSSL_STRING_push(skkeys, keyfile); if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
goto end;
} }
if (sksigners == NULL) { if (sksigners == NULL) {
BIO_printf(bio_err, "No signer certificate specified\n"); BIO_printf(bio_err, "No signer certificate specified\n");
+295 -82
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -456,6 +456,14 @@ static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */
#define COND(unused_cond) (run && count < INT_MAX) #define COND(unused_cond) (run && count < INT_MAX)
#define COUNT(d) (count) #define COUNT(d) (count)
#define TAG_LEN 16
static unsigned int mode_op; /* AE Mode of operation */
static unsigned int aead = 0; /* AEAD flag */
static unsigned char aead_iv[12]; /* For AEAD modes */
static unsigned char aad[EVP_AEAD_TLS1_AAD_LEN] = { 0xcc };
static int aead_ivlen = sizeof(aead_iv);
typedef struct loopargs_st { typedef struct loopargs_st {
ASYNC_JOB *inprogress_job; ASYNC_JOB *inprogress_job;
ASYNC_WAIT_CTX *wait_ctx; ASYNC_WAIT_CTX *wait_ctx;
@@ -464,6 +472,7 @@ typedef struct loopargs_st {
unsigned char *buf_malloc; unsigned char *buf_malloc;
unsigned char *buf2_malloc; unsigned char *buf2_malloc;
unsigned char *key; unsigned char *key;
unsigned char tag[TAG_LEN];
size_t buflen; size_t buflen;
size_t sigsize; size_t sigsize;
EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM]; EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM];
@@ -727,12 +736,8 @@ static int EVP_Update_loop(void *args)
unsigned char *buf = tempargs->buf; unsigned char *buf = tempargs->buf;
EVP_CIPHER_CTX *ctx = tempargs->ctx; EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count, rc; int outl, count, rc;
unsigned char faketag[16] = { 0xcc };
if (decrypt) { if (decrypt) {
if (EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) {
(void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(faketag), faketag);
}
for (count = 0; COND(c[D_EVP][testnum]); count++) { for (count = 0; COND(c[D_EVP][testnum]); count++) {
rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
if (rc != 1) { if (rc != 1) {
@@ -757,74 +762,159 @@ static int EVP_Update_loop(void *args)
} }
/* /*
* To make AEAD benchmarking more relevant perform TLS-like operations,
* 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
* payload length is not actually limited by 16KB...
* CCM does not support streaming. For the purpose of performance measurement, * CCM does not support streaming. For the purpose of performance measurement,
* each message is encrypted using the same (key,iv)-pair. Do not use this * each message is encrypted using the same (key,iv)-pair. Do not use this
* code in your application. * code in your application.
*/ */
static int EVP_Update_loop_ccm(void *args) static int EVP_Update_loop_aead_enc(void *args)
{ {
loopargs_t *tempargs = *(loopargs_t **) args; loopargs_t *tempargs = *(loopargs_t **) args;
unsigned char *buf = tempargs->buf; unsigned char *buf = tempargs->buf;
unsigned char *key = tempargs->key;
EVP_CIPHER_CTX *ctx = tempargs->ctx; EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count; int outl, count, realcount = 0;
unsigned char tag[12];
if (decrypt) {
for (count = 0; COND(c[D_EVP][testnum]); count++) { for (count = 0; COND(c[D_EVP][testnum]); count++) {
(void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), /* Set length of iv (Doesn't apply to SIV mode) */
tag); if (mode_op != EVP_CIPH_SIV_MODE) {
/* reset iv */ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
(void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); aead_ivlen, NULL)) {
/* counter is reset on every update */ BIO_printf(bio_err, "\nFailed to set iv length\n");
(void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); ERR_print_errors(bio_err);
} exit(1);
} else {
for (count = 0; COND(c[D_EVP][testnum]); count++) {
/* restore iv length field */
(void)EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
/* counter is reset on every update */
(void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
} }
} }
if (decrypt) /* Set tag_len (Not for GCM/SIV at encryption stage) */
(void)EVP_DecryptFinal_ex(ctx, buf, &outl); if (mode_op != EVP_CIPH_GCM_MODE
else && mode_op != EVP_CIPH_SIV_MODE) {
(void)EVP_EncryptFinal_ex(ctx, buf, &outl); if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
return count; TAG_LEN, NULL)) {
BIO_printf(bio_err, "\nFailed to set tag length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
BIO_printf(bio_err, "\nFailed to set key and iv\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Set total length of input. Only required for CCM */
if (mode_op == EVP_CIPH_CCM_MODE) {
if (!EVP_EncryptUpdate(ctx, NULL, &outl,
NULL, lengths[testnum])) {
BIO_printf(bio_err, "\nCouldn't set input text length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (aead) {
if (!EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
BIO_printf(bio_err, "\nCouldn't insert AAD when encrypting\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum])) {
BIO_printf(bio_err, "\nFailed to encrypt the data\n");
ERR_print_errors(bio_err);
exit(1);
}
if (EVP_EncryptFinal_ex(ctx, buf, &outl))
realcount++;
}
return realcount;
} }
/* /*
* To make AEAD benchmarking more relevant perform TLS-like operations, * To make AEAD benchmarking more relevant perform TLS-like operations,
* 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
* payload length is not actually limited by 16KB... * payload length is not actually limited by 16KB...
* CCM does not support streaming. For the purpose of performance measurement,
* each message is decrypted using the same (key,iv)-pair. Do not use this
* code in your application.
* For decryption, we will use buf2 to preserve the input text in buf.
*/ */
static int EVP_Update_loop_aead(void *args) static int EVP_Update_loop_aead_dec(void *args)
{ {
loopargs_t *tempargs = *(loopargs_t **) args; loopargs_t *tempargs = *(loopargs_t **) args;
unsigned char *buf = tempargs->buf; unsigned char *buf = tempargs->buf;
unsigned char *outbuf = tempargs->buf2;
unsigned char *key = tempargs->key;
unsigned char tag[TAG_LEN];
EVP_CIPHER_CTX *ctx = tempargs->ctx; EVP_CIPHER_CTX *ctx = tempargs->ctx;
int outl, count; int outl, count, realcount = 0;
unsigned char aad[13] = { 0xcc };
unsigned char faketag[16] = { 0xcc };
if (decrypt) {
for (count = 0; COND(c[D_EVP][testnum]); count++) { for (count = 0; COND(c[D_EVP][testnum]); count++) {
(void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); /* Set the length of iv (Doesn't apply to SIV mode) */
(void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, if (mode_op != EVP_CIPH_SIV_MODE) {
sizeof(faketag), faketag); if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
(void)EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); aead_ivlen, NULL)) {
(void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); BIO_printf(bio_err, "\nFailed to set iv length\n");
(void)EVP_DecryptFinal_ex(ctx, buf + outl, &outl); ERR_print_errors(bio_err);
} exit(1);
} else {
for (count = 0; COND(c[D_EVP][testnum]); count++) {
(void)EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
(void)EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
(void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
(void)EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
} }
} }
return count;
/* Set the tag length (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE
&& mode_op != EVP_CIPH_GCM_MODE) {
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
TAG_LEN, NULL)) {
BIO_printf(bio_err, "\nFailed to set tag length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
BIO_printf(bio_err, "\nFailed to set key and iv\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Set iv before decryption (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, aead_iv)) {
BIO_printf(bio_err, "\nFailed to set iv\n");
ERR_print_errors(bio_err);
exit(1);
}
}
memcpy(tag, tempargs->tag, TAG_LEN);
if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
TAG_LEN, tag)) {
BIO_printf(bio_err, "\nFailed to set tag\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Set the total length of cipher text. Only required for CCM */
if (mode_op == EVP_CIPH_CCM_MODE) {
if (!EVP_DecryptUpdate(ctx, NULL, &outl,
NULL, lengths[testnum])) {
BIO_printf(bio_err, "\nCouldn't set cipher text length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (aead) {
if (!EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
BIO_printf(bio_err, "\nCouldn't insert AAD when decrypting\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_DecryptUpdate(ctx, outbuf, &outl, buf, lengths[testnum])) {
BIO_printf(bio_err, "\nFailed to decrypt the data\n");
ERR_print_errors(bio_err);
exit(1);
}
if (EVP_DecryptFinal_ex(ctx, outbuf, &outl))
realcount++;
}
return realcount;
} }
static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
@@ -1370,11 +1460,11 @@ int speed_main(int argc, char **argv)
OPTION_CHOICE o; OPTION_CHOICE o;
int async_init = 0, multiblock = 0, pr_header = 0; int async_init = 0, multiblock = 0, pr_header = 0;
uint8_t doit[ALGOR_NUM] = { 0 }; uint8_t doit[ALGOR_NUM] = { 0 };
int ret = 1, misalign = 0, lengths_single = 0, aead = 0; int ret = 1, misalign = 0, lengths_single = 0;
long count = 0; long count = 0;
unsigned int size_num = SIZE_NUM; unsigned int size_num = SIZE_NUM;
unsigned int i, k, loopargs_len = 0, async_jobs = 0; unsigned int i, k, loopargs_len = 0, async_jobs = 0;
int keylen; int keylen = 0;
int buflen; int buflen;
BIGNUM *bn = NULL; BIGNUM *bn = NULL;
EVP_PKEY_CTX *genctx = NULL; EVP_PKEY_CTX *genctx = NULL;
@@ -2001,15 +2091,14 @@ int speed_main(int argc, char **argv)
if (doit[D_HMAC]) { if (doit[D_HMAC]) {
static const char hmac_key[] = "This is a key..."; static const char hmac_key[] = "This is a key...";
int len = strlen(hmac_key); int len = strlen(hmac_key);
size_t hmac_name_len = sizeof("hmac()") + strlen(evp_mac_mdname);
OSSL_PARAM params[3]; OSSL_PARAM params[3];
mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", app_get0_propq()); mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", app_get0_propq());
if (mac == NULL || evp_mac_mdname == NULL) if (mac == NULL || evp_mac_mdname == NULL)
goto end; goto end;
evp_hmac_name = app_malloc(hmac_name_len, "HMAC name");
evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname), BIO_snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname);
"HMAC name");
sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname);
names[D_HMAC] = evp_hmac_name; names[D_HMAC] = evp_hmac_name;
params[0] = params[0] =
@@ -2213,12 +2302,20 @@ int speed_main(int argc, char **argv)
} }
} }
/*-
* There are three scenarios for D_EVP:
* 1- Using authenticated encryption (AE) e.g. CCM, GCM, OCB etc.
* 2- Using AE + associated data (AD) i.e. AEAD using CCM, GCM, OCB etc.
* 3- Not using AE or AD e.g. ECB, CBC, CFB etc.
*/
if (doit[D_EVP]) { if (doit[D_EVP]) {
if (evp_cipher != NULL) { if (evp_cipher != NULL) {
int (*loopfunc) (void *) = EVP_Update_loop; int (*loopfunc) (void *);
int outlen = 0;
unsigned int ae_mode = 0;
if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) & if (multiblock && (EVP_CIPHER_get_flags(evp_cipher)
EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
multiblock_speed(evp_cipher, lengths_single, &seconds); multiblock_speed(evp_cipher, lengths_single, &seconds);
ret = 0; ret = 0;
goto end; goto end;
@@ -2226,16 +2323,26 @@ int speed_main(int argc, char **argv)
names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher); names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher);
if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { mode_op = EVP_CIPHER_get_mode(evp_cipher);
loopfunc = EVP_Update_loop_ccm;
} else if (aead && (EVP_CIPHER_get_flags(evp_cipher) & if (aead) {
EVP_CIPH_FLAG_AEAD_CIPHER)) {
loopfunc = EVP_Update_loop_aead;
if (lengths == lengths_list) { if (lengths == lengths_list) {
lengths = aead_lengths_list; lengths = aead_lengths_list;
size_num = OSSL_NELEM(aead_lengths_list); size_num = OSSL_NELEM(aead_lengths_list);
} }
} }
if (mode_op == EVP_CIPH_GCM_MODE
|| mode_op == EVP_CIPH_CCM_MODE
|| mode_op == EVP_CIPH_OCB_MODE
|| mode_op == EVP_CIPH_SIV_MODE) {
ae_mode = 1;
if (decrypt)
loopfunc = EVP_Update_loop_aead_dec;
else
loopfunc = EVP_Update_loop_aead_enc;
} else {
loopfunc = EVP_Update_loop;
}
for (testnum = 0; testnum < size_num; testnum++) { for (testnum = 0; testnum < size_num; testnum++) {
print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum], print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum],
@@ -2247,37 +2354,144 @@ int speed_main(int argc, char **argv)
BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n"); BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
exit(1); exit(1);
} }
if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
NULL, iv, decrypt ? 0 : 1)) { /*
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); * For AE modes, we must first encrypt the data to get
* a valid tag that enables us to decrypt. If we don't
* encrypt first, we won't have a valid tag that enables
* authenticity and hence decryption will fail.
