OpenSSL: import 3.5.6
This change adds OpenSSL 3.5.6 from upstream [1]. The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3]. This is a security release, but also contains several bugfixes. More information about the release (from a high level) can be found in the release notes [4]. 1. openssl-3.5.6.tar.gz 2. openssl-3.5.6.tar.gz.asc 3. openssl-3.5.6.tar.gz.sha256 4. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md
This commit is contained in:
+363
-212
@@ -28,6 +28,150 @@ OpenSSL Releases
|
||||
OpenSSL 3.5
|
||||
-----------
|
||||
|
||||
### Changes between 3.5.5 and 3.5.6 [7 Apr 2026]
|
||||
|
||||
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
|
||||
|
||||
Severity: Moderate
|
||||
|
||||
Issue summary: Applications using RSASVE key encapsulation to establish
|
||||
a secret encryption key can send contents of an uninitialized memory buffer
|
||||
to a malicious peer.
|
||||
|
||||
Impact summary: The uninitialized buffer might contain sensitive data
|
||||
from the previous execution of the application process which leads
|
||||
to sensitive data leakage to an attacker.
|
||||
|
||||
Reported by: Simo Sorce (Red Hat).
|
||||
|
||||
([CVE-2026-31790])
|
||||
|
||||
*Nikola Pajkovsky*
|
||||
|
||||
* Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
|
||||
is used in the server-side configuration of the key-agreement group list.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected
|
||||
preferred key exchange group when its key exchange group configuration
|
||||
includes the default by using the 'DEFAULT' keyword.
|
||||
|
||||
Impact summary: A less preferred key exchange may be used even when a more
|
||||
preferred group is supported by both client and server, if the group
|
||||
was not included among the client's initial predicated keyshares.
|
||||
This will sometimes be the case with the new hybrid post-quantum groups,
|
||||
if the client chooses to defer their use until specifically requested by
|
||||
the server.
|
||||
<!-- https://github.com/openssl/openssl/pull/30111 -->
|
||||
|
||||
([CVE-2026-2673])
|
||||
|
||||
*Viktor Dukhovni*
|
||||
|
||||
* Fixed potential use-after-free in DANE client code.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: An uncommon configuration of clients performing DANE
|
||||
TLSA-based server authentication, when paired with uncommon server DANE TLSA
|
||||
records, may result in a use-after-free and/or double-free on the client
|
||||
side.
|
||||
|
||||
Impact summary: A use after free can have a range of potential consequences
|
||||
such as the corruption of valid data, crashes, or execution of arbitrary
|
||||
code.
|
||||
|
||||
Reported by: Igor Morgenstern (Aisle Research).
|
||||
|
||||
([CVE-2026-28387])
|
||||
|
||||
*Viktor Dukhovni*
|
||||
|
||||
* Fixed NULL pointer dereference when processing a delta CRL.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension
|
||||
is processed, a NULL pointer dereference might happen if the required CRL
|
||||
Number extension is missing.
|
||||
|
||||
Impact summary: A NULL pointer dereference can trigger a crash which
|
||||
leads to a Denial of Service for an application.
|
||||
|
||||
Reported by: Igor Morgenstern (Aisle Research).
|
||||
|
||||
([CVE-2026-28388])
|
||||
|
||||
*Igor Morgenstern*
|
||||
|
||||
* Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: During processing of a crafted CMS EnvelopedData message
|
||||
with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
|
||||
|
||||
Impact summary: Applications that process attacker-controlled CMS data may
|
||||
crash before authentication or cryptographic operations occur resulting in
|
||||
Denial of Service.
|
||||
|
||||
Reported by: Nathan Sportsman (Praetorian), Daniel Rhea,
|
||||
Jaeho Nam (Seoul National University), Muhammad Daffa,
|
||||
Zhanpeng Liu (Tencent Xuanwu Lab), Guannan Wang (Tencent Xuanwu Lab),
|
||||
Guancheng Li (Tencent Xuanwu Lab), and Joshua Rogers.
|
||||
|
||||
([CVE-2026-28389])
|
||||
|
||||
*Neil Horman*
|
||||
|
||||
* Fixed possible NULL dereference when processing CMS
|
||||
KeyTransportRecipientInfo.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: During processing of a crafted CMS EnvelopedData message
|
||||
with KeyTransportRecipientInfo a NULL pointer dereference can happen.
|
||||
|
||||
Impact summary: Applications that process attacker-controlled CMS data may
|
||||
crash before authentication or cryptographic operations occur resulting in
|
||||
Denial of Service.
|
||||
|
||||
Reported by: Muhammad Daffa, Zhanpeng Liu (Tencent Xuanwu Lab),
|
||||
Guannan Wang (Tencent Xuanwu Lab), Guancheng Li (Tencent Xuanwu Lab),
|
||||
Joshua Rogers, and Chanho Kim.
|
||||
|
||||
([CVE-2026-28390])
|
||||
|
||||
*Neil Horman*
|
||||
|
||||
* Fixed heap buffer overflow in hexadecimal conversion.
|
||||
|
||||
Severity: Low
|
||||
|
||||
Issue summary: Converting an excessively large OCTET STRING value to
|
||||
a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.
|
||||
|
||||
Impact summary: A heap buffer overflow may lead to a crash or possibly
|
||||
an attacker controlled code execution or other undefined behavior.
|
||||
|
||||
Reported by: Quoc Tran (Xint.io - US Team).
|
||||
|
||||
([CVE-2026-31789])
|
||||
|
||||
*Igor Ustinov*
|
||||
|
||||
* Fixed usage of `openssl s_client -connect HOST -proxy PROXY` with `HOST`
|
||||
containing a raw IPv6 address.
|
||||
<!-- https://github.com/openssl/openssl/pull/30384 -->
|
||||
|
||||
*Peter Zhang*
|
||||
|
||||
* Fixed broken detection of plantext HTTP over TLS.
|
||||
<!-- https://github.com/openssl/openssl/pull/30411 -->
|
||||
|
||||
*Matt Caswell*
|
||||
|
||||
### Changes between 3.5.4 and 3.5.5 [27 Jan 2026]
|
||||
|
||||
* Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
|
||||
@@ -3461,7 +3605,7 @@ breaking changes, and mappings for the large list of deprecated functions.
|
||||
|
||||
*Richard Levitte*
|
||||
|
||||
* Fixed an overflow bug in the x64_64 Montgomery squaring procedure
|
||||
* Fixed an overflow bug in the x86_64 Montgomery squaring procedure
|
||||
used in exponentiation with 512-bit moduli. No EC algorithms are
|
||||
affected. Analysis suggests that attacks against 2-prime RSA1024,
|
||||
3-prime RSA1536, and DSA1024 as a result of this defect would be very
|
||||
@@ -21607,216 +21751,223 @@ ndif
|
||||
|
||||
<!-- Links -->
|
||||
|
||||
[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
|
||||
[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
|
||||
[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
|
||||
[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
|
||||
[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
|
||||
[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
|
||||
[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
|
||||
[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199
|
||||
[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469
|
||||
[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468
|
||||
[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
|
||||
[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187
|
||||
[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
|
||||
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
|
||||
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
|
||||
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
|
||||
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
|
||||
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
|
||||
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
|
||||
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
|
||||
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
|
||||
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
|
||||
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
|
||||
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
|
||||
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
|
||||
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
|
||||
[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
|
||||
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
|
||||
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
|
||||
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
|
||||
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
|
||||
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
|
||||
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
|
||||
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
|
||||
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
||||
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
|
||||
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
|
||||
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
|
||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
||||
[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
|
||||
[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
|
||||
[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
|
||||
[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
|
||||
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
|
||||
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
|
||||
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
|
||||
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
|
||||
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
|
||||
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
|
||||
[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
|
||||
[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
|
||||
[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
|
||||
[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
|
||||
[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
|
||||
[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
|
||||
[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
|
||||
[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
|
||||
[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
|
||||
[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
|
||||
[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
|
||||
[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
|
||||
[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
|
||||
[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
|
||||
[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
|
||||
[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
|
||||
[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
|
||||
[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
|
||||
[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
|
||||
[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
|
||||
[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
|
||||
[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
|
||||
[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
|
||||
[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
|
||||
[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
|
||||
[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
|
||||
[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
|
||||
[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
|
||||
[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
|
||||
[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
|
||||
[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
|
||||
[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
|
||||
[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
|
||||
[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
|
||||
[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
|
||||
[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
|
||||
[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
|
||||
[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
|
||||
[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
|
||||
[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
|
||||
[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
|
||||
[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
|
||||
[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
|
||||
[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
|
||||
[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
|
||||
[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
|
||||
[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
|
||||
[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
|
||||
[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
|
||||
[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
|
||||
[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
|
||||
[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
|
||||
[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
|
||||
[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
|
||||
[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
|
||||
[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
|
||||
[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
|
||||
[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
|
||||
[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
|
||||
[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
|
||||
[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
|
||||
[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
|
||||
[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
|
||||
[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
|
||||
[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
|
||||
[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
|
||||
[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
|
||||
[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
|
||||
[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
|
||||
[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
|
||||
[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
|
||||
[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
|
||||
[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
|
||||
[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
|
||||
[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
|
||||
[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
|
||||
[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
|
||||
[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
|
||||
[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
|
||||
[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
|
||||
[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
|
||||
[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
|
||||
[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
|
||||
[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
|
||||
[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
|
||||
[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
|
||||
[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
|
||||
[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
|
||||
[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
|
||||
[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
|
||||
[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
|
||||
[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
|
||||
[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
|
||||
[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
|
||||
[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
|
||||
[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
|
||||
[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
|
||||
[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
|
||||
[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
|
||||
[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
|
||||
[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
|
||||
[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
|
||||
[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
|
||||
[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
|
||||
[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
|
||||
[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
|
||||
[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
|
||||
[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
|
||||
[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
|
||||
[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
|
||||
[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
|
||||
[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
|
||||
[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
|
||||
[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
|
||||
[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
|
||||
[CVE-2011-4109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4109
|
||||
[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
|
||||
[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
|
||||
[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
|
||||
[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
|
||||
[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
|
||||
[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
|
||||
[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
|
||||
[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
|
||||
[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
|
||||
[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
|
||||
[CVE-2009-4355]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-4355
|
||||
[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
|
||||
[CVE-2009-3245]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3245
|
||||
[CVE-2009-1386]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1386
|
||||
[CVE-2009-1379]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1379
|
||||
[CVE-2009-1378]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1378
|
||||
[CVE-2009-1377]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1377
|
||||
[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
|
||||
[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
|
||||
[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
|
||||
[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
|
||||
[CVE-2008-1678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1678
|
||||
[CVE-2008-1672]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1672
|
||||
[CVE-2008-0891]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-0891
|
||||
[CVE-2007-5135]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-5135
|
||||
[CVE-2007-4995]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-4995
|
||||
[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
|
||||
[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
|
||||
[CVE-2006-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3738
|
||||
[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
|
||||
[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
|
||||
[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
|
||||
[CVE-2004-0112]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0112
|
||||
[CVE-2004-0079]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0079
|
||||
[CVE-2003-0851]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0851
|
||||
[CVE-2003-0545]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0545
|
||||
[CVE-2003-0544]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0544
|
||||
[CVE-2003-0543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0543
|
||||
[CVE-2003-0078]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0078
|
||||
[CVE-2002-0659]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0659
|
||||
[CVE-2002-0657]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0657
|
||||
[CVE-2002-0656]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0656
|
||||
[CVE-2002-0655]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0655
|
||||
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
|
||||
[CVE-2002-0655]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0655
|
||||
[CVE-2002-0656]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0656
|
||||
[CVE-2002-0657]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0657
|
||||
[CVE-2002-0659]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0659
|
||||
[CVE-2003-0078]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0078
|
||||
[CVE-2003-0543]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0543
|
||||
[CVE-2003-0544]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0544
|
||||
[CVE-2003-0545]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0545
|
||||
[CVE-2003-0851]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0851
|
||||
[CVE-2004-0079]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0079
|
||||
[CVE-2004-0112]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0112
|
||||
[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
|
||||
[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
|
||||
[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
|
||||
[CVE-2006-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3738
|
||||
[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
|
||||
[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
|
||||
[CVE-2007-4995]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-4995
|
||||
[CVE-2007-5135]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-5135
|
||||
[CVE-2008-0891]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-0891
|
||||
[CVE-2008-1672]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1672
|
||||
[CVE-2008-1678]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1678
|
||||
[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
|
||||
[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
|
||||
[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
|
||||
[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
|
||||
[CVE-2009-1377]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1377
|
||||
[CVE-2009-1378]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1378
|
||||
[CVE-2009-1379]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1379
|
||||
[CVE-2009-1386]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1386
|
||||
[CVE-2009-3245]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3245
|
||||
[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
|
||||
[CVE-2009-4355]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-4355
|
||||
[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
|
||||
[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
|
||||
[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
|
||||
[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
|
||||
[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
|
||||
[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
|
||||
[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
|
||||
[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
|
||||
[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
|
||||
[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
|
||||
[CVE-2011-4109]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4109
|
||||
[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
|
||||
[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
|
||||
[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
|
||||
[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
|
||||
[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
|
||||
[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
|
||||
[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
|
||||
[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
|
||||
[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
|
||||
[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
|
||||
[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
|
||||
[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
|
||||
[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
|
||||
[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
|
||||
[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
|
||||
[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
|
||||
[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
|
||||
[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
|
||||
[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
|
||||
[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
|
||||
[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
|
||||
[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
|
||||
[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
|
||||
[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
|
||||
[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
|
||||
[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
|
||||
[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
|
||||
[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
|
||||
[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
|
||||
[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
|
||||
[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
|
||||
[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
|
||||
[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
|
||||
[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
|
||||
[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
|
||||
[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
|
||||
[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
|
||||
[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
|
||||
[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
|
||||
[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
|
||||
[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
|
||||
[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
|
||||
[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
|
||||
[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
|
||||
[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
|
||||
[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
|
||||
[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
|
||||
[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
|
||||
[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
|
||||
[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
|
||||
[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
|
||||
[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
|
||||
[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
|
||||
[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
|
||||
[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
|
||||
[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
|
||||
[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
|
||||
[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
|
||||
[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
|
||||
[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
|
||||
[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
|
||||
[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
|
||||
[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
|
||||
[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
|
||||
[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
|
||||
[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
|
||||
[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
|
||||
[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
|
||||
[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
|
||||
[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
|
||||
[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
|
||||
[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
|
||||
[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
|
||||
[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
|
||||
[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
|
||||
[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
|
||||
[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
|
||||
[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
|
||||
[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
|
||||
[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
|
||||
[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
|
||||
[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
|
||||
[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
|
||||
[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
|
||||
[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
|
||||
[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
|
||||
[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
|
||||
[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
|
||||
[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
|
||||
[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
|
||||
[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
|
||||
[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
|
||||
[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
|
||||
[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
|
||||
[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
|
||||
[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
|
||||
[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
|
||||
[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
|
||||
[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
|
||||
[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
|
||||
[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
|
||||
[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
|
||||
[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
|
||||
[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
|
||||
[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
|
||||
[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
|
||||
[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
|
||||
[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
|
||||
[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
|
||||
[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
|
||||
[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
|
||||
[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
|
||||
[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
|
||||
[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
|
||||
[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
|
||||
[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
|
||||
[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
|
||||
[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
|
||||
[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
|
||||
[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
|
||||
[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
|
||||
[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
|
||||
[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
|
||||
[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
|
||||
[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
|
||||
[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
|
||||
[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
|
||||
[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
|
||||
[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
|
||||
[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
|
||||
[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
|
||||
[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
|
||||
[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
|
||||
[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
|
||||
[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
|
||||
[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
|
||||
[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
|
||||
[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
|
||||
[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
|
||||
[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
|
||||
[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
|
||||
[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
|
||||
[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
|
||||
[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
|
||||
[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
|
||||
[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
|
||||
[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
|
||||
[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
|
||||
[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
|
||||
[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
|
||||
[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575
|
||||
[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
|
||||
[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
|
||||
[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
|
||||
[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
|
||||
[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
|
||||
[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
|
||||
[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
|
||||
[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
|
||||
[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
|
||||
[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
|
||||
[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
|
||||
[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
|
||||
[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
|
||||
[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
|
||||
[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
|
||||
[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
|
||||
[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
|
||||
[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
|
||||
[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
|
||||
[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
|
||||
[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
|
||||
[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
|
||||
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
|
||||
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
|
||||
|
||||
@@ -27,6 +27,18 @@ communication before submitting many pull requests. In addition,
|
||||
contributors should personally evaluate potential patches generated by
|
||||
automated tools.
