summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEnji Cooper <ngie@FreeBSD.org>2026-04-07 22:35:35 +0000
committerEnji Cooper <ngie@FreeBSD.org>2026-04-07 22:35:35 +0000
commitab5fc4ac933ff67bc800e774dffce15e2a541e90 (patch)
tree41fac85d3f2f7d74be9bfce46b1a78ff9897165d
parent808413da28df9fb93e1f304e6016b15e660f54c8 (diff)
vendors/openssl/3.5.6vendor/openssl/3.5.6vendor/openssl-3.5
Diffstat
-rw-r--r--CHANGES.md575
-rw-r--r--CONTRIBUTING.md12
-rw-r--r--Configurations/10-main.conf3
-rw-r--r--Configurations/unix-Makefile.tmpl3
-rw-r--r--Configurations/windows-makefile.tmpl5
-rw-r--r--NEWS.md427
-rw-r--r--VERSION.dat4
-rw-r--r--apps/cmp.c18
-rw-r--r--apps/include/cmp_mock_srv.h5
-rw-r--r--apps/lib/app_provider.c3
-rw-r--r--apps/lib/apps.c15
-rw-r--r--apps/lib/cmp_mock_srv.c38
-rw-r--r--apps/lib/win32_init.c3
-rw-r--r--apps/ocsp.c2
-rw-r--r--apps/s_client.c6
-rw-r--r--apps/ts.c4
-rw-r--r--build.info16
-rw-r--r--crypto/aes/asm/aes-riscv32-zkn.pl7
-rw-r--r--crypto/aes/asm/aes-riscv64-zkn.pl7
-rw-r--r--crypto/aes/asm/aes-riscv64-zvkned.pl13
-rw-r--r--crypto/aes/asm/aes-riscv64.pl10
-rw-r--r--crypto/asn1/evp_asn1.c4
-rw-r--r--crypto/asn1/n_pkey.c4
-rw-r--r--crypto/asn1/p5_scrypt.c11
-rw-r--r--crypto/bf/bf_cfb64.c4
-rw-r--r--crypto/bf/bf_ofb64.c4
-rw-r--r--crypto/bio/bss_dgram.c4
-rw-r--r--crypto/bio/bss_file.c15
-rw-r--r--crypto/bn/asm/armv4-gf2m.pl4
-rw-r--r--crypto/bn/asm/rsaz-2k-avxifma.pl105
-rw-r--r--crypto/bn/asm/rsaz-3k-avxifma.pl41
-rw-r--r--crypto/bn/asm/rsaz-4k-avxifma.pl41
-rw-r--r--crypto/bn/asm/sparcv9-mont.pl4
-rw-r--r--crypto/bn/bn_dh.c64
-rw-r--r--crypto/bn/bn_exp.c34
-rw-r--r--crypto/bn/bn_local.h4
-rw-r--r--crypto/bn/bn_mont.c9
-rw-r--r--crypto/bn/bn_ppc.c10
-rw-r--r--crypto/bn/bn_prime.c4
-rw-r--r--crypto/bn/bn_rsa_fips186_4.c4
-rw-r--r--crypto/bn/bn_sparc.c16
-rw-r--r--crypto/bsearch.c4
-rw-r--r--crypto/cast/c_cfb64.c4
-rw-r--r--crypto/cast/c_ofb64.c4
-rw-r--r--crypto/cmp/cmp_client.c23
-rw-r--r--crypto/cmp/cmp_ctx.c4
-rw-r--r--crypto/cmp/cmp_local.h4
-rw-r--r--crypto/cmp/cmp_vfy.c25
-rw-r--r--crypto/cms/cms_asn1.c30
-rw-r--r--crypto/cms/cms_dh.c15
-rw-r--r--crypto/cms/cms_ec.c16
-rw-r--r--crypto/cms/cms_local.h5
-rw-r--r--crypto/cms/cms_rsa.c33
-rw-r--r--crypto/cms/cms_smime.c6
-rw-r--r--crypto/conf/conf_lib.c4
-rw-r--r--crypto/conf/conf_mod.c4
-rw-r--r--crypto/des/cfb64ede.c4
-rw-r--r--crypto/des/cfb64enc.c4
-rw-r--r--crypto/des/ofb64ede.c4
-rw-r--r--crypto/des/ofb64enc.c4
-rw-r--r--crypto/dh/dh_asn1.c7
-rw-r--r--crypto/dh/dh_rfc5114.c6
-rw-r--r--crypto/dllmain.c4
-rw-r--r--crypto/dsa/dsa_asn1.c8
-rw-r--r--crypto/ec/ec_asn1.c12
-rw-r--r--crypto/ec/ec_check.c4
-rw-r--r--crypto/ec/ec_lib.c4
-rw-r--r--crypto/err/err_all.c6
-rw-r--r--crypto/err/openssl.txt3
-rw-r--r--crypto/ess/ess_asn1.c8
-rw-r--r--crypto/evp/digest.c7
-rw-r--r--crypto/evp/e_aes.c56
-rw-r--r--crypto/evp/e_aria.c22
-rw-r--r--crypto/evp/e_camellia.c22
-rw-r--r--crypto/evp/e_des.c18
-rw-r--r--crypto/evp/e_des3.c24
-rw-r--r--crypto/evp/e_idea.c6
-rw-r--r--crypto/evp/e_sm4.c14
-rw-r--r--crypto/evp/encode.c4
-rw-r--r--crypto/evp/evp_enc.c12
-rw-r--r--crypto/evp/kem.c4
-rw-r--r--crypto/hashtable/hashtable.c6
-rw-r--r--crypto/http/http_client.c26
-rw-r--r--crypto/http/http_err.c4
-rw-r--r--crypto/http/http_lib.c8
-rw-r--r--crypto/idea/i_cfb64.c3
-rw-r--r--crypto/idea/i_ofb64.c3
-rw-r--r--crypto/init.c7
-rw-r--r--crypto/initthread.c14
-rw-r--r--crypto/modes/asm/aes-gcm-ppc.pl5
-rw-r--r--crypto/modes/asm/ghash-armv4.pl4
-rw-r--r--crypto/modes/build.info2
-rw-r--r--crypto/o_str.c15
-rw-r--r--crypto/param_build.c108
-rwxr-xr-xcrypto/perlasm/x86_64-xlate.pl5
-rw-r--r--crypto/pkcs12/p12_mutl.c4
-rw-r--r--crypto/pkcs12/p12_utl.c4
-rw-r--r--crypto/pkcs7/pk7_doit.c8
-rw-r--r--crypto/pkcs7/pk7_lib.c9
-rw-r--r--crypto/punycode.c4
-rw-r--r--crypto/rand/rand_egd.c25
-rw-r--r--crypto/rc2/rc2cfb64.c4
-rw-r--r--crypto/rc2/rc2ofb64.c4
-rw-r--r--crypto/rc5/rc5cfb64.c4
-rw-r--r--crypto/rc5/rc5ofb64.c4
-rw-r--r--crypto/riscvcap.c37
-rw-r--r--crypto/rsa/rsa_backend.c4
-rwxr-xr-xcrypto/sha/asm/keccak1600-s390x.pl3
-rw-r--r--crypto/slh_dsa/slh_dsa.c25
-rw-r--r--crypto/sm4/asm/vpsm4_ex-armv8.pl13
-rw-r--r--crypto/store/store_lib.c6
-rw-r--r--crypto/threads_none.c4
-rw-r--r--crypto/threads_pthread.c57
-rw-r--r--crypto/threads_win.c4
-rw-r--r--crypto/ts/ts_asn1.c14
-rw-r--r--crypto/x509/pcy_tree.c14
-rw-r--r--crypto/x509/t_acert.c8
-rw-r--r--crypto/x509/v3_ac_tgt.c8
-rw-r--r--crypto/x509/v3_cpols.c4
-rw-r--r--crypto/x509/v3_prn.c6
-rw-r--r--crypto/x509/v3_san.c5
-rw-r--r--crypto/x509/v3_timespec.c4
-rw-r--r--crypto/x509/v3_utl.c9
-rw-r--r--crypto/x509/x509_vfy.c7
-rw-r--r--crypto/x509/x_pubkey.c6
-rw-r--r--doc/build.info6
-rw-r--r--doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod4
-rw-r--r--doc/internal/man3/ossl_cmp_msg_check_update.pod5
-rw-r--r--doc/internal/man7/deprecation.pod4
-rw-r--r--doc/man1/CA.pl.pod4
-rw-r--r--doc/man1/openssl-ciphers.pod.in757
-rw-r--r--doc/man1/openssl-cmp.pod.in10
-rw-r--r--doc/man1/openssl-cms.pod.in2
-rw-r--r--doc/man1/openssl-format-options.pod4
-rw-r--r--doc/man1/openssl-pkeyutl.pod.in4
-rw-r--r--doc/man1/openssl-verification-options.pod8
-rw-r--r--doc/man1/openssl-verify.pod.in7
-rw-r--r--doc/man3/ADMISSIONS.pod4
-rw-r--r--doc/man3/BIO_get_data.pod11
-rw-r--r--doc/man3/BIO_push.pod4
-rw-r--r--doc/man3/BIO_read.pod6
-rw-r--r--doc/man3/EVP_EncryptInit.pod10
-rw-r--r--doc/man3/OPENSSL_malloc.pod6
-rw-r--r--doc/man3/OSSL_CMP_CTX_new.pod11
-rw-r--r--doc/man3/OSSL_HPKE_CTX_new.pod6
-rw-r--r--doc/man3/PKCS5_PBE_keyivgen.pod13
-rw-r--r--doc/man3/RSA_set_method.pod10
-rw-r--r--doc/man3/SSL_CONF_cmd.pod18
-rwxr-xr-xdoc/man3/SSL_CTX_set1_curves.pod119
-rw-r--r--doc/man3/SSL_CTX_set_psk_client_callback.pod10
-rw-r--r--doc/man3/SSL_get_ciphers.pod4
-rw-r--r--doc/man3/X509V3_EXT_print.pod51
-rw-r--r--doc/man3/X509_NAME_print_ex.pod7
-rw-r--r--doc/man7/EVP_SIGNATURE-DSA.pod4
-rw-r--r--doc/man7/EVP_SIGNATURE-ECDSA.pod4
-rw-r--r--doc/man7/EVP_SIGNATURE-ED25519.pod4
-rw-r--r--doc/man7/EVP_SIGNATURE-HMAC.pod4
-rw-r--r--doc/man7/EVP_SIGNATURE-ML-DSA.pod6
-rw-r--r--doc/man7/EVP_SIGNATURE-RSA.pod4
-rw-r--r--doc/man7/EVP_SIGNATURE-SLH-DSA.pod4
-rw-r--r--doc/man7/openssl-env.pod9
-rw-r--r--doc/man7/ossl-guide-tls-introduction.pod4
-rw-r--r--doc/man7/property.pod34
-rw-r--r--doc/man7/provider-base.pod5
-rw-r--r--exporters/cmake/OpenSSLConfig.cmake.in1
-rw-r--r--exporters/cmake/OpenSSLConfigVersion.cmake.in1
-rw-r--r--exporters/pkg-config/libcrypto.pc.in1
-rw-r--r--exporters/pkg-config/libssl.pc.in1
-rw-r--r--exporters/pkg-config/openssl.pc.in1
-rw-r--r--external/perl/Text-Template-1.56/lib/Text/Template.pm4
-rw-r--r--external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm4
-rw-r--r--include/crypto/aes_platform.h4
-rw-r--r--include/crypto/evp.h24
-rw-r--r--include/crypto/httperr.h2
-rw-r--r--include/crypto/sparc_arch.h14
-rw-r--r--include/crypto/sparse_array.h4
-rw-r--r--include/internal/time.h72
-rw-r--r--include/openssl/cmp.h.in4
-rw-r--r--include/openssl/core_dispatch.h34
-rw-r--r--include/openssl/httperr.h3
-rw-r--r--include/openssl/macros.h3
-rw-r--r--include/openssl/rsa.h6
-rw-r--r--include/openssl/types.h4
-rw-r--r--providers/fips-sources.checksums96
-rw-r--r--providers/fips.checksum2
-rw-r--r--providers/fips/self_test.c4
-rw-r--r--providers/fips/self_test_kats.c11
-rw-r--r--providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc8
-rw-r--r--providers/implementations/ciphers/cipher_aes_ocb.c4
-rw-r--r--providers/implementations/ciphers/ciphercommon.c6
-rw-r--r--providers/implementations/include/prov/ciphercommon_ccm.h16
-rw-r--r--providers/implementations/include/prov/ciphercommon_gcm.h14
-rw-r--r--providers/implementations/kdfs/pkcs12kdf.c11
-rw-r--r--providers/implementations/kem/rsa_kem.c22
-rw-r--r--providers/implementations/keymgmt/ml_kem_kmgmt.c4
-rw-r--r--providers/implementations/rands/drbg_hmac.c4
-rw-r--r--providers/implementations/signature/dsa_sig.c36
-rw-r--r--providers/implementations/signature/ecdsa_sig.c47
-rw-r--r--providers/implementations/signature/sm2_sig.c10
-rw-r--r--providers/implementations/storemgmt/file_store.c11
-rw-r--r--providers/implementations/storemgmt/winstore_store.c6
-rw-r--r--ssl/quic/quic_impl.c47
-rw-r--r--ssl/quic/quic_lcidm.c14
-rw-r--r--ssl/quic/quic_reactor.c6
-rw-r--r--ssl/quic/quic_rx_depack.c3
-rw-r--r--ssl/quic/quic_srtm.c7
-rw-r--r--ssl/quic/quic_stream_map.c3
-rw-r--r--ssl/quic/uint_set.c4
-rw-r--r--ssl/record/methods/tls_common.c17
-rw-r--r--ssl/s3_lib.c6
-rw-r--r--ssl/ssl_asn1.c4
-rw-r--r--ssl/ssl_lib.c22
-rw-r--r--ssl/ssl_sess.c4
-rw-r--r--ssl/statem/statem_dtls.c8
-rw-r--r--ssl/t1_lib.c96
-rw-r--r--test/README-external.md2
-rw-r--r--test/asn1_decode_test.c14
-rw-r--r--test/asn1_encode_test.c14
-rw-r--r--test/asn1_internal_test.c20
-rw-r--r--test/bntest.c49
-rw-r--r--test/certs/cve-2026-28388-ca.pem19
-rw-r--r--test/certs/cve-2026-28388-crls.pem22
-rw-r--r--test/certs/cve-2026-28388-leaf.pem19
-rw-r--r--test/certs/ext-timeSpecification-periodic-no-second.pem14
-rwxr-xr-xtest/certs/mkcert.sh4
-rw-r--r--test/cmp_client_test.c75
-rw-r--r--test/evp_extra_test.c110
-rw-r--r--test/evp_test.c4
-rw-r--r--test/fake_rsaprov.c5
-rw-r--r--test/http_test.c22
-rw-r--r--test/ossl_store_test.c9
-rw-r--r--test/pkcs12_api_test.c32
-rw-r--r--test/quicapitest.c10
-rw-r--r--test/recipes/10-test_bn_data/bnmod.txt10
-rw-r--r--test/recipes/25-test_verify.t16
-rw-r--r--test/recipes/25-test_x509.t10
-rw-r--r--test/recipes/61-test_bio_readbuffer.t8
-rw-r--r--test/recipes/80-test_cmp_http_data/test_commands.csv3
-rw-r--r--test/recipes/80-test_cms.t47
-rw-r--r--test/recipes/80-test_cms_data/dh-cert.pem31
-rw-r--r--test/recipes/80-test_cms_data/dh-key.pem15
-rw-r--r--test/recipes/80-test_cms_data/dh-malformed.derbin0 -> 558 bytes
-rw-r--r--test/recipes/80-test_cms_data/ecdh-cert.pem10
-rw-r--r--test/recipes/80-test_cms_data/ecdh-key.pem5
-rw-r--r--test/recipes/80-test_cms_data/ecdh-malformed.derbin0 -> 275 bytes
-rw-r--r--test/recipes/80-test_cms_data/rsa-malformed.derbin0 -> 526 bytes
-rw-r--r--test/recipes/80-test_ocsp.t16
-rw-r--r--test/sslapitest.c98
-rw-r--r--test/tls-provider.c5
-rw-r--r--test/tls13groupselection_test.c39
-rwxr-xr-xutil/checkplatformsyms.pl40
-rw-r--r--util/missingcrypto.txt2
-rwxr-xr-xutil/mkerr.pl77
-rw-r--r--util/mkinstallvars.pl5
-rw-r--r--util/platform_symbols/windows-symbols.txt339
-rw-r--r--util/wrap.pl.in1
256 files changed, 3677 insertions, 1999 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 1a65b72b2965..380840deb712 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -28,6 +28,150 @@ OpenSSL Releases
OpenSSL 3.5
-----------
+### Changes between 3.5.5 and 3.5.6 [7 Apr 2026]
+
+ * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
+
+ Severity: Moderate
+
+ Issue summary: Applications using RSASVE key encapsulation to establish
+ a secret encryption key can send contents of an uninitialized memory buffer
+ to a malicious peer.