*/
if (!EVP_CipherInit_ex(loopargs[k].ctx,
evp_cipher, NULL, NULL, NULL,
ae_mode ? 1 : !decrypt)) {
BIO_printf(bio_err, "\nCouldn't init the context\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Padding isn't needed */
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx);
loopargs[k].key = app_malloc(keylen, "evp_cipher key");
EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
if (!ae_mode) {
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
loopargs[k].key, iv, -1)) {
BIO_printf(bio_err, "\nFailed to set the key\n");
ERR_print_errors(bio_err);
exit(1);
}
} else if (mode_op == EVP_CIPH_SIV_MODE) {
EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_SET_SPEED, 1, NULL);
}
if (ae_mode && decrypt) {
/* Set length of iv (Doesn't apply to SIV mode) */
if (mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_AEAD_SET_IVLEN,
aead_ivlen, NULL)) {
BIO_printf(bio_err, "\nFailed to set iv length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
/* Set tag_len (Not for SIV at encryption stage) */
if (mode_op != EVP_CIPH_GCM_MODE
&& mode_op != EVP_CIPH_SIV_MODE) {
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_AEAD_SET_TAG,
TAG_LEN, NULL)) {
BIO_printf(bio_err,
"\nFailed to set tag length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
loopargs[k].key, aead_iv, -1)) {
BIO_printf(bio_err, "\nFailed to set the key\n");
ERR_print_errors(bio_err);
exit(1);
}
/* Set total length of input. Only required for CCM */
if (mode_op == EVP_CIPH_CCM_MODE) {
if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
&outlen, NULL,
lengths[testnum])) {
BIO_printf(bio_err,
"\nCouldn't set input text length\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (aead) {
if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
&outlen, aad, sizeof(aad))) {
BIO_printf(bio_err,
"\nCouldn't insert AAD when encrypting\n");
ERR_print_errors(bio_err);
exit(1);
}
}
if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf,
&outlen, loopargs[k].buf,
lengths[testnum])) {
BIO_printf(bio_err,
"\nFailed to to encrypt the data\n");
ERR_print_errors(bio_err);
exit(1);
}
if (!EVP_EncryptFinal_ex(loopargs[k].ctx,
loopargs[k].buf, &outlen)) {
BIO_printf(bio_err,
"\nFailed finalize the encryption\n");
ERR_print_errors(bio_err);
exit(1);
}
if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_AEAD_GET_TAG,
TAG_LEN, &loopargs[k].tag)) {
BIO_printf(bio_err, "\nFailed to get the tag\n");
ERR_print_errors(bio_err);
exit(1);
}
EVP_CIPHER_CTX_free(loopargs[k].ctx);
loopargs[k].ctx = EVP_CIPHER_CTX_new();
if (loopargs[k].ctx == NULL) {
BIO_printf(bio_err,
"\nEVP_CIPHER_CTX_new failure\n");
exit(1);
}
if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher,
NULL, NULL, NULL, 0)) {
BIO_printf(bio_err,
"\nFailed initializing the context\n");
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
exit(1); exit(1);
} }
EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx); /* SIV only allows for one Update operation */
loopargs[k].key = app_malloc(keylen, "evp_cipher key"); if (mode_op == EVP_CIPH_SIV_MODE)
EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
loopargs[k].key, NULL, -1)) {
BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
ERR_print_errors(bio_err);
exit(1);
}
OPENSSL_clear_free(loopargs[k].key, keylen);
/* SIV mode only allows for a single Update operation */
if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE)
(void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
EVP_CTRL_SET_SPEED, 1, NULL); EVP_CTRL_SET_SPEED, 1, NULL);
} }
}
Time_F(START); Time_F(START);
count = run_benchmark(async_jobs, loopfunc, loopargs); count = run_benchmark(async_jobs, loopfunc, loopargs);
d = Time_F(STOP); d = Time_F(STOP);
for (k = 0; k < loopargs_len; k++) for (k = 0; k < loopargs_len; k++) {
OPENSSL_clear_free(loopargs[k].key, keylen);
EVP_CIPHER_CTX_free(loopargs[k].ctx); EVP_CIPHER_CTX_free(loopargs[k].ctx);
}
print_result(D_EVP, testnum, count, d); print_result(D_EVP, testnum, count, d);
} }
} else if (evp_md_name != NULL) { } else if (evp_md_name != NULL) {
@@ -2297,6 +2511,7 @@ int speed_main(int argc, char **argv)
} }
if (doit[D_EVP_CMAC]) { if (doit[D_EVP_CMAC]) {
size_t len = sizeof("cmac()") + strlen(evp_mac_ciphername);
OSSL_PARAM params[3]; OSSL_PARAM params[3];
EVP_CIPHER *cipher = NULL; EVP_CIPHER *cipher = NULL;
@@ -2312,9 +2527,8 @@ int speed_main(int argc, char **argv)
BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n"); BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
goto end; goto end;
} }
evp_cmac_name = app_malloc(sizeof("cmac()") evp_cmac_name = app_malloc(len, "CMAC name");
+ strlen(evp_mac_ciphername), "CMAC name"); BIO_snprintf(evp_cmac_name, len, "cmac(%s)", evp_mac_ciphername);
sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername);
names[D_EVP_CMAC] = evp_cmac_name; names[D_EVP_CMAC] = evp_cmac_name;
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER, params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
@@ -3675,7 +3889,6 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
print_message(alg_name, 0, mblengths[j], seconds->sym); print_message(alg_name, 0, mblengths[j], seconds->sym);
Time_F(START); Time_F(START);
for (count = 0; run && count < INT_MAX; count++) { for (count = 0; run && count < INT_MAX; count++) {
unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
size_t len = mblengths[j]; size_t len = mblengths[j];
int packlen; int packlen;
+2 -2
View File
@@ -145,7 +145,7 @@ _____
# defined in one template stick around for the # defined in one template stick around for the
# next, making them combinable # next, making them combinable
PACKAGE => 'OpenSSL::safe') PACKAGE => 'OpenSSL::safe')
or die $Text::Template::ERROR; or die $OpenSSL::Template::ERROR;
close BUILDFILE; close BUILDFILE;
rename("$buildfile.new", $buildfile) rename("$buildfile.new", $buildfile)
or die "Trying to rename $buildfile.new to $buildfile: $!"; or die "Trying to rename $buildfile.new to $buildfile: $!";
@@ -167,7 +167,7 @@ _____
# defined in one template stick around for the # defined in one template stick around for the
# next, making them combinable # next, making them combinable
PACKAGE => 'OpenSSL::safe') PACKAGE => 'OpenSSL::safe')
or die $Text::Template::ERROR; or die $OpenSSL::Template::ERROR;
close CONFIGURATION_H; close CONFIGURATION_H;
# When using stat() on Windows, we can get it to perform better by # When using stat() on Windows, we can get it to perform better by
+5
View File
@@ -36,6 +36,10 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
if (a->data[len - 1]) if (a->data[len - 1])
break; break;
} }
if (len == 0) {
bits = 0;
} else {
j = a->data[len - 1]; j = a->data[len - 1];
if (j & 0x01) if (j & 0x01)
bits = 0; bits = 0;
@@ -56,6 +60,7 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
else else
bits = 0; /* should not happen */ bits = 0; /* should not happen */
} }
}
} else } else
bits = 0; bits = 0;
+5 -5
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -39,10 +39,10 @@ unsigned long ASN1_STRING_get_default_mask(void)
* This function sets the default to various "flavours" of configuration. * This function sets the default to various "flavours" of configuration.
* based on an ASCII string. Currently this is: * based on an ASCII string. Currently this is:
* MASK:XXXX : a numerical mask value. * MASK:XXXX : a numerical mask value.
* nobmp : Don't use BMPStrings (just Printable, T61). * default : use Printable, IA5, T61, BMP, and UTF8 string types
* pkix : PKIX recommendation in RFC2459. * nombstr : any string type except variable-sized BMPStrings or UTF8Strings
* utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). * pkix : PKIX recommendation in RFC2459
* default: the default value, Printable, T61, BMP. * utf8only : this is the default, use UTF8Strings
*/ */
int ASN1_STRING_set_default_mask_asc(const char *p) int ASN1_STRING_set_default_mask_asc(const char *p)
+22 -27
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -488,9 +488,9 @@ int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
{ {
char *v; char *v;
int gmt = 0, l; int l;
struct tm stm; struct tm stm;
const char upper_z = 0x5A, period = 0x2E; const char period = 0x2E;
/* ossl_asn1_time_to_tm will check the time type */ /* ossl_asn1_time_to_tm will check the time type */
if (!ossl_asn1_time_to_tm(&stm, tm)) if (!ossl_asn1_time_to_tm(&stm, tm))
@@ -498,8 +498,6 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
l = tm->length; l = tm->length;
v = (char *)tm->data; v = (char *)tm->data;
if (v[l - 1] == upper_z)
gmt = 1;
if (tm->type == V_ASN1_GENERALIZEDTIME) { if (tm->type == V_ASN1_GENERALIZEDTIME) {
char *f = NULL; char *f = NULL;
@@ -510,39 +508,36 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
* 'fraction point' in a GeneralizedTime string. * 'fraction point' in a GeneralizedTime string.
*/ */
if (tm->length > 15 && v[14] == period) { if (tm->length > 15 && v[14] == period) {
f = &v[14]; /* exclude the . itself */
f_len = 1; f = &v[15];
while (14 + f_len < l && ossl_ascii_isdigit(f[f_len])) f_len = 0;
while (15 + f_len < l && ossl_ascii_isdigit(f[f_len]))
++f_len; ++f_len;
} }
if (f_len > 0) {
if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s", return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d.%.*sZ",
stm.tm_year + 1900, stm.tm_mon + 1, stm.tm_year + 1900, stm.tm_mon + 1,
stm.tm_mday, stm.tm_hour, stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, f_len, f, stm.tm_min, stm.tm_sec, f_len, f) > 0;
(gmt ? "Z" : "")) > 0;
}
else {
return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
(gmt ? " GMT" : "")) > 0;
}
} else { } else {
return BIO_printf(bp, "%s %2d %02d:%02d:%02d.%.*s %d GMT",
_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, f_len, f,
stm.tm_year + 1900) > 0;
}
}
}
if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s", return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02dZ",
stm.tm_year + 1900, stm.tm_mon + 1, stm.tm_year + 1900, stm.tm_mon + 1,
stm.tm_mday, stm.tm_hour, stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, stm.tm_min, stm.tm_sec) > 0;
(gmt ? "Z" : "")) > 0; } else {
} return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d GMT",
else {
return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
_asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
stm.tm_min, stm.tm_sec, stm.tm_year + 1900, stm.tm_min, stm.tm_sec, stm.tm_year + 1900) > 0;
(gmt ? " GMT" : "")) > 0;
}
} }
} }
+3 -2
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -498,7 +498,8 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
static int asn1_str2tag(const char *tagstr, int len) static int asn1_str2tag(const char *tagstr, int len)
{ {
unsigned int i; unsigned int i;
static const struct tag_name_st *tntmp, tnst[] = { const struct tag_name_st *tntmp;
static const struct tag_name_st tnst[] = {
ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
ASN1_GEN_STR("NULL", V_ASN1_NULL), ASN1_GEN_STR("NULL", V_ASN1_NULL),
+2
View File
@@ -300,6 +300,8 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
if (ctype_nid == NID_pkcs7_enveloped) { if (ctype_nid == NID_pkcs7_enveloped) {
msg_type = "enveloped-data"; msg_type = "enveloped-data";
} else if (ctype_nid == NID_id_smime_ct_authEnvelopedData) {
msg_type = "authEnveloped-data";
} else if (ctype_nid == NID_pkcs7_signed) { } else if (ctype_nid == NID_pkcs7_signed) {
if (econt_nid == NID_id_smime_ct_receipt) if (econt_nid == NID_id_smime_ct_receipt)
msg_type = "signed-receipt"; msg_type = "signed-receipt";
+7 -2
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -547,10 +547,15 @@ int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
*service = NULL; *service = NULL;
} else { } else {
*service = OPENSSL_strndup(p, pl); *service = OPENSSL_strndup(p, pl);
if (*service == NULL) if (*service == NULL) {
if (h != NULL && host != NULL) {
OPENSSL_free(*host);
*host = NULL;
}
goto memerr; goto memerr;
} }
} }
}
return 1; return 1;
amb_err: amb_err:
+2 -2
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -222,7 +222,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
return INVALID_SOCKET; return INVALID_SOCKET;
if (BIO_sock_init() != 1) if (BIO_sock_init() != 1)
return INVALID_SOCKET; goto err;
if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0) if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0)
goto err; goto err;
+1 -1
View File
@@ -281,7 +281,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
break; break;
} }
sprintf(pidbuf, "[%lu] ", GetCurrentProcessId()); BIO_snprintf(pidbuf, sizeof(pidbuf), "[%lu] ", GetCurrentProcessId());
lpszStrings[0] = pidbuf; lpszStrings[0] = pidbuf;
lpszStrings[1] = string; lpszStrings[1] = string;
+3 -1
View File
@@ -1,5 +1,5 @@
#! /usr/bin/env perl #! /usr/bin/env perl
# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. # Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the Apache License 2.0 (the "License"). You may not use # Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@@ -84,10 +84,12 @@ bn_mul_mont:
cmp $num,#32 cmp $num,#32
b.le .Lscalar_impl b.le .Lscalar_impl
#ifndef __KERNEL__ #ifndef __KERNEL__
#ifndef __AARCH64EB__
adrp x17,OPENSSL_armv8_rsa_neonized adrp x17,OPENSSL_armv8_rsa_neonized
ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized] ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
cbnz w17, bn_mul8x_mont_neon cbnz w17, bn_mul8x_mont_neon
#endif #endif
#endif
.Lscalar_impl: .Lscalar_impl:
tst $num,#7 tst $num,#7
+16 -7
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
* out by Colin Percival, * out by Colin Percival,
* http://www.daemonology.net/hyperthreading-considered-harmful/) * http://www.daemonology.net/hyperthreading-considered-harmful/)
*/ */
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont) BN_MONT_CTX *in_mont)
{ {
@@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
unsigned int t4 = 0; unsigned int t4 = 0;
#endif #endif
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
if (!BN_is_odd(m)) { if (!BN_is_odd(m)) {
ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
return 0; return 0;
@@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
goto err; goto err;
} else } else
#endif #endif
if (!BN_from_montgomery(rr, &tmp, mont, ctx)) if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx))
goto err; goto err;
ret = 1; ret = 1;
err: err:
@@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
return ret; return ret;
} }
int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *in_mont)
{
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont))
return 0;
bn_correct_top(rr);
return 1;
}
int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
{ {
+21 -9
View File
@@ -15,6 +15,7 @@
#include "bn_local.h" #include "bn_local.h"
#ifndef OPENSSL_NO_EC2M #ifndef OPENSSL_NO_EC2M
# include <openssl/ec.h>
/* /*
* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
@@ -1140,16 +1141,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
/* /*
* Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
* x^i) into an array of integers corresponding to the bits with non-zero * x^i) into an array of integers corresponding to the bits with non-zero
* coefficient. Array is terminated with -1. Up to max elements of the array * coefficient. The array is intended to be suitable for use with
* will be filled. Return value is total number of array elements that would * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be
* be filled if array was large enough. * zero. This translates to a requirement that the input BIGNUM `a` is odd.
*
* Given sufficient room, the array is terminated with -1. Up to max elements
* of the array will be filled.
*
* The return value is total number of array elements that would be filled if
* array was large enough, including the terminating `-1`. It is `0` when `a`
* is not odd or the constant term is zero contrary to requirement.
*
* The return value is also `0` when the leading exponent exceeds
* `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks,
*/ */
int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
{ {
int i, j, k = 0; int i, j, k = 0;
BN_ULONG mask; BN_ULONG mask;
if (BN_is_zero(a)) if (!BN_is_odd(a))
return 0; return 0;
for (i = a->top - 1; i >= 0; i--) { for (i = a->top - 1; i >= 0; i--) {
@@ -1167,12 +1178,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
} }
} }
if (k < max) { if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS)
p[k] = -1; return 0;
k++;
}
return k; if (k < max)
p[k] = -1;
return k + 1;
} }
/* /*
+2 -6
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2020, Intel Corporation. All Rights Reserved. * Copyright (c) 2020, Intel Corporation. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -495,11 +495,7 @@ static void to_words52(BN_ULONG *out, int out_len,
out_len--; out_len--;
} }
while (out_len > 0) { memset(out, 0, out_len * sizeof(BN_ULONG));
*out = 0;
out_len--;
out++;
}
} }
static ossl_inline void put_digit52(uint8_t *pStr, int strLen, uint64_t digit) static ossl_inline void put_digit52(uint8_t *pStr, int strLen, uint64_t digit)
+4 -1
View File
@@ -107,10 +107,13 @@ static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si)
ss = si->statusString; /* may be NULL */ ss = si->statusString; /* may be NULL */
for (i = 0; i < sk_ASN1_UTF8STRING_num(ss); i++) { for (i = 0; i < sk_ASN1_UTF8STRING_num(ss); i++) {
ASN1_UTF8STRING *str = sk_ASN1_UTF8STRING_value(ss, i); ASN1_UTF8STRING *str = sk_ASN1_UTF8STRING_value(ss, i);
ASN1_UTF8STRING *dup = ASN1_STRING_dup(str);
if (!sk_ASN1_UTF8STRING_push(ctx->statusString, ASN1_STRING_dup(str))) if (dup == NULL || !sk_ASN1_UTF8STRING_push(ctx->statusString, dup)) {
ASN1_UTF8STRING_free(dup);
return 0; return 0;
} }
}
return 1; return 1;
} }
+17 -2
View File
@@ -51,6 +51,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
EVP_PKEY_free(si->pkey); EVP_PKEY_free(si->pkey);
X509_free(si->signer); X509_free(si->signer);
EVP_MD_CTX_free(si->mctx); EVP_MD_CTX_free(si->mctx);
EVP_PKEY_CTX_free(si->pctx);
} }
return 1; return 1;
} }
@@ -89,11 +90,21 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = {
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo) } static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
{
CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval;
if (operation == ASN1_OP_FREE_POST)
OPENSSL_clear_free(ec->key, ec->keylen);
return 1;
}
ASN1_NDEF_SEQUENCE_cb(CMS_EncryptedContentInfo, cms_ec_cb) = {
ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) } ASN1_NDEF_SEQUENCE_END_cb(CMS_EncryptedContentInfo, CMS_EncryptedContentInfo)
ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32), ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
@@ -317,6 +328,10 @@ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
return 0; return 0;
break; break;
case ASN1_OP_FREE_POST:
OPENSSL_free(cms->ctx.propq);
break;
} }
return 1; return 1;
} }
+1 -1
View File
@@ -34,7 +34,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
if (OBJ_obj2nid(aoid) != NID_dhpublicnumber) if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
goto err; goto err;
/* Only absent parameters allowed in RFC XXXX */ /* Only absent parameters allowed in RFC XXXX */
if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL) if (atype != V_ASN1_UNDEF && atype != V_ASN1_NULL)
goto err; goto err;
pk = EVP_PKEY_CTX_get0_pkey(pctx); pk = EVP_PKEY_CTX_get0_pkey(pctx);
-9
View File
@@ -51,15 +51,6 @@ static int cms_get_enveloped_type(const CMS_ContentInfo *cms)
return ret; return ret;
} }
void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf)
{
if (cms_get_enveloped_type_simple(cinf) != 0) {
CMS_EncryptedContentInfo *ec = ossl_cms_get0_env_enc_content(cinf);
if (ec != NULL)
OPENSSL_clear_free(ec->key, ec->keylen);
}
}
CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms) CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms)
{ {
if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
+3 -1
View File
@@ -1,6 +1,6 @@
/* /*
* Generated by util/mkerr.pl DO NOT EDIT * Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -59,6 +59,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO), {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO),
"error setting recipientinfo"}, "error setting recipientinfo"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT),
"error unsupported static key agreement"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR), {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR),
"ess signing certid mismatch error"}, "ess signing certid mismatch error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
+8 -1
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -502,6 +502,13 @@ int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey); oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey);
if (!oik->d.originatorKey) if (!oik->d.originatorKey)
return 0; return 0;
} else {
/*
* Currently it is not possible to get public key as it is not stored
* during kari initialization.