|
||||
|
||||
Provide a clear description of the issue or feature being addressed,
|
||||
including any relevant implementation details and, for performance
|
||||
improvements, benchmark results.
|
||||
|
||||
Pull requests and commits should be self-contained, enabling readers to
|
||||
understand what changed and why without needing to reference related
|
||||
issues or having prior knowledge. Commit messages should include all
|
||||
relevant details to help future contributors follow the git history,
|
||||
with clear explanations of what is changing and why. Long descriptions
|
||||
are encouraged if they aid understanding. Commit message titles (their
|
||||
first line) should be kept to 50-70 characters if possible.
|
||||
|
||||
To make it easier to review and accept your pull request, please follow these
|
||||
guidelines:
|
||||
|
||||
|
||||
@@ -5,7 +5,8 @@
|
||||
my $vc_win64a_info = {};
|
||||
sub vc_win64a_info {
|
||||
unless (%$vc_win64a_info) {
|
||||
if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
|
||||
# Minimum NASM version is 2.09 otherwise SHA3 might be miscompiled
|
||||
if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+)\.([0-9]+)/ && ($1 > 2 || ($1 == 2 && $2 >= 9))) {
|
||||
$vc_win64a_info = { AS => "nasm",
|
||||
ASFLAGS => "-g",
|
||||
asflags => "-Ox -f win64 -DNEAR",
|
||||
|
||||
@@ -72,6 +72,7 @@ OPTIONS={- $config{options} -}
|
||||
CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
|
||||
SRCDIR={- $config{sourcedir} -}
|
||||
BLDDIR={- $config{builddir} -}
|
||||
RESULT_D=$(BLDDIR)/test-runs
|
||||
FIPSKEY={- $config{FIPSKEY} -}
|
||||
|
||||
VERSION={- "$config{full_version}" -}
|
||||
@@ -642,7 +643,7 @@ clean: libclean ## Clean the workspace, keep the configuration
|
||||
-find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \;
|
||||
$(RM) core
|
||||
$(RM) tags TAGS doc-nits md-nits
|
||||
$(RM) -r test/test-runs
|
||||
$(RM) -r $(RESULT_D)
|
||||
$(RM) providers/fips*.new
|
||||
-find . -type l \! -name '.*' -exec $(RM) {} \;
|
||||
|
||||
|
||||
@@ -38,6 +38,7 @@
|
||||
PLATFORM={- $config{target} -}
|
||||
SRCDIR={- $config{sourcedir} -}
|
||||
BLDDIR={- $config{builddir} -}
|
||||
RESULT_D=$(BLDDIR)\test-runs
|
||||
FIPSKEY={- $config{FIPSKEY} -}
|
||||
|
||||
VERSION={- "$config{full_version}" -}
|
||||
@@ -222,7 +223,7 @@ OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
|
||||
LIBDIR={- our $libdir = $config{libdir} || "lib";
|
||||
file_name_is_absolute($libdir) ? "" : $libdir -}
|
||||
MODULESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath catpath);
|
||||
our $modulesprefix = catdir($prefix,$libdir);
|
||||
our $modulesprefix = file_name_is_absolute($libdir) ? $libdir : catdir($prefix,$libdir);
|
||||
our ($modulesprefix_dev, $modulesprefix_dir,
|
||||
$modulesprefix_file) =
|
||||
splitpath($modulesprefix, 1);
|
||||
@@ -484,7 +485,7 @@ clean: libclean
|
||||
-del /Q /S /F engines\*.lib engines\*.exp
|
||||
-del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp
|
||||
-del /Q /S /F test\*.exp
|
||||
-rd /Q /S test\test-runs
|
||||
-@if exist "$(RESULT_D)" rd /Q /S "$(RESULT_D)"
|
||||
|
||||
distclean: clean
|
||||
-del /Q /F include\openssl\configuration.h
|
||||
|
||||
@@ -23,6 +23,36 @@ OpenSSL Releases
|
||||
OpenSSL 3.5
|
||||
-----------
|
||||
|
||||
### Major changes between OpenSSL 3.5.5 and OpenSSL 3.5.6 [7 Apr 2026]
|
||||
|
||||
OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this
|
||||
release is Medium.
|
||||
|
||||
This release incorporates the following bug fixes and mitigations:
|
||||
|
||||
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
|
||||
([CVE-2026-31790])
|
||||
|
||||
* Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
|
||||
is used in the server-side configuration of the key-agreement group list.
|
||||
([CVE-2026-2673])
|
||||
|
||||
* Fixed potential use-after-free in DANE client code.
|
||||
([CVE-2026-28387])
|
||||
|
||||
* Fixed NULL pointer dereference when processing a delta CRL.
|
||||
([CVE-2026-28388])
|
||||
|
||||
* Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
|
||||
([CVE-2026-28389])
|
||||
|
||||
* Fixed possible NULL dereference when processing CMS
|
||||
KeyTransportRecipientInfo.
|
||||
([CVE-2026-28390])
|
||||
|
||||
* Fixed heap buffer overflow in hexadecimal conversion.
|
||||
([CVE-2026-31789])
|
||||
|
||||
### Major changes between OpenSSL 3.5.4 and OpenSSL 3.5.5 [27 Jan 2026]
|
||||
|
||||
OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this
|
||||
@@ -758,7 +788,7 @@ OpenSSL 1.1.1
|
||||
|
||||
### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
|
||||
|
||||
* Fixed an overflow bug in the x64_64 Montgomery squaring procedure
|
||||
* Fixed an overflow bug in the x86_64 Montgomery squaring procedure
|
||||
used in exponentiation with 512-bit moduli ([CVE-2019-1551])
|
||||
|
||||
### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
|
||||
@@ -1988,201 +2018,208 @@ OpenSSL 0.9.x
|
||||
* Support for various new platforms
|
||||
|
||||
<!-- Links -->
|
||||
[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
|
||||
[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
|
||||
[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
|
||||
[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
|
||||
[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
|
||||
[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
|
||||
[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
|
||||
[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199
|
||||
[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469
|
||||
[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468
|
||||
[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
|
||||
[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187
|
||||
[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
|
||||
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
|
||||
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
|
||||
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
|
||||
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
|
||||
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
|
||||
[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
|
||||
[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
|
||||
[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
|
||||
[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
|
||||
[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
|
||||
[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
|
||||
[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
|
||||
[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
|
||||
[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
|
||||
[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
|
||||
[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
|
||||
[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
|
||||
[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
|
||||
[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
|
||||
[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
|
||||
[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
|
||||
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
|
||||
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
|
||||
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
|
||||
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
|
||||
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
|
||||
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
|
||||
[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
|
||||
[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
|
||||
[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
|
||||
[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
|
||||
[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
|
||||
[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
|
||||
[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
|
||||
[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
|
||||
[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
|
||||
[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
|
||||
[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
|
||||
[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
|
||||
[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
|
||||
[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
|
||||
[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
|
||||
[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
|
||||
[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
|
||||
[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
|
||||
[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
|
||||
[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
|
||||
[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
|
||||
[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
|
||||
[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
|
||||
[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
|
||||
[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
|
||||
[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
|
||||
[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
|
||||
[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
|
||||
[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
|
||||
[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
|
||||
[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
|
||||
[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
|
||||
[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
|
||||
[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
|
||||
[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
|
||||
[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
|
||||
[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
|
||||
[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
|
||||
[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
|
||||
[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
|
||||
[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
|
||||
[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
|
||||
[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
|
||||
[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
|
||||
[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
|
||||
[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
|
||||
[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
|
||||
[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
|
||||
[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
|
||||
[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
|
||||
[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
|
||||
[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
|
||||
[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
|
||||
[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
|
||||
[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
|
||||
[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
|
||||
[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
|
||||
[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
|
||||
[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
|
||||
[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
|
||||
[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
|
||||
[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
|
||||
[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
|
||||
[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
|
||||
[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
|
||||
[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
|
||||
[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
|
||||
[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
|
||||
[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
|
||||
[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
|
||||
[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
|
||||
[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
|
||||
[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
|
||||
[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
|
||||
[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
|
||||
[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
|
||||
[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
|
||||
[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
|
||||
[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
|
||||
[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
|
||||
[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
|
||||
[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
|
||||
[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
|
||||
[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
|
||||
[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
|
||||
[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
|
||||
[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
|
||||
[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
|
||||
[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
|
||||
[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
|
||||
[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
|
||||
[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
|
||||
[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
|
||||
[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
|
||||
[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
|
||||
[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
|
||||
[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
|
||||
[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
|
||||
[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
|
||||
[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
|
||||
[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
|
||||
[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
|
||||
[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
|
||||
[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
|
||||
[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
|
||||
[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
|
||||
[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
|
||||
[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
|
||||
[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
|
||||
[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
|
||||
[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198
|
||||
[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
|
||||
[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
|
||||
[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
|
||||
[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
|
||||
[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449
|
||||
[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
|
||||
[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
|
||||
[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
|
||||
[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
|
||||
[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
|
||||
[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
|
||||
[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
|
||||
[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
|
||||
[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
|
||||
[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
|
||||
[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
|
||||
[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
|
||||
[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
|
||||
[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
|
||||
[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
|
||||
[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
|
||||
[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298
|
||||
[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
|
||||
[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
|
||||
[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
|
||||
[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939
|
||||
[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
|
||||
[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
|
||||
[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
|
||||
[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
|
||||
[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
|
||||
[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
|
||||
[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
|
||||
[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
|
||||
[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
|
||||
[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
|
||||
[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737
|
||||
[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
|
||||
[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
|
||||
[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
|
||||
[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
|
||||
[CHANGES.md]: ./CHANGES.md
|
||||
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
|
||||
[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
|
||||
[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
|
||||
[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
|
||||
[CVE-2006-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3737
|
||||
[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
|
||||
[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
|
||||
[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
|
||||
[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
|
||||
[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
|
||||
[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
|
||||
[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
|
||||
[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
|
||||
[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
|
||||
[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
|
||||
[CVE-2010-2939]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-2939
|
||||
[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
|
||||
[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
|
||||
[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
|
||||
[CVE-2010-5298]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-5298
|
||||
[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
|
||||
[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
|
||||
[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
|
||||
[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
|
||||
[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
|
||||
[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
|
||||
[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
|
||||
[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
|
||||
[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
|
||||
[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
|
||||
[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
|
||||
[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
|
||||
[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
|
||||
[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
|
||||
[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
|
||||
[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
|
||||
[CVE-2013-6449]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6449
|
||||
[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
|
||||
[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
|
||||
[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
|
||||
[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
|
||||
[CVE-2014-0198]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0198
|
||||
[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
|
||||
[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
|
||||
[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
|
||||
[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
|
||||
[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
|
||||
[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
|
||||
[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
|
||||
[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
|
||||
[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
|
||||
[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
|
||||
[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
|
||||
[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
|
||||
[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
|
||||
[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
|
||||
[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
|
||||
[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
|
||||
[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
|
||||
[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
|
||||
[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
|
||||
[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
|
||||
[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
|
||||
[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
|
||||
[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
|
||||
[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
|
||||
[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
|
||||
[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
|
||||
[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
|
||||
[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
|
||||
[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
|
||||
[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
|
||||
[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
|
||||
[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
|
||||
[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
|
||||
[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
|
||||
[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
|
||||
[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
|
||||
[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
|
||||
[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
|
||||
[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
|
||||
[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
|
||||
[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
|
||||
[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
|
||||
[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
|
||||
[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
|
||||
[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
|
||||
[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
|
||||
[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
|
||||
[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
|
||||
[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
|
||||
[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
|
||||
[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
|
||||
[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
|
||||
[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
|
||||
[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
|
||||
[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
|
||||
[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
|
||||
[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
|
||||
[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
|
||||
[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
|
||||
[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
|
||||
[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
|
||||
[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
|
||||
[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
|
||||
[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
|
||||
[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
|
||||
[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
|
||||
[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
|
||||
