OpenSSL: import 3.5.6

This change adds OpenSSL 3.5.6 from upstream [1].

The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

This is a security release, but also contains several bugfixes.

More information about the release (from a high level) can be found in
the release notes [4].

1. openssl-3.5.6.tar.gz
2. openssl-3.5.6.tar.gz.asc
3. openssl-3.5.6.tar.gz.sha256
4. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md
This commit is contained in:
Enji Cooper
2026-04-07 15:35:35 -07:00
parent 808413da28
commit ab5fc4ac93
256 changed files with 3695 additions and 2017 deletions
+363 -212
View File
@@ -28,6 +28,150 @@ OpenSSL Releases
OpenSSL 3.5
-----------
### Changes between 3.5.5 and 3.5.6 [7 Apr 2026]
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
Severity: Moderate
Issue summary: Applications using RSASVE key encapsulation to establish
a secret encryption key can send contents of an uninitialized memory buffer
to a malicious peer.
Impact summary: The uninitialized buffer might contain sensitive data
from the previous execution of the application process which leads
to sensitive data leakage to an attacker.
Reported by: Simo Sorce (Red Hat).
([CVE-2026-31790])
*Nikola Pajkovsky*
* Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
is used in the server-side configuration of the key-agreement group list.
Severity: Low
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected
preferred key exchange group when its key exchange group configuration
includes the default by using the 'DEFAULT' keyword.
Impact summary: A less preferred key exchange may be used even when a more
preferred group is supported by both client and server, if the group
was not included among the client's initial predicated keyshares.
This will sometimes be the case with the new hybrid post-quantum groups,
if the client chooses to defer their use until specifically requested by
the server.
<!-- https://github.com/openssl/openssl/pull/30111 -->
([CVE-2026-2673])
*Viktor Dukhovni*
* Fixed potential use-after-free in DANE client code.
Severity: Low
Issue summary: An uncommon configuration of clients performing DANE
TLSA-based server authentication, when paired with uncommon server DANE TLSA
records, may result in a use-after-free and/or double-free on the client
side.
Impact summary: A use after free can have a range of potential consequences
such as the corruption of valid data, crashes, or execution of arbitrary
code.
Reported by: Igor Morgenstern (Aisle Research).
([CVE-2026-28387])
*Viktor Dukhovni*
* Fixed NULL pointer dereference when processing a delta CRL.
Severity: Low
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension
is processed, a NULL pointer dereference might happen if the required CRL
Number extension is missing.
Impact summary: A NULL pointer dereference can trigger a crash which
leads to a Denial of Service for an application.
Reported by: Igor Morgenstern (Aisle Research).
([CVE-2026-28388])
*Igor Morgenstern*
* Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
Severity: Low
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-controlled CMS data may
crash before authentication or cryptographic operations occur resulting in
Denial of Service.
Reported by: Nathan Sportsman (Praetorian), Daniel Rhea,
Jaeho Nam (Seoul National University), Muhammad Daffa,
Zhanpeng Liu (Tencent Xuanwu Lab), Guannan Wang (Tencent Xuanwu Lab),
Guancheng Li (Tencent Xuanwu Lab), and Joshua Rogers.
([CVE-2026-28389])
*Neil Horman*
* Fixed possible NULL dereference when processing CMS
KeyTransportRecipientInfo.
Severity: Low
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyTransportRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-controlled CMS data may
crash before authentication or cryptographic operations occur resulting in
Denial of Service.
Reported by: Muhammad Daffa, Zhanpeng Liu (Tencent Xuanwu Lab),
Guannan Wang (Tencent Xuanwu Lab), Guancheng Li (Tencent Xuanwu Lab),
Joshua Rogers, and Chanho Kim.
([CVE-2026-28390])
*Neil Horman*
* Fixed heap buffer overflow in hexadecimal conversion.
Severity: Low
Issue summary: Converting an excessively large OCTET STRING value to
a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.
Impact summary: A heap buffer overflow may lead to a crash or possibly
an attacker controlled code execution or other undefined behavior.
Reported by: Quoc Tran (Xint.io - US Team).
([CVE-2026-31789])
*Igor Ustinov*
* Fixed usage of `openssl s_client -connect HOST -proxy PROXY` with `HOST`
containing a raw IPv6 address.
<!-- https://github.com/openssl/openssl/pull/30384 -->
*Peter Zhang*
* Fixed broken detection of plantext HTTP over TLS.
<!-- https://github.com/openssl/openssl/pull/30411 -->
*Matt Caswell*
### Changes between 3.5.4 and 3.5.5 [27 Jan 2026]
* Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
@@ -3461,7 +3605,7 @@ breaking changes, and mappings for the large list of deprecated functions.
*Richard Levitte*
* Fixed an overflow bug in the x64_64 Montgomery squaring procedure
* Fixed an overflow bug in the x86_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli. No EC algorithms are
affected. Analysis suggests that attacks against 2-prime RSA1024,
3-prime RSA1536, and DSA1024 as a result of this defect would be very
@@ -21607,216 +21751,223 @@ ndif
<!-- Links -->
[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199
[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469
[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468
[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187
[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
[CVE-2011-4109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4109
[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
[CVE-2009-4355]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-4355
[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
[CVE-2009-3245]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3245
[CVE-2009-1386]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1386
[CVE-2009-1379]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1379
[CVE-2009-1378]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1378
[CVE-2009-1377]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1377
[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
[CVE-2008-1678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1678
[CVE-2008-1672]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1672
[CVE-2008-0891]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-0891
[CVE-2007-5135]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-5135
[CVE-2007-4995]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-4995
[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
[CVE-2006-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3738
[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
[CVE-2004-0112]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0112
[CVE-2004-0079]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0079
[CVE-2003-0851]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0851
[CVE-2003-0545]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0545
[CVE-2003-0544]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0544
[CVE-2003-0543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0543
[CVE-2003-0078]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0078
[CVE-2002-0659]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0659
[CVE-2002-0657]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0657
[CVE-2002-0656]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0656
[CVE-2002-0655]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0655
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
[CVE-2002-0655]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0655
[CVE-2002-0656]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0656
[CVE-2002-0657]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0657
[CVE-2002-0659]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0659
[CVE-2003-0078]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0078
[CVE-2003-0543]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0543
[CVE-2003-0544]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0544
[CVE-2003-0545]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0545
[CVE-2003-0851]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0851
[CVE-2004-0079]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0079
[CVE-2004-0112]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0112
[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
[CVE-2006-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3738
[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
[CVE-2007-4995]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-4995
[CVE-2007-5135]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-5135
[CVE-2008-0891]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-0891
[CVE-2008-1672]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1672
[CVE-2008-1678]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1678
[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
[CVE-2009-1377]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1377
[CVE-2009-1378]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1378
[CVE-2009-1379]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1379
[CVE-2009-1386]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1386
[CVE-2009-3245]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3245
[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
[CVE-2009-4355]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-4355
[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
[CVE-2011-4109]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4109
[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575
[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+12
View File
@@ -27,6 +27,18 @@ communication before submitting many pull requests. In addition,
contributors should personally evaluate potential patches generated by
automated tools.
Provide a clear description of the issue or feature being addressed,
including any relevant implementation details and, for performance
improvements, benchmark results.
Pull requests and commits should be self-contained, enabling readers to
understand what changed and why without needing to reference related
issues or having prior knowledge. Commit messages should include all
relevant details to help future contributors follow the git history,
with clear explanations of what is changing and why. Long descriptions
are encouraged if they aid understanding. Commit message titles (their
first line) should be kept to 50-70 characters if possible.
To make it easier to review and accept your pull request, please follow these
guidelines:
+2 -1
View File
@@ -5,7 +5,8 @@
my $vc_win64a_info = {};
sub vc_win64a_info {
unless (%$vc_win64a_info) {
if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
# Minimum NASM version is 2.09 otherwise SHA3 might be miscompiled
if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+)\.([0-9]+)/ && ($1 > 2 || ($1 == 2 && $2 >= 9))) {
$vc_win64a_info = { AS => "nasm",
ASFLAGS => "-g",
asflags => "-Ox -f win64 -DNEAR",
+2 -1
View File
@@ -72,6 +72,7 @@ OPTIONS={- $config{options} -}
CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
RESULT_D=$(BLDDIR)/test-runs
FIPSKEY={- $config{FIPSKEY} -}
VERSION={- "$config{full_version}" -}
@@ -642,7 +643,7 @@ clean: libclean ## Clean the workspace, keep the configuration
-find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \;
$(RM) core
$(RM) tags TAGS doc-nits md-nits
$(RM) -r test/test-runs
$(RM) -r $(RESULT_D)
$(RM) providers/fips*.new
-find . -type l \! -name '.*' -exec $(RM) {} \;
+3 -2
View File
@@ -38,6 +38,7 @@
PLATFORM={- $config{target} -}
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
RESULT_D=$(BLDDIR)\test-runs
FIPSKEY={- $config{FIPSKEY} -}
VERSION={- "$config{full_version}" -}
@@ -222,7 +223,7 @@ OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
LIBDIR={- our $libdir = $config{libdir} || "lib";
file_name_is_absolute($libdir) ? "" : $libdir -}
MODULESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath catpath);
our $modulesprefix = catdir($prefix,$libdir);
our $modulesprefix = file_name_is_absolute($libdir) ? $libdir : catdir($prefix,$libdir);
our ($modulesprefix_dev, $modulesprefix_dir,
$modulesprefix_file) =
splitpath($modulesprefix, 1);
@@ -484,7 +485,7 @@ clean: libclean
-del /Q /S /F engines\*.lib engines\*.exp
-del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp
-del /Q /S /F test\*.exp
-rd /Q /S test\test-runs
-@if exist "$(RESULT_D)" rd /Q /S "$(RESULT_D)"
distclean: clean
-del /Q /F include\openssl\configuration.h
+232 -195
View File
@@ -23,6 +23,36 @@ OpenSSL Releases
OpenSSL 3.5
-----------
### Major changes between OpenSSL 3.5.5 and OpenSSL 3.5.6 [7 Apr 2026]
OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this
release is Medium.
This release incorporates the following bug fixes and mitigations:
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
([CVE-2026-31790])
* Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
is used in the server-side configuration of the key-agreement group list.
([CVE-2026-2673])
* Fixed potential use-after-free in DANE client code.