*/
ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT);
return 0;
} }
/* Initialise KDF algorithm */ /* Initialise KDF algorithm */
if (!ossl_cms_env_asn1_ctrl(ri, 0)) if (!ossl_cms_env_asn1_ctrl(ri, 0))
+1 -14
View File
@@ -22,6 +22,7 @@
static STACK_OF(CMS_CertificateChoices) static STACK_OF(CMS_CertificateChoices)
**cms_get0_certificate_choices(CMS_ContentInfo *cms); **cms_get0_certificate_choices(CMS_ContentInfo *cms);
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(CMS_ContentInfo)
IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a,
@@ -68,20 +69,6 @@ CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq)
return ci; return ci;
} }
CMS_ContentInfo *CMS_ContentInfo_new(void)
{
return CMS_ContentInfo_new_ex(NULL, NULL);
}
void CMS_ContentInfo_free(CMS_ContentInfo *cms)
{
if (cms != NULL) {
ossl_cms_env_enc_content_free(cms);
OPENSSL_free(cms->ctx.propq);
ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo));
}
}
const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms) const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms)
{ {
return cms != NULL ? &cms->ctx : NULL; return cms != NULL ? &cms->ctx : NULL;
+1 -1
View File
@@ -368,6 +368,7 @@ struct CMS_Receipt_st {
DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
DECLARE_ASN1_ITEM(CMS_SignerInfo) DECLARE_ASN1_ITEM(CMS_SignerInfo)
DECLARE_ASN1_ITEM(CMS_EncryptedContentInfo)
DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
DECLARE_ASN1_ITEM(CMS_Attributes_Sign) DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
DECLARE_ASN1_ITEM(CMS_Attributes_Verify) DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
@@ -444,7 +445,6 @@ BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain); int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain);
BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms); BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms);
int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio); int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio);
void ossl_cms_env_enc_content_free(const CMS_ContentInfo *cinf);
CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms); CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms);
CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms); CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms);
CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms); CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms);
+4 -1
View File
@@ -223,7 +223,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
os = ossl_rsa_ctx_to_pss_string(pkctx); os = ossl_rsa_ctx_to_pss_string(pkctx);
if (os == NULL) if (os == NULL)
return 0; return 0;
return X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); if (X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os))
return 1;
ASN1_STRING_free(os);
return 0;
} }
params[0] = OSSL_PARAM_construct_octet_string( params[0] = OSSL_PARAM_construct_octet_string(
+18 -2
View File
@@ -482,8 +482,12 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
ossl_cms_ctx_get0_libctx(ctx), ossl_cms_ctx_get0_libctx(ctx),
ossl_cms_ctx_get0_propq(ctx), ossl_cms_ctx_get0_propq(ctx),
pk, NULL) <= 0) { pk, NULL) <= 0) {
si->pctx = NULL;
goto err; goto err;
} }
else {
EVP_MD_CTX_set_flags(si->mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
}
} }
if (!sd->signerInfos) if (!sd->signerInfos)
@@ -725,6 +729,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
unsigned int mdlen; unsigned int mdlen;
pctx = si->pctx; pctx = si->pctx;
si->pctx = NULL;
if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err; goto err;
siglen = EVP_PKEY_get_size(si->pkey); siglen = EVP_PKEY_get_size(si->pkey);
@@ -813,6 +818,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
ossl_cms_ctx_get0_propq(ctx), si->pkey, ossl_cms_ctx_get0_propq(ctx), si->pkey,
NULL) <= 0) NULL) <= 0)
goto err; goto err;
EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
si->pctx = pctx; si->pctx = pctx;
} }
@@ -884,9 +890,16 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
goto err; goto err;
} }
mctx = si->mctx; mctx = si->mctx;
if (si->pctx != NULL) {
EVP_PKEY_CTX_free(si->pctx);
si->pctx = NULL;
}
if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx, if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx,
propq, si->pkey, NULL) <= 0) propq, si->pkey, NULL) <= 0) {
si->pctx = NULL;
goto err; goto err;
}
EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
if (!cms_sd_asn1_ctrl(si, 1)) if (!cms_sd_asn1_ctrl(si, 1))
goto err; goto err;
@@ -1003,8 +1016,11 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
goto err; goto err;
si->pctx = pkctx; si->pctx = pkctx;
if (!cms_sd_asn1_ctrl(si, 1)) if (!cms_sd_asn1_ctrl(si, 1)) {
si->pctx = NULL;
goto err; goto err;
}
si->pctx = NULL;
r = EVP_PKEY_verify(pkctx, si->signature->data, r = EVP_PKEY_verify(pkctx, si->signature->data,
si->signature->length, mval, mlen); si->signature->length, mval, mlen);
if (r <= 0) { if (r <= 0) {
+2 -1
View File
@@ -236,7 +236,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
if (cms == NULL) if (cms == NULL)
return NULL; return NULL;
if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
return NULL; goto err;
if (!(flags & CMS_DETACHED)) if (!(flags & CMS_DETACHED))
CMS_set_detached(cms, 0); CMS_set_detached(cms, 0);
@@ -245,6 +245,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
|| CMS_final(cms, in, NULL, flags)) || CMS_final(cms, in, NULL, flags))
return cms; return cms;
err:
CMS_ContentInfo_free(cms); CMS_ContentInfo_free(cms);
return NULL; return NULL;
} }
+3 -2
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -120,7 +120,8 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider,
* It is *expected* that the put function increments the refcnt * It is *expected* that the put function increments the refcnt
* of the passed method. * of the passed method.
*/ */
data->mcm->put(data->store, method, provider, algo->algorithm_names, data->mcm->put(no_store ? data->store : NULL,
method, provider, algo->algorithm_names,
algo->property_definition, data->mcm_data); algo->property_definition, data->mcm_data);
/* refcnt-- because we're dropping the reference */ /* refcnt-- because we're dropping the reference */
+5 -6
View File
@@ -235,13 +235,12 @@ static char *dl_name_converter(DSO *dso, const char *filename)
ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED); ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED);
return NULL; return NULL;
} }
if (transform) { if (transform)
if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) BIO_snprintf(translated, rsize,
sprintf(translated, "lib%s%s", filename, DSO_EXTENSION); (DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0
? "lib%s%s" : "%s%s", filename, DSO_EXTENSION);
else else
sprintf(translated, "%s%s", filename, DSO_EXTENSION); BIO_snprintf(translated, rsize, "%s", filename);
} else
sprintf(translated, "%s", filename);
return translated; return translated;
} }
+5 -4
View File
@@ -271,11 +271,12 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
} }
if (transform) { if (transform) {
if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
sprintf(translated, "lib%s" DSO_EXTENSION, filename); BIO_snprintf(translated, rsize, "lib%s" DSO_EXTENSION, filename);
else else
sprintf(translated, "%s" DSO_EXTENSION, filename); BIO_snprintf(translated, rsize, "%s" DSO_EXTENSION, filename);
} else } else {
sprintf(translated, "%s", filename); BIO_snprintf(translated, rsize, "%s", filename);
}
return translated; return translated;
} }
+6 -10
View File
@@ -454,24 +454,20 @@ static char *win32_name_converter(DSO *dso, const char *filename)
char *translated; char *translated;
int len, transform; int len, transform;
len = strlen(filename);
transform = ((strstr(filename, "/") == NULL) && transform = ((strstr(filename, "/") == NULL) &&
(strstr(filename, "\\") == NULL) && (strstr(filename, "\\") == NULL) &&
(strstr(filename, ":") == NULL)); (strstr(filename, ":") == NULL));
/* If transform != 0, then we convert to %s.dll, else just dupe filename */
len = strlen(filename) + 1;
if (transform) if (transform)
/* We will convert this to "%s.dll" */ len += strlen(".dll");
translated = OPENSSL_malloc(len + 5); translated = OPENSSL_malloc(len);
else
/* We will simply duplicate filename */
translated = OPENSSL_malloc(len + 1);
if (translated == NULL) { if (translated == NULL) {
ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED); ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED);
return NULL; return NULL;
} }
if (transform) BIO_snprintf(translated, len, "%s%s", filename, transform ? ".dll" : "");
sprintf(translated, "%s.dll", filename);
else
sprintf(translated, "%s", filename);
return translated; return translated;
} }
+1 -1
View File
@@ -1161,7 +1161,7 @@ int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
size_t buf_len = 0; size_t buf_len = 0;
int new_buffer = 0; int new_buffer = 0;
if (a == NULL) { if (a == NULL || a->pub_key == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
return 0; return 0;
} }
+1 -7
View File
@@ -616,15 +616,9 @@ EC_KEY *ossl_ec_key_dup(const EC_KEY *src, int selection)
|| !EC_GROUP_copy(ret->group, src->group)) || !EC_GROUP_copy(ret->group, src->group))
goto err; goto err;
if (src->meth != NULL) { if (src->meth != NULL)
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
if (src->engine != NULL && ENGINE_init(src->engine) == 0)
goto err;
ret->engine = src->engine;
#endif
ret->meth = src->meth; ret->meth = src->meth;
} }
}
/* copy the public key */ /* copy the public key */
if (src->pub_key != NULL if (src->pub_key != NULL
+5 -4
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -20,6 +20,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/opensslv.h> #include <openssl/opensslv.h>
#include "crypto/ec.h" #include "crypto/ec.h"
#include "crypto/bn.h"
#include "internal/nelem.h" #include "internal/nelem.h"
#include "ec_local.h" #include "ec_local.h"
@@ -1262,10 +1263,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
if (!BN_sub(e, group->order, e)) if (!BN_sub(e, group->order, e))
goto err; goto err;
/*- /*-
* Exponent e is public. * Although the exponent is public we want the result to be
* No need for scatter-gather or BN_FLG_CONSTTIME. * fixed top.
*/ */
if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data)) if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data))
goto err; goto err;
ret = 1; ret = 1;
+4
View File
@@ -74,6 +74,10 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
point_conversion_form_t form, unsigned char *buf, point_conversion_form_t form, unsigned char *buf,
size_t len, BN_CTX *ctx) size_t len, BN_CTX *ctx)
{ {
if (point == NULL) {
ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (group->meth->point2oct == 0 if (group->meth->point2oct == 0
&& !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+5 -1
View File
@@ -186,9 +186,13 @@ encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg)
const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder); const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder);
if (k_prov != e_prov) { if (k_prov != e_prov) {
int selection = data->selection;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
data->encoder_inst = encoder_inst; data->encoder_inst = encoder_inst;
if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection, if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, selection,
&encoder_import_cb, data)) &encoder_import_cb, data))
return NULL; return NULL;
data->obj = data->constructed_obj; data->obj = data->constructed_obj;
+3 -1
View File
@@ -1,4 +1,4 @@
# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. # Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the Apache License 2.0 (the "License"). You may not use # Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@@ -307,6 +307,8 @@ CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\
error reading messagedigest attribute error reading messagedigest attribute
CMS_R_ERROR_SETTING_KEY:115:error setting key CMS_R_ERROR_SETTING_KEY:115:error setting key
CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo
CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT:196:\
error unsupported static key agreement
CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR:183:ess signing certid mismatch error CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR:183:ess signing certid mismatch error
CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length
CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter
+11 -1
View File
@@ -1210,6 +1210,8 @@ static int fix_ecdh_cofactor(enum state state,
/* The initial value for |ctx->action_type| must not be zero. */ /* The initial value for |ctx->action_type| must not be zero. */
if (!ossl_assert(ctx->action_type != NONE)) if (!ossl_assert(ctx->action_type != NONE))
return 0; return 0;
} else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == NONE) {
ctx->action_type = GET;
} }
if ((ret = default_check(state, translation, ctx)) <= 0) if ((ret = default_check(state, translation, ctx)) <= 0)
@@ -1235,6 +1237,8 @@ static int fix_ecdh_cofactor(enum state state,
} }
} else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
ctx->p1 = -2; ctx->p1 = -2;
} else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) {
ctx->p1 = ret;
} }
return ret; return ret;
@@ -2800,8 +2804,14 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
/* /*
* In POST, we pass the return value as p1, allowing the fixup_args * In POST, we pass the return value as p1, allowing the fixup_args
* function to put it to good use, or maybe affect it. * function to put it to good use, or maybe affect it.