[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
|
||||
[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
|
||||
[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
|
||||
[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
|
||||
[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
|
||||
[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
|
||||
[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
|
||||
[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
|
||||
[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
|
||||
[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
|
||||
[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
|
||||
[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
|
||||
[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
|
||||
[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
|
||||
[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
|
||||
[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
|
||||
[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
|
||||
[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
|
||||
[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
|
||||
[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
|
||||
[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
|
||||
[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
|
||||
[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
|
||||
[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
|
||||
[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
|
||||
[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
|
||||
[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
|
||||
[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
|
||||
[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
|
||||
[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
|
||||
[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
|
||||
[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
|
||||
[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
|
||||
[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
|
||||
[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
|
||||
[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
|
||||
[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
|
||||
[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
|
||||
[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
|
||||
[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
|
||||
[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
|
||||
[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
|
||||
[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
|
||||
[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
|
||||
[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
|
||||
[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
|
||||
[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
|
||||
[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
|
||||
[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
|
||||
[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
|
||||
[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
|
||||
[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
|
||||
[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
|
||||
[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
|
||||
[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
|
||||
[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
|
||||
[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
|
||||
[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
|
||||
[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
|
||||
[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
|
||||
[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
|
||||
[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
|
||||
[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
|
||||
[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
|
||||
[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
|
||||
[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
|
||||
[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
|
||||
[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575
|
||||
[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
|
||||
[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
|
||||
[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
|
||||
[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
|
||||
[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
|
||||
[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
|
||||
[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
|
||||
[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
|
||||
[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
|
||||
[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
|
||||
[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
|
||||
[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
|
||||
[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
|
||||
[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
|
||||
[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
|
||||
[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
|
||||
[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
|
||||
[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
|
||||
[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
|
||||
[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
|
||||
[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
|
||||
[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
|
||||
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
|
||||
[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
|
||||
[README-QUIC.md]: ./README-QUIC.md
|
||||
[issue tracker]: https://github.com/openssl/openssl/issues
|
||||
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
|
||||
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
|
||||
[jitterentropy-library]: https://github.com/smuellerDD/jitterentropy-library
|
||||
|
||||
+2
-2
@@ -1,7 +1,7 @@
|
||||
MAJOR=3
|
||||
MINOR=5
|
||||
PATCH=5
|
||||
PATCH=6
|
||||
PRE_RELEASE_TAG=
|
||||
BUILD_METADATA=
|
||||
RELEASE_DATE="27 Jan 2026"
|
||||
RELEASE_DATE="7 Apr 2026"
|
||||
SHLIB_VERSION=3
|
||||
|
||||
+13
-5
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
@@ -1421,7 +1421,10 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
|
||||
out_vpm = X509_STORE_get0_param(out_trusted);
|
||||
X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME);
|
||||
|
||||
(void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted);
|
||||
if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) {
|
||||
X509_STORE_free(out_trusted);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (opt_disable_confirm)
|
||||
@@ -3390,6 +3393,12 @@ static void print_keyspec(OSSL_CMP_ATAVS *keySpec)
|
||||
int paramtype;
|
||||
const void *param;
|
||||
|
||||
/* NULL check to prevent dereferencing a NULL pointer when print_keyspec is called */
|
||||
if (alg == NULL) {
|
||||
BIO_puts(mem, "Key algorithm: <absent>\n");
|
||||
break;
|
||||
}
|
||||
|
||||
X509_ALGOR_get0(&oid, ¶mtype, ¶m, alg);
|
||||
BIO_printf(mem, "Key algorithm: ");
|
||||
i2a_ASN1_OBJECT(mem, oid);
|
||||
@@ -3789,8 +3798,7 @@ int cmp_main(int argc, char **argv)
|
||||
if (opt_ignore_keyusage)
|
||||
(void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1);
|
||||
if (opt_no_cache_extracerts)
|
||||
(void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS,
|
||||
1);
|
||||
(void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS, 1);
|
||||
|
||||
if (opt_reqout_only == NULL && (opt_use_mock_srv
|
||||
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
||||
@@ -3806,7 +3814,7 @@ int cmp_main(int argc, char **argv)
|
||||
|
||||
srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx);
|
||||
if (!OSSL_CMP_CTX_set_log_cb(srv_cmp_ctx, print_to_bio_err)) {
|
||||
CMP_err1("cannot set up error reporting and logging for %s", prog);
|
||||
CMP_err1("cannot set up server-side error reporting and logging for %s", prog);
|
||||
goto err;
|
||||
}
|
||||
OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Siemens AG 2018-2020
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -19,6 +19,8 @@
|
||||
OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx,
|
||||
const char *propq);
|
||||
void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx);
|
||||
OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx,
|
||||
const OSSL_CMP_MSG *req);
|
||||
|
||||
int ossl_cmp_mock_srv_set1_refCert(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
|
||||
int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
|
||||
@@ -34,6 +36,7 @@ int ossl_cmp_mock_srv_set1_oldWithNew(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
|
||||
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
|
||||
int fail_info, const char *text);
|
||||
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
|
||||
int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
|
||||
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
|
||||
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -47,6 +47,7 @@ int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name)
|
||||
app_providers = sk_OSSL_PROVIDER_new_null();
|
||||
if (app_providers == NULL
|
||||
|| !sk_OSSL_PROVIDER_push(app_providers, prov)) {
|
||||
OSSL_PROVIDER_unload(prov);
|
||||
app_providers_cleanup();
|
||||
return 0;
|
||||
}
|
||||
|
||||
+10
-5
@@ -191,8 +191,13 @@ int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
|
||||
}
|
||||
if (arg2 != NULL) {
|
||||
*pass2 = app_get_pass(arg2, same ? 2 : 0);
|
||||
if (*pass2 == NULL)
|
||||
if (*pass2 == NULL) {
|
||||
if (pass1 != NULL) {
|
||||
clear_free(*pass1);
|
||||
*pass1 = NULL;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
} else if (pass2 != NULL) {
|
||||
*pass2 = NULL;
|
||||
}
|
||||
@@ -263,15 +268,15 @@ static char *app_get_pass(const char *arg, int keepbio)
|
||||
}
|
||||
} else {
|
||||
/* argument syntax error; do not reveal too much about arg */
|
||||
tmp = strchr(arg, ':');
|
||||
if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
|
||||
const char *arg_ptr = strchr(arg, ':');
|
||||
if (arg_ptr == NULL || arg_ptr - arg > PASS_SOURCE_SIZE_MAX)
|
||||
BIO_printf(bio_err,
|
||||
"Invalid password argument, missing ':' within the first %d chars\n",
|
||||
PASS_SOURCE_SIZE_MAX + 1);
|
||||
else
|
||||
BIO_printf(bio_err,
|
||||
"Invalid password argument, starting with \"%.*s\"\n",
|
||||
(int)(tmp - arg + 1), arg);
|
||||
(int)(arg_ptr - arg + 1), arg);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
@@ -2494,7 +2499,7 @@ static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx,
|
||||
|
||||
error:
|
||||
X509_CRL_free(crl);
|
||||
sk_X509_CRL_free(crls);
|
||||
sk_X509_CRL_pop_free(crls, X509_CRL_free);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
+37
-1
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Siemens AG 2018-2020
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -10,6 +10,7 @@
|
||||
|
||||
#include "apps.h"
|
||||
#include "cmp_mock_srv.h"
|
||||
#include "../../crypto/cmp/cmp_local.h" /* for access to msg->protection */
|
||||
|
||||
#include <openssl/cmp.h>
|
||||
#include <openssl/err.h>
|
||||
@@ -28,6 +29,7 @@ typedef struct {
|
||||
X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */
|
||||
OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
|
||||
int sendError; /* send error response on given request type */
|
||||
int useBadProtection; /* use bad protection on given response type */
|
||||
OSSL_CMP_MSG *req; /* original request message during polling */
|
||||
int pollCount; /* number of polls before actual cert response */
|
||||
int curr_pollCount; /* number of polls so far for current request */
|
||||
@@ -59,6 +61,7 @@ static mock_srv_ctx *mock_srv_ctx_new(void)
|
||||
goto err;
|
||||
|
||||
ctx->sendError = -1;
|
||||
ctx->useBadProtection = -1;
|
||||
|
||||
/* all other elements are initialized to 0 or NULL, respectively */
|
||||
return ctx;
|
||||
@@ -187,6 +190,19 @@ int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
|
||||
{
|
||||
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
|
||||
|
||||
if (ctx == NULL) {
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
|
||||
return 0;
|
||||
}
|
||||
/* might check bodytype, but this would require exporting all body types */
|
||||
ctx->useBadProtection = bodytype;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count)
|
||||
{
|
||||
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
|
||||
@@ -591,6 +607,7 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||
if (rsp != NULL && sk_OSSL_CMP_ITAV_push(*out, rsp))
|
||||
return 1;
|
||||
sk_OSSL_CMP_ITAV_free(*out);
|
||||
OSSL_CMP_ITAV_free(rsp);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -712,6 +729,25 @@ static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
|
||||
return 1;
|
||||
}
|
||||
|
||||
OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx,
|
||||
const OSSL_CMP_MSG *req)
|
||||
{
|
||||
OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_CTX_get_transfer_cb_arg(ctx);
|
||||
OSSL_CMP_MSG *rsp = OSSL_CMP_CTX_server_perform(ctx, req);
|
||||
|
||||
if (srv_ctx != NULL && rsp != NULL) {
|
||||
mock_srv_ctx *mock_ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
|
||||
|
||||
if (mock_ctx != NULL && OSSL_CMP_MSG_get_bodytype(rsp) == mock_ctx->useBadProtection) {
|
||||
ASN1_BIT_STRING *prot = rsp->protection;
|
||||
|
||||
if (prot != NULL && prot->length != 0 && prot->data != NULL)
|
||||
prot->data[0] ^= 0x80; /* flip most significant bit of the first byte */
|
||||
}
|
||||
}
|
||||
return rsp;
|
||||
}
|
||||
|
||||
OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq)
|
||||
{
|
||||
OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -10,7 +10,6 @@
|
||||
#include <windows.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <malloc.h>
|
||||
|
||||
#if defined(CP_UTF8)
|
||||
|
||||
|
||||
+1
-1
@@ -876,7 +876,7 @@ int ocsp_main(int argc, char **argv)
|
||||
|
||||
i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
|
||||
if (i <= 0 && issuers) {
|
||||
i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER);
|
||||
i = OCSP_basic_verify(bs, issuers, store, verify_flags);
|
||||
if (i > 0)
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
||||
+5
-1
@@ -3892,7 +3892,11 @@ static void user_data_init(struct user_data_st *user_data, SSL *con, char *buf,
|
||||
|
||||
static int user_data_add(struct user_data_st *user_data, size_t i)
|
||||
{
|
||||
if (user_data->buflen != 0 || i > user_data->bufmax)
|
||||
/*
|
||||
* We must allow one byte for a NUL terminator so i must be less than
|
||||
* bufmax
|
||||
*/
|
||||
if (user_data->buflen != 0 || i >= user_data->bufmax)
|
||||
return 0;
|
||||
|
||||
user_data->buflen = i;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -348,7 +348,7 @@ int ts_main(int argc, char **argv)
|
||||
if ((in != NULL) && (queryfile != NULL))
|
||||
goto opthelp;
|
||||
if (in == NULL) {
|
||||
if ((conf == NULL) || (token_in != 0))
|
||||
if (conf == NULL || token_in != 0 || queryfile == NULL)
|
||||
goto opthelp;
|
||||
}
|
||||
ret = !reply_command(conf, section, engine, queryfile,
|
||||
|
||||
+9
-7
@@ -108,12 +108,10 @@ IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}]
|
||||
SHARED_SOURCE[libssl]=libssl.rc
|
||||
ENDIF
|
||||
|
||||
# This file sets the build directory up for CMake inclusion
|
||||
# Note: This generation of OpenSSLConfig[Version].cmake is used
|
||||
# for building openssl locally, and so the build variables are
|
||||
# taken from builddata.pm rather than installdata.pm. For exportable
|
||||
# versions of these generated files, you'll find them in the exporters
|
||||
# directory
|
||||
# These files set the build directory up for CMake inclusion.
|
||||
# To achieve this, their variables are taken from builddata.pm.
|
||||
# These files are not installed; you will find the installable
|
||||
# versions in the 'exporters' directory.
|
||||
GENERATE[OpenSSLConfig.cmake]=exporters/cmake/OpenSSLConfig.cmake.in
|
||||
DEPEND[OpenSSLConfig.cmake]=builddata.pm
|
||||
GENERATE[OpenSSLConfigVersion.cmake]=exporters/cmake/OpenSSLConfigVersion.cmake.in
|
||||
@@ -121,7 +119,10 @@ DEPEND[OpenSSLConfigVersion.cmake]=builddata.pm
|
||||
DEPEND[OpenSSLConfigVersion.cmake]=OpenSSLConfig.cmake
|
||||
DEPEND[""]=OpenSSLConfigVersion.cmake
|
||||
|
||||
# This file sets the build directory up for pkg-config
|
||||
# These files set the build directory up for pkg-config use.
|
||||
# To achieve this, their variables are taken from builddata.pm.
|
||||
# These files are not installed; you will find the installable
|
||||
# versions in the 'exporters' directory.
|
||||
GENERATE[libcrypto.pc]=exporters/pkg-config/libcrypto.pc.in
|
||||
DEPEND[libcrypto.pc]=builddata.pm
|
||||
GENERATE[libssl.pc]=exporters/pkg-config/libssl.pc.in
|
||||
@@ -131,6 +132,7 @@ DEPEND[openssl.pc]=builddata.pm
|
||||
DEPEND[openssl.pc]=libcrypto.pc libssl.pc
|
||||
|
||||
GENERATE[builddata.pm]=util/mkinstallvars.pl \
|
||||
COMMENT="This file should be used when building against this OpenSSL build, and should never be installed" \
|
||||
PREFIX=. BINDIR=apps APPLINKDIR=ms \
|
||||
LIBDIR= INCLUDEDIR=include "INCLUDEDIR=$(SRCDIR)/include" \
|
||||
ENGINESDIR=engines MODULESDIR=providers \
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
# This file is dual-licensed, meaning that you can use it under your
|
||||
# choice of either of the following two licenses:
|
||||
#
|
||||
# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You can obtain
|
||||
# a copy in the file LICENSE in the source distribution or at
|
||||
@@ -704,11 +704,6 @@ sub AES_set_common {
|
||||
my ($ke128, $ke192, $ke256) = @_;
|
||||
my $ret = '';
|
||||
$ret .= <<___;
|
||||
bnez $UKEY,1f # if (!userKey || !key) return -1;
|
||||
bnez $KEYP,1f
|
||||
li a0,-1
|
||||
ret
|
||||
1:
|
||||
# Determine number of rounds from key size in bits
|
||||
li $T0,128
|
||||
bne $BITS,$T0,1f
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
# This file is dual-licensed, meaning that you can use it under your
|
||||
# choice of either of the following two licenses:
|
||||
#
|
||||
# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You can obtain
|
||||
# a copy in the file LICENSE in the source distribution or at
|
||||
@@ -392,11 +392,6 @@ sub AES_set_common {
|
||||
my ($ke128, $ke192, $ke256) = @_;
|
||||
my $ret = '';
|
||||
$ret .= <<___;
|
||||
bnez $UKEY,1f # if (!userKey || !key) return -1;
|
||||
bnez $KEYP,1f
|
||||
li a0,-1
|
||||
ret
|
||||
1:
|
||||
# Determine number of rounds from key size in bits
|
||||
li $T0,128
|
||||
bne $BITS,$T0,1f
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
# This file is dual-licensed, meaning that you can use it under your
|
||||
# choice of either of the following two licenses:
|
||||
#
|
||||
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You can obtain
|
||||
# a copy in the file LICENSE in the source distribution or at
|
||||
@@ -828,9 +828,6 @@ $code .= <<___;
|
||||
.globl rv64i_zvkned_set_encrypt_key
|
||||
.type rv64i_zvkned_set_encrypt_key,\@function
|
||||
rv64i_zvkned_set_encrypt_key:
|
||||
beqz $UKEY, L_fail_m1
|
||||
beqz $KEYP, L_fail_m1
|
||||
|
||||
# Get proper routine for key size
|
||||
li $T0, 256
|
||||
beq $BITS, $T0, L_set_key_256
|
||||
@@ -847,9 +844,6 @@ $code .= <<___;
|
||||
.globl rv64i_zvkned_set_decrypt_key
|
||||
.type rv64i_zvkned_set_decrypt_key,\@function
|
||||
rv64i_zvkned_set_decrypt_key:
|
||||
beqz $UKEY, L_fail_m1
|
||||
beqz $KEYP, L_fail_m1
|
||||
|
||||
# Get proper routine for key size
|
||||
li $T0, 256
|
||||
beq $BITS, $T0, L_set_key_256
|
||||
@@ -1356,11 +1350,6 @@ ___
|
||||
}
|
||||
|
||||
$code .= <<___;
|
||||
L_fail_m1:
|
||||
li a0, -1
|
||||
ret
|
||||
.size L_fail_m1,.-L_fail_m1
|
||||
|
||||
L_fail_m2:
|
||||
li a0, -2
|
||||
ret
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -773,11 +773,13 @@ AES_set_encrypt_key:
|
||||
___
|
||||
$code .= save_regs();
|
||||
$code .= <<___;
|
||||
bnez $UKEY,1f # if (!userKey || !key) return -1;
|
||||
bnez $KEYP,1f
|
||||
beqz $UKEY,1f # if (!userKey || !key) return -1;
|
||||
beqz $KEYP,1f
|
||||
j 2f
|
||||
1:
|
||||
li a0,-1
|
||||
ret
|
||||
1:
|
||||
2:
|
||||
la $RCON,AES_rcon
|
||||
la $TBL,AES_Te0
|
||||
li $T8,128
|
||||
|
||||
@@ -95,7 +95,7 @@ ASN1_SEQUENCE(asn1_int_oct) = {
|
||||
ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
|
||||
} static_ASN1_SEQUENCE_END(asn1_int_oct)
|
||||
|
||||
DECLARE_ASN1_ITEM(asn1_int_oct)
|
||||
DECLARE_ASN1_ITEM(asn1_int_oct)
|
||||
|
||||
int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
|
||||
int len)
|
||||
@@ -158,7 +158,7 @@ ASN1_SEQUENCE(asn1_oct_int) = {
|
||||
ASN1_EMBED(asn1_oct_int, num, INT32)
|
||||
} static_ASN1_SEQUENCE_END(asn1_oct_int)
|
||||
|
||||
DECLARE_ASN1_ITEM(asn1_oct_int)
|
||||
DECLARE_ASN1_ITEM(asn1_oct_int)
|
||||
|
||||
int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
|
||||
unsigned char *data, int len)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -52,6 +52,6 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
|
||||
ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
|
||||
} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
|
||||
DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
|
||||
DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_PKEY, NETSCAPE_PKEY)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -44,7 +44,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
|
||||
uint64_t p)
|
||||
{
|
||||
X509_ALGOR *scheme = NULL, *ret = NULL;
|
||||
int alg_nid;
|
||||
int alg_nid, ivlen;
|
||||
size_t keylen = 0;
|
||||
EVP_CIPHER_CTX *ctx = NULL;
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
@@ -83,10 +83,11 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
|
||||
}
|
||||
|
||||
/* Create random IV */
|
||||
if (EVP_CIPHER_get_iv_length(cipher)) {
|
||||
ivlen = EVP_CIPHER_get_iv_length(cipher);
|
||||
if (ivlen > 0) {
|
||||
if (aiv)
|
||||
memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher));
|
||||
else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0)
|
||||
memcpy(iv, aiv, ivlen);
|
||||
else if (RAND_bytes(iv, ivlen) <= 0)
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -27,7 +27,7 @@ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char *ivec, int *num, int encrypt)
|
||||
{
|
||||
register BF_LONG v0, v1, t;
|
||||
register int n = *num;
|
||||
register int n = *num & 0x07;
|
||||
register long l = length;
|
||||
BF_LONG ti[2];
|
||||
unsigned char *iv, c, cc;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -26,7 +26,7 @@ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char *ivec, int *num)
|
||||
{
|
||||
register BF_LONG v0, v1, t;
|
||||
register int n = *num;
|
||||
register int n = *num & 0x07;
|
||||
register long l = length;
|
||||
unsigned char d[8];
|
||||
register char *dp;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -961,7 +961,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
|
||||
"calling setsockopt()");
|
||||
|
||||
#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER)
|
||||
#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_PROBE)
|
||||
sockopt_val = num ? IPV6_PMTUDISC_PROBE : IPV6_PMTUDISC_DONT;
|
||||
if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
|
||||
&sockopt_val, sizeof(sockopt_val)))
|
||||
|
||||
+13
-2
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -202,8 +202,19 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
|
||||
case BIO_CTRL_INFO:
|
||||
if (b->flags & BIO_FLAGS_UPLINK_INTERNAL)
|
||||
ret = UP_ftell(b->ptr);
|
||||
else
|
||||
else {
|
||||
#if defined(OPENSSL_SYS_WINDOWS)
|
||||
/*
|
||||
* On Windows, for non-seekable files (stdin), ftell() is undefined.