([CVE-2026-28387])
* Fixed NULL pointer dereference when processing a delta CRL.
([CVE-2026-28388])
* Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
([CVE-2026-28389])
* Fixed possible NULL dereference when processing CMS
KeyTransportRecipientInfo.
([CVE-2026-28390])
* Fixed heap buffer overflow in hexadecimal conversion.
([CVE-2026-31789])
### Major changes between OpenSSL 3.5.4 and OpenSSL 3.5.5 [27 Jan 2026]
OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this
@@ -758,7 +788,7 @@ OpenSSL 1.1.1
### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
* Fixed an overflow bug in the x64_64 Montgomery squaring procedure
* Fixed an overflow bug in the x86_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli ([CVE-2019-1551])
### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
@@ -1988,201 +2018,208 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199
[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469
[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468
[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187
[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198
[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449
[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298
[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939
[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737
[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
[CHANGES.md]: ./CHANGES.md
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
[CVE-2006-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3737
[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
[CVE-2010-2939]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-2939
[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
[CVE-2010-5298]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-5298
[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
[CVE-2013-6449]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6449
[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
[CVE-2014-0198]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0198
[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575
[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
[README-QUIC.md]: ./README-QUIC.md
[issue tracker]: https://github.com/openssl/openssl/issues
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
[jitterentropy-library]: https://github.com/smuellerDD/jitterentropy-library
+2 -2
View File
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=5
PATCH=5
PATCH=6
PRE_RELEASE_TAG=
BUILD_METADATA=
RELEASE_DATE="27 Jan 2026"
RELEASE_DATE="7 Apr 2026"
SHLIB_VERSION=3
+13 -5
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -1421,7 +1421,10 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
out_vpm = X509_STORE_get0_param(out_trusted);
X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME);
(void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted);
if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) {
X509_STORE_free(out_trusted);
return 0;
}
}
if (opt_disable_confirm)
@@ -3390,6 +3393,12 @@ static void print_keyspec(OSSL_CMP_ATAVS *keySpec)
int paramtype;
const void *param;
/* NULL check to prevent dereferencing a NULL pointer when print_keyspec is called */
if (alg == NULL) {
BIO_puts(mem, "Key algorithm: <absent>\n");
break;
}
X509_ALGOR_get0(&oid, &paramtype, &param, alg);
BIO_printf(mem, "Key algorithm: ");
i2a_ASN1_OBJECT(mem, oid);
@@ -3789,8 +3798,7 @@ int cmp_main(int argc, char **argv)
if (opt_ignore_keyusage)
(void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1);
if (opt_no_cache_extracerts)
(void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS,
1);
(void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS, 1);
if (opt_reqout_only == NULL && (opt_use_mock_srv
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
@@ -3806,7 +3814,7 @@ int cmp_main(int argc, char **argv)
srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx);
if (!OSSL_CMP_CTX_set_log_cb(srv_cmp_ctx, print_to_bio_err)) {
CMP_err1("cannot set up error reporting and logging for %s", prog);
CMP_err1("cannot set up server-side error reporting and logging for %s", prog);
goto err;
}
OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity);
+4 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2018-2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -19,6 +19,8 @@
OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx,
const char *propq);
void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx);
OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req);
int ossl_cmp_mock_srv_set1_refCert(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
@@ -34,6 +36,7 @@ int ossl_cmp_mock_srv_set1_oldWithNew(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
int fail_info, const char *text);
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
+2 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,6 +47,7 @@ int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name)
app_providers = sk_OSSL_PROVIDER_new_null();
if (app_providers == NULL
|| !sk_OSSL_PROVIDER_push(app_providers, prov)) {
OSSL_PROVIDER_unload(prov);
app_providers_cleanup();
return 0;
}
+10 -5
View File
@@ -191,8 +191,13 @@ int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
}
if (arg2 != NULL) {
*pass2 = app_get_pass(arg2, same ? 2 : 0);
if (*pass2 == NULL)
if (*pass2 == NULL) {
if (pass1 != NULL) {
clear_free(*pass1);
*pass1 = NULL;
}
return 0;
}
} else if (pass2 != NULL) {
*pass2 = NULL;
}
@@ -263,15 +268,15 @@ static char *app_get_pass(const char *arg, int keepbio)
}
} else {
/* argument syntax error; do not reveal too much about arg */
tmp = strchr(arg, ':');
if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
const char *arg_ptr = strchr(arg, ':');
if (arg_ptr == NULL || arg_ptr - arg > PASS_SOURCE_SIZE_MAX)
BIO_printf(bio_err,
"Invalid password argument, missing ':' within the first %d chars\n",
PASS_SOURCE_SIZE_MAX + 1);
else
BIO_printf(bio_err,
"Invalid password argument, starting with \"%.*s\"\n",
(int)(tmp - arg + 1), arg);
(int)(arg_ptr - arg + 1), arg);
return NULL;
}
}
@@ -2494,7 +2499,7 @@ static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx,
error:
X509_CRL_free(crl);
sk_X509_CRL_free(crls);
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return NULL;
}
+37 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2018-2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -10,6 +10,7 @@
#include "apps.h"
#include "cmp_mock_srv.h"
#include "../../crypto/cmp/cmp_local.h" /* for access to msg->protection */
#include <openssl/cmp.h>
#include <openssl/err.h>
@@ -28,6 +29,7 @@ typedef struct {
X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */
OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
int sendError; /* send error response on given request type */
int useBadProtection; /* use bad protection on given response type */
OSSL_CMP_MSG *req; /* original request message during polling */
int pollCount; /* number of polls before actual cert response */
int curr_pollCount; /* number of polls so far for current request */
@@ -59,6 +61,7 @@ static mock_srv_ctx *mock_srv_ctx_new(void)
goto err;
ctx->sendError = -1;
ctx->useBadProtection = -1;
/* all other elements are initialized to 0 or NULL, respectively */
return ctx;
@@ -187,6 +190,19 @@ int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
return 1;
}
int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
if (ctx == NULL) {
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
/* might check bodytype, but this would require exporting all body types */
ctx->useBadProtection = bodytype;
return 1;
}
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -591,6 +607,7 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
if (rsp != NULL && sk_OSSL_CMP_ITAV_push(*out, rsp))
return 1;
sk_OSSL_CMP_ITAV_free(*out);
OSSL_CMP_ITAV_free(rsp);
return 0;
}
@@ -712,6 +729,25 @@ static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
return 1;
}
OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req)
{
OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_CTX_get_transfer_cb_arg(ctx);
OSSL_CMP_MSG *rsp = OSSL_CMP_CTX_server_perform(ctx, req);
if (srv_ctx != NULL && rsp != NULL) {
mock_srv_ctx *mock_ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
if (mock_ctx != NULL && OSSL_CMP_MSG_get_bodytype(rsp) == mock_ctx->useBadProtection) {
ASN1_BIT_STRING *prot = rsp->protection;
if (prot != NULL && prot->length != 0 && prot->data != NULL)
prot->data[0] ^= 0x80; /* flip most significant bit of the first byte */
}
}
return rsp;
}
OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq)
{
OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq);
+1 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,7 +10,6 @@
#include <windows.h>
#include <stdlib.h>
#include <string.h>
#include <malloc.h>
#if defined(CP_UTF8)
+1 -1
View File
@@ -876,7 +876,7 @@ int ocsp_main(int argc, char **argv)
i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
if (i <= 0 && issuers) {
i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER);
i = OCSP_basic_verify(bs, issuers, store, verify_flags);
if (i > 0)
ERR_clear_error();
}
+5 -1
View File
@@ -3892,7 +3892,11 @@ static void user_data_init(struct user_data_st *user_data, SSL *con, char *buf,
static int user_data_add(struct user_data_st *user_data, size_t i)
{
if (user_data->buflen != 0 || i > user_data->bufmax)
/*
* We must allow one byte for a NUL terminator so i must be less than
* bufmax
*/
if (user_data->buflen != 0 || i >= user_data->bufmax)
return 0;
user_data->buflen = i;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -348,7 +348,7 @@ int ts_main(int argc, char **argv)
if ((in != NULL) && (queryfile != NULL))
goto opthelp;
if (in == NULL) {
if ((conf == NULL) || (token_in != 0))
if (conf == NULL || token_in != 0 || queryfile == NULL)
goto opthelp;
}
ret = !reply_command(conf, section, engine, queryfile,
+9 -7
View File
@@ -108,12 +108,10 @@ IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}]
SHARED_SOURCE[libssl]=libssl.rc
ENDIF
# This file sets the build directory up for CMake inclusion
# Note: This generation of OpenSSLConfig[Version].cmake is used
# for building openssl locally, and so the build variables are
# taken from builddata.pm rather than installdata.pm. For exportable
# versions of these generated files, you'll find them in the exporters
# directory
# These files set the build directory up for CMake inclusion.
# To achieve this, their variables are taken from builddata.pm.
# These files are not installed; you will find the installable
# versions in the 'exporters' directory.
GENERATE[OpenSSLConfig.cmake]=exporters/cmake/OpenSSLConfig.cmake.in
DEPEND[OpenSSLConfig.cmake]=builddata.pm
GENERATE[OpenSSLConfigVersion.cmake]=exporters/cmake/OpenSSLConfigVersion.cmake.in