+
+ Impact summary: The uninitialized buffer might contain sensitive data
+ from the previous execution of the application process which leads
+ to sensitive data leakage to an attacker.
+
+ Reported by: Simo Sorce (Red Hat).
+
+ ([CVE-2026-31790])
+
+ *Nikola Pajkovsky*
+
+ * Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
+ is used in the server-side configuration of the key-agreement group list.
+
+ Severity: Low
+
+ Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected
+ preferred key exchange group when its key exchange group configuration
+ includes the default by using the 'DEFAULT' keyword.
+
+ Impact summary: A less preferred key exchange may be used even when a more
+ preferred group is supported by both client and server, if the group
+ was not included among the client's initial predicated keyshares.
+ This will sometimes be the case with the new hybrid post-quantum groups,
+ if the client chooses to defer their use until specifically requested by
+ the server.
+ <!-- https://github.com/openssl/openssl/pull/30111 -->
+
+ ([CVE-2026-2673])
+
+ *Viktor Dukhovni*
+
+ * Fixed potential use-after-free in DANE client code.
+
+ Severity: Low
+
+ Issue summary: An uncommon configuration of clients performing DANE
+ TLSA-based server authentication, when paired with uncommon server DANE TLSA
+ records, may result in a use-after-free and/or double-free on the client
+ side.
+
+ Impact summary: A use after free can have a range of potential consequences
+ such as the corruption of valid data, crashes, or execution of arbitrary
+ code.
+
+ Reported by: Igor Morgenstern (Aisle Research).
+
+ ([CVE-2026-28387])
+
+ *Viktor Dukhovni*
+
+ * Fixed NULL pointer dereference when processing a delta CRL.
+
+ Severity: Low
+
+ Issue summary: When a delta CRL that contains a Delta CRL Indicator extension
+ is processed, a NULL pointer dereference might happen if the required CRL
+ Number extension is missing.
+
+ Impact summary: A NULL pointer dereference can trigger a crash which
+ leads to a Denial of Service for an application.
+
+ Reported by: Igor Morgenstern (Aisle Research).
+
+ ([CVE-2026-28388])
+
+ *Igor Morgenstern*
+
+ * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
+
+ Severity: Low
+
+ Issue summary: During processing of a crafted CMS EnvelopedData message
+ with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
+
+ Impact summary: Applications that process attacker-controlled CMS data may
+ crash before authentication or cryptographic operations occur resulting in
+ Denial of Service.
+
+ Reported by: Nathan Sportsman (Praetorian), Daniel Rhea,
+ Jaeho Nam (Seoul National University), Muhammad Daffa,
+ Zhanpeng Liu (Tencent Xuanwu Lab), Guannan Wang (Tencent Xuanwu Lab),
+ Guancheng Li (Tencent Xuanwu Lab), and Joshua Rogers.
+
+ ([CVE-2026-28389])
+
+ *Neil Horman*
+
+ * Fixed possible NULL dereference when processing CMS
+ KeyTransportRecipientInfo.
+
+ Severity: Low
+
+ Issue summary: During processing of a crafted CMS EnvelopedData message
+ with KeyTransportRecipientInfo a NULL pointer dereference can happen.
+
+ Impact summary: Applications that process attacker-controlled CMS data may
+ crash before authentication or cryptographic operations occur resulting in
+ Denial of Service.
+
+ Reported by: Muhammad Daffa, Zhanpeng Liu (Tencent Xuanwu Lab),
+ Guannan Wang (Tencent Xuanwu Lab), Guancheng Li (Tencent Xuanwu Lab),
+ Joshua Rogers, and Chanho Kim.
+
+ ([CVE-2026-28390])
+
+ *Neil Horman*
+
+ * Fixed heap buffer overflow in hexadecimal conversion.
+
+ Severity: Low
+
+ Issue summary: Converting an excessively large OCTET STRING value to
+ a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.
+
+ Impact summary: A heap buffer overflow may lead to a crash or possibly
+ an attacker controlled code execution or other undefined behavior.
+
+ Reported by: Quoc Tran (Xint.io - US Team).
+
+ ([CVE-2026-31789])
+
+ *Igor Ustinov*
+
+ * Fixed usage of `openssl s_client -connect HOST -proxy PROXY` with `HOST`
+ containing a raw IPv6 address.
+ <!-- https://github.com/openssl/openssl/pull/30384 -->
+
+ *Peter Zhang*
+
+ * Fixed broken detection of plantext HTTP over TLS.
+ <!-- https://github.com/openssl/openssl/pull/30411 -->
+
+ *Matt Caswell*
+
### Changes between 3.5.4 and 3.5.5 [27 Jan 2026]
* Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
@@ -3461,7 +3605,7 @@ breaking changes, and mappings for the large list of deprecated functions.
*Richard Levitte*
- * Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+ * Fixed an overflow bug in the x86_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli. No EC algorithms are
affected. Analysis suggests that attacks against 2-prime RSA1024,
3-prime RSA1536, and DSA1024 as a result of this defect would be very
@@ -21607,216 +21751,223 @@ ndif
<!-- Links -->
-[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
-[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
-[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
-[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
-[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
-[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
-[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
-[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199
-[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469
-[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468
-[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
-[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187
-[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
-[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
-[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
-[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
-[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
-[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
-[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
-[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
-[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
-[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
-[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
-[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
-[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
-[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
-[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
-[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
-[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
-[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
-[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
-[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
-[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
-[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
-[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
-[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
-[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
-[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
-[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
-[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
-[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
-[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
-[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
-[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
-[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
-[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
-[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
-[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
-[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
-[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
-[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
-[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
-[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
-[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
-[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
-[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
-[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
-[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
-[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
-[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
-[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
-[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
-[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
-[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
-[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
-[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
-[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
-[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
-[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
-[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
-[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
-[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
-[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
-[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
-[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
-[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
-[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
-[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
-[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
-[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
-[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
-[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
-[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
-[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
-[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
-[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
-[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
-[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
-[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
-[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
-[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
-[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
-[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
-[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
-[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
-[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
-[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
-[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
-[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
-[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
-[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
-[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
-[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
-[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
-[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
-[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
-[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
-[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
-[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
-[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
-[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
-[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
-[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
-[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
-[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
-[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
-[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
-[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
-[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
-[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
-[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
-[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
-[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
-[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
-[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
-[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
-[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
-[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
-[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
-[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
-[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
-[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
-[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
-[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
-[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
-[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
-[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
-[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
-[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
-[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
-[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
-[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
-[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
-[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
-[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
-[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
-[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
-[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
-[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
-[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
-[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
-[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
-[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
-[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
-[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
-[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
-[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
-[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
-[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
-[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
-[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
-[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
-[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
-[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
-[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
-[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
-[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
-[CVE-2011-4109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4109
-[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
-[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
-[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
-[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
-[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
-[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
-[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
-[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
-[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
-[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
-[CVE-2009-4355]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-4355
-[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
-[CVE-2009-3245]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3245
-[CVE-2009-1386]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1386
-[CVE-2009-1379]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1379
-[CVE-2009-1378]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1378
-[CVE-2009-1377]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1377
-[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
-[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
-[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
-[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
-[CVE-2008-1678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1678
-[CVE-2008-1672]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1672
-[CVE-2008-0891]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-0891
-[CVE-2007-5135]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-5135
-[CVE-2007-4995]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-4995
-[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
-[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
-[CVE-2006-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3738
-[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
-[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
-[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
-[CVE-2004-0112]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0112
-[CVE-2004-0079]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0079
-[CVE-2003-0851]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0851
-[CVE-2003-0545]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0545
-[CVE-2003-0544]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0544
-[CVE-2003-0543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0543
-[CVE-2003-0078]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0078
-[CVE-2002-0659]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0659
-[CVE-2002-0657]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0657
-[CVE-2002-0656]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0656
-[CVE-2002-0655]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0655
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
+[CVE-2002-0655]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0655
+[CVE-2002-0656]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0656
+[CVE-2002-0657]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0657
+[CVE-2002-0659]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0659
+[CVE-2003-0078]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0078
+[CVE-2003-0543]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0543
+[CVE-2003-0544]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0544
+[CVE-2003-0545]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0545
+[CVE-2003-0851]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0851
+[CVE-2004-0079]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0079
+[CVE-2004-0112]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0112
+[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
+[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
+[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
+[CVE-2006-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3738
+[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
+[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
+[CVE-2007-4995]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-4995
+[CVE-2007-5135]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-5135
+[CVE-2008-0891]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-0891
+[CVE-2008-1672]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1672
+[CVE-2008-1678]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1678
+[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
+[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
+[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
+[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
+[CVE-2009-1377]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1377
+[CVE-2009-1378]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1378
+[CVE-2009-1379]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1379
+[CVE-2009-1386]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1386
+[CVE-2009-3245]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3245
+[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
+[CVE-2009-4355]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-4355
+[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
+[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
+[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
+[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
+[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
+[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
+[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
+[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
+[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
+[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
+[CVE-2011-4109]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4109
+[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
+[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
+[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
+[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
+[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
+[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
+[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
+[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
+[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
+[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
+[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
+[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
+[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
+[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
+[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
+[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
+[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
+[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
+[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
+[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
+[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
+[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
+[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
+[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
+[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
+[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
+[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
+[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
+[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
+[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
+[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
+[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
+[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
+[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
+[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
+[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
+[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
+[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
+[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
+[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
+[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
+[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
+[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
+[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
+[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
+[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
+[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
+[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
+[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
+[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
+[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
+[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
+[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
+[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
+[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
+[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
+[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
+[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
+[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
+[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
+[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
+[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
+[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
+[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
+[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
+[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
+[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
+[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
+[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
+[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
+[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
+[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
+[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
+[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
+[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
+[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
+[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
+[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
+[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
+[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
+[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
+[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
+[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
+[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
+[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
+[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
+[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
+[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
+[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
+[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
+[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
+[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
+[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
+[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
+[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
+[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
+[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
+[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
+[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
+[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
+[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
+[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
+[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
+[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
+[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
+[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
+[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
+[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
+[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
+[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
+[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
+[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
+[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
+[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
+[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
+[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
+[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
+[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
+[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
+[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
+[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
+[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
+[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
+[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
+[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
+[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
+[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
+[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
+[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
+[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
+[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
+[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
+[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
+[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
+[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
+[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
+[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
+[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
+[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
+[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
+[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
+[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
+[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
+[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
+[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
+[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
+[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
+[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
+[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
+[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
+[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575
+[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
+[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
+[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
+[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
+[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
+[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
+[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
+[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
+[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
+[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
+[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
+[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
+[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
+[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
+[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
+[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
+[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
+[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
+[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
+[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
+[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
+[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
+[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 09416095e64d..06dfbaeff1fe 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -27,6 +27,18 @@ communication before submitting many pull requests. In addition,
contributors should personally evaluate potential patches generated by
automated tools.