*
* NOTE: even though EVP_PKEY_CTX_ctrl return value is documented
* as return positive on Success and 0 or negative on falure. There
* maybe parameters (e.g. ecdh_cofactor), which actually return 0
* as success value. That is why we do POST_PARAMS_TO_CTRL for 0
* value as well
*/ */
if (ret > 0) { if (ret >= 0) {
ctx.p1 = ret; ctx.p1 = ret;
fixup(POST_PARAMS_TO_CTRL, translation, &ctx); fixup(POST_PARAMS_TO_CTRL, translation, &ctx);
ret = ctx.p1; ret = ctx.p1;
+8 -4
View File
@@ -662,8 +662,12 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
{ {
EVP_PKEY_CTX *pctx = ctx->pctx; EVP_PKEY_CTX *pctx = ctx->pctx;
if (pctx != NULL if (pctx == NULL) {
&& pctx->operation == EVP_PKEY_OP_VERIFYCTX ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
return -1;
}
if (pctx->operation == EVP_PKEY_OP_VERIFYCTX
&& pctx->op.sig.algctx != NULL && pctx->op.sig.algctx != NULL
&& pctx->op.sig.signature != NULL) { && pctx->op.sig.signature != NULL) {
if (pctx->op.sig.signature->digest_verify != NULL) if (pctx->op.sig.signature->digest_verify != NULL)
@@ -672,8 +676,8 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
tbs, tbslen); tbs, tbslen);
} else { } else {
/* legacy */ /* legacy */
if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL) if (pctx->pmeth != NULL && pctx->pmeth->digestverify != NULL)
return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); return pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
} }
if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
+15 -4
View File
@@ -851,6 +851,20 @@ int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx,
#ifndef OPENSSL_NO_SOCK #ifndef OPENSSL_NO_SOCK
static const char *explict_or_default_port(const char *hostserv, const char *port, int use_ssl)
{
if (port == NULL) {
char *service = NULL;
if (!BIO_parse_hostserv(hostserv, NULL, &service, BIO_PARSE_PRIO_HOST))
return NULL;
if (service == NULL) /* implicit port */
port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
OPENSSL_free(service);
} /* otherwise take the explicitly given port */
return port;
}
/* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */ /* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */
static BIO *http_new_bio(const char *server /* optionally includes ":port" */, static BIO *http_new_bio(const char *server /* optionally includes ":port" */,
const char *server_port /* explicit server port */, const char *server_port /* explicit server port */,
@@ -870,8 +884,7 @@ static BIO *http_new_bio(const char *server /* optionally includes ":port" */,
port = proxy_port; port = proxy_port;
} }
if (port == NULL && strchr(host, ':') == NULL) port = explict_or_default_port(host, port, use_ssl);
port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
cbio = BIO_new_connect(host /* optionally includes ":port" */); cbio = BIO_new_connect(host /* optionally includes ":port" */);
if (cbio == NULL) if (cbio == NULL)
@@ -958,8 +971,6 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port,
} }
if (port != NULL && *port == '\0') if (port != NULL && *port == '\0')
port = NULL; port = NULL;
if (port == NULL && strchr(server, ':') == NULL)
port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT;
proxy = OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl); proxy = OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl);
if (proxy != NULL if (proxy != NULL
&& !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */, && !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */,
+18 -4
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -9,11 +9,18 @@
#include <stdio.h> /* for sscanf() */ #include <stdio.h> /* for sscanf() */
#include <string.h> #include <string.h>
#ifndef OPENSSL_NO_SOCK
# include "../bio/bio_local.h" /* for NI_MAXHOST */
#endif
#include <openssl/http.h> #include <openssl/http.h>
#include <openssl/httperr.h> #include <openssl/httperr.h>
#include <openssl/bio.h> /* for BIO_snprintf() */ #include <openssl/bio.h> /* for BIO_snprintf() */
#include <openssl/err.h> #include <openssl/err.h>
#include "internal/cryptlib.h" /* for ossl_assert() */ #include "internal/cryptlib.h" /* for ossl_assert() */
#ifndef NI_MAXHOST
# define NI_MAXHOST 255
#endif
#include "crypto/ctype.h" /* for ossl_isspace() */
static void init_pstring(char **pstr) static void init_pstring(char **pstr)
{ {
@@ -251,10 +258,17 @@ static int use_proxy(const char *no_proxy, const char *server)
{ {
size_t sl; size_t sl;
const char *found = NULL; const char *found = NULL;
char host[NI_MAXHOST];
if (!ossl_assert(server != NULL)) if (!ossl_assert(server != NULL))
return 0; return 0;
sl = strlen(server); sl = strlen(server);
if (sl >= 2 && sl < sizeof(host) + 2 && server[0] == '[' && server[sl - 1] == ']') {
/* strip leading '[' and trailing ']' from escaped IPv6 address */
sl -= 2;
strncpy(host, server + 1, sl);
server = host;
}
/* /*
* using environment variable names, both lowercase and uppercase variants, * using environment variable names, both lowercase and uppercase variants,
@@ -268,8 +282,8 @@ static int use_proxy(const char *no_proxy, const char *server)
if (no_proxy != NULL) if (no_proxy != NULL)
found = strstr(no_proxy, server); found = strstr(no_proxy, server);
while (found != NULL while (found != NULL
&& ((found != no_proxy && found[-1] != ' ' && found[-1] != ',') && ((found != no_proxy && !ossl_isspace(found[-1]) && found[-1] != ',')
|| (found[sl] != '\0' && found[sl] != ' ' && found[sl] != ','))) || (found[sl] != '\0' && !ossl_isspace(found[sl]) && found[sl] != ',')))
found = strstr(found + 1, server); found = strstr(found + 1, server);
return found == NULL; return found == NULL;
} }
@@ -285,7 +299,7 @@ const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
if (proxy == NULL) if (proxy == NULL)
proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy"); proxy = ossl_safe_getenv(use_ssl ? "https_proxy" : "http_proxy");
if (proxy == NULL) if (proxy == NULL)
proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTP_PROXY : OPENSSL_HTTPS_PROXY); proxy = ossl_safe_getenv(use_ssl ? OPENSSL_HTTPS_PROXY : OPENSSL_HTTP_PROXY);
if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server)) if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server))
return NULL; return NULL;
+2 -2
View File
@@ -173,7 +173,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
X509_SIG *p8 = NULL; X509_SIG *p8 = NULL;
int klen; int klen;
EVP_PKEY *ret; EVP_PKEY *ret;
char psbuf[PEM_BUFSIZE]; char psbuf[PEM_BUFSIZE + 1]; /* reserve one byte at the end */
p8 = d2i_PKCS8_bio(bp, NULL); p8 = d2i_PKCS8_bio(bp, NULL);
if (p8 == NULL) if (p8 == NULL)
@@ -182,7 +182,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
klen = cb(psbuf, PEM_BUFSIZE, 0, u); klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (klen < 0) { if (klen < 0 || klen > PEM_BUFSIZE) {
ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ); ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8); X509_SIG_free(p8);
return NULL; return NULL;
+4 -2
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -210,8 +210,10 @@ PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags,
/* Make a PKCS#8 structure */ /* Make a PKCS#8 structure */
if ((p8 = EVP_PKEY2PKCS8(key)) == NULL) if ((p8 = EVP_PKEY2PKCS8(key)) == NULL)
goto err; goto err;
if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) {
PKCS8_PRIV_KEY_INFO_free(p8);
goto err; goto err;
}
if (nid_key != -1) { if (nid_key != -1) {
/* This call does not take ownership of p8 */ /* This call does not take ownership of p8 */
bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0, bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0,
+3 -3
View File
@@ -1023,6 +1023,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(X509_ATTRIBUTE) *sk;
BIO *btmp; BIO *btmp;
EVP_PKEY *pkey; EVP_PKEY *pkey;
unsigned char *abuf = NULL;
const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx); OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx);
const char *propq = ossl_pkcs7_ctx_get0_propq(ctx); const char *propq = ossl_pkcs7_ctx_get0_propq(ctx);
@@ -1072,7 +1073,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
sk = si->auth_attr; sk = si->auth_attr;
if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; unsigned char md_dat[EVP_MAX_MD_SIZE];
unsigned int md_len; unsigned int md_len;
int alen; int alen;
ASN1_OCTET_STRING *message_digest; ASN1_OCTET_STRING *message_digest;
@@ -1114,8 +1115,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
} }
if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
goto err; goto err;
OPENSSL_free(abuf);
} }
os = si->enc_digest; os = si->enc_digest;
@@ -1133,6 +1132,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
} }
ret = 1; ret = 1;
err: err:
OPENSSL_free(abuf);
EVP_MD_CTX_free(mdc_tmp); EVP_MD_CTX_free(mdc_tmp);
EVP_MD_free(fetched_md); EVP_MD_free(fetched_md);
return ret; return ret;
+5
View File
@@ -28,6 +28,11 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
/* NOTE(emilia): does not support detached digested data. */ /* NOTE(emilia): does not support detached digested data. */
case PKCS7_OP_SET_DETACHED_SIGNATURE: case PKCS7_OP_SET_DETACHED_SIGNATURE:
if (nid == NID_pkcs7_signed) { if (nid == NID_pkcs7_signed) {
if (p7->d.sign == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
ret = 0;
break;
}
ret = p7->detached = (int)larg; ret = p7->detached = (int)larg;
if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
ASN1_OCTET_STRING *os; ASN1_OCTET_STRING *os;
+7 -3
View File
@@ -331,12 +331,10 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key);
ctx = BN_CTX_new_ex(libctx); ctx = BN_CTX_new_ex(libctx);
pt = EC_POINT_new(group); if (ctx == NULL) {
if (ctx == NULL || pt == NULL) {
ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE);
goto done; goto done;
} }
BN_CTX_start(ctx); BN_CTX_start(ctx);
t = BN_CTX_get(ctx); t = BN_CTX_get(ctx);
x1 = BN_CTX_get(ctx); x1 = BN_CTX_get(ctx);
@@ -345,6 +343,12 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
goto done; goto done;
} }
pt = EC_POINT_new(group);
if (pt == NULL) {
ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE);
goto done;
}
/* /*
* B1: verify whether r' in [1,n-1], verification failed if not * B1: verify whether r' in [1,n-1], verification failed if not
* B2: verify whether s' in [1,n-1], verification failed if not * B2: verify whether s' in [1,n-1], verification failed if not
+2
View File
@@ -216,6 +216,8 @@ int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id,
{ {
OPENSSL_free(vinfo->id); OPENSSL_free(vinfo->id);
OPENSSL_free(vinfo->info); OPENSSL_free(vinfo->info);
vinfo->id = NULL;
vinfo->info = NULL;
if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id))) if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
return 0; return 0;
return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info))); return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
+2 -1
View File
@@ -212,7 +212,8 @@ int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
{ {
*ret = (int)InterlockedExchangeAdd((long volatile *)val, (long)amount) + amount; *ret = (int)InterlockedExchangeAdd((LONG volatile *)val, (LONG)amount)
+ amount;
return 1; return 1;
} }
+1 -1
View File
@@ -473,7 +473,7 @@ BIO *OSSL_trace_begin(int category)
char *prefix = NULL; char *prefix = NULL;
category = ossl_trace_get_category(category); category = ossl_trace_get_category(category);
if (category < 0) if (category < 0 || !OSSL_trace_enabled(category))
return NULL; return NULL;
channel = trace_channels[category].bio; channel = trace_channels[category].bio;
+8 -4
View File
@@ -105,14 +105,18 @@ static int ui_read(UI *ui, UI_STRING *uis)
switch (UI_get_string_type(uis)) { switch (UI_get_string_type(uis)) {
case UIT_PROMPT: case UIT_PROMPT:
{ {
char result[PEM_BUFSIZE + 1]; int len;
char result[PEM_BUFSIZE + 1]; /* reserve one byte at the end */
const struct pem_password_cb_data *data = const struct pem_password_cb_data *data =
UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index); UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index);
int maxsize = UI_get_result_maxsize(uis); int maxsize = UI_get_result_maxsize(uis);
int len = data->cb(result,
maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize,
data->rwflag, UI_get0_user_data(ui));
if (maxsize > PEM_BUFSIZE)
maxsize = PEM_BUFSIZE;
len = data->cb(result, maxsize, data->rwflag,
UI_get0_user_data(ui));
if (len > maxsize)
return -1;
if (len >= 0) if (len >= 0)
result[len] = '\0'; result[len] = '\0';
if (len < 0) if (len < 0)
+16 -18
View File
@@ -67,11 +67,10 @@ const X509V3_EXT_METHOD ossl_v3_ext_admission = {
NULL /* extension-specific data */ NULL /* extension-specific data */
}; };
static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in, static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
BIO *bp, int ind) BIO *bp, int ind)
{ {
NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in; NAMING_AUTHORITY *namingAuthority = (NAMING_AUTHORITY *) in;
if (namingAuthority == NULL) if (namingAuthority == NULL)
return 0; return 0;
@@ -81,14 +80,14 @@ static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
&& namingAuthority->namingAuthorityUrl == NULL) && namingAuthority->namingAuthorityUrl == NULL)
return 0; return 0;
if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0) if (BIO_printf(bp, "%*snamingAuthority:\n", ind, "") <= 0)
goto err; goto err;
if (namingAuthority->namingAuthorityId != NULL) { if (namingAuthority->namingAuthorityId != NULL) {
char objbuf[128]; char objbuf[128];
const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId)); const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId));
if (BIO_printf(bp, "%*s admissionAuthorityId: ", ind, "") <= 0) if (BIO_printf(bp, "%*s namingAuthorityId: ", ind, "") <= 0)
goto err; goto err;
OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1); OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1);
@@ -130,9 +129,10 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
} }
for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) { for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) {
ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i); ADMISSIONS *entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i);
if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err; if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0)
goto err;
if (entry->admissionAuthority != NULL) { if (entry->admissionAuthority != NULL) {
if (BIO_printf(bp, "%*s admissionAuthority:\n", ind, "") <= 0 if (BIO_printf(bp, "%*s admissionAuthority:\n", ind, "") <= 0
@@ -143,12 +143,12 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
} }
if (entry->namingAuthority != NULL) { if (entry->namingAuthority != NULL) {
if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0) if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind + 2) <= 0)
goto err; goto err;
} }
for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) { for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) {
PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j); PROFESSION_INFO *pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j);
if (BIO_printf(bp, "%*s Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0) if (BIO_printf(bp, "%*s Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0)
goto err; goto err;
@@ -161,7 +161,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
} }
if (pinfo->namingAuthority != NULL) { if (pinfo->namingAuthority != NULL) {
if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0) if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 4) <= 0)
goto err; goto err;
} }
@@ -170,7 +170,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
if (BIO_printf(bp, "%*s Info Entries:\n", ind, "") <= 0) if (BIO_printf(bp, "%*s Info Entries:\n", ind, "") <= 0)
goto err; goto err;
for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) { for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) {
ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k); ASN1_STRING *val = sk_ASN1_STRING_value(pinfo->professionItems, k);
if (BIO_printf(bp, "%*s ", ind, "") <= 0 if (BIO_printf(bp, "%*s ", ind, "") <= 0
|| ASN1_STRING_print(bp, val) <= 0 || ASN1_STRING_print(bp, val) <= 0
@@ -183,7 +183,7 @@ static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
if (BIO_printf(bp, "%*s Profession OIDs:\n", ind, "") <= 0) if (BIO_printf(bp, "%*s Profession OIDs:\n", ind, "") <= 0)
goto err; goto err;
for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) { for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) {
ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k); ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k);
const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj)); const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj));
char objbuf[128]; char objbuf[128];
@@ -207,31 +207,29 @@ const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n)
return n->namingAuthorityId; return n->namingAuthorityId;
} }
void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id) void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT *id)
{ {
ASN1_OBJECT_free(n->namingAuthorityId); ASN1_OBJECT_free(n->namingAuthorityId);
n->namingAuthorityId = id; n->namingAuthorityId = id;
} }
const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(const NAMING_AUTHORITY *n)
const NAMING_AUTHORITY *n)
{ {
return n->namingAuthorityUrl; return n->namingAuthorityUrl;
} }
void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u) void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING *u)
{ {
ASN1_IA5STRING_free(n->namingAuthorityUrl); ASN1_IA5STRING_free(n->namingAuthorityUrl);
n->namingAuthorityUrl = u; n->namingAuthorityUrl = u;
} }
const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(const NAMING_AUTHORITY *n)
const NAMING_AUTHORITY *n)
{ {
return n->namingAuthorityText; return n->namingAuthorityText;
} }
void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t) void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING *t)
{ {
ASN1_IA5STRING_free(n->namingAuthorityText); ASN1_IA5STRING_free(n->namingAuthorityText);
n->namingAuthorityText = t; n->namingAuthorityText = t;
+2 -1
View File
@@ -336,7 +336,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
{ {
GENERAL_NAMES *ialt; GENERAL_NAMES *ialt = NULL;
GENERAL_NAME *gen; GENERAL_NAME *gen;
X509_EXTENSION *ext; X509_EXTENSION *ext;
int i, num; int i, num;
@@ -371,6 +371,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
return 1; return 1;
err: err:
sk_GENERAL_NAME_free(ialt);
return 0; return 0;
} }
+3 -1
View File
@@ -1,5 +1,5 @@
/* /*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the Apache License 2.0 (the "License"). You may not use * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@@ -196,6 +196,8 @@ int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags)
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0; return 0;
} }
if (cert == NULL)
return 0;
if ((flags & X509_ADD_FLAG_NO_DUP) != 0) { if ((flags & X509_ADD_FLAG_NO_DUP) != 0) {
/* /*
* not using sk_X509_set_cmp_func() and sk_X509_find() * not using sk_X509_set_cmp_func() and sk_X509_find()
+3 -1
View File
@@ -92,11 +92,13 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
int timeout, const ASN1_ITEM *it) int timeout, const ASN1_ITEM *it)
{ {
size_t max_resp_len = (it == ASN1_ITEM_rptr(X509_CRL)) ?