@@ -121,7 +119,10 @@ DEPEND[OpenSSLConfigVersion.cmake]=builddata.pm
DEPEND[OpenSSLConfigVersion.cmake]=OpenSSLConfig.cmake
DEPEND[""]=OpenSSLConfigVersion.cmake
# This file sets the build directory up for pkg-config
# These files set the build directory up for pkg-config use.
# To achieve this, their variables are taken from builddata.pm.
# These files are not installed; you will find the installable
# versions in the 'exporters' directory.
GENERATE[libcrypto.pc]=exporters/pkg-config/libcrypto.pc.in
DEPEND[libcrypto.pc]=builddata.pm
GENERATE[libssl.pc]=exporters/pkg-config/libssl.pc.in
@@ -131,6 +132,7 @@ DEPEND[openssl.pc]=builddata.pm
DEPEND[openssl.pc]=libcrypto.pc libssl.pc
GENERATE[builddata.pm]=util/mkinstallvars.pl \
COMMENT="This file should be used when building against this OpenSSL build, and should never be installed" \
PREFIX=. BINDIR=apps APPLINKDIR=ms \
LIBDIR= INCLUDEDIR=include "INCLUDEDIR=$(SRCDIR)/include" \
ENGINESDIR=engines MODULESDIR=providers \
+1 -6
View File
@@ -2,7 +2,7 @@
# This file is dual-licensed, meaning that you can use it under your
# choice of either of the following two licenses:
#
# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You can obtain
# a copy in the file LICENSE in the source distribution or at
@@ -704,11 +704,6 @@ sub AES_set_common {
my ($ke128, $ke192, $ke256) = @_;
my $ret = '';
$ret .= <<___;
bnez $UKEY,1f # if (!userKey || !key) return -1;
bnez $KEYP,1f
li a0,-1
ret
1:
# Determine number of rounds from key size in bits
li $T0,128
bne $BITS,$T0,1f
+1 -6
View File
@@ -2,7 +2,7 @@
# This file is dual-licensed, meaning that you can use it under your
# choice of either of the following two licenses:
#
# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You can obtain
# a copy in the file LICENSE in the source distribution or at
@@ -392,11 +392,6 @@ sub AES_set_common {
my ($ke128, $ke192, $ke256) = @_;
my $ret = '';
$ret .= <<___;
bnez $UKEY,1f # if (!userKey || !key) return -1;
bnez $KEYP,1f
li a0,-1
ret
1:
# Determine number of rounds from key size in bits
li $T0,128
bne $BITS,$T0,1f
+1 -12
View File
@@ -2,7 +2,7 @@
# This file is dual-licensed, meaning that you can use it under your
# choice of either of the following two licenses:
#
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You can obtain
# a copy in the file LICENSE in the source distribution or at
@@ -828,9 +828,6 @@ $code .= <<___;
.globl rv64i_zvkned_set_encrypt_key
.type rv64i_zvkned_set_encrypt_key,\@function
rv64i_zvkned_set_encrypt_key:
beqz $UKEY, L_fail_m1
beqz $KEYP, L_fail_m1
# Get proper routine for key size
li $T0, 256
beq $BITS, $T0, L_set_key_256
@@ -847,9 +844,6 @@ $code .= <<___;
.globl rv64i_zvkned_set_decrypt_key
.type rv64i_zvkned_set_decrypt_key,\@function
rv64i_zvkned_set_decrypt_key:
beqz $UKEY, L_fail_m1
beqz $KEYP, L_fail_m1
# Get proper routine for key size
li $T0, 256
beq $BITS, $T0, L_set_key_256
@@ -1356,11 +1350,6 @@ ___
}
$code .= <<___;
L_fail_m1:
li a0, -1
ret
.size L_fail_m1,.-L_fail_m1
L_fail_m2:
li a0, -2
ret
+6 -4
View File
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -773,11 +773,13 @@ AES_set_encrypt_key:
___
$code .= save_regs();
$code .= <<___;
bnez $UKEY,1f # if (!userKey || !key) return -1;
bnez $KEYP,1f
beqz $UKEY,1f # if (!userKey || !key) return -1;
beqz $KEYP,1f
j 2f
1:
li a0,-1
ret
1:
2:
la $RCON,AES_rcon
la $TBL,AES_Te0
li $T8,128
+2 -2
View File
@@ -95,7 +95,7 @@ ASN1_SEQUENCE(asn1_int_oct) = {
ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(asn1_int_oct)
DECLARE_ASN1_ITEM(asn1_int_oct)
DECLARE_ASN1_ITEM(asn1_int_oct)
int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
int len)
@@ -158,7 +158,7 @@ ASN1_SEQUENCE(asn1_oct_int) = {
ASN1_EMBED(asn1_oct_int, num, INT32)
} static_ASN1_SEQUENCE_END(asn1_oct_int)
DECLARE_ASN1_ITEM(asn1_oct_int)
DECLARE_ASN1_ITEM(asn1_oct_int)
int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
unsigned char *data, int len)
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -52,6 +52,6 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_PKEY, NETSCAPE_PKEY)
IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY)
+6 -5
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -44,7 +44,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
uint64_t p)
{
X509_ALGOR *scheme = NULL, *ret = NULL;
int alg_nid;
int alg_nid, ivlen;
size_t keylen = 0;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -83,10 +83,11 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
}
/* Create random IV */
if (EVP_CIPHER_get_iv_length(cipher)) {
ivlen = EVP_CIPHER_get_iv_length(cipher);
if (ivlen > 0) {
if (aiv)
memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher));
else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0)
memcpy(iv, aiv, ivlen);
else if (RAND_bytes(iv, ivlen) <= 0)
goto err;
}
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num, int encrypt)
{
register BF_LONG v0, v1, t;
register int n = *num;
register int n = *num & 0x07;
register long l = length;
BF_LONG ti[2];
unsigned char *iv, c, cc;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num)
{
register BF_LONG v0, v1, t;
register int n = *num;
register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -961,7 +961,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
"calling setsockopt()");
#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER)
#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_PROBE)
sockopt_val = num ? IPV6_PMTUDISC_PROBE : IPV6_PMTUDISC_DONT;
if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val)))
+13 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -202,8 +202,19 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_INFO:
if (b->flags & BIO_FLAGS_UPLINK_INTERNAL)
ret = UP_ftell(b->ptr);
else
else {
#if defined(OPENSSL_SYS_WINDOWS)
/*
* On Windows, for non-seekable files (stdin), ftell() is undefined.
*/
if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK)
ret = -1;
else
ret = ftell(fp);
#else
ret = ftell(fp);
#endif
}
break;
case BIO_C_SET_FILE_PTR:
file_free(b);
+2 -2
View File
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -37,7 +37,7 @@
# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
# Polynomial Multiplication on ARM Processors using the NEON Engine.
#
# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
# $output is the last argument if it looks like a file (it has an extension)
# $flavour is the first argument if it doesn't look like a file
+104 -1
View File
@@ -1,4 +1,4 @@
# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2024, Intel Corporation. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -362,6 +362,23 @@ ossl_rsaz_amm52x20_x1_avxifma256:
.cfi_push %r14
push %r15
.cfi_push %r15
___
$code.=<<___ if ($win64);
push %rsi # save non-volatile registers
push %rdi
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
vmovapd %xmm6, `16*0`(%rsp)
vmovapd %xmm7, `16*1`(%rsp)
vmovapd %xmm8, `16*2`(%rsp)
vmovapd %xmm9, `16*3`(%rsp)
vmovapd %xmm10, `16*4`(%rsp)
vmovapd %xmm11, `16*5`(%rsp)
vmovapd %xmm12, `16*6`(%rsp)
vmovapd %xmm13, `16*7`(%rsp)
vmovapd %xmm14, `16*8`(%rsp)
vmovapd %xmm15, `16*9`(%rsp)
___
$code.=<<___;
.Lossl_rsaz_amm52x20_x1_avxifma256_body:
# Zeroing accumulators
@@ -401,6 +418,23 @@ $code.=<<___;
vmovdqu $R2_0, `4*32`($res)
vzeroupper
___
$code.=<<___ if ($win64);
vmovapd `16*0`(%rsp), %xmm6
vmovapd `16*1`(%rsp), %xmm7
vmovapd `16*2`(%rsp), %xmm8
vmovapd `16*3`(%rsp), %xmm9
vmovapd `16*4`(%rsp), %xmm10
vmovapd `16*5`(%rsp), %xmm11
vmovapd `16*6`(%rsp), %xmm12
vmovapd `16*7`(%rsp), %xmm13
vmovapd `16*8`(%rsp), %xmm14
vmovapd `16*9`(%rsp), %xmm15
lea 168(%rsp), %rsp
pop %rdi
pop %rsi
___
$code.=<<___;
mov 0(%rsp),%r15
.cfi_restore %r15
mov 8(%rsp),%r14
@@ -553,6 +587,23 @@ ossl_rsaz_amm52x20_x2_avxifma256:
.cfi_push %r14
push %r15
.cfi_push %r15
___
$code.=<<___ if ($win64);
push %rsi # save non-volatile registers
push %rdi
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
vmovapd %xmm6, `16*0`(%rsp)
vmovapd %xmm7, `16*1`(%rsp)
vmovapd %xmm8, `16*2`(%rsp)
vmovapd %xmm9, `16*3`(%rsp)
vmovapd %xmm10, `16*4`(%rsp)
vmovapd %xmm11, `16*5`(%rsp)
vmovapd %xmm12, `16*6`(%rsp)
vmovapd %xmm13, `16*7`(%rsp)
vmovapd %xmm14, `16*8`(%rsp)
vmovapd %xmm15, `16*9`(%rsp)
___
$code.=<<___;
.Lossl_rsaz_amm52x20_x2_avxifma256_body:
# Zeroing accumulators
@@ -604,6 +655,23 @@ $code.=<<___;
vmovdqu $R2_1, `9*32`($res)
vzeroupper
___
$code.=<<___ if ($win64);
vmovapd `16*0`(%rsp), %xmm6
vmovapd `16*1`(%rsp), %xmm7
vmovapd `16*2`(%rsp), %xmm8
vmovapd `16*3`(%rsp), %xmm9
vmovapd `16*4`(%rsp), %xmm10
vmovapd `16*5`(%rsp), %xmm11
vmovapd `16*6`(%rsp), %xmm12
vmovapd `16*7`(%rsp), %xmm13
vmovapd `16*8`(%rsp), %xmm14
vmovapd `16*9`(%rsp), %xmm15
lea 168(%rsp), %rsp
pop %rdi
pop %rsi
___
$code.=<<___;
mov 0(%rsp),%r15