+Provide a clear description of the issue or feature being addressed,
+including any relevant implementation details and, for performance
+improvements, benchmark results.
+
+Pull requests and commits should be self-contained, enabling readers to
+understand what changed and why without needing to reference related
+issues or having prior knowledge. Commit messages should include all
+relevant details to help future contributors follow the git history,
+with clear explanations of what is changing and why. Long descriptions
+are encouraged if they aid understanding. Commit message titles (their
+first line) should be kept to 50-70 characters if possible.
+
To make it easier to review and accept your pull request, please follow these
guidelines:
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index cba57b41273f..692eccbfa1dc 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -5,7 +5,8 @@
my $vc_win64a_info = {};
sub vc_win64a_info {
unless (%$vc_win64a_info) {
- if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+ # Minimum NASM version is 2.09 otherwise SHA3 might be miscompiled
+ if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+)\.([0-9]+)/ && ($1 > 2 || ($1 == 2 && $2 >= 9))) {
$vc_win64a_info = { AS => "nasm",
ASFLAGS => "-g",
asflags => "-Ox -f win64 -DNEAR",
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index 78be4a319964..5bf397eba021 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -72,6 +72,7 @@ OPTIONS={- $config{options} -}
CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
+RESULT_D=$(BLDDIR)/test-runs
FIPSKEY={- $config{FIPSKEY} -}
VERSION={- "$config{full_version}" -}
@@ -642,7 +643,7 @@ clean: libclean ## Clean the workspace, keep the configuration
-find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \;
$(RM) core
$(RM) tags TAGS doc-nits md-nits
- $(RM) -r test/test-runs
+ $(RM) -r $(RESULT_D)
$(RM) providers/fips*.new
-find . -type l \! -name '.*' -exec $(RM) {} \;
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index 894834cfb7ef..e553e8f9fec3 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -38,6 +38,7 @@
PLATFORM={- $config{target} -}
SRCDIR={- $config{sourcedir} -}
BLDDIR={- $config{builddir} -}
+RESULT_D=$(BLDDIR)\test-runs
FIPSKEY={- $config{FIPSKEY} -}
VERSION={- "$config{full_version}" -}
@@ -222,7 +223,7 @@ OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
LIBDIR={- our $libdir = $config{libdir} || "lib";
file_name_is_absolute($libdir) ? "" : $libdir -}
MODULESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath catpath);
- our $modulesprefix = catdir($prefix,$libdir);
+ our $modulesprefix = file_name_is_absolute($libdir) ? $libdir : catdir($prefix,$libdir);
our ($modulesprefix_dev, $modulesprefix_dir,
$modulesprefix_file) =
splitpath($modulesprefix, 1);
@@ -484,7 +485,7 @@ clean: libclean
-del /Q /S /F engines\*.lib engines\*.exp
-del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp
-del /Q /S /F test\*.exp
- -rd /Q /S test\test-runs
+ -@if exist "$(RESULT_D)" rd /Q /S "$(RESULT_D)"
distclean: clean
-del /Q /F include\openssl\configuration.h
diff --git a/NEWS.md b/NEWS.md
index f4ec14718d71..07f78ae2af17 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -23,6 +23,36 @@ OpenSSL Releases
OpenSSL 3.5
-----------
+### Major changes between OpenSSL 3.5.5 and OpenSSL 3.5.6 [7 Apr 2026]
+
+OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this
+release is Medium.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
+ ([CVE-2026-31790])
+
+ * Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
+ is used in the server-side configuration of the key-agreement group list.
+ ([CVE-2026-2673])
+
+ * Fixed potential use-after-free in DANE client code.
+ ([CVE-2026-28387])
+
+ * Fixed NULL pointer dereference when processing a delta CRL.
+ ([CVE-2026-28388])
+
+ * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
+ ([CVE-2026-28389])
+
+ * Fixed possible NULL dereference when processing CMS
+ KeyTransportRecipientInfo.
+ ([CVE-2026-28390])
+
+ * Fixed heap buffer overflow in hexadecimal conversion.
+ ([CVE-2026-31789])
+
### Major changes between OpenSSL 3.5.4 and OpenSSL 3.5.5 [27 Jan 2026]
OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this
@@ -758,7 +788,7 @@ OpenSSL 1.1.1
### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
- * Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+ * Fixed an overflow bug in the x86_64 Montgomery squaring procedure
used in exponentiation with 512-bit moduli ([CVE-2019-1551])
### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
@@ -1988,201 +2018,208 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
-[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
-[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
-[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
-[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
-[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
-[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
-[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
-[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199
-[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469
-[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468
-[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
-[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187
-[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
-[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
-[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
-[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
-[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
-[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
-[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
-[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
-[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
-[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
-[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
-[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
-[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
-[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
-[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
-[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
-[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
-[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
-[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
-[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
-[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
-[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
-[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
-[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
-[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
-[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
-[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
-[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
-[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
-[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
-[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
-[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
-[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
-[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
-[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
-[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
-[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
-[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
-[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
-[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
-[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
-[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
-[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
-[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
-[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
-[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
-[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
-[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
-[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
-[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
-[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
-[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
-[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
-[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
-[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
-[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
-[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
-[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
-[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
-[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
-[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
-[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
-[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
-[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
-[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
-[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
-[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
-[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
-[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
-[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
-[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
-[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
-[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
-[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
-[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
-[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
-[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
-[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
-[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
-[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
-[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
-[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
-[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
-[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
-[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
-[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
-[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
-[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
-[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
-[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
-[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
-[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
-[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
-[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
-[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
-[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
-[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
-[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
-[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
-[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
-[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
-[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
-[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
-[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
-[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
-[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
-[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
-[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
-[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
-[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
-[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
-[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
-[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
-[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
-[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
-[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
-[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
-[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
-[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
-[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
-[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
-[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
-[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
-[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
-[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
-[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
-[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
-[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
-[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
-[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
-[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
-[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
-[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
-[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
-[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
-[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
-[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
-[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
-[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198
-[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
-[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
-[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
-[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
-[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449
-[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
-[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
-[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
-[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
-[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
-[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
-[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
-[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
-[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
-[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
-[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
-[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
-[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
-[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
-[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
-[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
-[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298
-[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
-[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
-[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
-[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939
-[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
-[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
-[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
-[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
-[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
-[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
-[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
-[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
-[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
-[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
-[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737
-[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
-[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
-[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
-[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
[CHANGES.md]: ./CHANGES.md
-[README-QUIC.md]: ./README-QUIC.md
-[issue tracker]: https://github.com/openssl/openssl/issues
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
+[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
+[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
+[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
+[CVE-2006-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3737
+[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
+[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
+[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
+[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
+[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
+[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
+[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
+[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
+[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
+[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
+[CVE-2010-2939]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-2939
+[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
+[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
+[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
+[CVE-2010-5298]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-5298
+[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
+[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
+[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
+[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
+[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
+[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
+[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
+[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
+[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
+[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
+[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
+[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
+[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
+[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
+[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
+[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
+[CVE-2013-6449]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6449
+[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
+[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
+[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
+[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
+[CVE-2014-0198]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0198
+[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
+[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
+[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
+[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
+[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
+[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
+[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
+[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
+[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
+[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
+[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
+[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
+[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
+[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
+[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
+[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
+[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
+[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
+[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
+[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
+[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
+[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
+[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
+[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
+[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
+[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
+[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
+[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
+[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
+[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
+[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
+[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
+[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
+[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
+[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
+[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
+[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
+[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
+[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
+[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
+[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
+[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
+[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
+[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
+[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
+[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
+[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
+[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
+[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
+[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
+[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
+[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
+[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
+[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
+[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
+[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
+[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
+[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
+[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
+[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
+[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
+[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
+[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
+[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
+[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
+[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
+[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
+[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
+[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
+[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
+[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
+[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
+[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
+[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