OSSL_HTTP_DEFAULT_MAX_CRL_LEN : OSSL_HTTP_DEFAULT_MAX_RESP_LEN;
BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */, BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */,
bio, rbio, NULL /* cb */, NULL /* arg */, bio, rbio, NULL /* cb */, NULL /* arg */,
1024 /* buf_size */, NULL /* headers */, 1024 /* buf_size */, NULL /* headers */,
NULL /* expected_ct */, 1 /* expect_asn1 */, NULL /* expected_ct */, 1 /* expect_asn1 */,
OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); max_resp_len, timeout);
ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL); ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL);
BIO_free(mem); BIO_free(mem);
+1 -1
View File
@@ -94,7 +94,7 @@ int aes_ccm_encrypt(void)
if ((cipher = EVP_CIPHER_fetch(libctx, "AES-192-CCM", propq)) == NULL) if ((cipher = EVP_CIPHER_fetch(libctx, "AES-192-CCM", propq)) == NULL)
goto err; goto err;
/* Set nonce length if default 96 bits is not appropriate */ /* Default nonce length for AES-CCM is 7 bytes (56 bits). */
params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
&ccm_nonce_len); &ccm_nonce_len);
/* Set tag length */ /* Set tag length */
+1 -1
View File
@@ -701,7 +701,7 @@ A sample configuration file with the relevant sections for this command:
default_days = 365 # how long to certify for default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL default_crl_days= 30 # how long before next CRL
default_md = md5 # md to use default_md = sha256 # md to use
policy = policy_any # default policy policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN email_in_dn = no # Don't add the email into cert DN
+8 -3
View File
@@ -453,8 +453,11 @@ Reason numbers defined in RFC 5280 are:
=item B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]> =item B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
The DNS hostname or IP address and optionally port The I<host> domain name or IP address and optionally I<port>
of the CMP server to connect to using HTTP(S). of the CMP server to connect to using HTTP(S).
IP address may be for v4 or v6, such as C<127.0.0.1> or C<[::1]> for localhost.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
This option excludes I<-port> and I<-use_mock_srv>. This option excludes I<-port> and I<-use_mock_srv>.
It is ignored if I<-rspin> is given with enough filename arguments. It is ignored if I<-rspin> is given with enough filename arguments.
@@ -468,6 +471,7 @@ If a path is included it provides the default value for the B<-path> option.
The HTTP(S) proxy server to use for reaching the CMP server unless B<-no_proxy> The HTTP(S) proxy server to use for reaching the CMP server unless B<-no_proxy>
applies, see below. applies, see below.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
the optional C<http://> or C<https://> prefix is ignored (note that TLS may be the optional C<http://> or C<https://> prefix is ignored (note that TLS may be
selected by B<-tls_used>), as well as any path, userinfo, and query, and fragment selected by B<-tls_used>), as well as any path, userinfo, and query, and fragment
@@ -969,8 +973,9 @@ This excludes the B<-server> and B<-port> options.
=item B<-port> I<number> =item B<-port> I<number>
Act as HTTP-based CMP server mock-up listening on the given port. Act as HTTP-based CMP server mock-up listening on the given local port.
This excludes the B<-server> and B<-use_mock_srv> options. The client may address the server via, e.g., C<127.0.0.1> or C<[::1]>.
This option excludes the B<-server> and B<-use_mock_srv> options.
The B<-rspin>, B<-rspout>, B<-reqin>, and B<-reqout> options The B<-rspin>, B<-rspout>, B<-reqin>, and B<-reqout> options
so far are not supported in this mode. so far are not supported in this mode.
+7 -2
View File
@@ -191,6 +191,10 @@ to the output file.
Verify signed data. Expects a signed data on input and outputs Verify signed data. Expects a signed data on input and outputs
the signed data. Both clear text and opaque signing is supported. the signed data. Both clear text and opaque signing is supported.
By default, validation of signer certificates and their chain
is done w.r.t. the S/MIME signing (C<smimesign>) purpose.
For details see L<openssl-verification-options(1)/Certificate Extensions>.
=item B<-resign> =item B<-resign>
Resign a message: take an existing message and one or more new signers. Resign a message: take an existing message and one or more new signers.
@@ -374,7 +378,8 @@ See L<openssl-format-options(1)> for details.
=item B<-originator> I<file> =item B<-originator> I<file>
A certificate of the originator of the encrypted message. Necessary for A certificate of the originator of the encrypted message. Necessary for
decryption when Key Agreement is in use for a shared key. decryption when Key Agreement is in use for a shared key. Currently, not
allowed for encryption.
=item B<-recip> I<file> =item B<-recip> I<file>
@@ -902,7 +907,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy
+4
View File
@@ -239,6 +239,10 @@ L<fips_config(5)>,
L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-FIPS(7)>,
L<EVP_MAC(3)> L<EVP_MAC(3)>
=head1 HISTORY
The B<openssl-fipsinstall> application was added in OpenSSL 3.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+19 -11
View File
@@ -30,8 +30,8 @@ B<openssl> B<ocsp>
[B<-respin> I<file>] [B<-respin> I<file>]
[B<-url> I<URL>] [B<-url> I<URL>]
[B<-host> I<host>:I<port>] [B<-host> I<host>:I<port>]
[B<-path>] [B<-path> I<pathname>]
[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>] [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>]
[B<-no_proxy> I<addresses>] [B<-no_proxy> I<addresses>]
[B<-header>] [B<-header>]
[B<-timeout> I<seconds>] [B<-timeout> I<seconds>]
@@ -160,24 +160,32 @@ with B<-serial>, B<-cert> and B<-host> options).
=item B<-url> I<responder_url> =item B<-url> I<responder_url>
Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified. Specify the responder host and optionally port and path via a URL.
Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
The optional userinfo and fragment components are ignored. The optional userinfo and fragment components are ignored.
Any given query component is handled as part of the path component. Any given query component is handled as part of the path component.
For details, see the B<-host> and B<-path> options described next.
=item B<-host> I<hostname>:I<port>, B<-path> I<pathname> =item B<-host> I<host>:I<port>, B<-path> I<pathname>
If the B<-host> option is present then the OCSP request is sent to the host If the B<-host> option is present then the OCSP request is sent to the host
I<hostname> on port I<port>. The B<-path> option specifies the HTTP pathname I<host> on port I<port>.
to use or "/" by default. This is equivalent to specifying B<-url> with scheme The I<host> may be a domain name or an IP (v4 or v6) address,
http:// and the given hostname, port, and pathname. such as C<127.0.0.1> or C<[::1]> for localhost.
If it is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]> The B<-path> option specifies the HTTP pathname to use or "/" by default.
This is equivalent to specifying B<-url> with scheme
http:// and the given I<host>, I<port>, and optional I<pathname>.
=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy> The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
applies, see below. applies, see below.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
the optional C<http://> or C<https://> prefix is ignored, the optional C<http://> or C<https://> prefix is ignored,
as well as any userinfo and path components. as well as any userinfo, path, query, and fragment components.
Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY> Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>. in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
@@ -369,8 +377,8 @@ subject name.
=item B<-port> I<portnum> =item B<-port> I<portnum>
Port to listen for OCSP requests on. The port may also be specified Port to listen for OCSP requests on. Both IPv4 and IPv6 are possible.
using the B<url> option. The port may also be specified using the B<-url> option.
A C<0> argument indicates that any available port shall be chosen automatically. A C<0> argument indicates that any available port shall be chosen automatically.
=item B<-ignore_err> =item B<-ignore_err>
+55 -22
View File
@@ -44,6 +44,8 @@ B<openssl> B<pkeyutl>
This command can be used to perform low-level public key This command can be used to perform low-level public key
operations using any supported algorithm. operations using any supported algorithm.
By default the signing operation (see B<-sign> option) is assumed.
=head1 OPTIONS =head1 OPTIONS
=over 4 =over 4
@@ -59,20 +61,29 @@ if this option is not specified.
=item B<-rawin> =item B<-rawin>
This indicates that the input data is raw data, which is not hashed by any This indicates that the signature or verification input data is raw data,
message digest algorithm. The user can specify a digest algorithm by using which is not hashed by any message digest algorithm.
the B<-digest> option. This option can only be used with B<-sign> and Except with EdDSA,
B<-verify> and must be used with the Ed25519 and Ed448 algorithms. the user can specify a digest algorithm by using the B<-digest> option.
For signature algorithms like RSA, DSA and ECDSA,
the default digest algorithm is SHA-256. For SM2, it is SM3.
This option can only be used with B<-sign> and B<-verify>.
For EdDSA (the Ed25519 and Ed448 algorithms) this option is required.
=item B<-digest> I<algorithm> =item B<-digest> I<algorithm>
This specifies the digest algorithm which is used to hash the input data before This option can only be used with B<-sign> and B<-verify>.
signing or verifying it with the input key. This option could be omitted if the It specifies the digest algorithm that is used to hash the input data
signature algorithm does not require one (for instance, EdDSA). If this option before signing or verifying it with the input key. This option could be omitted
is omitted but the signature algorithm requires one, a default value will be if the signature algorithm does not require preprocessing the input through
used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the a pluggable hash function before signing (for instance, EdDSA). If this option
default digest algorithm. For SM2, it will be SM3. If this option is present, is omitted but the signature algorithm requires one and the B<-rawin> option
then the B<-rawin> option must be also specified. is given, a default value will be used (see B<-rawin> for details).
If this option is present, then the B<-rawin> option is required.
At this time, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported,
so the B<-digest> option cannot be used with EdDSA.
=item B<-out> I<filename> =item B<-out> I<filename>
@@ -81,7 +92,7 @@ default.
=item B<-sigfile> I<file> =item B<-sigfile> I<file>
Signature file, required for B<-verify> operations only Signature file, required and allowed for B<-verify> operations only
=item B<-inkey> I<filename>|I<uri> =item B<-inkey> I<filename>|I<uri>
@@ -117,21 +128,42 @@ The input is a certificate containing a public key.
=item B<-rev> =item B<-rev>
Reverse the order of the input buffer. This is useful for some libraries Reverse the order of the input buffer. This is useful for some libraries
(such as CryptoAPI) which represent the buffer in little endian format. (such as CryptoAPI) which represent the buffer in little-endian format.
This cannot be used in conjunction with B<-rawin>.
=item B<-sign> =item B<-sign>
Sign the input data (which must be a hash) and output the signed result. This Sign the input data and output the signed result. This requires a private key.
requires a private key. Using a message digest operation along with this is recommended,
when applicable, see the B<-rawin> and B<-digest> options for details.
Otherwise, the input data given with the B<-in> option is assumed to already
be a digest, but this may then require an additional B<-pkeyopt> C<digest:>I<md>
in some cases (e.g., RSA with the default PKCS#1 padding mode).
Even for other algorithms like ECDSA, where the additional B<-pkeyopt> option
does not affect signature output, it is recommended, as it enables
checking that the input length is consistent with the intended digest.
=item B<-verify> =item B<-verify>
Verify the input data (which must be a hash) against the signature file and Verify the input data against the signature given with the B<-sigfile> option
indicate if the verification succeeded or failed. and indicate if the verification succeeded or failed.
The input data given with the B<-in> option is assumed to be a hash value
unless the B<-rawin> option is specified or implied.
With raw data, when a digest algorithm is applicable, though it may be inferred
from the signature or take a default value, it should also be specified.
=item B<-verifyrecover> =item B<-verifyrecover>
Verify the input data (which must be a hash) and output the recovered data. Verify the given signature and output the recovered data (signature payload).
For example, in case of RSA PKCS#1 the recovered data is the B<EMSA-PKCS-v1_5>
DER encoding of the digest algorithm OID and value as specified in
L<RFC8017 Section 9.2|https://datatracker.ietf.org/doc/html/rfc8017#section-9.2>.
Note that here the input given with the B<-in> option is not a signature input
(as with the B<-sign> and B<-verify> options) but a signature output value,
typically produced using the B<-sign> option.
This option is available only for use with RSA keys.
=item B<-encrypt> =item B<-encrypt>
@@ -175,8 +207,9 @@ hex dump the output data.
=item B<-asn1parse> =item B<-asn1parse>
Parse the ASN.1 output data, this is useful when combined with the Parse the ASN.1 output data to check its DER encoding and print any errors.
B<-verifyrecover> option when an ASN1 structure is signed. When combined with the B<-verifyrecover> option, this may be useful only in case
an ASN.1 DER-encoded structure had been signed directly (without hashing it).
{- $OpenSSL::safe::opt_engine_item -} {- $OpenSSL::safe::opt_engine_item -}
@@ -200,8 +233,8 @@ engine I<id> for crypto operations.
The operations and options supported vary according to the key algorithm The operations and options supported vary according to the key algorithm
and its implementation. The OpenSSL operations and options are indicated below. and its implementation. The OpenSSL operations and options are indicated below.
Unless otherwise mentioned all algorithms support the B<digest:>I<alg> option Unless otherwise mentioned, all algorithms support the B<digest:>I<alg> option,
which specifies the digest in use for sign, verify and verifyrecover operations. which specifies the digest in use for the signing and verification operations.
The value I<alg> should represent a digest name as used in the The value I<alg> should represent a digest name as used in the
EVP_get_digestbyname() function for example B<sha1>. This value is not used to EVP_get_digestbyname() function for example B<sha1>. This value is not used to
hash the input data. It is used (by some algorithms) for sanity-checking the hash the input data. It is used (by some algorithms) for sanity-checking the
+2 -2
View File
@@ -638,7 +638,7 @@ Sample configuration file prompting for field values:
attributes = req_attributes attributes = req_attributes
req_extensions = v3_ca req_extensions = v3_ca
dirstring_type = nobmp dirstring_type = nombstr
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)
@@ -778,7 +778,7 @@ The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy
+67 -10
View File
@@ -10,11 +10,11 @@ openssl-s_client - SSL/TLS client program
B<openssl> B<s_client> B<openssl> B<s_client>
[B<-help>] [B<-help>]
[B<-ssl_config> I<section>] [B<-ssl_config> I<section>]
[B<-connect> I<host:port>] [B<-connect> I<host>:I<port>]
[B<-host> I<hostname>] [B<-host> I<hostname>]
[B<-port> I<port>] [B<-port> I<port>]
[B<-bind> I<host:port>] [B<-bind> I<host>:I<port>]
[B<-proxy> I<host:port>] [B<-proxy> I<host>:I<port>]
[B<-proxy_user> I<userid>] [B<-proxy_user> I<userid>]
[B<-proxy_pass> I<arg>] [B<-proxy_pass> I<arg>]
[B<-unix> I<path>] [B<-unix> I<path>]
@@ -157,6 +157,7 @@ This specifies the host and optional port to connect to. It is possible to
select the host and port using the optional target positional argument instead. select the host and port using the optional target positional argument instead.