.cfi_restore %r15
mov 8(%rsp),%r14
@@ -663,6 +731,23 @@ $code.=<<___;
ossl_extract_multiplier_2x20_win5_avx:
.cfi_startproc
endbranch
___
$code.=<<___ if ($win64);
push %rsi # save non-volatile registers
push %rdi
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
vmovapd %xmm6, `16*0`(%rsp)
vmovapd %xmm7, `16*1`(%rsp)
vmovapd %xmm8, `16*2`(%rsp)
vmovapd %xmm9, `16*3`(%rsp)
vmovapd %xmm10, `16*4`(%rsp)
vmovapd %xmm11, `16*5`(%rsp)
vmovapd %xmm12, `16*6`(%rsp)
vmovapd %xmm13, `16*7`(%rsp)
vmovapd %xmm14, `16*8`(%rsp)
vmovapd %xmm15, `16*9`(%rsp)
___
$code.=<<___;
vmovapd .Lones(%rip), $ones # broadcast ones
vmovq $red_tbl_idx1, $tmp_xmm
vpbroadcastq $tmp_xmm, $idx1
@@ -708,6 +793,24 @@ ___
foreach (0..9) {
$code.="vmovdqu $t[$_], `${_}*32`($out) \n";
}
$code.=<<___;
vzeroupper
___
$code.=<<___ if ($win64);
vmovapd `16*0`(%rsp), %xmm6
vmovapd `16*1`(%rsp), %xmm7
vmovapd `16*2`(%rsp), %xmm8
vmovapd `16*3`(%rsp), %xmm9
vmovapd `16*4`(%rsp), %xmm10
vmovapd `16*5`(%rsp), %xmm11
vmovapd `16*6`(%rsp), %xmm12
vmovapd `16*7`(%rsp), %xmm13
vmovapd `16*8`(%rsp), %xmm14
vmovapd `16*9`(%rsp), %xmm15
lea 168(%rsp), %rsp
pop %rdi
pop %rsi
___
$code.=<<___;
ret
.cfi_endproc
+37 -4
View File
@@ -1,4 +1,4 @@
# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2024, Intel Corporation. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -87,8 +87,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
my $mask52 = "%rax";
my $acc0_0 = "%r9";
my $acc0_0_low = "%r9d";
my $acc0_1 = "%r15";
my $acc0_1_low = "%r15d";
my $b_ptr = "%r11";
my $iter = "%ebx";
@@ -741,7 +739,7 @@ $code.=<<___;
vmovdqu $R3_0, `6*32`($res)
vmovdqu $R3_0h, `7*32`($res)
xorl $acc0_1_low, $acc0_1_low
xorl $acc0_0_low, $acc0_0_low
lea 16($b_ptr), $b_ptr
movq \$0xfffffffffffff, $mask52 # 52-bit mask
@@ -857,6 +855,23 @@ $code.=<<___;
ossl_extract_multiplier_2x30_win5_avx:
.cfi_startproc
endbranch
___
$code.=<<___ if ($win64);
push %rsi # save non-volatile registers
push %rdi
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
vmovapd %xmm6, `16*0`(%rsp)
vmovapd %xmm7, `16*1`(%rsp)
vmovapd %xmm8, `16*2`(%rsp)
vmovapd %xmm9, `16*3`(%rsp)
vmovapd %xmm10, `16*4`(%rsp)
vmovapd %xmm11, `16*5`(%rsp)
vmovapd %xmm12, `16*6`(%rsp)
vmovapd %xmm13, `16*7`(%rsp)
vmovapd %xmm14, `16*8`(%rsp)
vmovapd %xmm15, `16*9`(%rsp)
___
$code.=<<___;
vmovapd .Lones(%rip), $ones # broadcast ones
vmovq $red_tbl_idx1, $tmp_xmm
vpbroadcastq $tmp_xmm, $idx1
@@ -930,6 +945,24 @@ foreach (8..15) {
$code.="vmovdqu $t[$_], `${_}*32`($out) \n";
}
$code.=<<___;
vzeroupper
___
$code.=<<___ if ($win64);
vmovapd `16*0`(%rsp), %xmm6
vmovapd `16*1`(%rsp), %xmm7
vmovapd `16*2`(%rsp), %xmm8
vmovapd `16*3`(%rsp), %xmm9
vmovapd `16*4`(%rsp), %xmm10
vmovapd `16*5`(%rsp), %xmm11
vmovapd `16*6`(%rsp), %xmm12
vmovapd `16*7`(%rsp), %xmm13
vmovapd `16*8`(%rsp), %xmm14
vmovapd `16*9`(%rsp), %xmm15
lea 168(%rsp), %rsp
pop %rdi
pop %rsi
___
$code.=<<___;
+37 -4
View File
@@ -1,4 +1,4 @@
# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2024, Intel Corporation. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -84,8 +84,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
my $mask52 = "%rax";
my $acc0_0 = "%r9";
my $acc0_0_low = "%r9d";
my $acc0_1 = "%r15";
my $acc0_1_low = "%r15d";
my $b_ptr = "%r11";
my $iter = "%ebx";
@@ -834,7 +832,7 @@ $code.=<<___;
vmovdqu $R4_0, `8*32`($res)
vmovdqu $R4_0h, `9*32`($res)
xorl $acc0_1_low, $acc0_1_low
xorl $acc0_0_low, $acc0_0_low
movq \$0xfffffffffffff, $mask52
@@ -975,6 +973,23 @@ $code.=<<___;
ossl_extract_multiplier_2x40_win5_avx:
.cfi_startproc
endbranch
___
$code.=<<___ if ($win64);
push %rsi # save non-volatile registers
push %rdi
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
vmovapd %xmm6, `16*0`(%rsp)
vmovapd %xmm7, `16*1`(%rsp)
vmovapd %xmm8, `16*2`(%rsp)
vmovapd %xmm9, `16*3`(%rsp)
vmovapd %xmm10, `16*4`(%rsp)
vmovapd %xmm11, `16*5`(%rsp)
vmovapd %xmm12, `16*6`(%rsp)
vmovapd %xmm13, `16*7`(%rsp)
vmovapd %xmm14, `16*8`(%rsp)
vmovapd %xmm15, `16*9`(%rsp)
___
$code.=<<___;
vmovapd .Lones(%rip), $ones # broadcast ones
vmovq $red_tbl_idx1, $tmp_xmm
vpbroadcastq $tmp_xmm, $idx1
@@ -1001,6 +1016,24 @@ $code.="movq %r10, $red_tbl \n";
foreach (0..9) {
$code.="vmovdqu $t[$_], `(10+$_)*32`($out) \n";
}
$code.=<<___;
vzeroupper
___
$code.=<<___ if ($win64);
vmovapd `16*0`(%rsp), %xmm6
vmovapd `16*1`(%rsp), %xmm7
vmovapd `16*2`(%rsp), %xmm8
vmovapd `16*3`(%rsp), %xmm9
vmovapd `16*4`(%rsp), %xmm10
vmovapd `16*5`(%rsp), %xmm11
vmovapd `16*6`(%rsp), %xmm12
vmovapd `16*7`(%rsp), %xmm13
vmovapd `16*8`(%rsp), %xmm14
vmovapd `16*9`(%rsp), %xmm15
lea 168(%rsp), %rsp
pop %rdi
pop %rsi
___
$code.=<<___;
ret
+2 -2
View File
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -394,11 +394,11 @@ $code.=<<___;
mulx $car1,$mul1,$car1
mulx $npj,$mul1,$acc1
add $tmp1,$car0,$car0
add $tmp0,$car1,$car1
and $car0,$mask,$acc0
ld [$np+8],$npj ! np[2]
srlx $car1,32,$car1
add $tmp1,$car1,$car1
srlx $car0,32,$car0
add $acc0,$car1,$car1
and $car0,1,$sbit
+32 -32
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -14,7 +14,7 @@
#include "crypto/bn_dh.h"
#if BN_BITS2 == 64
#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
#else
#define BN_DEF(lo, hi) lo, hi
#endif
@@ -1387,37 +1387,37 @@ const BIGNUM ossl_bignum_const_2 = {
};
make_dh_bn(dh1024_160_p)
make_dh_bn(dh1024_160_q)
make_dh_bn(dh1024_160_g)
make_dh_bn(dh2048_224_p)
make_dh_bn(dh2048_224_q)
make_dh_bn(dh2048_224_g)
make_dh_bn(dh2048_256_p)
make_dh_bn(dh2048_256_q)
make_dh_bn(dh2048_256_g)
make_dh_bn(dh1024_160_q)
make_dh_bn(dh1024_160_g)
make_dh_bn(dh2048_224_p)
make_dh_bn(dh2048_224_q)
make_dh_bn(dh2048_224_g)
make_dh_bn(dh2048_256_p)
make_dh_bn(dh2048_256_q)
make_dh_bn(dh2048_256_g)
make_dh_bn(ffdhe2048_p)
make_dh_bn(ffdhe2048_q)
make_dh_bn(ffdhe3072_p)
make_dh_bn(ffdhe3072_q)
make_dh_bn(ffdhe4096_p)
make_dh_bn(ffdhe4096_q)
make_dh_bn(ffdhe6144_p)
make_dh_bn(ffdhe6144_q)
make_dh_bn(ffdhe8192_p)
make_dh_bn(ffdhe8192_q)
make_dh_bn(ffdhe2048_p)
make_dh_bn(ffdhe2048_q)
make_dh_bn(ffdhe3072_p)
make_dh_bn(ffdhe3072_q)
make_dh_bn(ffdhe4096_p)
make_dh_bn(ffdhe4096_q)
make_dh_bn(ffdhe6144_p)
make_dh_bn(ffdhe6144_q)
make_dh_bn(ffdhe8192_p)
make_dh_bn(ffdhe8192_q)
#ifndef FIPS_MODULE
make_dh_bn(modp_1536_p)
make_dh_bn(modp_1536_q)
make_dh_bn(modp_1536_p)
make_dh_bn(modp_1536_q)
#endif
make_dh_bn(modp_2048_p)
make_dh_bn(modp_2048_q)
make_dh_bn(modp_3072_p)
make_dh_bn(modp_3072_q)
make_dh_bn(modp_4096_p)
make_dh_bn(modp_4096_q)
make_dh_bn(modp_6144_p)
make_dh_bn(modp_6144_q)
make_dh_bn(modp_8192_p)
make_dh_bn(modp_8192_q)
make_dh_bn(modp_2048_p)
make_dh_bn(modp_2048_q)
make_dh_bn(modp_3072_p)
make_dh_bn(modp_3072_q)
make_dh_bn(modp_4096_p)
make_dh_bn(modp_4096_q)
make_dh_bn(modp_6144_p)
make_dh_bn(modp_6144_q)
make_dh_bn(modp_8192_p)
make_dh_bn(modp_8192_q)
+17 -17
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -771,16 +771,16 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
int bn_pwr5_mont_t4_8(BN_ULONG * tp, const BN_ULONG *np,
int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
int bn_pwr5_mont_t4_16(BN_ULONG * tp, const BN_ULONG *np,
int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
int bn_pwr5_mont_t4_24(BN_ULONG * tp, const BN_ULONG *np,
int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
int bn_pwr5_mont_t4_32(BN_ULONG * tp, const BN_ULONG *np,
int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
static const bn_pwr5_mont_f pwr5_funcs[4] = {
@@ -792,15 +792,15 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap, const void *bp,
int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
const BN_ULONG *np, const BN_ULONG *n0);
int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
static const bn_mul_mont_f mul_funcs[4] = {
@@ -809,20 +809,20 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
};
bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
void bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap,
void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
void bn_mul_mont_t4(BN_ULONG * rp, const BN_ULONG *ap,
void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
void bn_mul_mont_gather5_t4(BN_ULONG * rp, const BN_ULONG *ap,
void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
void *table, size_t power);
void bn_gather5_t4(BN_ULONG * out, size_t num,
void bn_gather5_t4(BN_ULONG *out, size_t num,
void *table, size_t power);
void bn_flip_t4(BN_ULONG * dst, BN_ULONG * src, size_t num);
void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
BN_ULONG *np = mont->N.d, *n0 = mont->n0;
int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
@@ -922,13 +922,13 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
* Given those inputs, |bn_mul_mont| may not give reduced
* output, but it will still produce "almost" reduced output.