+[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
+[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
+[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
+[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
+[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
+[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
+[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
+[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
+[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
+[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
+[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
+[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
+[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
+[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
+[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
+[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
+[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
+[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
+[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
+[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
+[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
+[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
+[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
+[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
+[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
+[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
+[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
+[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
+[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
+[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
+[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
+[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
+[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
+[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
+[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
+[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
+[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
+[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
+[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
+[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
+[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
+[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
+[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
+[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
+[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
+[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
+[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
+[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
+[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
+[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
+[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
+[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
+[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
+[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
+[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
+[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
+[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
+[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
+[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
+[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
+[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575
+[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
+[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
+[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
+[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
+[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
+[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
+[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
+[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
+[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
+[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
+[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
+[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
+[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
+[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
+[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
+[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
+[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
+[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
+[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
+[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
+[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
+[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
+[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
+[README-QUIC.md]: ./README-QUIC.md
+[issue tracker]: https://github.com/openssl/openssl/issues
[jitterentropy-library]: https://github.com/smuellerDD/jitterentropy-library
diff --git a/VERSION.dat b/VERSION.dat
index 3a61c8e4e30a..d3c75677c466 100644
--- a/VERSION.dat
+++ b/VERSION.dat
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=5
-PATCH=5
+PATCH=6
PRE_RELEASE_TAG=
BUILD_METADATA=
-RELEASE_DATE="27 Jan 2026"
+RELEASE_DATE="7 Apr 2026"
SHLIB_VERSION=3
diff --git a/apps/cmp.c b/apps/cmp.c
index f1af0b6c2b42..2fe7c18669bd 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -1421,7 +1421,10 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
out_vpm = X509_STORE_get0_param(out_trusted);
X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME);
- (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted);
+ if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) {
+ X509_STORE_free(out_trusted);
+ return 0;
+ }
}
if (opt_disable_confirm)
@@ -3390,6 +3393,12 @@ static void print_keyspec(OSSL_CMP_ATAVS *keySpec)
int paramtype;
const void *param;
+ /* NULL check to prevent dereferencing a NULL pointer when print_keyspec is called */
+ if (alg == NULL) {
+ BIO_puts(mem, "Key algorithm: <absent>\n");
+ break;
+ }
+
X509_ALGOR_get0(&oid, &paramtype, &param, alg);
BIO_printf(mem, "Key algorithm: ");
i2a_ASN1_OBJECT(mem, oid);
@@ -3789,8 +3798,7 @@ int cmp_main(int argc, char **argv)
if (opt_ignore_keyusage)
(void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1);
if (opt_no_cache_extracerts)
- (void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS,
- 1);
+ (void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS, 1);
if (opt_reqout_only == NULL && (opt_use_mock_srv
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
@@ -3806,7 +3814,7 @@ int cmp_main(int argc, char **argv)
srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx);
if (!OSSL_CMP_CTX_set_log_cb(srv_cmp_ctx, print_to_bio_err)) {
- CMP_err1("cannot set up error reporting and logging for %s", prog);
+ CMP_err1("cannot set up server-side error reporting and logging for %s", prog);
goto err;
}
OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity);
diff --git a/apps/include/cmp_mock_srv.h b/apps/include/cmp_mock_srv.h
index 215b95b744aa..a6220cdea21a 100644
--- a/apps/include/cmp_mock_srv.h
+++ b/apps/include/cmp_mock_srv.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2018-2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -19,6 +19,8 @@
OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx,
const char *propq);
void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx);
+OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx,
+ const OSSL_CMP_MSG *req);
int ossl_cmp_mock_srv_set1_refCert(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
@@ -34,6 +36,7 @@ int ossl_cmp_mock_srv_set1_oldWithNew(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
int fail_info, const char *text);
int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
+int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c
index 6986ab4c1073..3b66d048ea99 100644
--- a/apps/lib/app_provider.c
+++ b/apps/lib/app_provider.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,6 +47,7 @@ int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name)
app_providers = sk_OSSL_PROVIDER_new_null();
if (app_providers == NULL
|| !sk_OSSL_PROVIDER_push(app_providers, prov)) {
+ OSSL_PROVIDER_unload(prov);
app_providers_cleanup();
return 0;
}
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 74644157e5ca..bc2e1c123a75 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -191,8 +191,13 @@ int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
}
if (arg2 != NULL) {
*pass2 = app_get_pass(arg2, same ? 2 : 0);
- if (*pass2 == NULL)
+ if (*pass2 == NULL) {
+ if (pass1 != NULL) {
+ clear_free(*pass1);
+ *pass1 = NULL;
+ }
return 0;
+ }
} else if (pass2 != NULL) {
*pass2 = NULL;
}
@@ -263,15 +268,15 @@ static char *app_get_pass(const char *arg, int keepbio)
}
} else {
/* argument syntax error; do not reveal too much about arg */
- tmp = strchr(arg, ':');
- if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
+ const char *arg_ptr = strchr(arg, ':');
+ if (arg_ptr == NULL || arg_ptr - arg > PASS_SOURCE_SIZE_MAX)
BIO_printf(bio_err,
"Invalid password argument, missing ':' within the first %d chars\n",
PASS_SOURCE_SIZE_MAX + 1);
else
BIO_printf(bio_err,
"Invalid password argument, starting with \"%.*s\"\n",
- (int)(tmp - arg + 1), arg);
+ (int)(arg_ptr - arg + 1), arg);
return NULL;
}
}
@@ -2494,7 +2499,7 @@ static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx,
error:
X509_CRL_free(crl);
- sk_X509_CRL_free(crls);
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
return NULL;
}
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index bf8b06c390bd..cf21e8277887 100644
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2018-2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -10,6 +10,7 @@
#include "apps.h"
#include "cmp_mock_srv.h"
+#include "../../crypto/cmp/cmp_local.h" /* for access to msg->protection */
#include <openssl/cmp.h>
#include <openssl/err.h>
@@ -28,6 +29,7 @@ typedef struct {
X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */
OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
int sendError; /* send error response on given request type */
+ int useBadProtection; /* use bad protection on given response type */
OSSL_CMP_MSG *req; /* original request message during polling */
int pollCount; /* number of polls before actual cert response */
int curr_pollCount; /* number of polls so far for current request */
@@ -59,6 +61,7 @@ static mock_srv_ctx *mock_srv_ctx_new(void)
goto err;
ctx->sendError = -1;
+ ctx->useBadProtection = -1;
/* all other elements are initialized to 0 or NULL, respectively */
return ctx;
@@ -187,6 +190,19 @@ int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
return 1;
}
+int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
+{
+ mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
+
+ if (ctx == NULL) {
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
+ return 0;
+ }
+ /* might check bodytype, but this would require exporting all body types */
+ ctx->useBadProtection = bodytype;
+ return 1;
+}
+
int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count)
{
mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -591,6 +607,7 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
if (rsp != NULL && sk_OSSL_CMP_ITAV_push(*out, rsp))
return 1;
sk_OSSL_CMP_ITAV_free(*out);
+ OSSL_CMP_ITAV_free(rsp);
return 0;
}
@@ -712,6 +729,25 @@ static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
return 1;
}
+OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx,
+ const OSSL_CMP_MSG *req)
+{
+ OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_CTX_get_transfer_cb_arg(ctx);
+ OSSL_CMP_MSG *rsp = OSSL_CMP_CTX_server_perform(ctx, req);
+
+ if (srv_ctx != NULL && rsp != NULL) {
+ mock_srv_ctx *mock_ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
+
+ if (mock_ctx != NULL && OSSL_CMP_MSG_get_bodytype(rsp) == mock_ctx->useBadProtection) {
+ ASN1_BIT_STRING *prot = rsp->protection;
+
+ if (prot != NULL && prot->length != 0 && prot->data != NULL)
+ prot->data[0] ^= 0x80; /* flip most significant bit of the first byte */
+ }
+ }
+ return rsp;
+}
+
OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq)
{
OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq);
diff --git a/apps/lib/win32_init.c b/apps/lib/win32_init.c
index 824eb676310e..0ea2048283cb 100644
--- a/apps/lib/win32_init.c
+++ b/apps/lib/win32_init.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,7 +10,6 @@
#include <windows.h>
#include <stdlib.h>
#include <string.h>
-#include <malloc.h>
#if defined(CP_UTF8)
diff --git a/apps/ocsp.c b/apps/ocsp.c
index a9b248d3a198..e2c147ef097c 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -876,7 +876,7 @@ done_resp:
i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
if (i <= 0 && issuers) {
- i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER);
+ i = OCSP_basic_verify(bs, issuers, store, verify_flags);
if (i > 0)
ERR_clear_error();
}
diff --git a/apps/s_client.c b/apps/s_client.c
index 3625f8fcdc99..d356359a97ef 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3892,7 +3892,11 @@ static void user_data_init(struct user_data_st *user_data, SSL *con, char *buf,
static int user_data_add(struct user_data_st *user_data, size_t i)
{
- if (user_data->buflen != 0 || i > user_data->bufmax)
+ /*
+ * We must allow one byte for a NUL terminator so i must be less than
+ * bufmax
+ */
+ if (user_data->buflen != 0 || i >= user_data->bufmax)
return 0;
user_data->buflen = i;
diff --git a/apps/ts.c b/apps/ts.c
index bd800bfaa322..af355bfc05e8 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -348,7 +348,7 @@ int ts_main(int argc, char **argv)
if ((in != NULL) && (queryfile != NULL))
goto opthelp;
if (in == NULL) {
- if ((conf == NULL) || (token_in != 0))
+ if (conf == NULL || token_in != 0 || queryfile == NULL)
goto opthelp;
}
ret = !reply_command(conf, section, engine, queryfile,
diff --git a/build.info b/build.info
index 22c7c8a94b1f..144efbbe20f5 100644
--- a/build.info
+++ b/build.info
@@ -108,12 +108,10 @@ IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}]
SHARED_SOURCE[libssl]=libssl.rc
ENDIF
-# This file sets the build directory up for CMake inclusion
-# Note: This generation of OpenSSLConfig[Version].cmake is used
-# for building openssl locally, and so the build variables are
-# taken from builddata.pm rather than installdata.pm. For exportable
-# versions of these generated files, you'll find them in the exporters
-# directory
+# These files set the build directory up for CMake inclusion.
+# To achieve this, their variables are taken from builddata.pm.
+# These files are not installed; you will find the installable
+# versions in the 'exporters' directory.
GENERATE[OpenSSLConfig.cmake]=exporters/cmake/OpenSSLConfig.cmake.in
DEPEND[OpenSSLConfig.cmake]=builddata.pm
GENERATE[OpenSSLConfigVersion.cmake]=exporters/cmake/OpenSSLConfigVersion.cmake.in
@@ -121,7 +119,10 @@ DEPEND[OpenSSLConfigVersion.cmake]=builddata.pm
DEPEND[OpenSSLConfigVersion.cmake]=OpenSSLConfig.cmake
DEPEND[""]=OpenSSLConfigVersion.cmake
-# This file sets the build directory up for pkg-config
+# These files set the build directory up for pkg-config use.
+# To achieve this, their variables are taken from builddata.pm.
+# These files are not installed; you will find the installable
+# versions in the 'exporters' directory.
GENERATE[libcrypto.pc]=exporters/pkg-config/libcrypto.pc.in
DEPEND[libcrypto.pc]=builddata.pm
GENERATE[libssl.pc]=exporters/pkg-config/libssl.pc.in
@@ -131,6 +132,7 @@ DEPEND[openssl.pc]=builddata.pm
DEPEND[openssl.pc]=libcrypto.pc libssl.pc
GENERATE[builddata.pm]=util/mkinstallvars.pl \
+ COMMENT="This file should be used when building against this OpenSSL build, and should never be installed" \
PREFIX=. BINDIR=apps APPLINKDIR=ms \
LIBDIR= INCLUDEDIR=include "INCLUDEDIR=$(SRCDIR)/include" \
ENGINESDIR=engines MODULESDIR=providers \
diff --git a/crypto/aes/asm/aes-riscv32-zkn.pl b/crypto/aes/asm/aes-riscv32-zkn.pl
index 6fac45184620..ed8f4a7f83aa 100644
--- a/crypto/aes/asm/aes-riscv32-zkn.pl
+++ b/crypto/aes/asm/aes-riscv32-zkn.pl
@@ -2,7 +2,7 @@
# This file is dual-licensed, meaning that you can use it under your
# choice of either of the following two licenses:
#
-# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You can obtain
# a copy in the file LICENSE in the source distribution or at
@@ -704,11 +704,6 @@ sub AES_set_common {
my ($ke128, $ke192, $ke256) = @_;
my $ret = '';
$ret .= <<___;
- bnez $UKEY,1f # if (!userKey || !key) return -1;
- bnez $KEYP,1f
- li a0,-1
- ret
-1:
# Determine number of rounds from key size in bits
li $T0,128
bne $BITS,$T0,1f
diff --git a/crypto/aes/asm/aes-riscv64-zkn.pl b/crypto/aes/asm/aes-riscv64-zkn.pl
index 0e8a1540c438..68c213e43e34 100644
--- a/crypto/aes/asm/aes-riscv64-zkn.pl
+++ b/crypto/aes/asm/aes-riscv64-zkn.pl
@@ -2,7 +2,7 @@
# This file is dual-licensed, meaning that you can use it under your
# choice of either of the following two licenses:
#
-# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You can obtain
# a copy in the file LICENSE in the source distribution or at
@@ -392,11 +392,6 @@ sub AES_set_common {
my ($ke128, $ke192, $ke256) = @_;
my $ret = '';
$ret .= <<___;
- bnez $UKEY,1f # if (!userKey || !key) return -1;
- bnez $KEYP,1f
- li a0,-1
- ret
-1:
# Determine number of rounds from key size in bits
li $T0,128
bne $BITS,$T0,1f
diff --git a/crypto/aes/asm/aes-riscv64-zvkned.pl b/crypto/aes/asm/aes-riscv64-zvkned.pl
index 4c0292781d9f..014fa6807d33 100644
--- a/crypto/aes/asm/aes-riscv64-zvkned.pl
+++ b/crypto/aes/asm/aes-riscv64-zvkned.pl
@@ -2,7 +2,7 @@
# This file is dual-licensed, meaning that you can use it under your
# choice of either of the following two licenses:
#
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You can obtain
# a copy in the file LICENSE in the source distribution or at
@@ -828,9 +828,6 @@ $code .= <<___;
.globl rv64i_zvkned_set_encrypt_key
.type rv64i_zvkned_set_encrypt_key,\@function
rv64i_zvkned_set_encrypt_key:
- beqz $UKEY, L_fail_m1
- beqz $KEYP, L_fail_m1
-
# Get proper routine for key size
li $T0, 256
beq $BITS, $T0, L_set_key_256
@@ -847,9 +844,6 @@ $code .= <<___;
.globl rv64i_zvkned_set_decrypt_key
.type rv64i_zvkned_set_decrypt_key,\@function
rv64i_zvkned_set_decrypt_key:
- beqz $UKEY, L_fail_m1
- beqz $KEYP, L_fail_m1
-
# Get proper routine for key size
li $T0, 256
beq $BITS, $T0, L_set_key_256
@@ -1356,11 +1350,6 @@ ___
}
$code .= <<___;
-L_fail_m1:
- li a0, -1
- ret
-.size L_fail_m1,.-L_fail_m1
-
L_fail_m2:
li a0, -2
ret
diff --git a/crypto/aes/asm/aes-riscv64.pl b/crypto/aes/asm/aes-riscv64.pl
index 525eba4b4638..4bf9edae6858 100644
--- a/crypto/aes/asm/aes-riscv64.pl
+++ b/crypto/aes/asm/aes-riscv64.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -773,11 +773,13 @@ AES_set_encrypt_key:
___
$code .= save_regs();
$code .= <<___;
- bnez $UKEY,1f # if (!userKey || !key) return -1;
- bnez $KEYP,1f
+ beqz $UKEY,1f # if (!userKey || !key) return -1;
+ beqz $KEYP,1f
+ j 2f
+1:
li a0,-1
ret
-1:
+2:
la $RCON,AES_rcon
la $TBL,AES_Te0
li $T8,128
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index caa079fad0ec..2d50dc657bac 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -95,7 +95,7 @@ ASN1_SEQUENCE(asn1_int_oct) = {
ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(asn1_int_oct)
- DECLARE_ASN1_ITEM(asn1_int_oct)
+DECLARE_ASN1_ITEM(asn1_int_oct)
int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
int len)
@@ -158,7 +158,7 @@ ASN1_SEQUENCE(asn1_oct_int) = {
ASN1_EMBED(asn1_oct_int, num, INT32)
} static_ASN1_SEQUENCE_END(asn1_oct_int)
- DECLARE_ASN1_ITEM(asn1_oct_int)
+DECLARE_ASN1_ITEM(asn1_oct_int)
int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
unsigned char *data, int len)
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 7b70d6c7a0cf..47f3a9802f82 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -52,6 +52,6 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
- DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_PKEY, NETSCAPE_PKEY)
IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY)
diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index b6d7eee3c95e..532740aab8a3 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -44,7 +44,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
uint64_t p)
{
X509_ALGOR *scheme = NULL, *ret = NULL;
- int alg_nid;
+ int alg_nid, ivlen;
size_t keylen = 0;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -83,10 +83,11 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
}
/* Create random IV */
- if (EVP_CIPHER_get_iv_length(cipher)) {
+ ivlen = EVP_CIPHER_get_iv_length(cipher);
+ if (ivlen > 0) {
if (aiv)
- memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher));
- else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0)
+ memcpy(iv, aiv, ivlen);
+ else if (RAND_bytes(iv, ivlen) <= 0)
goto err;
}
diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
index e380972dbdc9..f2d42eefba80 100644
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num, int encrypt)
{
register BF_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
BF_LONG ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
index 5c9193add17e..2cd339dd27eb 100644
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num)
{
register BF_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index dd14c393d737..42bb0e861afe 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -961,7 +961,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
"calling setsockopt()");
-#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER)
+#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_PROBE)
sockopt_val = num ? IPV6_PMTUDISC_PROBE : IPV6_PMTUDISC_DONT;
if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
&sockopt_val, sizeof(sockopt_val)))
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index c5bdda498bd0..6b8daeb95f90 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -202,8 +202,19 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_INFO:
if (b->flags & BIO_FLAGS_UPLINK_INTERNAL)
ret = UP_ftell(b->ptr);
- else
+ else {
+#if defined(OPENSSL_SYS_WINDOWS)
+ /*
+ * On Windows, for non-seekable files (stdin), ftell() is undefined.