If neither this nor the target positional argument are specified then an attempt If neither this nor the target positional argument are specified then an attempt
is made to connect to the local host on port 4433. is made to connect to the local host on port 4433.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-host> I<hostname> =item B<-host> I<hostname>
@@ -166,17 +167,19 @@ Host to connect to; use B<-connect> instead.
Connect to the specified port; use B<-connect> instead. Connect to the specified port; use B<-connect> instead.
=item B<-bind> I<host:port> =item B<-bind> I<host>:I<port>
This specifies the host address and or port to bind as the source for the This specifies the host address and or port to bind as the source for the
connection. For Unix-domain sockets the port is ignored and the host is connection. For Unix-domain sockets the port is ignored and the host is
used as the source socket address. used as the source socket address.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-proxy> I<host:port> =item B<-proxy> I<host>:I<port>
When used with the B<-connect> flag, the program uses the host and port When used with the B<-connect> flag, the program uses the host and port
specified with this flag and issues an HTTP CONNECT command to connect specified with this flag and issues an HTTP CONNECT command to connect
to the desired server. to the desired server.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-proxy_user> I<userid> =item B<-proxy_user> I<userid>
@@ -260,7 +263,9 @@ See L<openssl-format-options(1)> for details.
=item B<-crl_download> =item B<-crl_download>
Download CRL from distribution points in the certificate. Download CRL from distribution points in the certificate. Note that this option
is ignored if B<-crl_check> option is not provided. Note that the maximum size
of CRL is limited by L<X509_CRL_load_http(3)> function.
=item B<-key> I<filename>|I<uri> =item B<-key> I<filename>|I<uri>
@@ -282,14 +287,20 @@ see L<openssl-passphrase-options(1)>.
The verify depth to use. This specifies the maximum length of the The verify depth to use. This specifies the maximum length of the
server certificate chain and turns on server certificate verification. server certificate chain and turns on server certificate verification.
Currently the verify operation continues after errors so all the problems Unless the B<-verify_return_error> option is given,
the verify operation continues after errors so all the problems
with a certificate chain can be seen. As a side effect the connection with a certificate chain can be seen. As a side effect the connection
will never fail due to a server certificate verify failure. will never fail due to a server certificate verify failure.
By default, validation of server certificates and their chain
is done w.r.t. the (D)TLS Server (C<sslserver>) purpose.
For details see L<openssl-verification-options(1)/Certificate Extensions>.
=item B<-verify_return_error> =item B<-verify_return_error>
Return verification errors instead of continuing. This will typically Turns on server certificate verification, like with B<-verify>,
abort the handshake with a fatal error. but returns verification errors instead of continuing.
This will typically abort the handshake with a fatal error.
=item B<-verify_quiet> =item B<-verify_quiet>
@@ -799,10 +810,11 @@ proceed unless the B<-verify_return_error> option is used.
=item I<host>:I<port> =item I<host>:I<port>
Rather than providing B<-connect>, the target hostname and optional port may Rather than providing B<-connect>, the target host and optional port may
be provided as a single positional argument after all options. If neither this be provided as a single positional argument after all options. If neither this
nor B<-connect> are provided, falls back to attempting to connect to nor B<-connect> are provided, falls back to attempting to connect to
I<localhost> on port I<4433>. I<localhost> on port I<4433>.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=back =back
@@ -881,6 +893,51 @@ option: any verify errors are then returned aborting the handshake.
The B<-bind> option may be useful if the server or a firewall requires The B<-bind> option may be useful if the server or a firewall requires
connections to come from some particular address and or port. connections to come from some particular address and or port.
=head2 Note on Non-Interactive Use
When B<s_client> is run in a non-interactive environment (e.g., a cron job or
a script without a valid I<stdin>), it may close the connection prematurely,
especially with TLS 1.3. To prevent this, you can use the B<-ign_eof> flag,
which keeps B<s_client> running even after reaching EOF from I<stdin>.
For example:
openssl s_client -connect <server address>:443 -tls1_3
-sess_out /path/to/tls_session_params_file
-ign_eof </dev/null
However, relying solely on B<-ign_eof> can lead to issues if the server keeps
the connection open, expecting the client to close first. In such cases, the
client may hang indefinitely. This behavior is not uncommon, particularly with
protocols where the server waits for a graceful disconnect from the client.
For example, when connecting to an SMTP server, the session may pause if the
server expects a QUIT command before closing:
$ openssl s_client -brief -ign_eof -starttls smtp
-connect <server address>:25 </dev/null
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
...
250 CHUNKING
[long pause]
To avoid such hangs, it's better to use an application-level command to
initiate a clean disconnect. For SMTP, you can send a QUIT command:
printf 'QUIT\r\n' | openssl s_client -connect <server address>:25
-starttls smtp -brief -ign_eof
Similarly, for HTTP/1.1 connections, including a `Connection: close` header
ensures the server closes the connection after responding:
printf 'GET / HTTP/1.1\r\nHost: <server address>\r\nConnection: close\r\n\r\n'
| openssl s_client -connect <server address>:443 -brief
These approaches help manage the connection closure gracefully and prevent
hangs caused by the server waiting for the client to initiate the disconnect.
=head1 BUGS =head1 BUGS
Because this program has a lot of options and also because some of the Because this program has a lot of options and also because some of the
+8 -3
View File
@@ -74,7 +74,7 @@ B<openssl> B<s_server>
[B<-status>] [B<-status>]
[B<-status_verbose>] [B<-status_verbose>]
[B<-status_timeout> I<int>] [B<-status_timeout> I<int>]
[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]>] [B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>]
[B<-no_proxy> I<addresses>] [B<-no_proxy> I<addresses>]
[B<-status_url> I<val>] [B<-status_url> I<val>]
[B<-status_file> I<infile>] [B<-status_file> I<infile>]
@@ -202,6 +202,10 @@ must supply a certificate or an error occurs.
If the cipher suite cannot request a client certificate (for example an If the cipher suite cannot request a client certificate (for example an
anonymous cipher suite or PSK) this option has no effect. anonymous cipher suite or PSK) this option has no effect.
By default, validation of any supplied client certificate and its chain
is done w.r.t. the (D)TLS Client (C<sslclient>) purpose.
For details see L<openssl-verification-options(1)/Certificate Extensions>.
=item B<-cert> I<infile> =item B<-cert> I<infile>
The certificate to use, most servers cipher suites require the use of a The certificate to use, most servers cipher suites require the use of a
@@ -504,13 +508,14 @@ a verbose printout of the OCSP response.
Sets the timeout for OCSP response to I<int> seconds. Sets the timeout for OCSP response to I<int> seconds.
=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path]> =item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy> The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
applies, see below. applies, see below.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
the optional C<http://> or C<https://> prefix is ignored, the optional C<http://> or C<https://> prefix is ignored,
as well as any userinfo and path components. as well as any userinfo, path, query, and fragment components.
Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY> Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>. in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
+1
View File
@@ -50,6 +50,7 @@ Print out a usage message.
=item B<-connect> I<host>:I<port> =item B<-connect> I<host>:I<port>
This specifies the host and optional port to connect to. This specifies the host and optional port to connect to.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-www> I<page> =item B<-www> I<page>
+2 -2
View File
@@ -394,9 +394,9 @@ Verify a message and extract the signer's certificate if successful:
Send encrypted mail using triple DES: Send encrypted mail using triple DES:
openssl smime -encrypt -in in.txt -from steve@openssl.org \ openssl smime -encrypt -in in.txt -out mail.msg -from steve@openssl.org \
-to someone@somewhere -subject "Encrypted message" \ -to someone@somewhere -subject "Encrypted message" \
-des3 user.pem -out mail.msg -des3 user.pem
Sign and encrypt mail: Sign and encrypt mail:
+2
View File
@@ -584,10 +584,12 @@ To verify a timestamp reply that includes the certificate chain:
-CAfile cacert.pem -CAfile cacert.pem
To verify a timestamp token against the original data file: To verify a timestamp token against the original data file:
openssl ts -verify -data design2.txt -in design2.tsr \ openssl ts -verify -data design2.txt -in design2.tsr \
-CAfile cacert.pem -CAfile cacert.pem
To verify a timestamp token against a message imprint: To verify a timestamp token against a message imprint:
openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \ openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-in design2.tsr -CAfile cacert.pem -in design2.tsr -CAfile cacert.pem
+114 -78
View File
@@ -24,8 +24,9 @@ The most important of them are detailed in the following sections.
In a nutshell, a valid chain of certificates needs to be built up and verified In a nutshell, a valid chain of certificates needs to be built up and verified
starting from the I<target certificate> that is to be verified starting from the I<target certificate> that is to be verified
and ending in a certificate that due to some policy is trusted. and ending in a certificate that due to some policy is trusted.
Verification is done relative to the given I<purpose>, which is the intended use Certificate validation can be performed in the context of a I<purpose>, which
of the target certificate, such as SSL server, or by default for any purpose. is a high-level specification of the intended use of the target certificate,
such as C<sslserver> for TLS servers, or (by default) for any purpose.
The details of how each OpenSSL command handles errors The details of how each OpenSSL command handles errors
are documented on the specific command page. are documented on the specific command page.
@@ -150,16 +151,17 @@ the chain components and their links are checked thoroughly.
The first step is to check that each certificate is well-formed. The first step is to check that each certificate is well-formed.
Part of these checks are enabled only if the B<-x509_strict> option is given. Part of these checks are enabled only if the B<-x509_strict> option is given.
The second step is to check the extensions of every untrusted certificate The second step is to check the X.509v3 extensions of every certificate
for consistency with the supplied purpose. for consistency with the intended specific purpose, if any.
If the B<-purpose> option is not given then no such checks are done If the B<-purpose> option is not given then no such checks are done except for
except for SSL/TLS connection setup, CMS signature checking, where by default C<smimesign> is checked, and SSL/(D)TLS
where by default C<sslserver> or C<sslclient>, are checked. connection setup, where by default C<sslserver> or C<sslclient> are checked.
The target or "leaf" certificate, as well as any other untrusted certificates, The X.509v3 extensions of the target or "leaf" certificate
must have extensions compatible with the specified purpose. must be compatible with the specified purpose.
All certificates except the target or "leaf" must also be valid CA certificates. All other certificates down the chain are checked to be valid CA certificates,
The precise extensions required are described in more detail in and possibly also further non-standard checks are performed.
L<openssl-x509(1)/CERTIFICATE EXTENSIONS>. The precise extensions required are described in detail
in the L</Certificate Extensions> section below.
The third step is to check the trust settings on the last certificate The third step is to check the trust settings on the last certificate
(which typically is a self-signed root CA certificate). (which typically is a self-signed root CA certificate).
@@ -455,13 +457,16 @@ Set policy variable inhibit-policy-mapping (see RFC5280).
=item B<-purpose> I<purpose> =item B<-purpose> I<purpose>
The intended use for the certificate. A high-level specification of the intended use of the target certificate.
Currently defined purposes are C<sslclient>, C<sslserver>, C<nssslserver>, Currently predefined purposes are C<sslclient>, C<sslserver>, C<nssslserver>,
C<smimesign>, C<smimeencrypt>, C<crlsign>, C<ocsphelper>, C<timestampsign>, C<smimesign>, C<smimeencrypt>, C<crlsign>, C<ocsphelper>, C<timestampsign>,
and C<any>. and C<any>.
If peer certificate verification is enabled, by default the TLS implementation If peer certificate verification is enabled, by default the TLS implementation
as well as the commands B<s_client> and B<s_server> check for consistency and thus the commands L<openssl-s_client(1)> and L<openssl-s_server(1)>
with TLS server or TLS client use, respectively. check for consistency with
TLS server (C<sslserver>) or TLS client use (C<sslclient>), respectively.
By default, CMS signature validation, which can be done via L<openssl-cms(1)>,
checks for consistency with S/MIME signing use (C<smimesign>).
While IETF RFC 5280 says that B<id-kp-serverAuth> and B<id-kp-clientAuth> While IETF RFC 5280 says that B<id-kp-serverAuth> and B<id-kp-clientAuth>
are only for WWW use, in practice they are used for all kinds of TLS clients are only for WWW use, in practice they are used for all kinds of TLS clients
@@ -491,19 +496,20 @@ the subject certificate.
=item B<-verify_name> I<name> =item B<-verify_name> I<name>
Use default verification policies like trust model and required certificate Use a set of verification parameters, also known as verification method,
policies identified by I<name>. identified by I<name>. The currently predefined methods are named C<ssl_client>,
C<ssl_server>, C<smime_sign> with alias C<pkcs7>, and C<default>.
These mimic the combinations of purpose and trust settings used in SSL/(D)TLS,
and CMS/PKCS7 (including S/MIME).
The verification parameters include the trust model, various flags that can
partly be set also via other command-line options, and the verification purpose,
which in turn implies certificate key usage and extended key usage requirements.
The trust model determines which auxiliary trust or reject OIDs are applicable The trust model determines which auxiliary trust or reject OIDs are applicable
to verifying the given certificate chain. to verifying the given certificate chain.
They can be given using the B<-addtrust> and B<-addreject> options They can be given using the B<-addtrust> and B<-addreject> options
for L<openssl-x509(1)>. for L<openssl-x509(1)>.
Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>,
B<ssl_client>, B<ssl_server>.
These mimics the combinations of purpose and trust settings used in SSL, CMS
and S/MIME.
As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not
specified, so the B<-verify_name> options are functionally equivalent to the
corresponding B<-purpose> settings.
=back =back
@@ -548,9 +554,8 @@ This option has no effect and is retained for backward compatibility only.
=head2 Certificate Extensions =head2 Certificate Extensions
Options like B<-purpose> lead to checking the certificate extensions, Options like B<-purpose> and B<-verify_name> trigger the processing of specific
which determine what the target certificate and intermediate CA certificates certificate extensions, which determine what certificates can be used for.
can be used for.
=head3 Basic Constraints =head3 Basic Constraints
@@ -574,87 +579,117 @@ keyCertSign bit set if the keyUsage extension is present.
=head3 Extended Key Usage =head3 Extended Key Usage
The extKeyUsage (EKU) extension places additional restrictions on the The extKeyUsage (EKU) extension places additional restrictions on
certificate uses. If this extension is present (whether critical or not) certificate use. If this extension is present (whether critical or not)
the key can only be used for the purposes specified. in an end-entity certficiate, the key is allowed only for the uses specified,
while the special EKU B<anyExtendedKeyUsage> allows for all uses.
A complete description of each check is given below. The comments about Note that according to RFC 5280 section 4.2.1.12,
the Extended Key Usage extension will appear only in end-entity certificates,
and consequently the standard certification path validation described
in its section 6 does not include EKU checks for CA certificates.
The CA/Browser Forum requires for TLS server, S/MIME, and code signing use
the presence of respective EKUs in subordinate CA certificates (while excluding
them for root CA certificates), while taking over from RFC 5280
the certificate validity concept and certificate path validation.
For historic reasons, OpenSSL has its own way of interpreting and checking
EKU extensions on CA certificates, which may change in the future.
It does not require the presence of EKU extensions in CA certificates,
but in case the verification purpose is
C<sslclient>, C<nssslserver>, C<sslserver>, C<smimesign>, or C<smimeencrypt>,
it checks that any present EKU extension (that does not contain
B<anyExtendedKeyUsage>) contains the respective EKU as detailed below.
Moreover, it does these checks even for trust anchor certificates.
=head3 Checks Implied by Specific Predefined Policies
A specific description of each check is given below. The comments about
basicConstraints and keyUsage and X.509v1 certificates above apply to B<all> basicConstraints and keyUsage and X.509v1 certificates above apply to B<all>
CA certificates. CA certificates.