*/
void bn_mul_mont_gather5(BN_ULONG * rp, const BN_ULONG *ap,
void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
void bn_scatter5(const BN_ULONG *inp, size_t num,
void *table, size_t power);
void bn_gather5(BN_ULONG * out, size_t num, void *table, size_t power);
void bn_power5(BN_ULONG * rp, const BN_ULONG *ap,
void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
int bn_get_bits5(const BN_ULONG *ap, int off);
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -387,7 +387,7 @@ struct bn_gencb_st {
#elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
#if defined(__DECC)
#include <c_asm.h>
#define BN_UMULT_HIGH(a, b) (BN_ULONG) asm("umulh %a0,%a1,%v0", (a), (b))
#define BN_UMULT_HIGH(a, b) (BN_ULONG)asm("umulh %a0,%a1,%v0", (a), (b))
#elif defined(__GNUC__) && __GNUC__ >= 2
#define BN_UMULT_HIGH(a, b) ({ \
register BN_ULONG ret; \
+4 -5
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,10 +8,9 @@
*/
/*
* Details about Montgomery multiplication algorithms can be found at
* http://security.ece.orst.edu/publications.html, e.g.
* http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
* sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
* Details about Montgomery multiplication algorithms can be found in
* https://www.microsoft.com/en-us/research/wp-content/uploads/1996/01/j37acmon.pdf
* and https://cetinkayakoc.net/docs/r01.pdf
*/
#include "internal/cryptlib.h"
+5 -5
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -15,14 +15,14 @@
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num)
{
int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
int bn_mul4x_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
int bn_mul_mont_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap,
int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
int bn_mul_mont_300_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap,
int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -30,7 +30,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
#define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x))
#if BN_BITS2 == 64
#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
#else
#define BN_DEF(lo, hi) lo, hi
#endif
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -29,7 +29,7 @@
#include "internal/nelem.h"
#if BN_BITS2 == 64
#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
#else
#define BN_DEF(lo, hi) lo, hi
#endif
+8 -8
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -16,11 +16,11 @@
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num)
{
int bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
int bn_mul_mont_fpu(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
if (!(num & 1) && num >= 6) {
@@ -29,16 +29,16 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *bp,
const BN_ULONG *np,
const BN_ULONG *n0);
int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap,
int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
static const bn_mul_mont_f funcs[4] = {
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -23,7 +23,7 @@ const void *ossl_bsearch(const void *key, const void *base, int num,
l = 0;
h = num;
while (l < h) {
i = (l + h) / 2;
i = l + (h - l) / 2;
p = &(base_[i * size]);
c = (*cmp)(key, p);
if (c < 0)
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num, int enc)
{
register CAST_LONG v0, v1, t;
register int n = *num;
register int n = *num & 0x07;
register long l = length;
CAST_LONG ti[2];
unsigned char *iv, c, cc;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num)
{
register CAST_LONG v0, v1, t;
register int n = *num;
register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
+17 -6
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -149,6 +149,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
int time_left;
OSSL_CMP_transfer_cb_t transfer_cb = ctx->transfer_cb;
ctx->status = OSSL_CMP_PKISTATUS_trans;
#ifndef OPENSSL_NO_HTTP
if (transfer_cb == NULL)
transfer_cb = OSSL_CMP_MSG_http_perform;
@@ -175,7 +176,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
/* should print error queue since transfer_cb may call ERR_clear_error() */
OSSL_CMP_CTX_print_errors(ctx);
if (ctx->server != NULL)
if (ctx->server != NULL || ctx->transfer_cb != NULL)
ossl_cmp_log1(INFO, ctx, "sending %s", req_type_str);
*rep = (*transfer_cb)(ctx, req);
@@ -189,6 +190,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
return 0;
}
ctx->status = OSSL_CMP_PKISTATUS_checking_response;
bt = OSSL_CMP_MSG_get_bodytype(*rep);
/*
* The body type in the 'bt' variable is not yet verified.
@@ -284,11 +286,15 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
"received 'waiting' PKIStatus, starting to poll for response");
*rep = NULL;
for (;;) {
int bak = ctx->status;
ctx->status = OSSL_CMP_PKISTATUS_request;
if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL)
goto err;
if (!send_receive_check(ctx, preq, &prep, OSSL_CMP_PKIBODY_POLLREP))
goto err;
ctx->status = bak;
/* handle potential pollRep */
if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) {
@@ -344,6 +350,7 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL));
if (time_left <= 0) {
ctx->status = OSSL_CMP_PKISTATUS_trans;
ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT);
goto err;
}
@@ -455,7 +462,9 @@ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
OSSL_CMP_MSG *certConf;
OSSL_CMP_MSG *PKIconf = NULL;
int res = 0;
int bak = ctx->status;
ctx->status = OSSL_CMP_PKISTATUS_request;
/* OSSL_CMP_certConf_new() also checks if all necessary options are set */
certConf = ossl_cmp_certConf_new(ctx, certReqId, fail_info, txt);
if (certConf == NULL)
@@ -464,6 +473,9 @@ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
res = send_receive_also_delayed(ctx, certConf, &PKIconf,
OSSL_CMP_PKIBODY_PKICONF);
if (res)
ctx->status = bak;
err:
OSSL_CMP_MSG_free(certConf);
OSSL_CMP_MSG_free(PKIconf);
@@ -479,6 +491,7 @@ int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info,
OSSL_CMP_MSG *PKIconf = NULL;
int res = 0;
ctx->status = OSSL_CMP_PKISTATUS_request;
/* not overwriting ctx->status on error exchange */
if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, txt)) == NULL)
goto err;
@@ -488,6 +501,7 @@ int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info,
res = send_receive_also_delayed(ctx, error,
&PKIconf, OSSL_CMP_PKIBODY_PKICONF);
ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client;
err:
OSSL_CMP_MSG_free(error);
@@ -790,7 +804,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED,
"rejecting newly enrolled cert with subject: %s; %s",
subj, txt);
ctx->status = OSSL_CMP_PKISTATUS_rejection;
ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client;
ret = 0;
}
OPENSSL_free(subj);
@@ -812,7 +826,6 @@ static int initial_certreq(OSSL_CMP_CTX *ctx,
if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL)
return 0;
ctx->status = OSSL_CMP_PKISTATUS_trans;
res = send_receive_check(ctx, req, p_rep, rep_type);
OSSL_CMP_MSG_free(req);
return res;
@@ -918,7 +931,6 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
if ((rr = ossl_cmp_rr_new(ctx)) == NULL)
goto end;
ctx->status = OSSL_CMP_PKISTATUS_trans;
if (!send_receive_also_delayed(ctx, rr, &rp, OSSL_CMP_PKIBODY_RP))
goto end;
@@ -1038,7 +1050,6 @@ STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx)
if ((genm = ossl_cmp_genm_new(ctx)) == NULL)
goto err;
ctx->status = OSSL_CMP_PKISTATUS_trans;
if (!send_receive_also_delayed(ctx, genm, &genp, OSSL_CMP_PKIBODY_GENP))
goto err;
ctx->status = OSSL_CMP_PKISTATUS_accepted;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -742,7 +742,7 @@ DEFINE_OSSL_set1_up_ref(OSSL_CMP_CTX, oldCert, X509)
*/
DEFINE_OSSL_set0(ossl_cmp_ctx, newCert, X509)
/* Get successfully validated server cert, if any, of current transaction */
/* Get successfully validated sender cert, if any, of current transaction */
DEFINE_OSSL_CMP_CTX_get0(validatedSrvCert, X509)
/*
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -66,7 +66,7 @@ struct ossl_cmp_ctx_st {
int unprotectedErrors;
int noCacheExtraCerts;
X509 *srvCert; /* certificate used to identify the server */
X509 *validatedSrvCert; /* caches any already validated server cert */
X509 *validatedSrvCert; /* caches any already validated sender cert */
X509_NAME *expected_sender; /* expected sender in header of response */
X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */
STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */
+14 -11
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2020
* Copyright Siemens AG 2015-2020
*
@@ -363,13 +363,12 @@ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx,
return valid;
}
/* checks protection of msg but not cert revocation nor cert chain */
static int check_msg_given_cert(const OSSL_CMP_CTX *ctx, X509 *cert,
const OSSL_CMP_MSG *msg)
{
return cert_acceptable(ctx, "previously validated", "sender cert",
cert, NULL, NULL, msg)
&& (check_cert_path(ctx, ctx->trusted, cert)
|| check_cert_path_3gpp(ctx, msg, cert));
cert, NULL, NULL, msg);
}
/*-
@@ -479,22 +478,26 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
(void)ERR_set_mark();
ctx->log_cb = NULL; /* temporarily disable logging */
/*
* try first cached scrt, used successfully earlier in same transaction,
* for validating this and any further msgs where extraCerts may be left out
*/
if (scrt != NULL) {
/*-
* try first using cached message sender cert (in 'scrt' variable),
* which was used successfully earlier in the same transaction
* (assuming that the certificate itself was not revoked meanwhile and
* is a good guess for use in validating also the current message)
*/
if (check_msg_given_cert(ctx, scrt, msg)) {
ctx->log_cb = backup_log_cb;
(void)ERR_pop_to_mark();
return 1;
}
/* cached sender cert has shown to be no more successfully usable */
(void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL);
/* re-do the above check (just) for adding diagnostic information */
ossl_cmp_info(ctx,
"trying to verify msg signature with previously validated cert");
ctx->log_cb = backup_log_cb;
(void)check_msg_given_cert(ctx, scrt, msg);
ctx->log_cb = NULL;
(void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL); /* this invalidates scrt */
}
res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */)
@@ -628,7 +631,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
scrt = ctx->srvCert;
if (scrt == NULL) {
if (ctx->trusted == NULL && ctx->secretValue != NULL) {
ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
ossl_cmp_info(ctx, "no trust store nor pinned sender cert available for verifying signature-based CMP message protection");
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
return 0;
}
@@ -642,7 +645,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
/* use ctx->srvCert for signature check even if not acceptable */
if (verify_signature(ctx, msg, scrt)) {
ossl_cmp_debug(ctx,
"successfully validated signature-based CMP message protection using pinned server cert");
"successfully validated signature-based CMP message protection using pinned sender cert");
return ossl_cmp_ctx_set1_validatedSrvCert(ctx, scrt);
}