+ */
+ if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK)
+ ret = -1;
+ else
+ ret = ftell(fp);
+#else
ret = ftell(fp);
+#endif
+ }
break;
case BIO_C_SET_FILE_PTR:
file_free(b);
diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
index 5733a0174660..923e6d4464d2 100644
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -37,7 +37,7 @@
# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
# Polynomial Multiplication on ARM Processors using the NEON Engine.
#
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
# $output is the last argument if it looks like a file (it has an extension)
# $flavour is the first argument if it doesn't look like a file
diff --git a/crypto/bn/asm/rsaz-2k-avxifma.pl b/crypto/bn/asm/rsaz-2k-avxifma.pl
index ea45d2051a70..b84a3e4f1954 100644
--- a/crypto/bn/asm/rsaz-2k-avxifma.pl
+++ b/crypto/bn/asm/rsaz-2k-avxifma.pl
@@ -1,4 +1,4 @@
-# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2024, Intel Corporation. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -362,6 +362,23 @@ ossl_rsaz_amm52x20_x1_avxifma256:
.cfi_push %r14
push %r15
.cfi_push %r15
+___
+$code.=<<___ if ($win64);
+ push %rsi # save non-volatile registers
+ push %rdi
+ lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+ vmovapd %xmm6, `16*0`(%rsp)
+ vmovapd %xmm7, `16*1`(%rsp)
+ vmovapd %xmm8, `16*2`(%rsp)
+ vmovapd %xmm9, `16*3`(%rsp)
+ vmovapd %xmm10, `16*4`(%rsp)
+ vmovapd %xmm11, `16*5`(%rsp)
+ vmovapd %xmm12, `16*6`(%rsp)
+ vmovapd %xmm13, `16*7`(%rsp)
+ vmovapd %xmm14, `16*8`(%rsp)
+ vmovapd %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
.Lossl_rsaz_amm52x20_x1_avxifma256_body:
# Zeroing accumulators
@@ -401,6 +418,23 @@ $code.=<<___;
vmovdqu $R2_0, `4*32`($res)
vzeroupper
+___
+$code.=<<___ if ($win64);
+ vmovapd `16*0`(%rsp), %xmm6
+ vmovapd `16*1`(%rsp), %xmm7
+ vmovapd `16*2`(%rsp), %xmm8
+ vmovapd `16*3`(%rsp), %xmm9
+ vmovapd `16*4`(%rsp), %xmm10
+ vmovapd `16*5`(%rsp), %xmm11
+ vmovapd `16*6`(%rsp), %xmm12
+ vmovapd `16*7`(%rsp), %xmm13
+ vmovapd `16*8`(%rsp), %xmm14
+ vmovapd `16*9`(%rsp), %xmm15
+ lea 168(%rsp), %rsp
+ pop %rdi
+ pop %rsi
+___
+$code.=<<___;
mov 0(%rsp),%r15
.cfi_restore %r15
mov 8(%rsp),%r14
@@ -553,6 +587,23 @@ ossl_rsaz_amm52x20_x2_avxifma256:
.cfi_push %r14
push %r15
.cfi_push %r15
+___
+$code.=<<___ if ($win64);
+ push %rsi # save non-volatile registers
+ push %rdi
+ lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+ vmovapd %xmm6, `16*0`(%rsp)
+ vmovapd %xmm7, `16*1`(%rsp)
+ vmovapd %xmm8, `16*2`(%rsp)
+ vmovapd %xmm9, `16*3`(%rsp)
+ vmovapd %xmm10, `16*4`(%rsp)
+ vmovapd %xmm11, `16*5`(%rsp)
+ vmovapd %xmm12, `16*6`(%rsp)
+ vmovapd %xmm13, `16*7`(%rsp)
+ vmovapd %xmm14, `16*8`(%rsp)
+ vmovapd %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
.Lossl_rsaz_amm52x20_x2_avxifma256_body:
# Zeroing accumulators
@@ -604,6 +655,23 @@ $code.=<<___;
vmovdqu $R2_1, `9*32`($res)
vzeroupper
+___
+$code.=<<___ if ($win64);
+ vmovapd `16*0`(%rsp), %xmm6
+ vmovapd `16*1`(%rsp), %xmm7
+ vmovapd `16*2`(%rsp), %xmm8
+ vmovapd `16*3`(%rsp), %xmm9
+ vmovapd `16*4`(%rsp), %xmm10
+ vmovapd `16*5`(%rsp), %xmm11
+ vmovapd `16*6`(%rsp), %xmm12
+ vmovapd `16*7`(%rsp), %xmm13
+ vmovapd `16*8`(%rsp), %xmm14
+ vmovapd `16*9`(%rsp), %xmm15
+ lea 168(%rsp), %rsp
+ pop %rdi
+ pop %rsi
+___
+$code.=<<___;
mov 0(%rsp),%r15
.cfi_restore %r15
mov 8(%rsp),%r14
@@ -663,6 +731,23 @@ $code.=<<___;
ossl_extract_multiplier_2x20_win5_avx:
.cfi_startproc
endbranch
+___
+$code.=<<___ if ($win64);
+ push %rsi # save non-volatile registers
+ push %rdi
+ lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+ vmovapd %xmm6, `16*0`(%rsp)
+ vmovapd %xmm7, `16*1`(%rsp)
+ vmovapd %xmm8, `16*2`(%rsp)
+ vmovapd %xmm9, `16*3`(%rsp)
+ vmovapd %xmm10, `16*4`(%rsp)
+ vmovapd %xmm11, `16*5`(%rsp)
+ vmovapd %xmm12, `16*6`(%rsp)
+ vmovapd %xmm13, `16*7`(%rsp)
+ vmovapd %xmm14, `16*8`(%rsp)
+ vmovapd %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
vmovapd .Lones(%rip), $ones # broadcast ones
vmovq $red_tbl_idx1, $tmp_xmm
vpbroadcastq $tmp_xmm, $idx1
@@ -709,6 +794,24 @@ foreach (0..9) {
$code.="vmovdqu $t[$_], `${_}*32`($out) \n";
}
$code.=<<___;
+ vzeroupper
+___
+$code.=<<___ if ($win64);
+ vmovapd `16*0`(%rsp), %xmm6
+ vmovapd `16*1`(%rsp), %xmm7
+ vmovapd `16*2`(%rsp), %xmm8
+ vmovapd `16*3`(%rsp), %xmm9
+ vmovapd `16*4`(%rsp), %xmm10
+ vmovapd `16*5`(%rsp), %xmm11
+ vmovapd `16*6`(%rsp), %xmm12
+ vmovapd `16*7`(%rsp), %xmm13
+ vmovapd `16*8`(%rsp), %xmm14
+ vmovapd `16*9`(%rsp), %xmm15
+ lea 168(%rsp), %rsp
+ pop %rdi
+ pop %rsi
+___
+$code.=<<___;
ret
.cfi_endproc
.size ossl_extract_multiplier_2x20_win5_avx, .-ossl_extract_multiplier_2x20_win5_avx
diff --git a/crypto/bn/asm/rsaz-3k-avxifma.pl b/crypto/bn/asm/rsaz-3k-avxifma.pl
index a19cb5aaa309..1948d726b38b 100644
--- a/crypto/bn/asm/rsaz-3k-avxifma.pl
+++ b/crypto/bn/asm/rsaz-3k-avxifma.pl
@@ -1,4 +1,4 @@
-# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2024, Intel Corporation. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -87,8 +87,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
my $mask52 = "%rax";
my $acc0_0 = "%r9";
my $acc0_0_low = "%r9d";
-my $acc0_1 = "%r15";
-my $acc0_1_low = "%r15d";
my $b_ptr = "%r11";
my $iter = "%ebx";
@@ -741,7 +739,7 @@ $code.=<<___;
vmovdqu $R3_0, `6*32`($res)
vmovdqu $R3_0h, `7*32`($res)
- xorl $acc0_1_low, $acc0_1_low
+ xorl $acc0_0_low, $acc0_0_low
lea 16($b_ptr), $b_ptr
movq \$0xfffffffffffff, $mask52 # 52-bit mask
@@ -857,6 +855,23 @@ $code.=<<___;
ossl_extract_multiplier_2x30_win5_avx:
.cfi_startproc
endbranch
+___
+$code.=<<___ if ($win64);
+ push %rsi # save non-volatile registers
+ push %rdi
+ lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+ vmovapd %xmm6, `16*0`(%rsp)
+ vmovapd %xmm7, `16*1`(%rsp)
+ vmovapd %xmm8, `16*2`(%rsp)
+ vmovapd %xmm9, `16*3`(%rsp)
+ vmovapd %xmm10, `16*4`(%rsp)
+ vmovapd %xmm11, `16*5`(%rsp)
+ vmovapd %xmm12, `16*6`(%rsp)
+ vmovapd %xmm13, `16*7`(%rsp)
+ vmovapd %xmm14, `16*8`(%rsp)
+ vmovapd %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
vmovapd .Lones(%rip), $ones # broadcast ones
vmovq $red_tbl_idx1, $tmp_xmm
vpbroadcastq $tmp_xmm, $idx1
@@ -930,6 +945,24 @@ foreach (8..15) {
$code.="vmovdqu $t[$_], `${_}*32`($out) \n";
}
+$code.=<<___;
+ vzeroupper
+___
+$code.=<<___ if ($win64);
+ vmovapd `16*0`(%rsp), %xmm6
+ vmovapd `16*1`(%rsp), %xmm7
+ vmovapd `16*2`(%rsp), %xmm8
+ vmovapd `16*3`(%rsp), %xmm9
+ vmovapd `16*4`(%rsp), %xmm10
+ vmovapd `16*5`(%rsp), %xmm11
+ vmovapd `16*6`(%rsp), %xmm12
+ vmovapd `16*7`(%rsp), %xmm13
+ vmovapd `16*8`(%rsp), %xmm14
+ vmovapd `16*9`(%rsp), %xmm15
+ lea 168(%rsp), %rsp
+ pop %rdi
+ pop %rsi
+___
$code.=<<___;
diff --git a/crypto/bn/asm/rsaz-4k-avxifma.pl b/crypto/bn/asm/rsaz-4k-avxifma.pl
index f15e2d74118c..9f299430cefc 100644
--- a/crypto/bn/asm/rsaz-4k-avxifma.pl
+++ b/crypto/bn/asm/rsaz-4k-avxifma.pl
@@ -1,4 +1,4 @@
-# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2024, Intel Corporation. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -84,8 +84,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
my $mask52 = "%rax";
my $acc0_0 = "%r9";
my $acc0_0_low = "%r9d";
-my $acc0_1 = "%r15";
-my $acc0_1_low = "%r15d";
my $b_ptr = "%r11";
my $iter = "%ebx";
@@ -834,7 +832,7 @@ $code.=<<___;
vmovdqu $R4_0, `8*32`($res)
vmovdqu $R4_0h, `9*32`($res)
- xorl $acc0_1_low, $acc0_1_low
+ xorl $acc0_0_low, $acc0_0_low
movq \$0xfffffffffffff, $mask52
@@ -975,6 +973,23 @@ $code.=<<___;
ossl_extract_multiplier_2x40_win5_avx:
.cfi_startproc
endbranch
+___
+$code.=<<___ if ($win64);
+ push %rsi # save non-volatile registers
+ push %rdi
+ lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+ vmovapd %xmm6, `16*0`(%rsp)
+ vmovapd %xmm7, `16*1`(%rsp)
+ vmovapd %xmm8, `16*2`(%rsp)
+ vmovapd %xmm9, `16*3`(%rsp)
+ vmovapd %xmm10, `16*4`(%rsp)
+ vmovapd %xmm11, `16*5`(%rsp)
+ vmovapd %xmm12, `16*6`(%rsp)
+ vmovapd %xmm13, `16*7`(%rsp)
+ vmovapd %xmm14, `16*8`(%rsp)
+ vmovapd %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
vmovapd .Lones(%rip), $ones # broadcast ones
vmovq $red_tbl_idx1, $tmp_xmm
vpbroadcastq $tmp_xmm, $idx1
@@ -1002,6 +1017,24 @@ foreach (0..9) {
$code.="vmovdqu $t[$_], `(10+$_)*32`($out) \n";
}
$code.=<<___;
+ vzeroupper
+___
+$code.=<<___ if ($win64);
+ vmovapd `16*0`(%rsp), %xmm6
+ vmovapd `16*1`(%rsp), %xmm7
+ vmovapd `16*2`(%rsp), %xmm8
+ vmovapd `16*3`(%rsp), %xmm9
+ vmovapd `16*4`(%rsp), %xmm10
+ vmovapd `16*5`(%rsp), %xmm11
+ vmovapd `16*6`(%rsp), %xmm12
+ vmovapd `16*7`(%rsp), %xmm13
+ vmovapd `16*8`(%rsp), %xmm14
+ vmovapd `16*9`(%rsp), %xmm15
+ lea 168(%rsp), %rsp
+ pop %rdi
+ pop %rsi
+___
+$code.=<<___;
ret
.cfi_endproc
diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl
index fe51fcaf81c7..d438af562648 100644
--- a/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/bn/asm/sparcv9-mont.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -394,11 +394,11 @@ $code.=<<___;
mulx $car1,$mul1,$car1
mulx $npj,$mul1,$acc1
+ add $tmp1,$car0,$car0
add $tmp0,$car1,$car1
and $car0,$mask,$acc0
ld [$np+8],$npj ! np[2]
srlx $car1,32,$car1
- add $tmp1,$car1,$car1
srlx $car0,32,$car0
add $acc0,$car1,$car1
and $car0,1,$sbit
diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c
index 542c33d6a8d7..d069481e981b 100644
--- a/crypto/bn/bn_dh.c
+++ b/crypto/bn/bn_dh.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -14,7 +14,7 @@
#include "crypto/bn_dh.h"
#if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
#else
#define BN_DEF(lo, hi) lo, hi
#endif
@@ -1387,37 +1387,37 @@ const BIGNUM ossl_bignum_const_2 = {
};
make_dh_bn(dh1024_160_p)
- make_dh_bn(dh1024_160_q)
- make_dh_bn(dh1024_160_g)
- make_dh_bn(dh2048_224_p)
- make_dh_bn(dh2048_224_q)
- make_dh_bn(dh2048_224_g)
- make_dh_bn(dh2048_256_p)
- make_dh_bn(dh2048_256_q)
- make_dh_bn(dh2048_256_g)
+make_dh_bn(dh1024_160_q)
+make_dh_bn(dh1024_160_g)
+make_dh_bn(dh2048_224_p)
+make_dh_bn(dh2048_224_q)
+make_dh_bn(dh2048_224_g)
+make_dh_bn(dh2048_256_p)
+make_dh_bn(dh2048_256_q)
+make_dh_bn(dh2048_256_g)
- make_dh_bn(ffdhe2048_p)
- make_dh_bn(ffdhe2048_q)
- make_dh_bn(ffdhe3072_p)
- make_dh_bn(ffdhe3072_q)
- make_dh_bn(ffdhe4096_p)
- make_dh_bn(ffdhe4096_q)
- make_dh_bn(ffdhe6144_p)
- make_dh_bn(ffdhe6144_q)
- make_dh_bn(ffdhe8192_p)
- make_dh_bn(ffdhe8192_q)
+make_dh_bn(ffdhe2048_p)
+make_dh_bn(ffdhe2048_q)
+make_dh_bn(ffdhe3072_p)
+make_dh_bn(ffdhe3072_q)
+make_dh_bn(ffdhe4096_p)
+make_dh_bn(ffdhe4096_q)
+make_dh_bn(ffdhe6144_p)
+make_dh_bn(ffdhe6144_q)
+make_dh_bn(ffdhe8192_p)
+make_dh_bn(ffdhe8192_q)
#ifndef FIPS_MODULE
- make_dh_bn(modp_1536_p)
- make_dh_bn(modp_1536_q)
+make_dh_bn(modp_1536_p)
+make_dh_bn(modp_1536_q)
#endif
- make_dh_bn(modp_2048_p)
- make_dh_bn(modp_2048_q)
- make_dh_bn(modp_3072_p)
- make_dh_bn(modp_3072_q)
- make_dh_bn(modp_4096_p)
- make_dh_bn(modp_4096_q)
- make_dh_bn(modp_6144_p)
- make_dh_bn(modp_6144_q)
- make_dh_bn(modp_8192_p)
- make_dh_bn(modp_8192_q)
+make_dh_bn(modp_2048_p)
+make_dh_bn(modp_2048_q)
+make_dh_bn(modp_3072_p)
+make_dh_bn(modp_3072_q)
+make_dh_bn(modp_4096_p)
+make_dh_bn(modp_4096_q)
+make_dh_bn(modp_6144_p)
+make_dh_bn(modp_6144_q)
+make_dh_bn(modp_8192_p)
+make_dh_bn(modp_8192_q)
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 58d38b9ebd2a..44931f803802 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -771,16 +771,16 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
- int bn_pwr5_mont_t4_8(BN_ULONG * tp, const BN_ULONG *np,
+ int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
- int bn_pwr5_mont_t4_16(BN_ULONG * tp, const BN_ULONG *np,
+ int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
- int bn_pwr5_mont_t4_24(BN_ULONG * tp, const BN_ULONG *np,
+ int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
- int bn_pwr5_mont_t4_32(BN_ULONG * tp, const BN_ULONG *np,
+ int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
static const bn_pwr5_mont_f pwr5_funcs[4] = {
@@ -792,15 +792,15 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap, const void *bp,
+ int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
const BN_ULONG *np, const BN_ULONG *n0);
- int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
static const bn_mul_mont_f mul_funcs[4] = {
@@ -809,20 +809,20 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
};
bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
- void bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
- void bn_mul_mont_t4(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
- void bn_mul_mont_gather5_t4(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
void *table, size_t power);
- void bn_gather5_t4(BN_ULONG * out, size_t num,
+ void bn_gather5_t4(BN_ULONG *out, size_t num,
void *table, size_t power);
- void bn_flip_t4(BN_ULONG * dst, BN_ULONG * src, size_t num);