|
||||
*/
|
||||
if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK)
|
||||
ret = -1;
|
||||
else
|
||||
ret = ftell(fp);
|
||||
#else
|
||||
ret = ftell(fp);
|
||||
#endif
|
||||
}
|
||||
break;
|
||||
case BIO_C_SET_FILE_PTR:
|
||||
file_free(b);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -37,7 +37,7 @@
|
||||
# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
|
||||
# Polynomial Multiplication on ARM Processors using the NEON Engine.
|
||||
#
|
||||
# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
|
||||
# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
|
||||
|
||||
# $output is the last argument if it looks like a file (it has an extension)
|
||||
# $flavour is the first argument if it doesn't look like a file
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright (c) 2024, Intel Corporation. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -362,6 +362,23 @@ ossl_rsaz_amm52x20_x1_avxifma256:
|
||||
.cfi_push %r14
|
||||
push %r15
|
||||
.cfi_push %r15
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
push %rsi # save non-volatile registers
|
||||
push %rdi
|
||||
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
|
||||
vmovapd %xmm6, `16*0`(%rsp)
|
||||
vmovapd %xmm7, `16*1`(%rsp)
|
||||
vmovapd %xmm8, `16*2`(%rsp)
|
||||
vmovapd %xmm9, `16*3`(%rsp)
|
||||
vmovapd %xmm10, `16*4`(%rsp)
|
||||
vmovapd %xmm11, `16*5`(%rsp)
|
||||
vmovapd %xmm12, `16*6`(%rsp)
|
||||
vmovapd %xmm13, `16*7`(%rsp)
|
||||
vmovapd %xmm14, `16*8`(%rsp)
|
||||
vmovapd %xmm15, `16*9`(%rsp)
|
||||
___
|
||||
$code.=<<___;
|
||||
.Lossl_rsaz_amm52x20_x1_avxifma256_body:
|
||||
|
||||
# Zeroing accumulators
|
||||
@@ -401,6 +418,23 @@ $code.=<<___;
|
||||
vmovdqu $R2_0, `4*32`($res)
|
||||
|
||||
vzeroupper
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
vmovapd `16*0`(%rsp), %xmm6
|
||||
vmovapd `16*1`(%rsp), %xmm7
|
||||
vmovapd `16*2`(%rsp), %xmm8
|
||||
vmovapd `16*3`(%rsp), %xmm9
|
||||
vmovapd `16*4`(%rsp), %xmm10
|
||||
vmovapd `16*5`(%rsp), %xmm11
|
||||
vmovapd `16*6`(%rsp), %xmm12
|
||||
vmovapd `16*7`(%rsp), %xmm13
|
||||
vmovapd `16*8`(%rsp), %xmm14
|
||||
vmovapd `16*9`(%rsp), %xmm15
|
||||
lea 168(%rsp), %rsp
|
||||
pop %rdi
|
||||
pop %rsi
|
||||
___
|
||||
$code.=<<___;
|
||||
mov 0(%rsp),%r15
|
||||
.cfi_restore %r15
|
||||
mov 8(%rsp),%r14
|
||||
@@ -553,6 +587,23 @@ ossl_rsaz_amm52x20_x2_avxifma256:
|
||||
.cfi_push %r14
|
||||
push %r15
|
||||
.cfi_push %r15
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
push %rsi # save non-volatile registers
|
||||
push %rdi
|
||||
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
|
||||
vmovapd %xmm6, `16*0`(%rsp)
|
||||
vmovapd %xmm7, `16*1`(%rsp)
|
||||
vmovapd %xmm8, `16*2`(%rsp)
|
||||
vmovapd %xmm9, `16*3`(%rsp)
|
||||
vmovapd %xmm10, `16*4`(%rsp)
|
||||
vmovapd %xmm11, `16*5`(%rsp)
|
||||
vmovapd %xmm12, `16*6`(%rsp)
|
||||
vmovapd %xmm13, `16*7`(%rsp)
|
||||
vmovapd %xmm14, `16*8`(%rsp)
|
||||
vmovapd %xmm15, `16*9`(%rsp)
|
||||
___
|
||||
$code.=<<___;
|
||||
.Lossl_rsaz_amm52x20_x2_avxifma256_body:
|
||||
|
||||
# Zeroing accumulators
|
||||
@@ -604,6 +655,23 @@ $code.=<<___;
|
||||
vmovdqu $R2_1, `9*32`($res)
|
||||
|
||||
vzeroupper
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
vmovapd `16*0`(%rsp), %xmm6
|
||||
vmovapd `16*1`(%rsp), %xmm7
|
||||
vmovapd `16*2`(%rsp), %xmm8
|
||||
vmovapd `16*3`(%rsp), %xmm9
|
||||
vmovapd `16*4`(%rsp), %xmm10
|
||||
vmovapd `16*5`(%rsp), %xmm11
|
||||
vmovapd `16*6`(%rsp), %xmm12
|
||||
vmovapd `16*7`(%rsp), %xmm13
|
||||
vmovapd `16*8`(%rsp), %xmm14
|
||||
vmovapd `16*9`(%rsp), %xmm15
|
||||
lea 168(%rsp), %rsp
|
||||
pop %rdi
|
||||
pop %rsi
|
||||
___
|
||||
$code.=<<___;
|
||||
mov 0(%rsp),%r15
|
||||
.cfi_restore %r15
|
||||
mov 8(%rsp),%r14
|
||||
@@ -663,6 +731,23 @@ $code.=<<___;
|
||||
ossl_extract_multiplier_2x20_win5_avx:
|
||||
.cfi_startproc
|
||||
endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
push %rsi # save non-volatile registers
|
||||
push %rdi
|
||||
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
|
||||
vmovapd %xmm6, `16*0`(%rsp)
|
||||
vmovapd %xmm7, `16*1`(%rsp)
|
||||
vmovapd %xmm8, `16*2`(%rsp)
|
||||
vmovapd %xmm9, `16*3`(%rsp)
|
||||
vmovapd %xmm10, `16*4`(%rsp)
|
||||
vmovapd %xmm11, `16*5`(%rsp)
|
||||
vmovapd %xmm12, `16*6`(%rsp)
|
||||
vmovapd %xmm13, `16*7`(%rsp)
|
||||
vmovapd %xmm14, `16*8`(%rsp)
|
||||
vmovapd %xmm15, `16*9`(%rsp)
|
||||
___
|
||||
$code.=<<___;
|
||||
vmovapd .Lones(%rip), $ones # broadcast ones
|
||||
vmovq $red_tbl_idx1, $tmp_xmm
|
||||
vpbroadcastq $tmp_xmm, $idx1
|
||||
@@ -708,6 +793,24 @@ ___
|
||||
foreach (0..9) {
|
||||
$code.="vmovdqu $t[$_], `${_}*32`($out) \n";
|
||||
}
|
||||
$code.=<<___;
|
||||
vzeroupper
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
vmovapd `16*0`(%rsp), %xmm6
|
||||
vmovapd `16*1`(%rsp), %xmm7
|
||||
vmovapd `16*2`(%rsp), %xmm8
|
||||
vmovapd `16*3`(%rsp), %xmm9
|
||||
vmovapd `16*4`(%rsp), %xmm10
|
||||
vmovapd `16*5`(%rsp), %xmm11
|
||||
vmovapd `16*6`(%rsp), %xmm12
|
||||
vmovapd `16*7`(%rsp), %xmm13
|
||||
vmovapd `16*8`(%rsp), %xmm14
|
||||
vmovapd `16*9`(%rsp), %xmm15
|
||||
lea 168(%rsp), %rsp
|
||||
pop %rdi
|
||||
pop %rsi
|
||||
___
|
||||
$code.=<<___;
|
||||
ret
|
||||
.cfi_endproc
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright (c) 2024, Intel Corporation. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -87,8 +87,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
|
||||
my $mask52 = "%rax";
|
||||
my $acc0_0 = "%r9";
|
||||
my $acc0_0_low = "%r9d";
|
||||
my $acc0_1 = "%r15";
|
||||
my $acc0_1_low = "%r15d";
|
||||
my $b_ptr = "%r11";
|
||||
|
||||
my $iter = "%ebx";
|
||||
@@ -741,7 +739,7 @@ $code.=<<___;
|
||||
vmovdqu $R3_0, `6*32`($res)
|
||||
vmovdqu $R3_0h, `7*32`($res)
|
||||
|
||||
xorl $acc0_1_low, $acc0_1_low
|
||||
xorl $acc0_0_low, $acc0_0_low
|
||||
|
||||
lea 16($b_ptr), $b_ptr
|
||||
movq \$0xfffffffffffff, $mask52 # 52-bit mask
|
||||
@@ -857,6 +855,23 @@ $code.=<<___;
|
||||
ossl_extract_multiplier_2x30_win5_avx:
|
||||
.cfi_startproc
|
||||
endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
push %rsi # save non-volatile registers
|
||||
push %rdi
|
||||
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
|
||||
vmovapd %xmm6, `16*0`(%rsp)
|
||||
vmovapd %xmm7, `16*1`(%rsp)
|
||||
vmovapd %xmm8, `16*2`(%rsp)
|
||||
vmovapd %xmm9, `16*3`(%rsp)
|
||||
vmovapd %xmm10, `16*4`(%rsp)
|
||||
vmovapd %xmm11, `16*5`(%rsp)
|
||||
vmovapd %xmm12, `16*6`(%rsp)
|
||||
vmovapd %xmm13, `16*7`(%rsp)
|
||||
vmovapd %xmm14, `16*8`(%rsp)
|
||||
vmovapd %xmm15, `16*9`(%rsp)
|
||||
___
|
||||
$code.=<<___;
|
||||
vmovapd .Lones(%rip), $ones # broadcast ones
|
||||
vmovq $red_tbl_idx1, $tmp_xmm
|
||||
vpbroadcastq $tmp_xmm, $idx1
|
||||
@@ -930,6 +945,24 @@ foreach (8..15) {
|
||||
$code.="vmovdqu $t[$_], `${_}*32`($out) \n";
|
||||
}
|
||||
|
||||
$code.=<<___;
|
||||
vzeroupper
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
vmovapd `16*0`(%rsp), %xmm6
|
||||
vmovapd `16*1`(%rsp), %xmm7
|
||||
vmovapd `16*2`(%rsp), %xmm8
|
||||
vmovapd `16*3`(%rsp), %xmm9
|
||||
vmovapd `16*4`(%rsp), %xmm10
|
||||
vmovapd `16*5`(%rsp), %xmm11
|
||||
vmovapd `16*6`(%rsp), %xmm12
|
||||
vmovapd `16*7`(%rsp), %xmm13
|
||||
vmovapd `16*8`(%rsp), %xmm14
|
||||
vmovapd `16*9`(%rsp), %xmm15
|
||||
lea 168(%rsp), %rsp
|
||||
pop %rdi
|
||||
pop %rsi
|
||||
___
|
||||
|
||||
$code.=<<___;
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright (c) 2024, Intel Corporation. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -84,8 +84,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
|
||||
my $mask52 = "%rax";
|
||||
my $acc0_0 = "%r9";
|
||||
my $acc0_0_low = "%r9d";
|
||||
my $acc0_1 = "%r15";
|
||||
my $acc0_1_low = "%r15d";
|
||||
my $b_ptr = "%r11";
|
||||
|
||||
my $iter = "%ebx";
|
||||
@@ -834,7 +832,7 @@ $code.=<<___;
|
||||
vmovdqu $R4_0, `8*32`($res)
|
||||
vmovdqu $R4_0h, `9*32`($res)
|
||||
|
||||
xorl $acc0_1_low, $acc0_1_low
|
||||
xorl $acc0_0_low, $acc0_0_low
|
||||
|
||||
movq \$0xfffffffffffff, $mask52
|
||||
|
||||
@@ -975,6 +973,23 @@ $code.=<<___;
|
||||
ossl_extract_multiplier_2x40_win5_avx:
|
||||
.cfi_startproc
|
||||
endbranch
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
push %rsi # save non-volatile registers
|
||||
push %rdi
|
||||
lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
|
||||
vmovapd %xmm6, `16*0`(%rsp)
|
||||
vmovapd %xmm7, `16*1`(%rsp)
|
||||
vmovapd %xmm8, `16*2`(%rsp)
|
||||
vmovapd %xmm9, `16*3`(%rsp)
|
||||
vmovapd %xmm10, `16*4`(%rsp)
|
||||
vmovapd %xmm11, `16*5`(%rsp)
|
||||
vmovapd %xmm12, `16*6`(%rsp)
|
||||
vmovapd %xmm13, `16*7`(%rsp)
|
||||
vmovapd %xmm14, `16*8`(%rsp)
|
||||
vmovapd %xmm15, `16*9`(%rsp)
|
||||
___
|
||||
$code.=<<___;
|
||||
vmovapd .Lones(%rip), $ones # broadcast ones
|
||||
vmovq $red_tbl_idx1, $tmp_xmm
|
||||
vpbroadcastq $tmp_xmm, $idx1
|
||||
@@ -1001,6 +1016,24 @@ $code.="movq %r10, $red_tbl \n";
|
||||
foreach (0..9) {
|
||||
$code.="vmovdqu $t[$_], `(10+$_)*32`($out) \n";
|
||||
}
|
||||
$code.=<<___;
|
||||
vzeroupper
|
||||
___
|
||||
$code.=<<___ if ($win64);
|
||||
vmovapd `16*0`(%rsp), %xmm6
|
||||
vmovapd `16*1`(%rsp), %xmm7
|
||||
vmovapd `16*2`(%rsp), %xmm8
|
||||
vmovapd `16*3`(%rsp), %xmm9
|
||||
vmovapd `16*4`(%rsp), %xmm10
|
||||
vmovapd `16*5`(%rsp), %xmm11
|
||||
vmovapd `16*6`(%rsp), %xmm12
|
||||
vmovapd `16*7`(%rsp), %xmm13
|
||||
vmovapd `16*8`(%rsp), %xmm14
|
||||
vmovapd `16*9`(%rsp), %xmm15
|
||||
lea 168(%rsp), %rsp
|
||||
pop %rdi
|
||||
pop %rsi
|
||||
___
|
||||
$code.=<<___;
|
||||
|
||||
ret
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -394,11 +394,11 @@ $code.=<<___;
|
||||
|
||||
mulx $car1,$mul1,$car1
|
||||
mulx $npj,$mul1,$acc1
|
||||
add $tmp1,$car0,$car0
|
||||
add $tmp0,$car1,$car1
|
||||
and $car0,$mask,$acc0
|
||||
ld [$np+8],$npj ! np[2]
|
||||
srlx $car1,32,$car1
|
||||
add $tmp1,$car1,$car1
|
||||
srlx $car0,32,$car0
|
||||
add $acc0,$car1,$car1
|
||||
and $car0,1,$sbit
|
||||
|
||||
+32
-32
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -14,7 +14,7 @@
|
||||
#include "crypto/bn_dh.h"
|
||||
|
||||
#if BN_BITS2 == 64
|
||||
#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
|
||||
#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
|
||||
#else
|
||||
#define BN_DEF(lo, hi) lo, hi
|
||||
#endif
|
||||
@@ -1387,37 +1387,37 @@ const BIGNUM ossl_bignum_const_2 = {
|
||||
};
|
||||
|
||||
make_dh_bn(dh1024_160_p)
|
||||
make_dh_bn(dh1024_160_q)
|
||||
make_dh_bn(dh1024_160_g)
|
||||
make_dh_bn(dh2048_224_p)
|
||||
make_dh_bn(dh2048_224_q)
|
||||
make_dh_bn(dh2048_224_g)
|
||||
make_dh_bn(dh2048_256_p)
|
||||
make_dh_bn(dh2048_256_q)
|
||||
make_dh_bn(dh2048_256_g)
|
||||
make_dh_bn(dh1024_160_q)
|
||||
make_dh_bn(dh1024_160_g)
|
||||
make_dh_bn(dh2048_224_p)
|
||||
make_dh_bn(dh2048_224_q)
|
||||
make_dh_bn(dh2048_224_g)
|
||||
make_dh_bn(dh2048_256_p)
|
||||
make_dh_bn(dh2048_256_q)
|
||||
make_dh_bn(dh2048_256_g)
|
||||
|
||||
make_dh_bn(ffdhe2048_p)
|
||||
make_dh_bn(ffdhe2048_q)
|
||||
make_dh_bn(ffdhe3072_p)