ossl_cmp_warn(ctx, "CMP message signature verification failed");
+15 -15
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -23,7 +23,7 @@ ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
ASN1_CHOICE(CMS_CertificateChoices)
ASN1_CHOICE(CMS_CertificateChoices)
= { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) } ASN1_CHOICE_END(CMS_CertificateChoices)
ASN1_CHOICE(CMS_SignerIdentifier) = {
@@ -31,11 +31,11 @@ ASN1_CHOICE(CMS_SignerIdentifier) = {
ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
= { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) } static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
/* Minor tweak to operation: free up signer key, cert */
static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
/* Minor tweak to operation: free up signer key, cert */
static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
if (operation == ASN1_OP_FREE_POST) {
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
@@ -62,7 +62,7 @@ ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
ASN1_CHOICE(CMS_RevocationInfoChoice)
ASN1_CHOICE(CMS_RevocationInfoChoice)
= { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
@@ -80,7 +80,7 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = {
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval;
@@ -118,7 +118,7 @@ ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
if (operation == ASN1_OP_FREE_POST) {
@@ -143,7 +143,7 @@ ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
if (operation == ASN1_OP_NEW_POST) {
@@ -173,7 +173,7 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
ASN1_SEQUENCE(CMS_KEKRecipientInfo)
ASN1_SEQUENCE(CMS_KEKRecipientInfo)
= { ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
@@ -188,8 +188,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
/* Free up RecipientInfo additional data */
static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
/* Free up RecipientInfo additional data */
static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
if (operation == ASN1_OP_FREE_PRE) {
CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
@@ -262,7 +262,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
ASN1_NDEF_SEQUENCE(CMS_CompressedData)
ASN1_NDEF_SEQUENCE(CMS_CompressedData)
= {
ASN1_EMBED(CMS_CompressedData, version, INT32),
ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
@@ -348,7 +348,7 @@ ASN1_CHOICE(CMS_ReceiptsFrom) = {
ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
ASN1_SEQUENCE(CMS_ReceiptRequest)
ASN1_SEQUENCE(CMS_ReceiptRequest)
= { ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
ASN1_SEQUENCE(CMS_Receipt) = {
@@ -375,7 +375,7 @@ ASN1_SEQUENCE(CMS_SharedInfo) = {
ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
{
union {
CMS_SharedInfo *pecsi;
+10 -5
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -89,16 +89,21 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
int keylen, plen;
EVP_CIPHER *kekcipher = NULL;
EVP_CIPHER_CTX *kekctx;
const ASN1_OBJECT *aoid;
const void *parameter = NULL;
int ptype = 0;
char name[OSSL_MAX_NAME_SIZE];
if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
goto err;
X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
/*
* For DH we only have one OID permissible. If ever any more get defined
* we will need something cleverer.
*/
if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) {
ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
goto err;
}
@@ -107,11 +112,11 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
|| EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
goto err;
if (alg->parameter->type != V_ASN1_SEQUENCE)
if (ptype != V_ASN1_SEQUENCE)
goto err;
p = alg->parameter->value.sequence->data;
plen = alg->parameter->value.sequence->length;
p = ASN1_STRING_get0_data(parameter);
plen = ASN1_STRING_length(parameter);
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
if (kekalg == NULL)
goto err;
+11 -5
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -166,21 +166,27 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
int plen, keylen;
EVP_CIPHER *kekcipher = NULL;
EVP_CIPHER_CTX *kekctx;
const ASN1_OBJECT *aoid = NULL;
int ptype = 0;
const void *parameter = NULL;
char name[OSSL_MAX_NAME_SIZE];
if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
return 0;
if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) {
ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
return 0;
}
if (alg->parameter->type != V_ASN1_SEQUENCE)
if (ptype != V_ASN1_SEQUENCE)
return 0;
p = alg->parameter->value.sequence->data;
plen = alg->parameter->value.sequence->length;
p = ASN1_STRING_get0_data(parameter);
plen = ASN1_STRING_length(parameter);
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
if (kekalg == NULL)
goto err;
+2 -3
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -35,8 +35,7 @@ typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
typedef struct CMS_KeyAgreeRecipientIdentifier_st
CMS_KeyAgreeRecipientIdentifier;
typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
+20 -13
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
X509_ALGOR *cmsalg;
int nid;
int rv = -1;
unsigned char *label = NULL;
const unsigned char *label = NULL;
int labellen = 0;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_OAEP_PARAMS *oaep;
const ASN1_OBJECT *aoid;
const void *parameter = NULL;
int ptype = 0;
pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (pkctx == NULL)
@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
goto err;
if (oaep->pSourceFunc != NULL) {
X509_ALGOR *plab = oaep->pSourceFunc;
X509_ALGOR_get0(&aoid, &ptype, &parameter, oaep->pSourceFunc);
if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
if (OBJ_obj2nid(aoid) != NID_pSpecified) {
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
goto err;
}
if (plab->parameter->type != V_ASN1_OCTET_STRING) {
if (ptype != V_ASN1_OCTET_STRING) {
ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
goto err;
}
label = plab->parameter->value.octet_string->data;
/* Stop label being freed when OAEP parameters are freed */
plab->parameter->value.octet_string->data = NULL;
labellen = plab->parameter->value.octet_string->length;
label = ASN1_STRING_get0_data(parameter);
labellen = ASN1_STRING_length(parameter);
}
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
if (label != NULL
&& EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
OPENSSL_free(label);
goto err;
if (label != NULL) {
unsigned char *dup_label = OPENSSL_memdup(label, labellen);
if (dup_label == NULL)
goto err;
if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
OPENSSL_free(dup_label);
goto err;
}
}
/* Carry on */
rv = 1;
+4 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -474,8 +474,10 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
} else {
if (dcont && (tmpin == dcont))
do_free_upto(cmsbio, dcont);
else
else if (cmsbio != NULL)
BIO_free_all(cmsbio);
else
BIO_free(tmpin);
}
if (out != tmpout)
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -314,7 +314,7 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
return NULL;
}
ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE,
"group=%s name=%s", group, name);
"group=%s name=%s", group != NULL ? group : "", name);
return NULL;
}
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -395,7 +395,7 @@ static CONF_MODULE *module_find(const char *name)
{
CONF_MODULE *tmod;
int i, nchar;
char *p;
const char *p;
STACK_OF(CONF_MODULE) *mods;
p = strrchr(name, '.');
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -28,7 +28,7 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
{
register DES_LONG v0, v1;
register long l = length;
register int n = *num;
register int n = *num & 0x07;
DES_LONG ti[2];
unsigned char *iv, c, cc;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
{
register DES_LONG v0, v1;
register long l = length;
register int n = *num;
register int n = *num & 0x07;
DES_LONG ti[2];
unsigned char *iv, c, cc;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
DES_key_schedule *k3, DES_cblock *ivec, int *num)
{
register DES_LONG v0, v1;
register int n = *num;
register int n = *num & 0x07;
register long l = length;
DES_cblock d;
register char *dp;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -25,7 +25,7 @@ void DES_ofb64_encrypt(register const unsigned char *in,
DES_key_schedule *schedule, DES_cblock *ivec, int *num)
{
register DES_LONG v0, v1, t;
register int n = *num;
register int n = *num & 0x07;
register long l = length;
DES_cblock d;
register unsigned char *dp;
+3 -4
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -76,7 +76,7 @@ ASN1_SEQUENCE(DHvparams) = {
ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
ASN1_SEQUENCE(DHxparams)
ASN1_SEQUENCE(DHxparams)
= {
ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
@@ -85,8 +85,7 @@ ASN1_SEQUENCE(DHvparams) = {
ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
int_dhx942_dh
* d2i_int_dhx(int_dhx942_dh * *a, const unsigned char **pp, long length);
int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, const unsigned char **pp, long length);
int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(int_dhx942_dh, DHxparams, int_dhx)
+3 -3
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -43,5 +43,5 @@
}
make_dh(1024_160)
make_dh(2048_224)
make_dh(2048_256)
make_dh(2048_224)
make_dh(2048_256)
+3 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -35,7 +35,9 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
#ifndef __CYGWIN__
OPENSSL_thread_stop();
#endif
break;
case DLL_PROCESS_DETACH:
break;
+4 -4
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,7 +47,7 @@ ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
ASN1_SIMPLE(DSA, params.p, BIGNUM),
@@ -55,7 +55,7 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
ASN1_SIMPLE(DSA, params.g, BIGNUM),
} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
ASN1_SIMPLE(DSA, pub_key, BIGNUM),
@@ -64,7 +64,7 @@ ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
ASN1_SIMPLE(DSA, params.g, BIGNUM)
} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
DSA *DSAparams_dup(const DSA *dsa)
{
+6 -6
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -105,7 +105,7 @@ ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
@@ -122,7 +122,7 @@ ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
@@ -137,10 +137,10 @@ ASN1_SEQUENCE(X9_62_FIELDID) = {
ASN1_ADB_OBJECT(X9_62_FIELDID)
} static_ASN1_SEQUENCE_END(X9_62_FIELDID)
ASN1_SEQUENCE(X9_62_CURVE)
ASN1_SEQUENCE(X9_62_CURVE)
= { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(X9_62_CURVE)
ASN1_SEQUENCE(ECPARAMETERS)
ASN1_SEQUENCE(ECPARAMETERS)
= { ASN1_EMBED(ECPARAMETERS, version, INT32), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS)
DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
@@ -163,7 +163,7 @@ ASN1_SEQUENCE(EC_PRIVATEKEY) = {
ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY)
IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY)
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -50,7 +50,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
* ECC domain parameter validation.