+ void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
BN_ULONG *np = mont->N.d, *n0 = mont->n0;
int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
@@ -922,13 +922,13 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
* Given those inputs, |bn_mul_mont| may not give reduced
* output, but it will still produce "almost" reduced output.
*/
- void bn_mul_mont_gather5(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
void bn_scatter5(const BN_ULONG *inp, size_t num,
void *table, size_t power);
- void bn_gather5(BN_ULONG * out, size_t num, void *table, size_t power);
- void bn_power5(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+ void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
int bn_get_bits5(const BN_ULONG *ap, int off);
diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h
index 45b545bce3dd..9ebadfd76e79 100644
--- a/crypto/bn/bn_local.h
+++ b/crypto/bn/bn_local.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -387,7 +387,7 @@ struct bn_gencb_st {
#elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
#if defined(__DECC)
#include <c_asm.h>
-#define BN_UMULT_HIGH(a, b) (BN_ULONG) asm("umulh %a0,%a1,%v0", (a), (b))
+#define BN_UMULT_HIGH(a, b) (BN_ULONG)asm("umulh %a0,%a1,%v0", (a), (b))
#elif defined(__GNUC__) && __GNUC__ >= 2
#define BN_UMULT_HIGH(a, b) ({ \
register BN_ULONG ret; \
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 1527ac10fb1b..72e935c52fb9 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,10 +8,9 @@
*/
/*
- * Details about Montgomery multiplication algorithms can be found at
- * http://security.ece.orst.edu/publications.html, e.g.
- * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
- * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ * Details about Montgomery multiplication algorithms can be found in
+ * https://www.microsoft.com/en-us/research/wp-content/uploads/1996/01/j37acmon.pdf
+ * and https://cetinkayakoc.net/docs/r01.pdf
*/
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
index 049ffa50da98..8ef52a30c1a4 100644
--- a/crypto/bn/bn_ppc.c
+++ b/crypto/bn/bn_ppc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -15,14 +15,14 @@
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num)
{
- int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
- int bn_mul4x_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
- int bn_mul_mont_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
- int bn_mul_mont_300_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 0c38e2ccd207..08f889e59799 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -30,7 +30,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
#define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x))
#if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
#else
#define BN_DEF(lo, hi) lo, hi
#endif
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index c2574167d06d..08def7f13c98 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -29,7 +29,7 @@
#include "internal/nelem.h"
#if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
#else
#define BN_DEF(lo, hi) lo, hi
#endif
diff --git a/crypto/bn/bn_sparc.c b/crypto/bn/bn_sparc.c
index a236e42dfae9..7c902191d773 100644
--- a/crypto/bn/bn_sparc.c
+++ b/crypto/bn/bn_sparc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -16,11 +16,11 @@
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num)
{
- int bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
- int bn_mul_mont_fpu(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
- int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
if (!(num & 1) && num >= 6) {
@@ -29,16 +29,16 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *bp,
const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
static const bn_mul_mont_f funcs[4] = {
diff --git a/crypto/bsearch.c b/crypto/bsearch.c
index 192ccbeb916f..c2ab0b812595 100644
--- a/crypto/bsearch.c
+++ b/crypto/bsearch.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -23,7 +23,7 @@ const void *ossl_bsearch(const void *key, const void *base, int num,
l = 0;
h = num;
while (l < h) {
- i = (l + h) / 2;
+ i = l + (h - l) / 2;
p = &(base_[i * size]);
c = (*cmp)(key, p);
if (c < 0)
diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
index 4170f77a78eb..3de52f56af46 100644
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num, int enc)
{
register CAST_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
CAST_LONG ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c
index 431446ab5fb7..dbd6e02729d2 100644
--- a/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num)
{
register CAST_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index ec865b243789..d6a4230d243e 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -149,6 +149,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
int time_left;
OSSL_CMP_transfer_cb_t transfer_cb = ctx->transfer_cb;
+ ctx->status = OSSL_CMP_PKISTATUS_trans;
#ifndef OPENSSL_NO_HTTP
if (transfer_cb == NULL)
transfer_cb = OSSL_CMP_MSG_http_perform;
@@ -175,7 +176,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
/* should print error queue since transfer_cb may call ERR_clear_error() */
OSSL_CMP_CTX_print_errors(ctx);
- if (ctx->server != NULL)
+ if (ctx->server != NULL || ctx->transfer_cb != NULL)
ossl_cmp_log1(INFO, ctx, "sending %s", req_type_str);
*rep = (*transfer_cb)(ctx, req);
@@ -189,6 +190,7 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
return 0;
}
+ ctx->status = OSSL_CMP_PKISTATUS_checking_response;
bt = OSSL_CMP_MSG_get_bodytype(*rep);
/*
* The body type in the 'bt' variable is not yet verified.
@@ -284,11 +286,15 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
"received 'waiting' PKIStatus, starting to poll for response");
*rep = NULL;
for (;;) {
+ int bak = ctx->status;
+
+ ctx->status = OSSL_CMP_PKISTATUS_request;
if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL)
goto err;
if (!send_receive_check(ctx, preq, &prep, OSSL_CMP_PKIBODY_POLLREP))
goto err;
+ ctx->status = bak;
/* handle potential pollRep */
if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) {
@@ -344,6 +350,7 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL));
if (time_left <= 0) {
+ ctx->status = OSSL_CMP_PKISTATUS_trans;
ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT);
goto err;
}
@@ -455,7 +462,9 @@ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
OSSL_CMP_MSG *certConf;
OSSL_CMP_MSG *PKIconf = NULL;
int res = 0;
+ int bak = ctx->status;
+ ctx->status = OSSL_CMP_PKISTATUS_request;
/* OSSL_CMP_certConf_new() also checks if all necessary options are set */
certConf = ossl_cmp_certConf_new(ctx, certReqId, fail_info, txt);
if (certConf == NULL)
@@ -464,6 +473,9 @@ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
res = send_receive_also_delayed(ctx, certConf, &PKIconf,
OSSL_CMP_PKIBODY_PKICONF);
+ if (res)
+ ctx->status = bak;
+
err:
OSSL_CMP_MSG_free(certConf);
OSSL_CMP_MSG_free(PKIconf);
@@ -479,6 +491,7 @@ int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info,
OSSL_CMP_MSG *PKIconf = NULL;
int res = 0;
+ ctx->status = OSSL_CMP_PKISTATUS_request;
/* not overwriting ctx->status on error exchange */
if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, txt)) == NULL)
goto err;
@@ -488,6 +501,7 @@ int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info,
res = send_receive_also_delayed(ctx, error,
&PKIconf, OSSL_CMP_PKIBODY_PKICONF);
+ ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client;
err:
OSSL_CMP_MSG_free(error);
@@ -790,7 +804,7 @@ retry:
ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED,
"rejecting newly enrolled cert with subject: %s; %s",
subj, txt);
- ctx->status = OSSL_CMP_PKISTATUS_rejection;
+ ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client;
ret = 0;
}
OPENSSL_free(subj);
@@ -812,7 +826,6 @@ static int initial_certreq(OSSL_CMP_CTX *ctx,
if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL)
return 0;
- ctx->status = OSSL_CMP_PKISTATUS_trans;
res = send_receive_check(ctx, req, p_rep, rep_type);
OSSL_CMP_MSG_free(req);
return res;
@@ -918,7 +931,6 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
if ((rr = ossl_cmp_rr_new(ctx)) == NULL)
goto end;
- ctx->status = OSSL_CMP_PKISTATUS_trans;
if (!send_receive_also_delayed(ctx, rr, &rp, OSSL_CMP_PKIBODY_RP))
goto end;
@@ -1038,7 +1050,6 @@ STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx)
if ((genm = ossl_cmp_genm_new(ctx)) == NULL)
goto err;
- ctx->status = OSSL_CMP_PKISTATUS_trans;
if (!send_receive_also_delayed(ctx, genm, &genp, OSSL_CMP_PKIBODY_GENP))
goto err;
ctx->status = OSSL_CMP_PKISTATUS_accepted;
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index 947374d4ec2e..7fdc478cf8f2 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -742,7 +742,7 @@ DEFINE_OSSL_set1_up_ref(OSSL_CMP_CTX, oldCert, X509)
*/
DEFINE_OSSL_set0(ossl_cmp_ctx, newCert, X509)
- /* Get successfully validated server cert, if any, of current transaction */
+ /* Get successfully validated sender cert, if any, of current transaction */
DEFINE_OSSL_CMP_CTX_get0(validatedSrvCert, X509)
/*
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index 4b98b8cb78ff..3542256e0bca 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -66,7 +66,7 @@ struct ossl_cmp_ctx_st {
int unprotectedErrors;
int noCacheExtraCerts;
X509 *srvCert; /* certificate used to identify the server */
- X509 *validatedSrvCert; /* caches any already validated server cert */
+ X509 *validatedSrvCert; /* caches any already validated sender cert */
X509_NAME *expected_sender; /* expected sender in header of response */
X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */
STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 873bee8b6ad3..eaa700d139d1 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2020
* Copyright Siemens AG 2015-2020
*
@@ -363,13 +363,12 @@ err:
return valid;
}
+/* checks protection of msg but not cert revocation nor cert chain */
static int check_msg_given_cert(const OSSL_CMP_CTX *ctx, X509 *cert,
const OSSL_CMP_MSG *msg)
{
return cert_acceptable(ctx, "previously validated", "sender cert",
- cert, NULL, NULL, msg)
- && (check_cert_path(ctx, ctx->trusted, cert)
- || check_cert_path_3gpp(ctx, msg, cert));
+ cert, NULL, NULL, msg);
}
/*-
@@ -479,22 +478,26 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
(void)ERR_set_mark();
ctx->log_cb = NULL; /* temporarily disable logging */
- /*
- * try first cached scrt, used successfully earlier in same transaction,
- * for validating this and any further msgs where extraCerts may be left out
- */
if (scrt != NULL) {
+ /*-
+ * try first using cached message sender cert (in 'scrt' variable),
+ * which was used successfully earlier in the same transaction
+ * (assuming that the certificate itself was not revoked meanwhile and
+ * is a good guess for use in validating also the current message)
+ */
if (check_msg_given_cert(ctx, scrt, msg)) {
ctx->log_cb = backup_log_cb;
(void)ERR_pop_to_mark();
return 1;
}
/* cached sender cert has shown to be no more successfully usable */
- (void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL);
/* re-do the above check (just) for adding diagnostic information */
ossl_cmp_info(ctx,
"trying to verify msg signature with previously validated cert");
+ ctx->log_cb = backup_log_cb;
(void)check_msg_given_cert(ctx, scrt, msg);
+ ctx->log_cb = NULL;
+ (void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL); /* this invalidates scrt */
}
res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */)
@@ -628,7 +631,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
scrt = ctx->srvCert;
if (scrt == NULL) {
if (ctx->trusted == NULL && ctx->secretValue != NULL) {
- ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
+ ossl_cmp_info(ctx, "no trust store nor pinned sender cert available for verifying signature-based CMP message protection");
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
return 0;
}
@@ -642,7 +645,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
/* use ctx->srvCert for signature check even if not acceptable */
if (verify_signature(ctx, msg, scrt)) {
ossl_cmp_debug(ctx,
- "successfully validated signature-based CMP message protection using pinned server cert");
+ "successfully validated signature-based CMP message protection using pinned sender cert");
return ossl_cmp_ctx_set1_validatedSrvCert(ctx, scrt);
}
ossl_cmp_warn(ctx, "CMP message signature verification failed");
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 580850bc9395..fb87f6c6ad27 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -23,7 +23,7 @@ ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
- ASN1_CHOICE(CMS_CertificateChoices)
+ASN1_CHOICE(CMS_CertificateChoices)
= { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) } ASN1_CHOICE_END(CMS_CertificateChoices)