|
||||
make_dh_bn(ffdhe3072_q)
|
||||
make_dh_bn(ffdhe4096_p)
|
||||
make_dh_bn(ffdhe4096_q)
|
||||
make_dh_bn(ffdhe6144_p)
|
||||
make_dh_bn(ffdhe6144_q)
|
||||
make_dh_bn(ffdhe8192_p)
|
||||
make_dh_bn(ffdhe8192_q)
|
||||
make_dh_bn(ffdhe2048_p)
|
||||
make_dh_bn(ffdhe2048_q)
|
||||
make_dh_bn(ffdhe3072_p)
|
||||
make_dh_bn(ffdhe3072_q)
|
||||
make_dh_bn(ffdhe4096_p)
|
||||
make_dh_bn(ffdhe4096_q)
|
||||
make_dh_bn(ffdhe6144_p)
|
||||
make_dh_bn(ffdhe6144_q)
|
||||
make_dh_bn(ffdhe8192_p)
|
||||
make_dh_bn(ffdhe8192_q)
|
||||
|
||||
#ifndef FIPS_MODULE
|
||||
make_dh_bn(modp_1536_p)
|
||||
make_dh_bn(modp_1536_q)
|
||||
make_dh_bn(modp_1536_p)
|
||||
make_dh_bn(modp_1536_q)
|
||||
#endif
|
||||
make_dh_bn(modp_2048_p)
|
||||
make_dh_bn(modp_2048_q)
|
||||
make_dh_bn(modp_3072_p)
|
||||
make_dh_bn(modp_3072_q)
|
||||
make_dh_bn(modp_4096_p)
|
||||
make_dh_bn(modp_4096_q)
|
||||
make_dh_bn(modp_6144_p)
|
||||
make_dh_bn(modp_6144_q)
|
||||
make_dh_bn(modp_8192_p)
|
||||
make_dh_bn(modp_8192_q)
|
||||
make_dh_bn(modp_2048_p)
|
||||
make_dh_bn(modp_2048_q)
|
||||
make_dh_bn(modp_3072_p)
|
||||
make_dh_bn(modp_3072_q)
|
||||
make_dh_bn(modp_4096_p)
|
||||
make_dh_bn(modp_4096_q)
|
||||
make_dh_bn(modp_6144_p)
|
||||
make_dh_bn(modp_6144_q)
|
||||
make_dh_bn(modp_8192_p)
|
||||
make_dh_bn(modp_8192_q)
|
||||
|
||||
+17
-17
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -771,16 +771,16 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, const void *table,
|
||||
int power, int bits);
|
||||
int bn_pwr5_mont_t4_8(BN_ULONG * tp, const BN_ULONG *np,
|
||||
int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, const void *table,
|
||||
int power, int bits);
|
||||
int bn_pwr5_mont_t4_16(BN_ULONG * tp, const BN_ULONG *np,
|
||||
int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, const void *table,
|
||||
int power, int bits);
|
||||
int bn_pwr5_mont_t4_24(BN_ULONG * tp, const BN_ULONG *np,
|
||||
int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, const void *table,
|
||||
int power, int bits);
|
||||
int bn_pwr5_mont_t4_32(BN_ULONG * tp, const BN_ULONG *np,
|
||||
int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, const void *table,
|
||||
int power, int bits);
|
||||
static const bn_pwr5_mont_f pwr5_funcs[4] = {
|
||||
@@ -792,15 +792,15 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const void *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0);
|
||||
int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap, const void *bp,
|
||||
int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
|
||||
const BN_ULONG *np, const BN_ULONG *n0);
|
||||
int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const void *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0);
|
||||
int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const void *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0);
|
||||
int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const void *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0);
|
||||
static const bn_mul_mont_f mul_funcs[4] = {
|
||||
@@ -809,20 +809,20 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
};
|
||||
bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
|
||||
|
||||
void bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const void *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, int num);
|
||||
void bn_mul_mont_t4(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const void *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, int num);
|
||||
void bn_mul_mont_gather5_t4(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const void *table, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, int num, int power);
|
||||
void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
|
||||
void *table, size_t power);
|
||||
void bn_gather5_t4(BN_ULONG * out, size_t num,
|
||||
void bn_gather5_t4(BN_ULONG *out, size_t num,
|
||||
void *table, size_t power);
|
||||
void bn_flip_t4(BN_ULONG * dst, BN_ULONG * src, size_t num);
|
||||
void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
|
||||
|
||||
BN_ULONG *np = mont->N.d, *n0 = mont->n0;
|
||||
int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
|
||||
@@ -922,13 +922,13 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
|
||||
* Given those inputs, |bn_mul_mont| may not give reduced
|
||||
* output, but it will still produce "almost" reduced output.
|
||||
*/
|
||||
void bn_mul_mont_gather5(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const void *table, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, int num, int power);
|
||||
void bn_scatter5(const BN_ULONG *inp, size_t num,
|
||||
void *table, size_t power);
|
||||
void bn_gather5(BN_ULONG * out, size_t num, void *table, size_t power);
|
||||
void bn_power5(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
|
||||
void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const void *table, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, int num, int power);
|
||||
int bn_get_bits5(const BN_ULONG *ap, int off);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -387,7 +387,7 @@ struct bn_gencb_st {
|
||||
#elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
|
||||
#if defined(__DECC)
|
||||
#include <c_asm.h>
|
||||
#define BN_UMULT_HIGH(a, b) (BN_ULONG) asm("umulh %a0,%a1,%v0", (a), (b))
|
||||
#define BN_UMULT_HIGH(a, b) (BN_ULONG)asm("umulh %a0,%a1,%v0", (a), (b))
|
||||
#elif defined(__GNUC__) && __GNUC__ >= 2
|
||||
#define BN_UMULT_HIGH(a, b) ({ \
|
||||
register BN_ULONG ret; \
|
||||
|
||||
+4
-5
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -8,10 +8,9 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* Details about Montgomery multiplication algorithms can be found at
|
||||
* http://security.ece.orst.edu/publications.html, e.g.
|
||||
* http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
|
||||
* sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
|
||||
* Details about Montgomery multiplication algorithms can be found in
|
||||
* https://www.microsoft.com/en-us/research/wp-content/uploads/1996/01/j37acmon.pdf
|
||||
* and https://cetinkayakoc.net/docs/r01.pdf
|
||||
*/
|
||||
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
+5
-5
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -15,14 +15,14 @@
|
||||
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
const BN_ULONG *np, const BN_ULONG *n0, int num)
|
||||
{
|
||||
int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||
int bn_mul4x_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||
int bn_mul_mont_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const BN_ULONG *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, int num);
|
||||
int bn_mul_mont_300_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const BN_ULONG *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0, int num);
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -30,7 +30,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
|
||||
#define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x))
|
||||
|
||||
#if BN_BITS2 == 64
|
||||
#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
|
||||
#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
|
||||
#else
|
||||
#define BN_DEF(lo, hi) lo, hi
|
||||
#endif
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -29,7 +29,7 @@
|
||||
#include "internal/nelem.h"
|
||||
|
||||
#if BN_BITS2 == 64
|
||||
#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
|
||||
#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
|
||||
#else
|
||||
#define BN_DEF(lo, hi) lo, hi
|
||||
#endif
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -16,11 +16,11 @@
|
||||
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
const BN_ULONG *np, const BN_ULONG *n0, int num)
|
||||
{
|
||||
int bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||
int bn_mul_mont_fpu(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||
int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
const BN_ULONG *np, const BN_ULONG *n0, int num);
|
||||
|
||||
if (!(num & 1) && num >= 6) {
|
||||
@@ -29,16 +29,16 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
|
||||
const BN_ULONG *bp,
|
||||
const BN_ULONG *np,
|
||||
const BN_ULONG *n0);
|
||||
int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const BN_ULONG *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0);
|
||||
int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const BN_ULONG *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0);
|
||||
int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const BN_ULONG *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0);
|
||||
int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
|
||||
int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
|
||||
const BN_ULONG *bp, const BN_ULONG *np,
|
||||
const BN_ULONG *n0);
|
||||
static const bn_mul_mont_f funcs[4] = {
|
||||
|
||||
+2
-2
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -23,7 +23,7 @@ const void *ossl_bsearch(const void *key, const void *base, int num,
|
||||
l = 0;
|
||||
h = num;
|
||||
while (l < h) {
|
||||
i = (l + h) / 2;
|
||||
i = l + (h - l) / 2;
|
||||
p = &(base_[i * size]);
|
||||
c = (*cmp)(key, p);
|
||||
if (c < 0)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -27,7 +27,7 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char *ivec, int *num, int enc)
|
||||
{
|
||||
register CAST_LONG v0, v1, t;
|
||||
register int n = *num;
|
||||
register int n = *num & 0x07;
|
||||
register long l = length;
|
||||
CAST_LONG ti[2];
|
||||
unsigned char *iv, c, cc;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -26,7 +26,7 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
|
||||
unsigned char *ivec, int *num)
|
||||
{
|
||||
register CAST_LONG v0, v1, t;
|
||||
register int n = *num;
|
||||
register int n = *num & 0x07;
|
||||
register long l = length;
|
||||
unsigned char d[8];
|
||||
register char *dp;
|
||||
|
||||
+17
-6
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
@@ -149,6 +149,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
|
||||
int time_left;
|
||||
OSSL_CMP_transfer_cb_t transfer_cb = ctx->transfer_cb;
|
||||
|
||||
ctx->status = OSSL_CMP_PKISTATUS_trans;
|
||||
#ifndef OPENSSL_NO_HTTP
|
||||
if (transfer_cb == NULL)
|
||||
transfer_cb = OSSL_CMP_MSG_http_perform;
|
||||
@@ -175,7 +176,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
|
||||
/* should print error queue since transfer_cb may call ERR_clear_error() */
|
||||
OSSL_CMP_CTX_print_errors(ctx);
|
||||
|
||||
if (ctx->server != NULL)
|
||||
if (ctx->server != NULL || ctx->transfer_cb != NULL)
|
||||
ossl_cmp_log1(INFO, ctx, "sending %s", req_type_str);
|
||||
|
||||
*rep = (*transfer_cb)(ctx, req);
|
||||
@@ -189,6 +190,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
|
||||
return 0;
|
||||
}
|
||||
|
||||
ctx->status = OSSL_CMP_PKISTATUS_checking_response;
|
||||
bt = OSSL_CMP_MSG_get_bodytype(*rep);
|
||||
/*
|
||||
* The body type in the 'bt' variable is not yet verified.