* See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
*/
return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0;
return EC_GROUP_check_named_curve(group, 1, ctx) > 0 ? 1 : 0;
#else
int ret = 0;
const BIGNUM *order;
+3 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -175,6 +175,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
dest->libctx = src->libctx;
dest->curve_name = src->curve_name;
EC_pre_comp_free(dest);
/* Copy precomputed */
dest->pre_comp_type = src->pre_comp_type;
switch (src->pre_comp_type) {
+5 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -40,6 +40,7 @@
#include "crypto/cmperr.h"
#include "crypto/cterr.h"
#include "crypto/asyncerr.h"
#include "crypto/sm2err.h"
#include "crypto/storeerr.h"
#include "crypto/esserr.h"
#include "internal/propertyerr.h"
@@ -104,6 +105,9 @@ int ossl_err_load_crypto_strings(void)
#endif
|| ossl_err_load_ESS_strings() == 0
|| ossl_err_load_ASYNC_strings() == 0
#ifndef OPENSSL_NO_SM2
|| ossl_err_load_SM2_strings() == 0
#endif
|| ossl_err_load_OSSL_STORE_strings() == 0
|| ossl_err_load_PROP_strings() == 0
|| ossl_err_load_PROV_strings() == 0
+2 -1
View File
@@ -1,4 +1,4 @@
# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -848,6 +848,7 @@ EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE:191:xts data unit is too large
EVP_R_XTS_DUPLICATED_KEYS:192:xts duplicated keys
HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN:108:asn1 len exceeds max resp len
HTTP_R_CONNECT_FAILURE:100:connect failure
HTTP_R_CONTENT_TYPE_MISMATCH:131:content type mismatch
HTTP_R_ERROR_PARSING_ASN1_LENGTH:109:error parsing asn1 length
HTTP_R_ERROR_PARSING_CONTENT_LENGTH:119:error parsing content length
HTTP_R_ERROR_PARSING_URL:101:error parsing url
+4 -4
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,7 +21,7 @@ ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
} static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
ASN1_SEQUENCE(ESS_CERT_ID) = {
@@ -29,7 +29,7 @@ ASN1_SEQUENCE(ESS_CERT_ID) = {
ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID)
IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
@@ -46,7 +46,7 @@ ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
+4 -3
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -872,8 +872,9 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
if (pctx != NULL
&& (pctx->operation == EVP_PKEY_OP_VERIFYCTX
|| pctx->operation == EVP_PKEY_OP_SIGNCTX)
&& pctx->op.sig.algctx != NULL
&& pctx->op.sig.signature->gettable_ctx_md_params != NULL)
&& pctx->op.sig.signature != NULL
&& pctx->op.sig.signature->gettable_ctx_md_params != NULL
&& pctx->op.sig.algctx != NULL)
return pctx->op.sig.signature->gettable_ctx_md_params(
pctx->op.sig.algctx);
+28 -28
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2403,14 +2403,14 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
#endif
#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
@@ -2641,10 +2641,10 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, c);
if (gctx == NULL)
@@ -3189,12 +3189,12 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c);
@@ -3378,9 +3378,9 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
| EVP_CIPH_CUSTOM_COPY)
BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, c);
switch (type) {
@@ -3654,12 +3654,12 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
typedef struct {
typedef struct {
union {
OSSL_UNION_ALIGN;
AES_KEY ks;
@@ -4146,8 +4146,8 @@ static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
#endif /* OPENSSL_NO_OCB */
+11 -11
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -194,13 +194,13 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
/* Authenticated cipher modes (GCM/CCM) */
/* Authenticated cipher modes (GCM/CCM) */
/* increment counter (64-bit int) by 1 */
static void ctr64_inc(unsigned char *counter)
/* increment counter (64-bit int) by 1 */
static void ctr64_inc(unsigned char *counter)
{
int n = 8;
unsigned char c;
@@ -778,11 +778,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_aead(128, gcm, GCM)
BLOCK_CIPHER_aead(192, gcm, GCM)
BLOCK_CIPHER_aead(256, gcm, GCM)
BLOCK_CIPHER_aead(192, gcm, GCM)
BLOCK_CIPHER_aead(256, gcm, GCM)
BLOCK_CIPHER_aead(128, ccm, CCM)
BLOCK_CIPHER_aead(192, ccm, CCM)
BLOCK_CIPHER_aead(256, ccm, CCM)
BLOCK_CIPHER_aead(128, ccm, CCM)
BLOCK_CIPHER_aead(192, ccm, CCM)
BLOCK_CIPHER_aead(256, ccm, CCM)
#endif
+11 -11
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -183,14 +183,14 @@ static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#endif
#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
/* The subkey for Camellia is generated. */
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -347,5 +347,5 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
+9 -9
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -197,16 +197,16 @@ BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+12 -12
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -210,20 +210,20 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
#define des_ede3_ofb_cipher des_ede_ofb_cipher
#define des_ede3_cbc_cipher des_ede_cbc_cipher
#define des_ede3_ecb_cipher des_ede_ecb_cipher
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = data(ctx);
+3 -3
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -54,8 +54,8 @@ BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
0, idea_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
{
if (!enc) {
if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE)
+7 -7
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
* Ported from Ribose contributions from Botan.
*
@@ -49,12 +49,12 @@ typedef struct {
return &sm4_##mode; \
}
#define DEFINE_BLOCK_CIPHERS(nid, flags) \
BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags)
#define DEFINE_BLOCK_CIPHERS(nid, flags) \
BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags)
static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -689,7 +689,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d)));
if (eof == -1)
eof = (f[2] == '=') + (f[3] == '=');
eof = (c == '=') + (d == '=');
switch (eof) {
case 2:
+11 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -979,6 +979,11 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
size_t soutl, inl_ = (size_t)inl;
int blocksize;
if (inl < 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
return 0;
}
if (ossl_likely(outl != NULL)) {
*outl = 0;
} else {
@@ -1128,6 +1133,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
size_t soutl, inl_ = (size_t)inl;
int blocksize;
if (inl < 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
return 0;
}
if (ossl_likely(outl != NULL)) {
*outl = 0;
} else {
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -181,7 +181,7 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
if (provauthkey != NULL && kem->auth_decapsulate_init != NULL) {
ret = kem->auth_decapsulate_init(ctx->op.encap.algctx, provkey,
provauthkey, params);
} else if (provauthkey == NULL && kem->encapsulate_init != NULL) {
} else if (provauthkey == NULL && kem->decapsulate_init != NULL) {
ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params);
} else {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+4 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -82,9 +82,11 @@
#if defined(__GNUC__) || defined(__CLANG__)
#define PREFETCH_NEIGHBORHOOD(x) __builtin_prefetch(x.entries)
#define PREFETCH(x) __builtin_prefetch(x)
#define ALIGN __attribute__((aligned(8)))
#else
#define PREFETCH_NEIGHBORHOOD(x)
#define PREFETCH(x)
#define ALIGN
#endif
/*
@@ -112,7 +114,7 @@ struct ht_internal_value_st {
struct ht_neighborhood_entry_st {
uint64_t hash;
struct ht_internal_value_st *value;
};
} ALIGN;
struct ht_neighborhood_st {
struct ht_neighborhood_entry_st entries[NEIGHBORHOOD_LEN];
+21 -5
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2018-2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -551,6 +551,7 @@ static int may_still_retry(time_t max_time, int *ptimeout)
int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
{
int i, found_expected_ct = 0, found_keep_alive = 0;
int status_code = 0;
int got_text = 1;
long n;
size_t resp_len = 0;
@@ -751,8 +752,8 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
/* First line in response header */
if (rctx->state == OHS_FIRSTLINE) {
i = parse_http_line1(buf, &found_keep_alive);
switch (i) {
status_code = parse_http_line1(buf, &found_keep_alive);
switch (status_code) {
case HTTP_STATUS_CODE_OK:
rctx->state = OHS_HEADERS;
goto next_line;
@@ -767,7 +768,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
/* fall through */
default:
/* must return content if status >= 400 */
rctx->state = i < HTTP_STATUS_CODES_NONFATAL_ERROR
rctx->state = status_code < HTTP_STATUS_CODES_NONFATAL_ERROR
? OHS_HEADERS_ERROR
: OHS_HEADERS;
goto next_line; /* continue parsing, also on HTTP error */
@@ -797,6 +798,17 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
}
if (OPENSSL_strcasecmp(key, "Content-Type") == 0) {
got_text = HAS_CASE_PREFIX(value, "text/");
if (got_text
&& rctx->state == OHS_HEADERS
&& rctx->expect_asn1
&& (status_code >= HTTP_STATUS_CODES_NONFATAL_ERROR
|| status_code == HTTP_STATUS_CODE_OK)) {
ERR_raise_data(ERR_LIB_HTTP, HTTP_R_CONTENT_TYPE_MISMATCH,
"expected ASN.1 content but got http code %d with Content-Type: %s",
status_code, value);
rctx->state = OHS_HEADERS_ERROR;
goto next_line;
}
if (rctx->state == OHS_HEADERS
&& rctx->expected_ct != NULL) {
const char *semicolon;
@@ -1452,7 +1464,11 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
}
BIO_push(fbio, bio);
BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
/* Add square brackets around a naked IPv6 address */
if (server[0] != '[' && strchr(server, ':') != NULL)
BIO_printf(fbio, "CONNECT [%s]:%s " HTTP_1_0 "\r\n", server, port);
else
BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
/*
* Workaround for broken proxies which would otherwise close
+3 -1
View File
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,6 +20,8 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = {
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN),
"asn1 len exceeds max resp len" },
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONNECT_FAILURE), "connect failure" },
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONTENT_TYPE_MISMATCH),
"content type mismatch" },
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_ASN1_LENGTH),
"error parsing asn1 length" },
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_CONTENT_LENGTH),
+6 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -55,6 +55,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
char **ppath, char **pquery, char **pfrag)
{
const char *p, *tmp;
const char *authority_end;
const char *scheme, *scheme_end;
const char *user, *user_end;
const char *host, *host_end;
@@ -92,7 +93,10 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
/* parse optional "userinfo@" */
user = user_end = host = p;
host = strchr(p, '@');
authority_end = strpbrk(p, "/?#");
if (authority_end == NULL)
authority_end = p + strlen(p);
host = memchr(p, '@', authority_end - p);
if (host != NULL)
user_end = host++;
else
+2 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,6 +37,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