ASN1_CHOICE(CMS_SignerIdentifier) = {
@@ -31,11 +31,11 @@ ASN1_CHOICE(CMS_SignerIdentifier) = {
ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
- ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
= { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) } static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
- /* Minor tweak to operation: free up signer key, cert */
- static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
if (operation == ASN1_OP_FREE_POST) {
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
@@ -62,7 +62,7 @@ ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
- ASN1_CHOICE(CMS_RevocationInfoChoice)
+ASN1_CHOICE(CMS_RevocationInfoChoice)
= { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
@@ -80,7 +80,7 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = {
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
- static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval;
@@ -118,7 +118,7 @@ ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
- static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
if (operation == ASN1_OP_FREE_POST) {
@@ -143,7 +143,7 @@ ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
- static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
if (operation == ASN1_OP_NEW_POST) {
@@ -173,7 +173,7 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
- ASN1_SEQUENCE(CMS_KEKRecipientInfo)
+ASN1_SEQUENCE(CMS_KEKRecipientInfo)
= { ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
@@ -188,8 +188,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
- /* Free up RecipientInfo additional data */
- static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
if (operation == ASN1_OP_FREE_PRE) {
CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
@@ -262,7 +262,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
- ASN1_NDEF_SEQUENCE(CMS_CompressedData)
+ASN1_NDEF_SEQUENCE(CMS_CompressedData)
= {
ASN1_EMBED(CMS_CompressedData, version, INT32),
ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
@@ -348,7 +348,7 @@ ASN1_CHOICE(CMS_ReceiptsFrom) = {
ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
- ASN1_SEQUENCE(CMS_ReceiptRequest)
+ASN1_SEQUENCE(CMS_ReceiptRequest)
= { ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
ASN1_SEQUENCE(CMS_Receipt) = {
@@ -375,7 +375,7 @@ ASN1_SEQUENCE(CMS_SharedInfo) = {
ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
- int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
{
union {
CMS_SharedInfo *pecsi;
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index ab3453d1c7c1..9c0b3c85e173 100644
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -89,16 +89,21 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
int keylen, plen;
EVP_CIPHER *kekcipher = NULL;
EVP_CIPHER_CTX *kekctx;
+ const ASN1_OBJECT *aoid;
+ const void *parameter = NULL;
+ int ptype = 0;
char name[OSSL_MAX_NAME_SIZE];
if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
goto err;
+ X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
+
/*
* For DH we only have one OID permissible. If ever any more get defined
* we will need something cleverer.
*/
- if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
+ if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) {
ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
goto err;
}
@@ -107,11 +112,11 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
|| EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
goto err;
- if (alg->parameter->type != V_ASN1_SEQUENCE)
+ if (ptype != V_ASN1_SEQUENCE)
goto err;
- p = alg->parameter->value.sequence->data;
- plen = alg->parameter->value.sequence->length;
+ p = ASN1_STRING_get0_data(parameter);
+ plen = ASN1_STRING_length(parameter);
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
if (kekalg == NULL)
goto err;
diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
index ff8adad61668..917bf784daeb 100644
--- a/crypto/cms/cms_ec.c
+++ b/crypto/cms/cms_ec.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -166,21 +166,27 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
int plen, keylen;
EVP_CIPHER *kekcipher = NULL;
EVP_CIPHER_CTX *kekctx;
+ const ASN1_OBJECT *aoid = NULL;
+ int ptype = 0;
+ const void *parameter = NULL;
+
char name[OSSL_MAX_NAME_SIZE];
if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
return 0;
- if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
+ X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
+
+ if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) {
ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
return 0;
}
- if (alg->parameter->type != V_ASN1_SEQUENCE)
+ if (ptype != V_ASN1_SEQUENCE)
return 0;
- p = alg->parameter->value.sequence->data;
- plen = alg->parameter->value.sequence->length;
+ p = ASN1_STRING_get0_data(parameter);
+ plen = ASN1_STRING_length(parameter);
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
if (kekalg == NULL)
goto err;
diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h
index b412a74c7773..94496b3823ef 100644
--- a/crypto/cms/cms_local.h
+++ b/crypto/cms/cms_local.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -35,8 +35,7 @@ typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
-typedef struct CMS_KeyAgreeRecipientIdentifier_st
- CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index 6b65842cc14e..9bf8284a8272 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
X509_ALGOR *cmsalg;
int nid;
int rv = -1;
- unsigned char *label = NULL;
+ const unsigned char *label = NULL;
int labellen = 0;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_OAEP_PARAMS *oaep;
+ const ASN1_OBJECT *aoid;
+ const void *parameter = NULL;
+ int ptype = 0;
pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (pkctx == NULL)
@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
goto err;
if (oaep->pSourceFunc != NULL) {
- X509_ALGOR *plab = oaep->pSourceFunc;
+ X509_ALGOR_get0(&aoid, &ptype, &parameter, oaep->pSourceFunc);
- if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
+ if (OBJ_obj2nid(aoid) != NID_pSpecified) {
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
goto err;
}
- if (plab->parameter->type != V_ASN1_OCTET_STRING) {
+ if (ptype != V_ASN1_OCTET_STRING) {
ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
goto err;
}
- label = plab->parameter->value.octet_string->data;
- /* Stop label being freed when OAEP parameters are freed */
- plab->parameter->value.octet_string->data = NULL;
- labellen = plab->parameter->value.octet_string->length;
+ label = ASN1_STRING_get0_data(parameter);
+ labellen = ASN1_STRING_length(parameter);
}
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
- if (label != NULL
- && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
- OPENSSL_free(label);
- goto err;
+ if (label != NULL) {
+ unsigned char *dup_label = OPENSSL_memdup(label, labellen);
+
+ if (dup_label == NULL)
+ goto err;
+
+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
+ OPENSSL_free(dup_label);
+ goto err;
+ }
}
/* Carry on */
rv = 1;
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 920464b3deec..4b5009b9d5bf 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -474,8 +474,10 @@ err:
} else {
if (dcont && (tmpin == dcont))
do_free_upto(cmsbio, dcont);
- else
+ else if (cmsbio != NULL)
BIO_free_all(cmsbio);
+ else
+ BIO_free(tmpin);
}
if (out != tmpout)
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 6efd95283e9e..3bd750144cec 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -314,7 +314,7 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
return NULL;
}
ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE,
- "group=%s name=%s", group, name);
+ "group=%s name=%s", group != NULL ? group : "", name);
return NULL;
}
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index adc0c5f36969..4ed7d9fd76cf 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -395,7 +395,7 @@ static CONF_MODULE *module_find(const char *name)
{
CONF_MODULE *tmod;
int i, nchar;
- char *p;
+ const char *p;
STACK_OF(CONF_MODULE) *mods;
p = strrchr(name, '.');
diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
index 26613a05fe8a..b73c805f1810 100644
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -28,7 +28,7 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
{
register DES_LONG v0, v1;
register long l = length;
- register int n = *num;
+ register int n = *num & 0x07;
DES_LONG ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
index 3ddd6819e2ed..c27400a97987 100644
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
{
register DES_LONG v0, v1;
register long l = length;
- register int n = *num;
+ register int n = *num & 0x07;
DES_LONG ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
index b0f9f0441cfb..c3bb7d7e1b36 100644
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
DES_key_schedule *k3, DES_cblock *ivec, int *num)
{
register DES_LONG v0, v1;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
DES_cblock d;
register char *dp;
diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
index df4e2077e96c..84b99d9d8ff7 100644
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -25,7 +25,7 @@ void DES_ofb64_encrypt(register const unsigned char *in,
DES_key_schedule *schedule, DES_cblock *ivec, int *num)
{
register DES_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
DES_cblock d;
register unsigned char *dp;
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index af78e2e84bf8..10bcdd2253f3 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -76,7 +76,7 @@ ASN1_SEQUENCE(DHvparams) = {
ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
- ASN1_SEQUENCE(DHxparams)
+ASN1_SEQUENCE(DHxparams)
= {
ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
@@ -85,8 +85,7 @@ ASN1_SEQUENCE(DHvparams) = {
ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
- int_dhx942_dh
- * d2i_int_dhx(int_dhx942_dh * *a, const unsigned char **pp, long length);
+int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, const unsigned char **pp, long length);
int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(int_dhx942_dh, DHxparams, int_dhx)
diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c
index 366776ce4ee3..67a9198a7071 100644
--- a/crypto/dh/dh_rfc5114.c
+++ b/crypto/dh/dh_rfc5114.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -43,5 +43,5 @@
}
make_dh(1024_160)
- make_dh(2048_224)
- make_dh(2048_256)
+make_dh(2048_224)
+make_dh(2048_256)
diff --git a/crypto/dllmain.c b/crypto/dllmain.c
index 152587870541..f2b72df89941 100644
--- a/crypto/dllmain.c
+++ b/crypto/dllmain.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -35,7 +35,9 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
+#ifndef __CYGWIN__
OPENSSL_thread_stop();
+#endif
break;
case DLL_PROCESS_DETACH:
break;
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 3366610a9fdc..9ebc7cc2596d 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,7 +47,7 @@ ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
ASN1_SIMPLE(DSA, params.p, BIGNUM),
@@ -55,7 +55,7 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
ASN1_SIMPLE(DSA, params.g, BIGNUM),
} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
ASN1_SIMPLE(DSA, pub_key, BIGNUM),
@@ -64,7 +64,7 @@ ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
ASN1_SIMPLE(DSA, params.g, BIGNUM)
} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
DSA *DSAparams_dup(const DSA *dsa)
{
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index bfd0242c6f56..6b44b8068f9e 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -105,7 +105,7 @@ ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
- DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
@@ -122,7 +122,7 @@ ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
- DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
@@ -137,10 +137,10 @@ ASN1_SEQUENCE(X9_62_FIELDID) = {
ASN1_ADB_OBJECT(X9_62_FIELDID)
} static_ASN1_SEQUENCE_END(X9_62_FIELDID)
- ASN1_SEQUENCE(X9_62_CURVE)
+ASN1_SEQUENCE(X9_62_CURVE)
= { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(X9_62_CURVE)
- ASN1_SEQUENCE(ECPARAMETERS)
+ASN1_SEQUENCE(ECPARAMETERS)
= { ASN1_EMBED(ECPARAMETERS, version, INT32), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS)
DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
@@ -163,7 +163,7 @@ ASN1_SEQUENCE(EC_PRIVATEKEY) = {
ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
- DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
+DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY)
IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY)
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index a11296002195..98cf12f36c0e 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -50,7 +50,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
* ECC domain parameter validation.