=over 4 =over 4
=item B<SSL Client> =item B<(D)TLS Client> (C<sslclient>)
The extended key usage extension must be absent or include the "web client Any given extended key usage extension must allow for C<clientAuth>
authentication" OID. The keyUsage extension must be absent or it must have the ("TLS WWW client authentication").
digitalSignature bit set. The Netscape certificate type must be absent
or it must have the SSL client bit set.
=item B<SSL Client CA> For target certificates,
the key usage must allow for C<digitalSignature> and/or C<keyAgreement>.
The Netscape certificate type must be absent or have the SSL client bit set.
The extended key usage extension must be absent or include the "web client For all other certificates the normal CA checks apply. In addition,
authentication" OID. the Netscape certificate type must be absent or have the SSL CA bit set.
The Netscape certificate type must be absent or it must have the SSL CA bit set. This is used as a workaround if the basicConstraints extension is absent.
This is used as a work around if the basicConstraints extension is absent.
=item B<SSL Server> =item B<(D)TLS Server> (C<sslserver>)
The extended key usage extension must be absent or include the "web server Any given extended key usage extension must allow for C<serverAuth>
authentication" and/or one of the SGC OIDs. The keyUsage extension must be ("TLS WWW server authentication") and/or include one of the SGC OIDs.
absent or it
must have the digitalSignature, the keyEncipherment set or both bits set. For target certificates, the key usage must
allow for C<digitalSignature>, C<keyEncipherment>, and/or C<keyAgreement>.
The Netscape certificate type must be absent or have the SSL server bit set. The Netscape certificate type must be absent or have the SSL server bit set.
=item B<SSL Server CA> For all other certificates the normal CA checks apply. In addition,
the Netscape certificate type must be absent or have the SSL CA bit set.
This is used as a workaround if the basicConstraints extension is absent.
The extended key usage extension must be absent or include the "web server =item B<Netscape SSL Server> (C<nssslserver>)
authentication" and/or one of the SGC OIDs. The Netscape certificate type must
be absent or the SSL CA bit must be set.
This is used as a work around if the basicConstraints extension is absent.
=item B<Netscape SSL Server> In addition to what has been described for B<sslserver>, for a Netscape
SSL client to connect to an SSL server, its EE certficate must have the
For Netscape SSL clients to connect to an SSL server it must have the B<keyEncipherment> bit set if the keyUsage extension is present. This isn't
keyEncipherment bit set if the keyUsage extension is present. This isn't
always valid because some cipher suites use the key for digital signing. always valid because some cipher suites use the key for digital signing.
Otherwise it is the same as a normal SSL server. Otherwise it is the same as a normal SSL server.
=item B<Common S/MIME Client Tests> =item B<Common S/MIME Checks>
The extended key usage extension must be absent or include the "email Any given extended key usage extension must allow for C<emailProtection>.
protection" OID. The Netscape certificate type must be absent or should have the
S/MIME bit set. If the S/MIME bit is not set in the Netscape certificate type For target certificates,
the Netscape certificate type must be absent or should have the S/MIME bit set.
If the S/MIME bit is not set in the Netscape certificate type
then the SSL client bit is tolerated as an alternative but a warning is shown. then the SSL client bit is tolerated as an alternative but a warning is shown.
This is because some Verisign certificates don't set the S/MIME bit. This is because some Verisign certificates don't set the S/MIME bit.
=item B<S/MIME Signing> For all other certificates the normal CA checks apply. In addition,
the Netscape certificate type must be absent or have the S/MIME CA bit set.
This is used as a workaround if the basicConstraints extension is absent.
In addition to the common S/MIME client tests the digitalSignature bit or =item B<S/MIME Signing> (C<smimesign>)
the nonRepudiation bit must be set if the keyUsage extension is present.
=item B<S/MIME Encryption> In addition to the common S/MIME checks, for target certficiates
the key usage must allow for C<digitalSignature> and/or B<nonRepudiation>.
In addition to the common S/MIME tests the keyEncipherment bit must be set =item B<S/MIME Encryption> (C<smimeencrypt>)
if the keyUsage extension is present.
=item B<S/MIME CA> In addition to the common S/MIME checks, for target certficiates
the key usage must allow for C<keyEncipherment>.
The extended key usage extension must be absent or include the "email =item B<CRL Signing> (C<crlsign>)
protection" OID. The Netscape certificate type must be absent or must have the
S/MIME CA bit set.
This is used as a work around if the basicConstraints extension is absent.
=item B<CRL Signing> For target certificates, the key usage must allow for C<cRLSign>.
The keyUsage extension must be absent or it must have the CRL signing bit For all other certifcates the normal CA checks apply.
set. Except in this case the basicConstraints extension must be present.
=item B<CRL Signing CA> =item B<OCSP Helper> (C<ocsphelper>)
The normal CA tests apply. Except in this case the basicConstraints extension For target certificates, no checks are performed at this stage,
must be present. but special checks apply; see L<OCSP_basic_verify(3)>.
For all other certifcates the normal CA checks apply.
=item B<Timestamp Signing> (C<timestampsign>)
For target certificates, if the key usage extension is present, it must include
C<digitalSignature> and/or C<nonRepudiation> and must not include other bits.
The EKU extension must be present and contain C<timeStamping> only.
Moreover, it must be marked as critical.
For all other certifcates the normal CA checks apply.
=back =back
@@ -671,6 +706,7 @@ only the first one (in the mentioned order of locations) is recognised.
=head1 SEE ALSO =head1 SEE ALSO
L<X509_verify_cert(3)>, L<X509_verify_cert(3)>,
L<OCSP_basic_verify(3)>,
L<openssl-verify(1)>, L<openssl-verify(1)>,
L<openssl-ocsp(1)>, L<openssl-ocsp(1)>,
L<openssl-ts(1)>, L<openssl-ts(1)>,
+9 -98
View File
@@ -653,111 +653,22 @@ See L<property(7)> for a more detailed description.
=head1 ENVIRONMENT =head1 ENVIRONMENT
The OpenSSL library can be take some configuration parameters from the The OpenSSL libraries can take some configuration parameters from the
environment. Some of these variables are listed below. For information environment.
about specific commands, see L<openssl-engine(1)>,
L<openssl-rehash(1)>, and L<tsget(1)>. For information about all environment variables used by the OpenSSL libraries,
such as B<OPENSSL_CONF>, B<OPENSSL_MODULES>, and B<OPENSSL_TRACE>,
see L<openssl-env(7)>.
For information about the use of environment variables in configuration, For information about the use of environment variables in configuration,
see L<config(5)/ENVIRONMENT>. see L<config(5)/ENVIRONMENT>.
For information about specific commands, see L<openssl-engine(1)>,
L<openssl-rehash(1)>, and L<tsget(1)>.
For information about querying or specifying CPU architecture flags, see For information about querying or specifying CPU architecture flags, see
L<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>. L<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>.
For information about all environment variables used by the OpenSSL libraries,
see L<openssl-env(7)>.
=over 4
=item B<OPENSSL_TRACE=>I<name>[,...]
Enable tracing output of OpenSSL library, by name.
This output will only make sense if you know OpenSSL internals well.
Also, it might not give you any output at all, depending on how
OpenSSL was built.
The value is a comma separated list of names, with the following
available:
=over 4
=item B<TRACE>
Traces the OpenSSL trace API itself.
=item B<INIT>
Traces OpenSSL library initialization and cleanup.
=item B<TLS>
Traces the TLS/SSL protocol.
=item B<TLS_CIPHER>
Traces the ciphers used by the TLS/SSL protocol.
=item B<CONF>
Show details about provider and engine configuration.
=item B<ENGINE_TABLE>
The function that is used by RSA, DSA (etc) code to select registered
ENGINEs, cache defaults and functional references (etc), will generate
debugging summaries.
=item B<ENGINE_REF_COUNT>
Reference counts in the ENGINE structure will be monitored with a line
of generated for each change.
=item B<PKCS5V2>
Traces PKCS#5 v2 key generation.
=item B<PKCS12_KEYGEN>
Traces PKCS#12 key generation.
=item B<PKCS12_DECRYPT>
Traces PKCS#12 decryption.
=item B<X509V3_POLICY>
Generates the complete policy tree at various points during X.509 v3
policy evaluation.
=item B<BN_CTX>
Traces BIGNUM context operations.
=item B<CMP>
Traces CMP client and server activity.
=item B<STORE>
Traces STORE operations.
=item B<DECODER>
Traces decoder operations.
=item B<ENCODER>
Traces encoder operations.
=item B<REF_COUNT>
Traces decrementing certain ASN.1 structure references.
=back
=back
=head1 SEE ALSO
L<openssl-asn1parse(1)>, L<openssl-asn1parse(1)>,
L<openssl-ca(1)>, L<openssl-ca(1)>,
+7 -3
View File
@@ -102,8 +102,8 @@ functions check the syntax of the time structure I<s>.
The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() The ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print()
functions print the time structure I<s> to BIO I<b> in human readable functions print the time structure I<s> to BIO I<b> in human readable
format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example format. It will be of the format MMM DD HH:MM:SS[.s*] YYYY GMT, for example
"Feb 3 00:55:52 2015 GMT", which does not include a newline. "Feb E<32>3 00:55:52 2015 GMT", which does not include a newline.
If the time structure has invalid format it prints out "Bad time value" and If the time structure has invalid format it prints out "Bad time value" and
returns an error. The output for generalized time may include a fractional part returns an error. The output for generalized time may include a fractional part
following the second. following the second.
@@ -179,6 +179,10 @@ starting with B<ASN1_UTCTIME> and B<ASN1_GENERALIZEDTIME> act only on that
specific time format. The functions starting with B<ASN1_TIME> will operate on specific time format. The functions starting with B<ASN1_TIME> will operate on
either format. either format.
Users familiar with RFC822 should note that when specifying the flag
B<ASN1_DTFLGS_RFC822> the year will be formatted as documented above,
i.e., using 4 digits, not 2 as specified in RFC822.
=head1 BUGS =head1 BUGS
ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() do ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() do
@@ -272,7 +276,7 @@ The ASN1_TIME_compare() function was added in OpenSSL 1.1.1.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy
+3 -3
View File
@@ -87,7 +87,7 @@ found for the purposes of reference counting.
=item I<asn1_cb> =item I<asn1_cb>
A callback that will be invoked at various points during the processing of A callback that will be invoked at various points during the processing of
the the B<ASN1_VALLUE>. See below for further details. the B<ASN1_VALUE>. See below for further details.
=item I<enc_offset> =item I<enc_offset>
@@ -97,7 +97,7 @@ will be saved if the B<ASN1_AFLG_ENCODING> flag has been set.
=item I<asn1_const_cb> =item I<asn1_const_cb>
A callback that will be invoked at various points during the processing of A callback that will be invoked at various points during the processing of
the the B<ASN1_VALLUE>. This is used in preference to the I<asn1_cb> callback if the B<ASN1_VALUE>. This is used in preference to the I<asn1_cb> callback if
the B<ASN1_AFLG_CONST_CB> flag is set. See below for further details. the B<ASN1_AFLG_CONST_CB> flag is set. See below for further details.
=back =back
@@ -274,7 +274,7 @@ B<ASN1_OP_GET0_PROPQ> operation types were added in OpenSSL 3.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy
+3 -3
View File
@@ -169,16 +169,16 @@ BIO_set_bind_mode(), BIO_get_bind_mode() and BIO_do_accept() are macros.
BIO_do_accept(), BIO_do_accept(),
BIO_set_accept_name(), BIO_set_accept_port(), BIO_set_nbio_accept(), BIO_set_accept_name(), BIO_set_accept_port(), BIO_set_nbio_accept(),
BIO_set_accept_bios(), BIO_set_accept_ip_family(), and BIO_set_bind_mode() BIO_set_accept_bios(), BIO_set_accept_ip_family(), and BIO_set_bind_mode()
return 1 for success and <=0 for failure. return 1 for success and <= 0 for failure.
BIO_get_accept_name() returns the accept name or NULL on error. BIO_get_accept_name() returns the accept name or NULL on error.
BIO_get_peer_name() returns the peer name or NULL on error. BIO_get_peer_name() returns the peer name or NULL on error.
BIO_get_accept_port() returns the accept port as a string or NULL on error. BIO_get_accept_port() returns the accept port as a string or NULL on error.
BIO_get_peer_port() returns the peer port as a string or NULL on error. BIO_get_peer_port() returns the peer port as a string or NULL on error.
BIO_get_accept_ip_family() returns the IP family or <=0 on error. BIO_get_accept_ip_family() returns the IP family or <= 0 on error.
BIO_get_bind_mode() returns the set of B<BIO_BIND> flags, or <=0 on failure. BIO_get_bind_mode() returns the set of B<BIO_BIND> flags, or <= 0 on failure.
BIO_new_accept() returns a BIO or NULL on error. BIO_new_accept() returns a BIO or NULL on error.
+1 -1
View File
@@ -59,7 +59,7 @@ a single call: that is it creates a new connect BIO with hostname B<name>.
BIO_set_conn_hostname() uses the string B<name> to set the hostname. BIO_set_conn_hostname() uses the string B<name> to set the hostname.
The hostname can be an IP address; if the address is an IPv6 one, it The hostname can be an IP address; if the address is an IPv6 one, it
must be enclosed with brackets C<[> and C<]>. must be enclosed in brackets C<[> and C<]>.
The hostname can also include the port in the form hostname:port; The hostname can also include the port in the form hostname:port;
see L<BIO_parse_hostserv(3)> and BIO_set_conn_port() for details. see L<BIO_parse_hostserv(3)> and BIO_set_conn_port() for details.
+2 -2
View File
@@ -52,7 +52,7 @@ size use L<EVP_PKEY_sign(3)> with a NULL I<sig> parameter.
ECDSA_sign() computes a digital signature of the I<dgstlen> bytes hash value ECDSA_sign() computes a digital signature of the I<dgstlen> bytes hash value
I<dgst> using the private EC key I<eckey>. The DER encoded signatures is I<dgst> using the private EC key I<eckey>. The DER encoded signatures is
stored in I<sig> and its length is returned in I<sig_len>. Note: I<sig> must stored in I<sig> and its length is returned in I<siglen>. Note: I<sig> must
point to ECDSA_size(eckey) bytes of memory. The parameter I<type> is currently point to ECDSA_size(eckey) bytes of memory. The parameter I<type> is currently
ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with I<kinv> ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with I<kinv>
and I<rp> set to NULL. and I<rp> set to NULL.
@@ -82,7 +82,7 @@ used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex().
ECDSA_sign_ex() computes a digital signature of the I<dgstlen> bytes hash value ECDSA_sign_ex() computes a digital signature of the I<dgstlen> bytes hash value
I<dgst> using the private EC key I<eckey> and the optional pre-computed values I<dgst> using the private EC key I<eckey> and the optional pre-computed values
I<kinv> and I<rp>. The DER encoded signature is stored in I<sig> and its I<kinv> and I<rp>. The DER encoded signature is stored in I<sig> and its
length is returned in I<sig_len>. Note: I<sig> must point to ECDSA_size(eckey) length is returned in I<siglen>. Note: I<sig> must point to ECDSA_size(eckey)
bytes of memory. The parameter I<type> is ignored. bytes of memory. The parameter I<type> is ignored.
ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is
+12 -4
View File
@@ -1284,6 +1284,15 @@ indicates whether the operation was successful. If it does not indicate success,
the authentication operation has failed and any output data B<MUST NOT> be used the authentication operation has failed and any output data B<MUST NOT> be used
as it is corrupted. as it is corrupted.
Please note that the number of authenticated bytes returned by
EVP_CipherUpdate() depends on the cipher used. Stream ciphers, such as ChaCha20
or ciphers in GCM mode, can handle 1 byte at a time, resulting in an effective
"block" size of 1. Conversely, ciphers in OCB mode must process data one block
at a time, and the block size is returned.