*num = -1;
return;
}
n = n & 0x07;
iv = (unsigned char *)ivec;
if (encrypt) {
+2 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -39,6 +39,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
*num = -1;
return;
}
n = n & 0x07;
iv = (unsigned char *)ivec;
n2l(iv, v0);
+2 -5
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -275,27 +275,24 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
}
static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
static int config_inited = 0;
static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
DEFINE_RUN_ONCE_STATIC(ossl_init_config)
{
int ret = ossl_config_int(NULL);
config_inited = 1;
return ret;
}
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config)
{
int ret = ossl_config_int(conf_settings);
config_inited = 1;
return ret;
}
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
{
OSSL_TRACE(INIT, "ossl_no_config_int()\n");
ossl_no_config_int();
config_inited = 1;
return 1;
}
+13 -1
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -200,16 +200,28 @@ static void init_thread_destructor(void *hands)
}
static CRYPTO_ONCE ossl_init_thread_runonce = CRYPTO_ONCE_STATIC_INIT;
/* MSVC linker can use other segment for uninitialized (zeroed) variables */
#if defined(OPENSSL_SYS_WINDOWS)
static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)-1;
#elif defined(OPENSSL_SYS_TANDEM) && (defined(_PUT_MODEL_) || defined(_KLT_MODEL_))
static CRYPTO_THREAD_ID recursion_guard = { (void *)-1, (short)-1, (short)-1 };
#else
static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)0;
#endif
DEFINE_RUN_ONCE_STATIC(ossl_init_thread_once)
{
/* CRYPTO_THREAD_init_local() can call ossl_init_threads() again */
recursion_guard = CRYPTO_THREAD_get_current_id();
if (!CRYPTO_THREAD_init_local(&destructor_key.value,
init_thread_destructor))
return 0;
#if defined(OPENSSL_SYS_TANDEM)
memset(&recursion_guard, 0, sizeof(recursion_guard));
#else
recursion_guard = (CRYPTO_THREAD_ID)0;
#endif
return 1;
}
-5
View File
@@ -409,7 +409,6 @@ my $code.=<<___;
################################################################################
.align 4
aes_gcm_crypt_1x:
.localentry aes_gcm_crypt_1x,0
cmpdi 5, 16
bge __More_1x
@@ -492,7 +491,6 @@ __Encrypt_1x:
################################################################################
.align 4
__Process_partial:
.localentry __Process_partial,0
# create partial mask
vspltisb 16, -1
@@ -564,7 +562,6 @@ __Encrypt_partial:
.global ppc_aes_gcm_encrypt
.align 5
ppc_aes_gcm_encrypt:
.localentry ppc_aes_gcm_encrypt,0
SAVE_REGS
LOAD_HASH_TABLE
@@ -752,7 +749,6 @@ __Process_more_enc:
.global ppc_aes_gcm_decrypt
.align 5
ppc_aes_gcm_decrypt:
.localentry ppc_aes_gcm_decrypt, 0
SAVE_REGS
LOAD_HASH_TABLE
@@ -1032,7 +1028,6 @@ __Process_more_dec:
.size ppc_aes_gcm_decrypt,.-ppc_aes_gcm_decrypt
aes_gcm_out:
.localentry aes_gcm_out,0
mr 3, 11 # return count
+2 -2
View File
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2010-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -55,7 +55,7 @@
# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
# Polynomial Multiplication on ARM Processors using the NEON Engine.
#
# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
# ====================================================================
# Note about "528B" variant. In ARM case it makes lesser sense to
+1 -1
View File
@@ -35,7 +35,7 @@ IF[{- !$disabled{asm} -}]
$MODESASM_ppc32=ghashp8-ppc.s
$MODESDEF_ppc32=
$MODESASM_ppc64=$MODESASM_ppc32
IF[{- $target{sys_id} ne "AIX" && $target{sys_id} ne "MACOSX" -}]
IF[{- $target{perlasm_scheme} =~ /le$/ -}]
$MODESASM_ppc64=$MODESASM_ppc32 aes-gcm-ppc.s
ENDIF
$MODESDEF_ppc64=$MODESDEF_ppc32
+13 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2003-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -296,6 +296,11 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
int has_sep = (sep != CH_ZERO);
size_t i, len = has_sep ? buflen * 3 : 1 + buflen * 2;
if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) {
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
return 0;
}
if (len == 0)
++len;
if (strlength != NULL)
@@ -339,7 +344,13 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
if (buflen == 0)
return OPENSSL_zalloc(1);
tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2;
if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3)
|| (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) {
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
return NULL;
}
tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2;
if ((tmp = OPENSSL_malloc(tmp_n)) == NULL)
return NULL;
+103 -5
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -121,12 +121,22 @@ void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
unsigned int num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -134,12 +144,22 @@ int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
long int num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
unsigned long int num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -147,12 +167,22 @@ int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
int32_t num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
uint32_t num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -160,12 +190,22 @@ int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
int64_t num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
uint64_t num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -173,6 +213,11 @@ int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
size_t num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -180,6 +225,11 @@ int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
time_t num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_INTEGER);
}
@@ -187,6 +237,11 @@ int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
double num)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
}
@@ -196,6 +251,11 @@ static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
int n, secure = 0;
OSSL_PARAM_BLD_DEF *pd;
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!ossl_assert(type == OSSL_PARAM_UNSIGNED_INTEGER
|| type == OSSL_PARAM_INTEGER))
return 0;
@@ -233,6 +293,11 @@ static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
const BIGNUM *bn)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (bn != NULL && BN_is_negative(bn))
return push_BN(bld, key, bn, BN_num_bytes(bn) + 1,
OSSL_PARAM_INTEGER);
@@ -243,6 +308,11 @@ int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
const BIGNUM *bn, size_t sz)
{
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (bn != NULL && BN_is_negative(bn))
return push_BN(bld, key, bn, BN_num_bytes(bn),
OSSL_PARAM_INTEGER);
@@ -255,6 +325,11 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
OSSL_PARAM_BLD_DEF *pd;
int secure;
if (bld == NULL || key == NULL || buf == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (bsize == 0)
bsize = strlen(buf);
secure = CRYPTO_secure_allocated(buf);
@@ -270,6 +345,11 @@ int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
{
OSSL_PARAM_BLD_DEF *pd;
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (bsize == 0)
bsize = strlen(buf);
pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
@@ -285,6 +365,11 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
OSSL_PARAM_BLD_DEF *pd;
int secure;
if (bld == NULL || key == NULL || buf == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
secure = CRYPTO_secure_allocated(buf);
pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure);
if (pd == NULL)
@@ -298,6 +383,11 @@ int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
{
OSSL_PARAM_BLD_DEF *pd;
if (bld == NULL || key == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
if (pd == NULL)
return 0;
@@ -362,10 +452,18 @@ OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
{
OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
OSSL_PARAM *params, *last;
const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
int num;
size_t p_blks, total, ss;
if (bld == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
if (ss > 0) {
s = OPENSSL_secure_malloc(ss);
+2 -3
View File
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -663,8 +663,7 @@ my %globals;
);
# Following constants are defined in x86_64 ABI supplement, for
# example available at https://www.uclibc.org/docs/psABI-x86_64.pdf,
# see section 3.7 "Stack Unwind Algorithm".
# example available at https://gitlab.com/x86-psABIs/x86-64-ABI.
my %DW_reg_idx = (
"%rax"=>0, "%rdx"=>1, "%rcx"=>2, "%rbx"=>3,
"%rsi"=>4, "%rdi"=>5, "%rbp"=>6, "%rsp"=>7,
+4
View File
@@ -519,6 +519,8 @@ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
X509_ALGOR_free(param->messageAuthScheme);
param->keyDerivationFunc = alg;
param->messageAuthScheme = hmac_alg;
alg = NULL;
hmac_alg = NULL;
X509_SIG_getm(p12->mac->dinfo, &macalg, &macoct);
if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), param, &macalg->parameter))
@@ -540,6 +542,8 @@ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
ret = 1;
err:
X509_ALGOR_free(alg);
X509_ALGOR_free(hmac_alg);
PBMAC1PARAM_free(param);
OPENSSL_free(known_salt);
return ret;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -175,7 +175,7 @@ static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
utf32chr += 0x10000;
}
return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
return UTF8_putc((unsigned char *)str, 4, utf32chr);
}
char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
+8
View File
@@ -831,6 +831,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
break;
case NID_pkcs7_signed:
si_sk = p7->d.sign->signer_info;
if (p7->d.sign->contents == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
goto err;
}
os = PKCS7_get_octet_string(p7->d.sign->contents);
/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
@@ -841,6 +845,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
break;
case NID_pkcs7_digest:
if (p7->d.digest->contents == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
goto err;
}
os = PKCS7_get_octet_string(p7->d.digest->contents);
/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+7 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -48,7 +48,8 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
break;
case PKCS7_OP_GET_DETACHED_SIGNATURE:
if (nid == NID_pkcs7_signed) {
if (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL)
if (p7->d.sign == NULL || p7->d.sign->contents == NULL
|| p7->d.sign->contents->d.ptr == NULL)
ret = 1;
else
ret = 0;
@@ -742,6 +743,10 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
break;
case NID_pkcs7_signed:
if (p7->d.sign == NULL || p7->d.sign->contents == NULL) {
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
break;
}
os = p7->d.sign->contents->d.data;
break;
+2 -2
View File
@@ -1,5 +1,5 @@
/*
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -268,7 +268,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t outlen)
return -1;
while (1) {
char *tmpptr = strchr(inptr, '.');
const char *tmpptr = strchr(inptr, '.');
size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
if (!HAS_PREFIX(inptr, "xn--")) {

Some files were not shown because too many files have changed in this diff Show More