|
||||
@@ -284,11 +286,15 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
||||
"received 'waiting' PKIStatus, starting to poll for response");
|
||||
*rep = NULL;
|
||||
for (;;) {
|
||||
int bak = ctx->status;
|
||||
|
||||
ctx->status = OSSL_CMP_PKISTATUS_request;
|
||||
if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL)
|
||||
goto err;
|
||||
|
||||
if (!send_receive_check(ctx, preq, &prep, OSSL_CMP_PKIBODY_POLLREP))
|
||||
goto err;
|
||||
ctx->status = bak;
|
||||
|
||||
/* handle potential pollRep */
|
||||
if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) {
|
||||
@@ -344,6 +350,7 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
||||
int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL));
|
||||
|
||||
if (time_left <= 0) {
|
||||
ctx->status = OSSL_CMP_PKISTATUS_trans;
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT);
|
||||
goto err;
|
||||
}
|
||||
@@ -455,7 +462,9 @@ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
|
||||
OSSL_CMP_MSG *certConf;
|
||||
OSSL_CMP_MSG *PKIconf = NULL;
|
||||
int res = 0;
|
||||
int bak = ctx->status;
|
||||
|
||||
ctx->status = OSSL_CMP_PKISTATUS_request;
|
||||
/* OSSL_CMP_certConf_new() also checks if all necessary options are set */
|
||||
certConf = ossl_cmp_certConf_new(ctx, certReqId, fail_info, txt);
|
||||
if (certConf == NULL)
|
||||
@@ -464,6 +473,9 @@ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
|
||||
res = send_receive_also_delayed(ctx, certConf, &PKIconf,
|
||||
OSSL_CMP_PKIBODY_PKICONF);
|
||||
|
||||
if (res)
|
||||
ctx->status = bak;
|
||||
|
||||
err:
|
||||
OSSL_CMP_MSG_free(certConf);
|
||||
OSSL_CMP_MSG_free(PKIconf);
|
||||
@@ -479,6 +491,7 @@ int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info,
|
||||
OSSL_CMP_MSG *PKIconf = NULL;
|
||||
int res = 0;
|
||||
|
||||
ctx->status = OSSL_CMP_PKISTATUS_request;
|
||||
/* not overwriting ctx->status on error exchange */
|
||||
if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, txt)) == NULL)
|
||||
goto err;
|
||||
@@ -488,6 +501,7 @@ int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info,
|
||||
|
||||
res = send_receive_also_delayed(ctx, error,
|
||||
&PKIconf, OSSL_CMP_PKIBODY_PKICONF);
|
||||
ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client;
|
||||
|
||||
err:
|
||||
OSSL_CMP_MSG_free(error);
|
||||
@@ -790,7 +804,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
|
||||
ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED,
|
||||
"rejecting newly enrolled cert with subject: %s; %s",
|
||||
subj, txt);
|
||||
ctx->status = OSSL_CMP_PKISTATUS_rejection;
|
||||
ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client;
|
||||
ret = 0;
|
||||
}
|
||||
OPENSSL_free(subj);
|
||||
@@ -812,7 +826,6 @@ static int initial_certreq(OSSL_CMP_CTX *ctx,
|
||||
if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL)
|
||||
return 0;
|
||||
|
||||
ctx->status = OSSL_CMP_PKISTATUS_trans;
|
||||
res = send_receive_check(ctx, req, p_rep, rep_type);
|
||||
OSSL_CMP_MSG_free(req);
|
||||
return res;
|
||||
@@ -918,7 +931,6 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
|
||||
if ((rr = ossl_cmp_rr_new(ctx)) == NULL)
|
||||
goto end;
|
||||
|
||||
ctx->status = OSSL_CMP_PKISTATUS_trans;
|
||||
if (!send_receive_also_delayed(ctx, rr, &rp, OSSL_CMP_PKIBODY_RP))
|
||||
goto end;
|
||||
|
||||
@@ -1038,7 +1050,6 @@ STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx)
|
||||
if ((genm = ossl_cmp_genm_new(ctx)) == NULL)
|
||||
goto err;
|
||||
|
||||
ctx->status = OSSL_CMP_PKISTATUS_trans;
|
||||
if (!send_receive_also_delayed(ctx, genm, &genp, OSSL_CMP_PKIBODY_GENP))
|
||||
goto err;
|
||||
ctx->status = OSSL_CMP_PKISTATUS_accepted;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
@@ -742,7 +742,7 @@ DEFINE_OSSL_set1_up_ref(OSSL_CMP_CTX, oldCert, X509)
|
||||
*/
|
||||
DEFINE_OSSL_set0(ossl_cmp_ctx, newCert, X509)
|
||||
|
||||
/* Get successfully validated server cert, if any, of current transaction */
|
||||
/* Get successfully validated sender cert, if any, of current transaction */
|
||||
DEFINE_OSSL_CMP_CTX_get0(validatedSrvCert, X509)
|
||||
|
||||
/*
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2019
|
||||
* Copyright Siemens AG 2015-2019
|
||||
*
|
||||
@@ -66,7 +66,7 @@ struct ossl_cmp_ctx_st {
|
||||
int unprotectedErrors;
|
||||
int noCacheExtraCerts;
|
||||
X509 *srvCert; /* certificate used to identify the server */
|
||||
X509 *validatedSrvCert; /* caches any already validated server cert */
|
||||
X509 *validatedSrvCert; /* caches any already validated sender cert */
|
||||
X509_NAME *expected_sender; /* expected sender in header of response */
|
||||
X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */
|
||||
STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */
|
||||
|
||||
+14
-11
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Nokia 2007-2020
|
||||
* Copyright Siemens AG 2015-2020
|
||||
*
|
||||
@@ -363,13 +363,12 @@ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx,
|
||||
return valid;
|
||||
}
|
||||
|
||||
/* checks protection of msg but not cert revocation nor cert chain */
|
||||
static int check_msg_given_cert(const OSSL_CMP_CTX *ctx, X509 *cert,
|
||||
const OSSL_CMP_MSG *msg)
|
||||
{
|
||||
return cert_acceptable(ctx, "previously validated", "sender cert",
|
||||
cert, NULL, NULL, msg)
|
||||
&& (check_cert_path(ctx, ctx->trusted, cert)
|
||||
|| check_cert_path_3gpp(ctx, msg, cert));
|
||||
cert, NULL, NULL, msg);
|
||||
}
|
||||
|
||||
/*-
|
||||
@@ -479,22 +478,26 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
|
||||
(void)ERR_set_mark();
|
||||
ctx->log_cb = NULL; /* temporarily disable logging */
|
||||
|
||||
/*
|
||||
* try first cached scrt, used successfully earlier in same transaction,
|
||||
* for validating this and any further msgs where extraCerts may be left out
|
||||
*/
|
||||
if (scrt != NULL) {
|
||||
/*-
|
||||
* try first using cached message sender cert (in 'scrt' variable),
|
||||
* which was used successfully earlier in the same transaction
|
||||
* (assuming that the certificate itself was not revoked meanwhile and
|
||||
* is a good guess for use in validating also the current message)
|
||||
*/
|
||||
if (check_msg_given_cert(ctx, scrt, msg)) {
|
||||
ctx->log_cb = backup_log_cb;
|
||||
(void)ERR_pop_to_mark();
|
||||
return 1;
|
||||
}
|
||||
/* cached sender cert has shown to be no more successfully usable */
|
||||
(void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL);
|
||||
/* re-do the above check (just) for adding diagnostic information */
|
||||
ossl_cmp_info(ctx,
|
||||
"trying to verify msg signature with previously validated cert");
|
||||
ctx->log_cb = backup_log_cb;
|
||||
(void)check_msg_given_cert(ctx, scrt, msg);
|
||||
ctx->log_cb = NULL;
|
||||
(void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL); /* this invalidates scrt */
|
||||
}
|
||||
|
||||
res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */)
|
||||
@@ -628,7 +631,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
|
||||
scrt = ctx->srvCert;
|
||||
if (scrt == NULL) {
|
||||
if (ctx->trusted == NULL && ctx->secretValue != NULL) {
|
||||
ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
|
||||
ossl_cmp_info(ctx, "no trust store nor pinned sender cert available for verifying signature-based CMP message protection");
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
|
||||
return 0;
|
||||
}
|
||||
@@ -642,7 +645,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
|
||||
/* use ctx->srvCert for signature check even if not acceptable */
|
||||
if (verify_signature(ctx, msg, scrt)) {
|
||||
ossl_cmp_debug(ctx,
|
||||
"successfully validated signature-based CMP message protection using pinned server cert");
|
||||
"successfully validated signature-based CMP message protection using pinned sender cert");
|
||||
return ossl_cmp_ctx_set1_validatedSrvCert(ctx, scrt);
|
||||
}
|
||||
ossl_cmp_warn(ctx, "CMP message signature verification failed");
|
||||
|
||||
+15
-15
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -23,7 +23,7 @@ ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
|
||||
ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
|
||||
} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
|
||||
|
||||
ASN1_CHOICE(CMS_CertificateChoices)
|
||||
ASN1_CHOICE(CMS_CertificateChoices)
|
||||
= { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) } ASN1_CHOICE_END(CMS_CertificateChoices)
|
||||
|
||||
ASN1_CHOICE(CMS_SignerIdentifier) = {
|
||||
@@ -31,11 +31,11 @@ ASN1_CHOICE(CMS_SignerIdentifier) = {
|
||||
ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
|
||||
} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
|
||||
|
||||
ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
|
||||
ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
|
||||
= { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) } static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
|
||||
|
||||
/* Minor tweak to operation: free up signer key, cert */
|
||||
static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
/* Minor tweak to operation: free up signer key, cert */
|
||||
static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
{
|
||||
if (operation == ASN1_OP_FREE_POST) {
|
||||
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
|
||||
@@ -62,7 +62,7 @@ ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
|
||||
ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
|
||||
} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
|
||||
|
||||
ASN1_CHOICE(CMS_RevocationInfoChoice)
|
||||
ASN1_CHOICE(CMS_RevocationInfoChoice)
|
||||
= { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
|
||||
|
||||
ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
|
||||
@@ -80,7 +80,7 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = {
|
||||
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
|
||||
} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
|
||||
|
||||
static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
{
|
||||
CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval;
|
||||
|
||||
@@ -118,7 +118,7 @@ ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
|
||||
ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
|
||||
} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
|
||||
|
||||
static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
{
|
||||
CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
|
||||
if (operation == ASN1_OP_FREE_POST) {
|
||||
@@ -143,7 +143,7 @@ ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
|
||||
ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
|
||||
} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
|
||||
|
||||
static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
{
|
||||
CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
|
||||
if (operation == ASN1_OP_NEW_POST) {
|
||||
@@ -173,7 +173,7 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
|
||||
ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
|
||||
} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
|
||||
|
||||
ASN1_SEQUENCE(CMS_KEKRecipientInfo)
|
||||
ASN1_SEQUENCE(CMS_KEKRecipientInfo)
|
||||
= { ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
|
||||
|
||||
ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
|
||||
@@ -188,8 +188,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
|
||||
ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
|
||||
} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
|
||||
|
||||
/* Free up RecipientInfo additional data */
|
||||
static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
/* Free up RecipientInfo additional data */
|
||||
static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
|
||||
{
|
||||
if (operation == ASN1_OP_FREE_PRE) {
|
||||
CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
|
||||
@@ -262,7 +262,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
|
||||
ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
|
||||
} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
|
||||
|
||||
ASN1_NDEF_SEQUENCE(CMS_CompressedData)
|
||||
ASN1_NDEF_SEQUENCE(CMS_CompressedData)
|
||||
= {
|
||||
ASN1_EMBED(CMS_CompressedData, version, INT32),
|
||||
ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
|
||||
@@ -348,7 +348,7 @@ ASN1_CHOICE(CMS_ReceiptsFrom) = {
|
||||
ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
|
||||
} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
|
||||
|
||||
ASN1_SEQUENCE(CMS_ReceiptRequest)
|
||||
ASN1_SEQUENCE(CMS_ReceiptRequest)
|
||||
= { ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
|
||||
|
||||
ASN1_SEQUENCE(CMS_Receipt) = {
|
||||
@@ -375,7 +375,7 @@ ASN1_SEQUENCE(CMS_SharedInfo) = {
|
||||
ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
|
||||
} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
|
||||
|
||||
int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
|
||||
int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
|
||||
{
|
||||
union {
|
||||
CMS_SharedInfo *pecsi;
|
||||
|
||||
+10
-5
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -89,16 +89,21 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
|
||||
int keylen, plen;
|
||||
EVP_CIPHER *kekcipher = NULL;
|
||||
EVP_CIPHER_CTX *kekctx;
|
||||
const ASN1_OBJECT *aoid;
|
||||
const void *parameter = NULL;
|
||||
int ptype = 0;
|
||||
char name[OSSL_MAX_NAME_SIZE];
|
||||
|
||||
if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
|
||||
goto err;
|
||||
|
||||
X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg);
|
||||
|
||||
/*
|
||||
* For DH we only have one OID permissible. If ever any more get defined
|
||||
* we will need something cleverer.
|
||||
*/
|
||||
if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
|
||||
if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) {
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
|
||||
goto err;
|
||||
}
|
||||
@@ -107,11 +112,11 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
|
||||
|| EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
|
||||
goto err;
|
||||
|
||||
if (alg->parameter->type != V_ASN1_SEQUENCE)
|
||||
if (ptype != V_ASN1_SEQUENCE)
|
||||
goto err;
|
||||
|
||||
p = alg->parameter->value.sequence->data;
|
||||
plen = alg->parameter->value.sequence->length;
|
||||
p = ASN1_STRING_get0_data(parameter);
|
||||
plen = ASN1_STRING_length(parameter);
|
||||
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
|
||||
if (kekalg == NULL)
|
||||
goto err;
|
||||
|
||||
+11
-5
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -166,21 +166,27 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
|
||||
int plen, keylen;
|
||||
EVP_CIPHER *kekcipher = NULL;
|
||||
EVP_CIPHER_CTX *kekctx;
|
||||
const ASN1_OBJECT *aoid = NULL;
|
||||
int ptype = 0;
|
||||
const void *parameter = NULL;
|
||||
|
||||
char name[OSSL_MAX_NAME_SIZE];
|
||||
|
||||
if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
|
||||
return 0;
|
||||
|
||||
if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
|
||||
X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg);
|
||||
|
||||
if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) {
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (alg->parameter->type != V_ASN1_SEQUENCE)
|
||||
if (ptype != V_ASN1_SEQUENCE)
|
||||
return 0;
|
||||
|
||||
p = alg->parameter->value.sequence->data;
|
||||
plen = alg->parameter->value.sequence->length;
|
||||
p = ASN1_STRING_get0_data(parameter);
|
||||
plen = ASN1_STRING_length(parameter);
|
||||
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
|
||||
if (kekalg == NULL)
|
||||
goto err;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -35,8 +35,7 @@ typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
|
||||
typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
|
||||
typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
|
||||
typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
|
||||
typedef struct CMS_KeyAgreeRecipientIdentifier_st
|
||||
CMS_KeyAgreeRecipientIdentifier;
|
||||
typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
|
||||
typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
|
||||
typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
|
||||
typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
|
||||
|
||||
+20
-13
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
|
||||
X509_ALGOR *cmsalg;
|
||||
int nid;
|
||||
int rv = -1;
|
||||
unsigned char *label = NULL;
|
||||
const unsigned char *label = NULL;
|
||||
int labellen = 0;
|
||||
const EVP_MD *mgf1md = NULL, *md = NULL;
|
||||
RSA_OAEP_PARAMS *oaep;
|
||||
const ASN1_OBJECT *aoid;
|
||||
const void *parameter = NULL;
|
||||
int ptype = 0;
|
||||
|
||||
pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
|
||||
if (pkctx == NULL)
|
||||
@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
|
||||
goto err;
|
||||
|
||||
if (oaep->pSourceFunc != NULL) {
|
||||
X509_ALGOR *plab = oaep->pSourceFunc;
|
||||
X509_ALGOR_get0(&aoid, &ptype, ¶meter, oaep->pSourceFunc);
|
||||
|
||||
if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
|
||||
if (OBJ_obj2nid(aoid) != NID_pSpecified) {
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
|
||||
goto err;
|
||||
}
|
||||
if (plab->parameter->type != V_ASN1_OCTET_STRING) {
|
||||
if (ptype != V_ASN1_OCTET_STRING) {
|
||||
ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
|
||||
goto err;
|
||||
}
|
||||
|
||||
label = plab->parameter->value.octet_string->data;
|
||||
/* Stop label being freed when OAEP parameters are freed */
|
||||
plab->parameter->value.octet_string->data = NULL;
|
||||
labellen = plab->parameter->value.octet_string->length;
|
||||
label = ASN1_STRING_get0_data(parameter);
|
||||
labellen = ASN1_STRING_length(parameter);
|
||||
}
|
||||
|
||||
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
|
||||
@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
|
||||
goto err;
|
||||
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
|
||||
goto err;
|
||||
if (label != NULL
|
||||
&& EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
|
||||
OPENSSL_free(label);
|
||||
goto err;
|
||||
if (label != NULL) {
|
||||
unsigned char *dup_label = OPENSSL_memdup(label, labellen);
|
||||
|
||||
if (dup_label == NULL)
|
||||
goto err;
|
||||
|
||||
if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
|
||||
OPENSSL_free(dup_label);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
/* Carry on */
|
||||
rv = 1;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -474,8 +474,10 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
|
||||
} else {
|
||||
if (dcont && (tmpin == dcont))
|
||||
do_free_upto(cmsbio, dcont);
|
||||
else
|
||||
else if (cmsbio != NULL)
|
||||
BIO_free_all(cmsbio);
|
||||
else
|
||||
BIO_free(tmpin);
|
||||
}
|
||||
|
||||
if (out != tmpout)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -314,7 +314,7 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
|
||||
return NULL;
|
||||
}
|
||||
ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE,
|
||||
"group=%s name=%s", group, name);
|
||||
"group=%s name=%s", group != NULL ? group : "", name);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -395,7 +395,7 @@ static CONF_MODULE *module_find(const char *name)
|
||||
{
|
||||
CONF_MODULE *tmod;
|
||||
int i, nchar;
|
||||
char *p;
|
||||
const char *p;
|
||||
STACK_OF(CONF_MODULE) *mods;
|
||||
|
||||
p = strrchr(name, '.');
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -28,7 +28,7 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
|
||||
{
|
||||
register DES_LONG v0, v1;
|
||||
register long l = length;
|
||||
register int n = *num;
|
||||
register int n = *num & 0x07;
|
||||
DES_LONG ti[2];
|
||||
unsigned char *iv, c, cc;
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -27,7 +27,7 @@ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
|
||||
{
|
||||
register DES_LONG v0, v1;
|
||||
register long l = length;
|
||||
register int n = *num;
|
||||
register int n = *num & 0x07;
|
||||
DES_LONG ti[2];
|
||||
unsigned char *iv, c, cc;
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -26,7 +26,7 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
|
||||
DES_key_schedule *k3, DES_cblock *ivec, int *num)
|
||||
{
|
||||
register DES_LONG v0, v1;
|
||||
register int n = *num;
|
||||
register int n = *num & 0x07;
|
||||
register long l = length;
|
||||
DES_cblock d;
|
||||
register char *dp;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -25,7 +25,7 @@ void DES_ofb64_encrypt(register const unsigned char *in,
|
||||
DES_key_schedule *schedule, DES_cblock *ivec, int *num)
|
||||
{
|
||||
register DES_LONG v0, v1, t;
|
||||
register int n = *num;
|
||||
register int n = *num & 0x07;
|
||||
register long l = length;
|
||||
DES_cblock d;
|
||||
register unsigned char *dp;
|
||||
|
||||
+3
-4
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -76,7 +76,7 @@ ASN1_SEQUENCE(DHvparams) = {
|
||||
ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
|
||||
} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
|
||||
|
||||
ASN1_SEQUENCE(DHxparams)
|
||||
ASN1_SEQUENCE(DHxparams)
|
||||
= {
|
||||
ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
|
||||
ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
|
||||
@@ -85,8 +85,7 @@ ASN1_SEQUENCE(DHvparams) = {
|
||||
ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
|
||||
} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
|
||||
|
||||
int_dhx942_dh
|
||||
* d2i_int_dhx(int_dhx942_dh * *a, const unsigned char **pp, long length);
|
||||
int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, const unsigned char **pp, long length);
|
||||
int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
|
||||
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(int_dhx942_dh, DHxparams, int_dhx)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -43,5 +43,5 @@
|
||||
}
|
||||
|
||||
make_dh(1024_160)
|
||||
make_dh(2048_224)
|
||||
make_dh(2048_256)
|
||||
make_dh(2048_224)
|
||||
make_dh(2048_256)
|
||||
|
||||
+3
-1
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -35,7 +35,9 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
|
||||
case DLL_THREAD_ATTACH:
|
||||
break;
|
||||
case DLL_THREAD_DETACH:
|
||||
#ifndef __CYGWIN__
|
||||
OPENSSL_thread_stop();
|
||||
#endif
|
||||
break;
|
||||
case DLL_PROCESS_DETACH:
|
||||
break;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -47,7 +47,7 @@ ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
|
||||
ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
|
||||
} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
|
||||
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
|
||||
|
||||
ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
|
||||
ASN1_SIMPLE(DSA, params.p, BIGNUM),
|
||||
@@ -55,7 +55,7 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
|
||||
ASN1_SIMPLE(DSA, params.g, BIGNUM),
|
||||
} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
|
||||
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
|
||||
|
||||
ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
|
||||
ASN1_SIMPLE(DSA, pub_key, BIGNUM),
|
||||
@@ -64,7 +64,7 @@ ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
|
||||
ASN1_SIMPLE(DSA, params.g, BIGNUM)
|
||||
} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
|
||||
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
|
||||
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
|
||||
|
||||
DSA *DSAparams_dup(const DSA *dsa)
|
||||
{
|
||||
|
||||
+6
-6
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -105,7 +105,7 @@ ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
|
||||
ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
|
||||
} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
|
||||
|
||||
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
|
||||
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
|
||||
|
||||
ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
|
||||
@@ -122,7 +122,7 @@ ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
|
||||
ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
|
||||
} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
|
||||
|
||||
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
|
||||
DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
|
||||
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
|
||||
|
||||
ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
|
||||
@@ -137,10 +137,10 @@ ASN1_SEQUENCE(X9_62_FIELDID) = {
|
||||
ASN1_ADB_OBJECT(X9_62_FIELDID)
|
||||
} static_ASN1_SEQUENCE_END(X9_62_FIELDID)
|
||||
|
||||
ASN1_SEQUENCE(X9_62_CURVE)
|
||||
ASN1_SEQUENCE(X9_62_CURVE)
|
||||
= { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(X9_62_CURVE)
|
||||
|
||||
ASN1_SEQUENCE(ECPARAMETERS)
|
||||
ASN1_SEQUENCE(ECPARAMETERS)
|
||||
= { ASN1_EMBED(ECPARAMETERS, version, INT32), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS)
|
||||
|
||||
DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
|
||||
@@ -163,7 +163,7 @@ ASN1_SEQUENCE(EC_PRIVATEKEY) = {
|
||||
ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
|
||||
} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
|
||||
DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
|
||||
DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY)
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -50,7 +50,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
|
||||
* ECC domain parameter validation.