Regardless of the returned size, it is safe to pass unpadded data to an
EVP_CipherUpdate() call in a single operation.
=head2 GCM and OCB Modes =head2 GCM and OCB Modes
The following I<ctrl>s are supported in GCM and OCB modes. The following I<ctrl>s are supported in GCM and OCB modes.
@@ -1319,10 +1328,9 @@ For GCM, this call is only valid when decrypting data.
For OCB, this call is valid when decrypting data to set the expected tag, For OCB, this call is valid when decrypting data to set the expected tag,
and when encrypting to set the desired tag length. and when encrypting to set the desired tag length.
In OCB mode, calling this when encrypting with C<tag> set to C<NULL> sets the In OCB mode, calling this with C<tag> set to C<NULL> sets the tag length.
tag length. The tag length can only be set before specifying an IV. If this is The tag length can only be set before specifying an IV. If this is not called
not called prior to setting the IV during encryption, then a default tag length prior to setting the IV, then a default tag length is used.
is used.
For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the For OCB AES, the default tag length is 16 (i.e. 128 bits). It is also the
maximum tag length for OCB. maximum tag length for OCB.
+6 -3
View File
@@ -25,10 +25,13 @@ specifying the private key to use.
The EVP_PKEY_decapsulate() function performs a private key decapsulation The EVP_PKEY_decapsulate() function performs a private key decapsulation
operation using I<ctx>. The data to be decapsulated is specified using the operation using I<ctx>. The data to be decapsulated is specified using the
I<wrapped> and I<wrappedlen> parameters. I<wrapped> and I<wrappedlen> parameters.
If I<unwrapped> is NULL then the maximum size of the output secret buffer If I<unwrapped> is NULL then the size of the output secret buffer
is written to I<*unwrappedlen>. If I<unwrapped> is not NULL and the is written to I<*unwrappedlen>. If I<unwrapped> is not NULL and the
call is successful then the decapsulated secret data is written to I<unwrapped> call is successful then the decapsulated secret data is written to I<unwrapped>
and the amount of data written to I<*unwrappedlen>. and the amount of data written to I<*unwrappedlen>. Note that, if I<unwrappedlen>
is not NULL in this call, the value it points to must be initialised to the length of
I<unwrapped>, so that the call can validate it is of sufficient size to hold the
result of the operation.
=head1 NOTES =head1 NOTES
@@ -57,7 +60,7 @@ Decapsulate data using RSA:
unsigned char *secret = NULL;; unsigned char *secret = NULL;;
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_priv_key, NULL); ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_priv_key, NULL);
if (ctx = NULL) if (ctx == NULL)
/* Error */ /* Error */
if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0) if (EVP_PKEY_decapsulate_init(ctx, NULL) <= 0)
/* Error */ /* Error */
+5 -2
View File
@@ -35,7 +35,10 @@ unless I<genkeylen> is NULL.
If I<wrappedkey> is not NULL and the call is successful then the If I<wrappedkey> is not NULL and the call is successful then the
internally generated key is written to I<genkey> and its size is written to internally generated key is written to I<genkey> and its size is written to
I<*genkeylen>. The encapsulated version of the generated key is written to I<*genkeylen>. The encapsulated version of the generated key is written to
I<wrappedkey> and its size is written to I<*wrappedkeylen>. I<wrappedkey> and its size is written to I<*wrappedkeylen>. Note that if
I<wrappedlen> is not NULL, then the value it points to must initially hold the size of
the I<unwrapped> buffer so that its size can be validated by the call, ensuring
it is large enough to hold the result written to I<wrapped>.
=head1 NOTES =head1 NOTES
@@ -63,7 +66,7 @@ Encapsulate an RSASVE key (for RSA keys).
unsigned char *out = NULL, *secret = NULL; unsigned char *out = NULL, *secret = NULL;
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_pub_key, NULL); ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_pub_key, NULL);
if (ctx = NULL) if (ctx == NULL)
/* Error */ /* Error */
if (EVP_PKEY_encapsulate_init(ctx, NULL) <= 0) if (EVP_PKEY_encapsulate_init(ctx, NULL) <= 0)
/* Error */ /* Error */
+4 -2
View File
@@ -355,8 +355,10 @@ If TLS is not used this defaults to the value of
the environment variable C<http_proxy> if set, else C<HTTP_PROXY>. the environment variable C<http_proxy> if set, else C<HTTP_PROXY>.
Otherwise defaults to the value of C<https_proxy> if set, else C<HTTPS_PROXY>. Otherwise defaults to the value of C<https_proxy> if set, else C<HTTPS_PROXY>.
An empty proxy string specifies not to use a proxy. An empty proxy string specifies not to use a proxy.
Else the format is C<[http[s]://]address[:port][/path]>, Otherwise the format is
where any path given is ignored. C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>,
where any given userinfo, path, query, and fragment is ignored.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The default port number is 80, or 443 in case C<https:> is given. The default port number is 80, or 443 in case C<https:> is given.
OSSL_CMP_CTX_set1_no_proxy() sets the list of server hostnames not to use OSSL_CMP_CTX_set1_no_proxy() sets the list of server hostnames not to use
+2 -2
View File
@@ -44,7 +44,7 @@ any self-issued certificate from the I<msg> extraCerts field may be used
as a trust anchor for the path verification of an 'acceptable' cert if it can be as a trust anchor for the path verification of an 'acceptable' cert if it can be
used also to validate the issued certificate returned in the IP message. This is used also to validate the issued certificate returned in the IP message. This is
according to TS 33.310 [Network Domain Security (NDS); Authentication Framework according to TS 33.310 [Network Domain Security (NDS); Authentication Framework
(AF)] document specified by the The 3rd Generation Partnership Project (3GPP). (AF)] document specified by The 3rd Generation Partnership Project (3GPP).
Note that using this option is dangerous as the certificate obtained this way Note that using this option is dangerous as the certificate obtained this way
has not been authenticated (at least not at CMP level). has not been authenticated (at least not at CMP level).
Taking it over as a trust anchor implements trust-on-first-use (TOFU). Taking it over as a trust anchor implements trust-on-first-use (TOFU).
@@ -77,7 +77,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy this file except in compliance with the License. You can obtain a copy
+8 -3
View File
@@ -42,20 +42,25 @@ take any further default value from the C<HTTP_PROXY>
environment variable, or from C<HTTPS_PROXY> if I<use_ssl> is nonzero. environment variable, or from C<HTTPS_PROXY> if I<use_ssl> is nonzero.
If I<no_proxy> is NULL, take any default exclusion value from the C<no_proxy> If I<no_proxy> is NULL, take any default exclusion value from the C<no_proxy>
environment variable, or else from C<NO_PROXY>. environment variable, or else from C<NO_PROXY>.
Return the determined proxy hostname unless the exclusion contains I<server>. Return the determined proxy host unless the exclusion value,
which is a list of proxy hosts separated by C<,> and/or whitespace,
contains I<server>.
Otherwise return NULL. Otherwise return NULL.
When I<server> is a string delimited by C<[> and C<]>, which are used for IPv6
addresses, the enclosing C<[> and C<]> are stripped prior to comparison.
OSSL_parse_url() parses its input string I<url> as a URL of the form OSSL_parse_url() parses its input string I<url> as a URL of the form
C<[scheme://][userinfo@]host[:port][/path][?query][#fragment]> and splits it up C<[scheme://][userinfo@]host[:port][/path][?query][#fragment]> and splits it up
into scheme, userinfo, host, port, path, query, and fragment components. into scheme, userinfo, host, port, path, query, and fragment components.
The host (or server) component may be a DNS name or an IP address The host (or server) component may be a DNS name or an IP address
where IPv6 addresses should be enclosed in square brackets C<[> and C<]>. where IPv6 addresses must be enclosed in square brackets C<[> and C<]>.
The port component is optional and defaults to C<0>. The port component is optional and defaults to C<0>.
If given, it must be in decimal form. If the I<pport_num> argument is not NULL If given, it must be in decimal form. If the I<pport_num> argument is not NULL
the integer value of the port number is assigned to I<*pport_num> on success. the integer value of the port number is assigned to I<*pport_num> on success.
The path component is also optional and defaults to C</>. The path component is also optional and defaults to C</>.
Each non-NULL result pointer argument I<pscheme>, I<puser>, I<phost>, I<pport>, Each non-NULL result pointer argument I<pscheme>, I<puser>, I<phost>, I<pport>,
I<ppath>, I<pquery>, and I<pfrag>, is assigned the respective url component. I<ppath>, I<pquery>, and I<pfrag>, is assigned the respective url component.
Any IPv6 address in I<*phost> is enclosed in C<[> and C<]>.
On success, they are guaranteed to contain non-NULL string pointers, else NULL. On success, they are guaranteed to contain non-NULL string pointers, else NULL.
It is the responsibility of the caller to free them using L<OPENSSL_free(3)>. It is the responsibility of the caller to free them using L<OPENSSL_free(3)>.
If I<pquery> is NULL, any given query component is handled as part of the path. If I<pquery> is NULL, any given query component is handled as part of the path.
@@ -70,7 +75,7 @@ and the scheme is C<https>, else 0.
The port component is optional and defaults to C<443> if the scheme is C<https>, The port component is optional and defaults to C<443> if the scheme is C<https>,
else C<80>. else C<80>.
Note that relative paths must be given with a leading C</>, Note that relative paths must be given with a leading C</>,
otherwise the first path element is interpreted as the hostname. otherwise the first path element is interpreted as the host.
Calling the deprecated function OCSP_parse_url(url, host, port, path, ssl) Calling the deprecated function OCSP_parse_url(url, host, port, path, ssl)
is equivalent to is equivalent to
+4 -2
View File
@@ -77,12 +77,14 @@ If TLS is not used this defaults to the environment variable C<http_proxy>
if set, else C<HTTP_PROXY>. if set, else C<HTTP_PROXY>.
If I<use_ssl> != 0 it defaults to C<https_proxy> if set, else C<HTTPS_PROXY>. If I<use_ssl> != 0 it defaults to C<https_proxy> if set, else C<HTTPS_PROXY>.
An empty proxy string C<""> forbids using a proxy. An empty proxy string C<""> forbids using a proxy.
Else the format is Otherwise, the format is
C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>, C<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>,
where any userinfo, path, query, and fragment given is ignored. where any userinfo, path, query, and fragment given is ignored.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The default proxy port number is 80, or 443 in case "https:" is given. The default proxy port number is 80, or 443 in case "https:" is given.
The HTTP client functions connect via the given proxy unless the I<server> The HTTP client functions connect via the given proxy unless the I<server>
is found in the optional list I<no_proxy> of proxy hostnames (if not NULL; is found in the optional list I<no_proxy> of proxy hostnames or IP addresses
separated by C<,> and/or whitespace (if not NULL;
default is the environment variable C<no_proxy> if set, else C<NO_PROXY>). default is the environment variable C<no_proxy> if set, else C<NO_PROXY>).
Proxying plain HTTP is supported directly, Proxying plain HTTP is supported directly,
while using a proxy for HTTPS connections requires a suitable callback function while using a proxy for HTTPS connections requires a suitable callback function
+1 -1
View File
@@ -11,7 +11,7 @@ OSSL_PARAM - a structure to pass or request object parameters
typedef struct ossl_param_st OSSL_PARAM; typedef struct ossl_param_st OSSL_PARAM;
struct ossl_param_st { struct ossl_param_st {
const char *key; /* the name of the parameter */ const char *key; /* the name of the parameter */
unsigned char data_type; /* declare what kind of content is in data */ unsigned int data_type; /* declare what kind of content is in data */
void *data; /* value being passed in or out */ void *data; /* value being passed in or out */
size_t data_size; /* data size */ size_t data_size; /* data size */
size_t return_size; /* returned size */ size_t return_size; /* returned size */
+6 -2
View File
@@ -88,9 +88,10 @@ but rather uses a set of convenience macros, see the L</Macros> section below.
OSSL_trace_enabled() can be used to check if tracing for the given OSSL_trace_enabled() can be used to check if tracing for the given
I<category> is enabled. I<category> is enabled.
OSSL_trace_begin() is used to starts a tracing section, and get the OSSL_trace_begin() is used to start a tracing section,
channel for the given I<category> in form of a BIO. and get the channel for the given I<category> in form of a BIO.
This BIO can only be used for output. This BIO can only be used for output.
The pointer returned is NULL if the category is invalid or not enabled.
OSSL_trace_end() is used to end a tracing section. OSSL_trace_end() is used to end a tracing section.
@@ -187,6 +188,9 @@ expands to
=head1 NOTES =head1 NOTES
It is not needed to guard trace output function calls like
I<OSSL_TRACE(category, ...)> by I<OSSL_TRACE_ENABLED(category)>.
If producing the trace output requires carrying out auxiliary calculations, If producing the trace output requires carrying out auxiliary calculations,
this auxiliary code should be placed inside a conditional block which is this auxiliary code should be placed inside a conditional block which is
executed only if the trace category is enabled. executed only if the trace category is enabled.
+6 -4
View File
@@ -104,10 +104,12 @@ On session establishment, by default, no peer credentials verification is done.
This must be explicitly requested, typically using L<SSL_CTX_set_verify(3)>. This must be explicitly requested, typically using L<SSL_CTX_set_verify(3)>.
For verifying peer certificates many options can be set using various functions For verifying peer certificates many options can be set using various functions
such as L<SSL_CTX_load_verify_locations(3)> and L<SSL_CTX_set1_param(3)>. such as L<SSL_CTX_load_verify_locations(3)> and L<SSL_CTX_set1_param(3)>.
The L<X509_VERIFY_PARAM_set_purpose(3)> function can be used, also in conjunction
with L<SSL_CTX_get0_param(3)>, to set the intended purpose of the session. The SSL/(D)TLS implementation uses the L<X509_STORE_CTX_set_default(3)>
The default is B<X509_PURPOSE_SSL_SERVER> on the client side function to prepare checks for B<X509_PURPOSE_SSL_SERVER> on the client side
and B<X509_PURPOSE_SSL_CLIENT> on the server side. and B<X509_PURPOSE_SSL_CLIENT> on the server side.
The L<X509_VERIFY_PARAM_set_purpose(3)> function can be used, also in conjunction
with L<SSL_CTX_get0_param(3)>, to override the default purpose of the session.
The SSL_CTX object uses I<method> as the connection method. The SSL_CTX object uses I<method> as the connection method.
Three method variants are available: a generic method (for either client or Three method variants are available: a generic method (for either client or
@@ -228,7 +230,7 @@ SSL_CTX_up_ref() returns 1 for success and 0 for failure.
=head1 SEE ALSO =head1 SEE ALSO
L<SSL_CTX_set_options(3)>, L<SSL_CTX_free(3)>, L<SSL_CTX_set_options(3)>, L<SSL_CTX_free(3)>, L<X509_STORE_CTX_set_default(3)>,
SSL_CTX_set_verify(3), L<SSL_CTX_set1_param(3)>, L<SSL_CTX_get0_param(3)>, SSL_CTX_set_verify(3), L<SSL_CTX_set1_param(3)>, L<SSL_CTX_get0_param(3)>,
L<SSL_connect(3)>, L<SSL_accept(3)>, L<SSL_connect(3)>, L<SSL_accept(3)>,
L<SSL_CTX_set_min_proto_version(3)>, L<ssl(7)>, L<SSL_set_connect_state(3)> L<SSL_CTX_set_min_proto_version(3)>, L<ssl(7)>, L<SSL_set_connect_state(3)>

Some files were not shown because too many files have changed in this diff Show More