|
||||
* See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
|
||||
*/
|
||||
return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0;
|
||||
return EC_GROUP_check_named_curve(group, 1, ctx) > 0 ? 1 : 0;
|
||||
#else
|
||||
int ret = 0;
|
||||
const BIGNUM *order;
|
||||
|
||||
+3
-1
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -175,6 +175,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
|
||||
dest->libctx = src->libctx;
|
||||
dest->curve_name = src->curve_name;
|
||||
|
||||
EC_pre_comp_free(dest);
|
||||
|
||||
/* Copy precomputed */
|
||||
dest->pre_comp_type = src->pre_comp_type;
|
||||
switch (src->pre_comp_type) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -40,6 +40,7 @@
|
||||
#include "crypto/cmperr.h"
|
||||
#include "crypto/cterr.h"
|
||||
#include "crypto/asyncerr.h"
|
||||
#include "crypto/sm2err.h"
|
||||
#include "crypto/storeerr.h"
|
||||
#include "crypto/esserr.h"
|
||||
#include "internal/propertyerr.h"
|
||||
@@ -104,6 +105,9 @@ int ossl_err_load_crypto_strings(void)
|
||||
#endif
|
||||
|| ossl_err_load_ESS_strings() == 0
|
||||
|| ossl_err_load_ASYNC_strings() == 0
|
||||
#ifndef OPENSSL_NO_SM2
|
||||
|| ossl_err_load_SM2_strings() == 0
|
||||
#endif
|
||||
|| ossl_err_load_OSSL_STORE_strings() == 0
|
||||
|| ossl_err_load_PROP_strings() == 0
|
||||
|| ossl_err_load_PROV_strings() == 0
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -848,6 +848,7 @@ EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE:191:xts data unit is too large
|
||||
EVP_R_XTS_DUPLICATED_KEYS:192:xts duplicated keys
|
||||
HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN:108:asn1 len exceeds max resp len
|
||||
HTTP_R_CONNECT_FAILURE:100:connect failure
|
||||
HTTP_R_CONTENT_TYPE_MISMATCH:131:content type mismatch
|
||||
HTTP_R_ERROR_PARSING_ASN1_LENGTH:109:error parsing asn1 length
|
||||
HTTP_R_ERROR_PARSING_CONTENT_LENGTH:119:error parsing content length
|
||||
HTTP_R_ERROR_PARSING_URL:101:error parsing url
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -21,7 +21,7 @@ ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
|
||||
ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
|
||||
} static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
|
||||
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
|
||||
|
||||
ASN1_SEQUENCE(ESS_CERT_ID) = {
|
||||
@@ -29,7 +29,7 @@ ASN1_SEQUENCE(ESS_CERT_ID) = {
|
||||
ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
|
||||
} static_ASN1_SEQUENCE_END(ESS_CERT_ID)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
|
||||
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
|
||||
|
||||
ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
|
||||
@@ -46,7 +46,7 @@ ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
|
||||
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
|
||||
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
|
||||
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
|
||||
|
||||
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
|
||||
|
||||
+4
-3
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -872,8 +872,9 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
|
||||
if (pctx != NULL
|
||||
&& (pctx->operation == EVP_PKEY_OP_VERIFYCTX
|
||||
|| pctx->operation == EVP_PKEY_OP_SIGNCTX)
|
||||
&& pctx->op.sig.algctx != NULL
|
||||
&& pctx->op.sig.signature->gettable_ctx_md_params != NULL)
|
||||
&& pctx->op.sig.signature != NULL
|
||||
&& pctx->op.sig.signature->gettable_ctx_md_params != NULL
|
||||
&& pctx->op.sig.algctx != NULL)
|
||||
return pctx->op.sig.signature->gettable_ctx_md_params(
|
||||
pctx->op.sig.algctx);
|
||||
|
||||
|
||||
+28
-28
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -2403,14 +2403,14 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
|
||||
|
||||
#endif
|
||||
|
||||
#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
|
||||
#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
|
||||
|
||||
static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
@@ -2641,10 +2641,10 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
}
|
||||
|
||||
BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
|
||||
BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
|
||||
BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
|
||||
BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
|
||||
BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
|
||||
|
||||
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
|
||||
static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
|
||||
{
|
||||
EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, c);
|
||||
if (gctx == NULL)
|
||||
@@ -3189,12 +3189,12 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
|
||||
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
|
||||
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
|
||||
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
|
||||
{
|
||||
EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c);
|
||||
|
||||
@@ -3378,9 +3378,9 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
| EVP_CIPH_CUSTOM_COPY)
|
||||
|
||||
BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
|
||||
|
||||
static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
|
||||
static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
|
||||
{
|
||||
EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, c);
|
||||
switch (type) {
|
||||
@@ -3654,12 +3654,12 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
|
||||
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
|
||||
typedef struct {
|
||||
typedef struct {
|
||||
union {
|
||||
OSSL_UNION_ALIGN;
|
||||
AES_KEY ks;
|
||||
@@ -4146,8 +4146,8 @@ static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
|
||||
|
||||
BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
|
||||
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
|
||||
#endif /* OPENSSL_NO_OCB */
|
||||
|
||||
+11
-11
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -194,13 +194,13 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
}
|
||||
|
||||
BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
|
||||
BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
|
||||
BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
|
||||
BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
|
||||
BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
|
||||
|
||||
/* Authenticated cipher modes (GCM/CCM) */
|
||||
/* Authenticated cipher modes (GCM/CCM) */
|
||||
|
||||
/* increment counter (64-bit int) by 1 */
|
||||
static void ctr64_inc(unsigned char *counter)
|
||||
/* increment counter (64-bit int) by 1 */
|
||||
static void ctr64_inc(unsigned char *counter)
|
||||
{
|
||||
int n = 8;
|
||||
unsigned char c;
|
||||
@@ -778,11 +778,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
}
|
||||
|
||||
BLOCK_CIPHER_aead(128, gcm, GCM)
|
||||
BLOCK_CIPHER_aead(192, gcm, GCM)
|
||||
BLOCK_CIPHER_aead(256, gcm, GCM)
|
||||
BLOCK_CIPHER_aead(192, gcm, GCM)
|
||||
BLOCK_CIPHER_aead(256, gcm, GCM)
|
||||
|
||||
BLOCK_CIPHER_aead(128, ccm, CCM)
|
||||
BLOCK_CIPHER_aead(192, ccm, CCM)
|
||||
BLOCK_CIPHER_aead(256, ccm, CCM)
|
||||
BLOCK_CIPHER_aead(128, ccm, CCM)
|
||||
BLOCK_CIPHER_aead(192, ccm, CCM)
|
||||
BLOCK_CIPHER_aead(256, ccm, CCM)
|
||||
|
||||
#endif
|
||||
|
||||
+11
-11
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -183,14 +183,14 @@ static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
|
||||
#endif
|
||||
|
||||
#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
|
||||
#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
|
||||
BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
|
||||
|
||||
/* The subkey for Camellia is generated. */
|
||||
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
@@ -347,5 +347,5 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
}
|
||||
|
||||
BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
|
||||
BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
|
||||
BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
|
||||
BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
|
||||
BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
|
||||
|
||||
+9
-9
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -197,16 +197,16 @@ BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
|
||||
EVP_CIPH_RAND_KEY, des_init_key, NULL,
|
||||
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
|
||||
|
||||
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
|
||||
EVP_CIPH_RAND_KEY, des_init_key, NULL,
|
||||
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
|
||||
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
|
||||
EVP_CIPH_RAND_KEY, des_init_key, NULL,
|
||||
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
|
||||
|
||||
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
|
||||
EVP_CIPH_RAND_KEY, des_init_key, NULL,
|
||||
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
|
||||
BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
|
||||
EVP_CIPH_RAND_KEY, des_init_key, NULL,
|
||||
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
|
||||
|
||||
static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
{
|
||||
DES_cblock *deskey = (DES_cblock *)key;
|
||||
EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
|
||||
|
||||
+12
-12
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -210,20 +210,20 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
|
||||
#define des_ede3_ofb_cipher des_ede_ofb_cipher
|
||||
#define des_ede3_cbc_cipher des_ede_cbc_cipher
|
||||
#define des_ede3_ecb_cipher des_ede_ecb_cipher
|
||||
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
|
||||
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
|
||||
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
|
||||
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
|
||||
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
|
||||
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
|
||||
|
||||
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
|
||||
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
|
||||
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
|
||||
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
|
||||
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
|
||||
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
|
||||
|
||||
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
|
||||
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
|
||||
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
|
||||
BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
|
||||
EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
|
||||
des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
|
||||
|
||||
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
{
|
||||
DES_cblock *deskey = (DES_cblock *)key;
|
||||
DES_EDE_KEY *dat = data(ctx);
|
||||
|
||||
+3
-3
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -54,8 +54,8 @@ BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
|
||||
0, idea_init_key, NULL,
|
||||
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
|
||||
|
||||
static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
{
|
||||
if (!enc) {
|
||||
if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE)
|
||||
|
||||
+7
-7
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2017 Ribose Inc. All Rights Reserved.
|
||||
* Ported from Ribose contributions from Botan.
|
||||
*
|
||||
@@ -49,12 +49,12 @@ typedef struct {
|
||||
return &sm4_##mode; \
|
||||
}
|
||||
|
||||
#define DEFINE_BLOCK_CIPHERS(nid, flags) \
|
||||
BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags)
|
||||
#define DEFINE_BLOCK_CIPHERS(nid, flags) \
|
||||
BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
|
||||
BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags)
|
||||
|
||||
static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
|
||||
+2
-2
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -689,7 +689,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
|
||||
l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d)));
|
||||
|
||||
if (eof == -1)
|
||||
eof = (f[2] == '=') + (f[3] == '=');
|
||||
eof = (c == '=') + (d == '=');
|
||||
|
||||
switch (eof) {
|
||||
case 2:
|
||||
|
||||
+11
-1
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -979,6 +979,11 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
size_t soutl, inl_ = (size_t)inl;
|
||||
int blocksize;
|
||||
|
||||
if (inl < 0) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ossl_likely(outl != NULL)) {
|
||||
*outl = 0;
|
||||
} else {
|
||||
@@ -1128,6 +1133,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
|
||||
size_t soutl, inl_ = (size_t)inl;
|
||||
int blocksize;
|
||||
|
||||
if (inl < 0) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ossl_likely(outl != NULL)) {
|
||||
*outl = 0;
|
||||
} else {
|
||||
|
||||
+2
-2
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -181,7 +181,7 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
|
||||
if (provauthkey != NULL && kem->auth_decapsulate_init != NULL) {
|
||||
ret = kem->auth_decapsulate_init(ctx->op.encap.algctx, provkey,
|
||||
provauthkey, params);
|
||||
} else if (provauthkey == NULL && kem->encapsulate_init != NULL) {
|
||||
} else if (provauthkey == NULL && kem->decapsulate_init != NULL) {
|
||||
ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params);
|
||||
} else {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -82,9 +82,11 @@
|
||||
#if defined(__GNUC__) || defined(__CLANG__)
|
||||
#define PREFETCH_NEIGHBORHOOD(x) __builtin_prefetch(x.entries)
|
||||
#define PREFETCH(x) __builtin_prefetch(x)
|
||||
#define ALIGN __attribute__((aligned(8)))
|
||||
#else
|
||||
#define PREFETCH_NEIGHBORHOOD(x)
|
||||
#define PREFETCH(x)
|
||||
#define ALIGN
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -112,7 +114,7 @@ struct ht_internal_value_st {
|
||||
struct ht_neighborhood_entry_st {
|
||||
uint64_t hash;
|
||||
struct ht_internal_value_st *value;
|
||||
};
|
||||
} ALIGN;
|
||||
|
||||
struct ht_neighborhood_st {
|
||||
struct ht_neighborhood_entry_st entries[NEIGHBORHOOD_LEN];
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright Siemens AG 2018-2020
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -551,6 +551,7 @@ static int may_still_retry(time_t max_time, int *ptimeout)
|
||||
int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
|
||||
{
|
||||
int i, found_expected_ct = 0, found_keep_alive = 0;
|
||||
int status_code = 0;
|
||||
int got_text = 1;
|
||||
long n;
|
||||
size_t resp_len = 0;
|
||||
@@ -751,8 +752,8 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
|
||||
|
||||
/* First line in response header */
|
||||
if (rctx->state == OHS_FIRSTLINE) {
|
||||
i = parse_http_line1(buf, &found_keep_alive);
|
||||
switch (i) {
|
||||
status_code = parse_http_line1(buf, &found_keep_alive);
|
||||
switch (status_code) {
|
||||
case HTTP_STATUS_CODE_OK:
|
||||
rctx->state = OHS_HEADERS;
|
||||
goto next_line;
|
||||
@@ -767,7 +768,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
|
||||
/* fall through */
|
||||
default:
|
||||
/* must return content if status >= 400 */
|
||||
rctx->state = i < HTTP_STATUS_CODES_NONFATAL_ERROR
|
||||
rctx->state = status_code < HTTP_STATUS_CODES_NONFATAL_ERROR
|
||||
? OHS_HEADERS_ERROR
|
||||
: OHS_HEADERS;
|
||||
goto next_line; /* continue parsing, also on HTTP error */
|
||||
@@ -797,6 +798,17 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
|
||||
}
|
||||
if (OPENSSL_strcasecmp(key, "Content-Type") == 0) {
|
||||
got_text = HAS_CASE_PREFIX(value, "text/");
|
||||
if (got_text
|
||||
&& rctx->state == OHS_HEADERS
|
||||
&& rctx->expect_asn1
|
||||
&& (status_code >= HTTP_STATUS_CODES_NONFATAL_ERROR
|
||||
|| status_code == HTTP_STATUS_CODE_OK)) {
|
||||
ERR_raise_data(ERR_LIB_HTTP, HTTP_R_CONTENT_TYPE_MISMATCH,
|
||||
"expected ASN.1 content but got http code %d with Content-Type: %s",
|
||||
status_code, value);
|
||||
rctx->state = OHS_HEADERS_ERROR;
|
||||
goto next_line;
|
||||
}
|
||||
if (rctx->state == OHS_HEADERS
|
||||
&& rctx->expected_ct != NULL) {
|
||||
const char *semicolon;
|
||||
@@ -1452,7 +1464,11 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
|
||||
}
|
||||
BIO_push(fbio, bio);
|
||||
|
||||
BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
|
||||
/* Add square brackets around a naked IPv6 address */
|
||||
if (server[0] != '[' && strchr(server, ':') != NULL)
|
||||
BIO_printf(fbio, "CONNECT [%s]:%s " HTTP_1_0 "\r\n", server, port);
|
||||
else
|
||||
BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
|
||||
|
||||
/*
|
||||
* Workaround for broken proxies which would otherwise close
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
* Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -20,6 +20,8 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = {
|
||||
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN),
|
||||
"asn1 len exceeds max resp len" },
|
||||
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONNECT_FAILURE), "connect failure" },
|
||||
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONTENT_TYPE_MISMATCH),
|
||||
"content type mismatch" },
|
||||
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_ASN1_LENGTH),
|
||||
"error parsing asn1 length" },
|
||||
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_CONTENT_LENGTH),
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -55,6 +55,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
|
||||
char **ppath, char **pquery, char **pfrag)
|
||||
{
|
||||
const char *p, *tmp;
|
||||
const char *authority_end;
|
||||
const char *scheme, *scheme_end;
|
||||
const char *user, *user_end;
|
||||
const char *host, *host_end;
|
||||
@@ -92,7 +93,10 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
|
||||
|
||||
/* parse optional "userinfo@" */
|
||||
user = user_end = host = p;
|
||||
host = strchr(p, '@');
|
||||
authority_end = strpbrk(p, "/?#");
|
||||
if (authority_end == NULL)
|
||||
authority_end = p + strlen(p);
|
||||
host = memchr(p, '@', authority_end - p);
|
||||
if (host != NULL)
|
||||
user_end = host++;
|
||||
else
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -37,6 +37,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
|
||||
*num = -1;
|
||||
return;
|
||||
}
|
||||
n = n & 0x07;
|
||||
|
||||
iv = (unsigned char *)ivec;
|
||||
if (encrypt) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -39,6 +39,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
|
||||
*num = -1;
|
||||
return;
|
||||
}
|
||||
n = n & 0x07;
|
||||
|
||||
iv = (unsigned char *)ivec;
|
||||
n2l(iv, v0);
|
||||
|
||||
+2
-5
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -275,27 +275,24 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
|
||||
}
|
||||
|
||||
static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
|
||||
static int config_inited = 0;
|
||||
static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
|
||||
DEFINE_RUN_ONCE_STATIC(ossl_init_config)
|
||||
{
|
||||
int ret = ossl_config_int(NULL);
|
||||
|
||||
config_inited = 1;
|
||||
return ret;
|
||||
}
|
||||
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config)
|
||||
{
|
||||
int ret = ossl_config_int(conf_settings);
|
||||
|
||||
config_inited = 1;
|
||||
return ret;
|
||||
}
|
||||
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
|
||||
{
|
||||
OSSL_TRACE(INIT, "ossl_no_config_int()\n");
|
||||
ossl_no_config_int();
|
||||
config_inited = 1;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
+13
-1
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -200,16 +200,28 @@ static void init_thread_destructor(void *hands)
|
||||
}
|
||||
|
||||
static CRYPTO_ONCE ossl_init_thread_runonce = CRYPTO_ONCE_STATIC_INIT;
|
||||
/* MSVC linker can use other segment for uninitialized (zeroed) variables */
|
||||
#if defined(OPENSSL_SYS_WINDOWS)
|
||||
static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)-1;
|
||||
#elif defined(OPENSSL_SYS_TANDEM) && (defined(_PUT_MODEL_) || defined(_KLT_MODEL_))
|
||||
static CRYPTO_THREAD_ID recursion_guard = { (void *)-1, (short)-1, (short)-1 };
|
||||
#else
|
||||
static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)0;
|
||||
#endif
|
||||
|
||||
DEFINE_RUN_ONCE_STATIC(ossl_init_thread_once)
|
||||
{
|
||||
/* CRYPTO_THREAD_init_local() can call ossl_init_threads() again */
|
||||
recursion_guard = CRYPTO_THREAD_get_current_id();
|
||||
if (!CRYPTO_THREAD_init_local(&destructor_key.value,
|
||||
init_thread_destructor))
|
||||
return 0;
|
||||
|
||||
#if defined(OPENSSL_SYS_TANDEM)
|
||||
memset(&recursion_guard, 0, sizeof(recursion_guard));
|
||||
#else
|
||||
recursion_guard = (CRYPTO_THREAD_ID)0;
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@@ -409,7 +409,6 @@ my $code.=<<___;
|
||||
################################################################################
|
||||
.align 4
|
||||
aes_gcm_crypt_1x:
|
||||
.localentry aes_gcm_crypt_1x,0
|
||||
|
||||
cmpdi 5, 16
|
||||
bge __More_1x
|
||||
@@ -492,7 +491,6 @@ __Encrypt_1x:
|
||||
################################################################################
|
||||
.align 4
|
||||
__Process_partial:
|
||||
.localentry __Process_partial,0
|
||||
|
||||
# create partial mask
|
||||
vspltisb 16, -1
|
||||
@@ -564,7 +562,6 @@ __Encrypt_partial:
|
||||
.global ppc_aes_gcm_encrypt
|
||||
.align 5
|
||||
ppc_aes_gcm_encrypt:
|
||||
.localentry ppc_aes_gcm_encrypt,0
|
||||
|
||||
SAVE_REGS
|
||||
LOAD_HASH_TABLE
|
||||
@@ -752,7 +749,6 @@ __Process_more_enc:
|
||||
.global ppc_aes_gcm_decrypt
|
||||
.align 5
|
||||
ppc_aes_gcm_decrypt:
|
||||
.localentry ppc_aes_gcm_decrypt, 0
|
||||
|
||||
SAVE_REGS
|
||||
LOAD_HASH_TABLE
|
||||
@@ -1032,7 +1028,6 @@ __Process_more_dec:
|
||||
.size ppc_aes_gcm_decrypt,.-ppc_aes_gcm_decrypt
|
||||
|
||||
aes_gcm_out:
|
||||
.localentry aes_gcm_out,0
|
||||
|
||||
mr 3, 11 # return count
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2010-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -55,7 +55,7 @@
|
||||
# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
|
||||
# Polynomial Multiplication on ARM Processors using the NEON Engine.
|
||||
#
|
||||
# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
|
||||
# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
|
||||
|
||||
# ====================================================================
|
||||
# Note about "528B" variant. In ARM case it makes lesser sense to
|
||||
|
||||
@@ -35,7 +35,7 @@ IF[{- !$disabled{asm} -}]
|
||||
$MODESASM_ppc32=ghashp8-ppc.s
|
||||
$MODESDEF_ppc32=
|
||||
$MODESASM_ppc64=$MODESASM_ppc32
|
||||
IF[{- $target{sys_id} ne "AIX" && $target{sys_id} ne "MACOSX" -}]
|
||||
IF[{- $target{perlasm_scheme} =~ /le$/ -}]
|
||||
$MODESASM_ppc64=$MODESASM_ppc32 aes-gcm-ppc.s
|
||||
ENDIF
|
||||
$MODESDEF_ppc64=$MODESDEF_ppc32
|
||||
|
||||
+13
-2
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2003-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -296,6 +296,11 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
|
||||
int has_sep = (sep != CH_ZERO);
|
||||
size_t i, len = has_sep ? buflen * 3 : 1 + buflen * 2;
|
||||
|
||||
if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (len == 0)
|
||||
++len;
|
||||
if (strlength != NULL)
|
||||
@@ -339,7 +344,13 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
|
||||
if (buflen == 0)
|
||||
return OPENSSL_zalloc(1);
|
||||
|
||||
tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2;
|
||||
if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3)
|
||||
|| (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2;
|
||||
if ((tmp = OPENSSL_malloc(tmp_n)) == NULL)
|
||||
return NULL;
|
||||
|
||||
|
||||
+103
-5
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
@@ -121,12 +121,22 @@ void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
|
||||
|
||||
int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
|
||||
}
|
||||
|
||||
int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
|
||||
unsigned int num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num),
|
||||
OSSL_PARAM_UNSIGNED_INTEGER);
|
||||
}
|
||||
@@ -134,12 +144,22 @@ int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
|
||||
long int num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
|
||||
}
|
||||
|
||||
int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
|
||||
unsigned long int num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num),
|
||||
OSSL_PARAM_UNSIGNED_INTEGER);
|
||||
}
|
||||
@@ -147,12 +167,22 @@ int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int32_t num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
|
||||
}
|
||||
|
||||
int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
|
||||
uint32_t num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num),
|
||||
OSSL_PARAM_UNSIGNED_INTEGER);
|
||||
}
|
||||
@@ -160,12 +190,22 @@ int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int64_t num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
|
||||
}
|
||||
|
||||
int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
|
||||
uint64_t num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num),
|
||||
OSSL_PARAM_UNSIGNED_INTEGER);
|
||||
}
|
||||
@@ -173,6 +213,11 @@ int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
|
||||
size_t num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num),
|
||||
OSSL_PARAM_UNSIGNED_INTEGER);
|
||||
}
|
||||
@@ -180,6 +225,11 @@ int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
|
||||
time_t num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num),
|
||||
OSSL_PARAM_INTEGER);
|
||||
}
|
||||
@@ -187,6 +237,11 @@ int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
|
||||
double num)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
|
||||
}
|
||||
|
||||
@@ -196,6 +251,11 @@ static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int n, secure = 0;
|
||||
OSSL_PARAM_BLD_DEF *pd;
|
||||
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!ossl_assert(type == OSSL_PARAM_UNSIGNED_INTEGER
|
||||
|| type == OSSL_PARAM_INTEGER))
|
||||
return 0;
|
||||
@@ -233,6 +293,11 @@ static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
|
||||
const BIGNUM *bn)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (bn != NULL && BN_is_negative(bn))
|
||||
return push_BN(bld, key, bn, BN_num_bytes(bn) + 1,
|
||||
OSSL_PARAM_INTEGER);
|
||||
@@ -243,6 +308,11 @@ int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
|
||||
int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
|
||||
const BIGNUM *bn, size_t sz)
|
||||
{
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (bn != NULL && BN_is_negative(bn))
|
||||
return push_BN(bld, key, bn, BN_num_bytes(bn),
|
||||
OSSL_PARAM_INTEGER);
|
||||
@@ -255,6 +325,11 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
|
||||
OSSL_PARAM_BLD_DEF *pd;
|
||||
int secure;
|
||||
|
||||
if (bld == NULL || key == NULL || buf == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (bsize == 0)
|
||||
bsize = strlen(buf);
|
||||
secure = CRYPTO_secure_allocated(buf);
|
||||
@@ -270,6 +345,11 @@ int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
|
||||
{
|
||||
OSSL_PARAM_BLD_DEF *pd;
|
||||
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (bsize == 0)
|
||||
bsize = strlen(buf);
|
||||
pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
|
||||
@@ -285,6 +365,11 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
|
||||
OSSL_PARAM_BLD_DEF *pd;
|
||||
int secure;
|
||||
|
||||
if (bld == NULL || key == NULL || buf == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
secure = CRYPTO_secure_allocated(buf);
|
||||
pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure);
|
||||
if (pd == NULL)
|
||||
@@ -298,6 +383,11 @@ int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
|
||||
{
|
||||
OSSL_PARAM_BLD_DEF *pd;
|
||||
|
||||
if (bld == NULL || key == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
|
||||
if (pd == NULL)
|
||||
return 0;
|
||||
@@ -362,10 +452,18 @@ OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
|
||||
{
|
||||
OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
|
||||
OSSL_PARAM *params, *last;
|
||||
const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
|
||||
const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
|
||||
const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
|
||||
const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
|
||||
int num;
|
||||
size_t p_blks, total, ss;
|
||||
|
||||
if (bld == NULL) {
|
||||
ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
|
||||
num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
|
||||
p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
|
||||
total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
|
||||
ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
|
||||
|
||||
if (ss > 0) {
|
||||
s = OPENSSL_secure_malloc(ss);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -663,8 +663,7 @@ my %globals;
|
||||
);
|
||||
|
||||
# Following constants are defined in x86_64 ABI supplement, for
|
||||
# example available at https://www.uclibc.org/docs/psABI-x86_64.pdf,
|
||||
# see section 3.7 "Stack Unwind Algorithm".
|
||||
# example available at https://gitlab.com/x86-psABIs/x86-64-ABI.
|
||||
my %DW_reg_idx = (
|
||||
"%rax"=>0, "%rdx"=>1, "%rcx"=>2, "%rbx"=>3,
|
||||
"%rsi"=>4, "%rdi"=>5, "%rbp"=>6, "%rsp"=>7,
|
||||
|
||||
@@ -519,6 +519,8 @@ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
|
||||
X509_ALGOR_free(param->messageAuthScheme);
|
||||
param->keyDerivationFunc = alg;
|
||||
param->messageAuthScheme = hmac_alg;
|
||||
alg = NULL;
|
||||
hmac_alg = NULL;
|
||||
|
||||
X509_SIG_getm(p12->mac->dinfo, &macalg, &macoct);
|
||||
if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), param, &macalg->parameter))
|
||||
@@ -540,6 +542,8 @@ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
X509_ALGOR_free(alg);
|
||||
X509_ALGOR_free(hmac_alg);
|
||||
PBMAC1PARAM_free(param);
|
||||
OPENSSL_free(known_salt);
|
||||
return ret;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -175,7 +175,7 @@ static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
|
||||
utf32chr += 0x10000;
|
||||
}
|
||||
|
||||
return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
|
||||
return UTF8_putc((unsigned char *)str, 4, utf32chr);
|
||||
}
|
||||
|
||||
char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
|
||||
|
||||
@@ -831,6 +831,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
||||
break;
|
||||
case NID_pkcs7_signed:
|
||||
si_sk = p7->d.sign->signer_info;
|
||||
if (p7->d.sign->contents == NULL) {
|
||||
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
|
||||
goto err;
|
||||
}
|
||||
os = PKCS7_get_octet_string(p7->d.sign->contents);
|
||||
/* If detached data then the content is excluded */
|
||||
if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
|
||||
@@ -841,6 +845,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
|
||||
break;
|
||||
|
||||
case NID_pkcs7_digest:
|
||||
if (p7->d.digest->contents == NULL) {
|
||||
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
|
||||
goto err;
|
||||
}
|
||||
os = PKCS7_get_octet_string(p7->d.digest->contents);
|
||||
/* If detached data then the content is excluded */
|
||||
if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -48,7 +48,8 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
|
||||
break;
|
||||
case PKCS7_OP_GET_DETACHED_SIGNATURE:
|
||||
if (nid == NID_pkcs7_signed) {
|
||||
if (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL)
|
||||
if (p7->d.sign == NULL || p7->d.sign->contents == NULL
|
||||
|| p7->d.sign->contents->d.ptr == NULL)
|
||||
ret = 1;
|
||||
else
|
||||
ret = 0;
|
||||
@@ -742,6 +743,10 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
|
||||
break;
|
||||
|
||||
case NID_pkcs7_signed:
|
||||
if (p7->d.sign == NULL || p7->d.sign->contents == NULL) {
|
||||
ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
|
||||
break;
|
||||
}
|
||||
os = p7->d.sign->contents->d.data;
|
||||
break;
|
||||
|
||||
|
||||
+2
-2
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -268,7 +268,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t outlen)
|
||||
return -1;
|
||||
|
||||
while (1) {
|
||||
char *tmpptr = strchr(inptr, '.');
|
||||
const char *tmpptr = strchr(inptr, '.');
|
||||
size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
|
||||
|
||||
if (!HAS_PREFIX(inptr, "xn--")) {
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user