* See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
*/
- return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0;
+ return EC_GROUP_check_named_curve(group, 1, ctx) > 0 ? 1 : 0;
#else
int ret = 0;
const BIGNUM *order;
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 13dcd29b115c..2a5f93de1fdb 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -175,6 +175,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
dest->libctx = src->libctx;
dest->curve_name = src->curve_name;
+ EC_pre_comp_free(dest);
+
/* Copy precomputed */
dest->pre_comp_type = src->pre_comp_type;
switch (src->pre_comp_type) {
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 789ba9b87a4f..76841f4ad3cf 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -40,6 +40,7 @@
#include "crypto/cmperr.h"
#include "crypto/cterr.h"
#include "crypto/asyncerr.h"
+#include "crypto/sm2err.h"
#include "crypto/storeerr.h"
#include "crypto/esserr.h"
#include "internal/propertyerr.h"
@@ -104,6 +105,9 @@ int ossl_err_load_crypto_strings(void)
#endif
|| ossl_err_load_ESS_strings() == 0
|| ossl_err_load_ASYNC_strings() == 0
+#ifndef OPENSSL_NO_SM2
+ || ossl_err_load_SM2_strings() == 0
+#endif
|| ossl_err_load_OSSL_STORE_strings() == 0
|| ossl_err_load_PROP_strings() == 0
|| ossl_err_load_PROV_strings() == 0
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1c362d15f3c8..5b2ea1c4a4e6 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1,4 +1,4 @@
-# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -848,6 +848,7 @@ EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE:191:xts data unit is too large
EVP_R_XTS_DUPLICATED_KEYS:192:xts duplicated keys
HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN:108:asn1 len exceeds max resp len
HTTP_R_CONNECT_FAILURE:100:connect failure
+HTTP_R_CONTENT_TYPE_MISMATCH:131:content type mismatch
HTTP_R_ERROR_PARSING_ASN1_LENGTH:109:error parsing asn1 length
HTTP_R_ERROR_PARSING_CONTENT_LENGTH:119:error parsing content length
HTTP_R_ERROR_PARSING_URL:101:error parsing url
diff --git a/crypto/ess/ess_asn1.c b/crypto/ess/ess_asn1.c
index 297f2cead02a..d02076fabc5a 100644
--- a/crypto/ess/ess_asn1.c
+++ b/crypto/ess/ess_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,7 +21,7 @@ ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
} static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
- IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
ASN1_SEQUENCE(ESS_CERT_ID) = {
@@ -29,7 +29,7 @@ ASN1_SEQUENCE(ESS_CERT_ID) = {
ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID)
- IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
@@ -46,7 +46,7 @@ ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
- IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 4b1c95c4abe3..224f3000ce0a 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -872,8 +872,9 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
if (pctx != NULL
&& (pctx->operation == EVP_PKEY_OP_VERIFYCTX
|| pctx->operation == EVP_PKEY_OP_SIGNCTX)
- && pctx->op.sig.algctx != NULL
- && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
+ && pctx->op.sig.signature != NULL
+ && pctx->op.sig.signature->gettable_ctx_md_params != NULL
+ && pctx->op.sig.algctx != NULL)
return pctx->op.sig.signature->gettable_ctx_md_params(
pctx->op.sig.algctx);
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 5ce981958eb4..5a99fe8d577e 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2403,14 +2403,14 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
#endif
-#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
@@ -2641,10 +2641,10 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
- BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
- BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
+BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
+BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
- static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, c);
if (gctx == NULL)
@@ -3189,12 +3189,12 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c);
@@ -3378,9 +3378,9 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
| EVP_CIPH_CUSTOM_COPY)
BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
- static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, c);
switch (type) {
@@ -3654,12 +3654,12 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- typedef struct {
+typedef struct {
union {
OSSL_UNION_ALIGN;
AES_KEY ks;
@@ -4146,8 +4146,8 @@ static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
#endif /* OPENSSL_NO_OCB */
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index eb3d98259e3a..e35e3f5083a8 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -194,13 +194,13 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
- BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
- BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
- /* Authenticated cipher modes (GCM/CCM) */
+/* Authenticated cipher modes (GCM/CCM) */
- /* increment counter (64-bit int) by 1 */
- static void ctr64_inc(unsigned char *counter)
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
{
int n = 8;
unsigned char c;
@@ -778,11 +778,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_aead(128, gcm, GCM)
- BLOCK_CIPHER_aead(192, gcm, GCM)
- BLOCK_CIPHER_aead(256, gcm, GCM)
+BLOCK_CIPHER_aead(192, gcm, GCM)
+BLOCK_CIPHER_aead(256, gcm, GCM)
- BLOCK_CIPHER_aead(128, ccm, CCM)
- BLOCK_CIPHER_aead(192, ccm, CCM)
- BLOCK_CIPHER_aead(256, ccm, CCM)
+BLOCK_CIPHER_aead(128, ccm, CCM)
+BLOCK_CIPHER_aead(192, ccm, CCM)
+BLOCK_CIPHER_aead(256, ccm, CCM)
#endif
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index c994bb395d8f..babc4f18f3be 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -183,14 +183,14 @@ static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#endif
-#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
/* The subkey for Camellia is generated. */
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -347,5 +347,5 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
- BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
- BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
+BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
+BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index b8d10829c257..9c9080025c14 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -197,16 +197,16 @@ BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
- BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
- EVP_CIPH_RAND_KEY, des_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
+ EVP_CIPH_RAND_KEY, des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
- BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
- EVP_CIPH_RAND_KEY, des_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
+ EVP_CIPH_RAND_KEY, des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
- static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index ecb49a3f204e..13abdda138f0 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -210,20 +210,20 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
#define des_ede3_ofb_cipher des_ede_ofb_cipher
#define des_ede3_cbc_cipher des_ede_cbc_cipher
#define des_ede3_ecb_cipher des_ede_ecb_cipher
- BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
- BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
- BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
- static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = data(ctx);
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index 0371094fe3bb..6f4f05842f87 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -54,8 +54,8 @@ BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
0, idea_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
- static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
{
if (!enc) {
if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE)
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
index f833e755162d..66b087c02014 100644
--- a/crypto/evp/e_sm4.c
+++ b/crypto/evp/e_sm4.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
* Ported from Ribose contributions from Botan.
*
@@ -49,12 +49,12 @@ typedef struct {
return &sm4_##mode; \
}
-#define DEFINE_BLOCK_CIPHERS(nid, flags) \
- BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags)
+#define DEFINE_BLOCK_CIPHERS(nid, flags) \
+ BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags)
static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index ceeaea5f1145..d554941e7cc4 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -689,7 +689,7 @@ static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d)));
if (eof == -1)
- eof = (f[2] == '=') + (f[3] == '=');
+ eof = (c == '=') + (d == '=');
switch (eof) {
case 2:
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 5584e06d7e38..109412b342b5 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -979,6 +979,11 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
size_t soutl, inl_ = (size_t)inl;
int blocksize;
+ if (inl < 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+ return 0;
+ }
+
if (ossl_likely(outl != NULL)) {
*outl = 0;
} else {
@@ -1128,6 +1133,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
size_t soutl, inl_ = (size_t)inl;
int blocksize;
+ if (inl < 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+ return 0;
+ }
+
if (ossl_likely(outl != NULL)) {
*outl = 0;
} else {
diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c
index 6c36164760e3..d0cf696b3220 100644
--- a/crypto/evp/kem.c
+++ b/crypto/evp/kem.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -181,7 +181,7 @@ static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
if (provauthkey != NULL && kem->auth_decapsulate_init != NULL) {
ret = kem->auth_decapsulate_init(ctx->op.encap.algctx, provkey,
provauthkey, params);
- } else if (provauthkey == NULL && kem->encapsulate_init != NULL) {
+ } else if (provauthkey == NULL && kem->decapsulate_init != NULL) {
ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params);
} else {
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
diff --git a/crypto/hashtable/hashtable.c b/crypto/hashtable/hashtable.c
index dba05ebe25ce..8b9f9cc0d9fd 100644
--- a/crypto/hashtable/hashtable.c
+++ b/crypto/hashtable/hashtable.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -82,9 +82,11 @@
#if defined(__GNUC__) || defined(__CLANG__)
#define PREFETCH_NEIGHBORHOOD(x) __builtin_prefetch(x.entries)
#define PREFETCH(x) __builtin_prefetch(x)
+#define ALIGN __attribute__((aligned(8)))
#else
#define PREFETCH_NEIGHBORHOOD(x)
#define PREFETCH(x)
+#define ALIGN
#endif
/*
@@ -112,7 +114,7 @@ struct ht_internal_value_st {
struct ht_neighborhood_entry_st {
uint64_t hash;
struct ht_internal_value_st *value;
-};
+} ALIGN;
struct ht_neighborhood_st {
struct ht_neighborhood_entry_st entries[NEIGHBORHOOD_LEN];
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index cc12545fc447..1e603d870c03 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2018-2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -551,6 +551,7 @@ static int may_still_retry(time_t max_time, int *ptimeout)
int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
{
int i, found_expected_ct = 0, found_keep_alive = 0;
+ int status_code = 0;
int got_text = 1;
long n;
size_t resp_len = 0;
@@ -751,8 +752,8 @@ next_io:
/* First line in response header */
if (rctx->state == OHS_FIRSTLINE) {
- i = parse_http_line1(buf, &found_keep_alive);
- switch (i) {
+ status_code = parse_http_line1(buf, &found_keep_alive);
+ switch (status_code) {
case HTTP_STATUS_CODE_OK:
rctx->state = OHS_HEADERS;
goto next_line;
@@ -767,7 +768,7 @@ next_io:
/* fall through */
default:
/* must return content if status >= 400 */
- rctx->state = i < HTTP_STATUS_CODES_NONFATAL_ERROR
+ rctx->state = status_code < HTTP_STATUS_CODES_NONFATAL_ERROR
? OHS_HEADERS_ERROR
: OHS_HEADERS;
goto next_line; /* continue parsing, also on HTTP error */
@@ -797,6 +798,17 @@ next_io:
}
if (OPENSSL_strcasecmp(key, "Content-Type") == 0) {
got_text = HAS_CASE_PREFIX(value, "text/");
+ if (got_text
+ && rctx->state == OHS_HEADERS
+ && rctx->expect_asn1
+ && (status_code >= HTTP_STATUS_CODES_NONFATAL_ERROR
+ || status_code == HTTP_STATUS_CODE_OK)) {
+ ERR_raise_data(ERR_LIB_HTTP, HTTP_R_CONTENT_TYPE_MISMATCH,
+ "expected ASN.1 content but got http code %d with Content-Type: %s",
+ status_code, value);
+ rctx->state = OHS_HEADERS_ERROR;
+ goto next_line;
+ }
if (rctx->state == OHS_HEADERS
&& rctx->expected_ct != NULL) {
const char *semicolon;
@@ -1452,7 +1464,11 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
}
BIO_push(fbio, bio);
- BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
+ /* Add square brackets around a naked IPv6 address */
+ if (server[0] != '[' && strchr(server, ':') != NULL)
+ BIO_printf(fbio, "CONNECT [%s]:%s " HTTP_1_0 "\r\n", server, port);
+ else
+ BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
/*
* Workaround for broken proxies which would otherwise close
diff --git a/crypto/http/http_err.c b/crypto/http/http_err.c
index 947a403d6009..8598dd1ff48a 100644
--- a/crypto/http/http_err.c
+++ b/crypto/http/http_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,6 +20,8 @@ static const ERR_STRING_DATA HTTP_str_reasons[] = {
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN),
"asn1 len exceeds max resp len" },
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONNECT_FAILURE), "connect failure" },
+ { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONTENT_TYPE_MISMATCH),
+ "content type mismatch" },
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_ASN1_LENGTH),
"error parsing asn1 length" },
{ ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_CONTENT_LENGTH),
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 54c5c6ec1d8f..c8ffd87c0620 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -55,6 +55,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
char **ppath, char **pquery, char **pfrag)
{
const char *p, *tmp;
+ const char *authority_end;
const char *scheme, *scheme_end;
const char *user, *user_end;
const char *host, *host_end;
@@ -92,7 +93,10 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
/* parse optional "userinfo@" */
user = user_end = host = p;
- host = strchr(p, '@');
+ authority_end = strpbrk(p, "/?#");
+ if (authority_end == NULL)
+ authority_end = p + strlen(p);
+ host = memchr(p, '@', authority_end - p);
if (host != NULL)
user_end = host++;
else
diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index c8ed3853285a..9e95ed7323fe 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,6 +37,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
*num = -1;
return;
}
+ n = n & 0x07;
iv = (unsigned char *)ivec;
if (encrypt) {
diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
index afa6a960d4ed..64f8469abc60 100644
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -39,6 +39,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
*num = -1;
return;
}
+ n = n & 0x07;
iv = (unsigned char *)ivec;
n2l(iv, v0);
diff --git a/crypto/init.c b/crypto/init.c
index c309b27c5dda..ea29645b648c 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -275,27 +275,24 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
}
static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
-static int config_inited = 0;
static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
DEFINE_RUN_ONCE_STATIC(ossl_init_config)
{
int ret = ossl_config_int(NULL);
- config_inited = 1;
return ret;
}
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config)
{
int ret = ossl_config_int(conf_settings);
- config_inited = 1;
return ret;
}
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
{
OSSL_TRACE(INIT, "ossl_no_config_int()\n");
ossl_no_config_int();
- config_inited = 1;
+
return 1;
}
diff --git a/crypto/initthread.c b/crypto/initthread.c
index b03579d06c75..241fdf85362f 100644
--- a/crypto/initthread.c
+++ b/crypto/initthread.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -200,16 +200,28 @@ static void init_thread_destructor(void *hands)
}
static CRYPTO_ONCE ossl_init_thread_runonce = CRYPTO_ONCE_STATIC_INIT;
+/* MSVC linker can use other segment for uninitialized (zeroed) variables */
+#if defined(OPENSSL_SYS_WINDOWS)
static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)-1;
+#elif defined(OPENSSL_SYS_TANDEM) && (defined(_PUT_MODEL_) || defined(_KLT_MODEL_))
+static CRYPTO_THREAD_ID recursion_guard = { (void *)-1, (short)-1, (short)-1 };
+#else
+static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)0;
+#endif
DEFINE_RUN_ONCE_STATIC(ossl_init_thread_once)
{
+ /* CRYPTO_THREAD_init_local() can call ossl_init_threads() again */
recursion_guard = CRYPTO_THREAD_get_current_id();
if (!CRYPTO_THREAD_init_local(&destructor_key.value,
init_thread_destructor))
return 0;
+#if defined(OPENSSL_SYS_TANDEM)
+ memset(&recursion_guard, 0, sizeof(recursion_guard));
+#else
recursion_guard = (CRYPTO_THREAD_ID)0;
+#endif
return 1;
}
diff --git a/crypto/modes/asm/aes-gcm-ppc.pl b/crypto/modes/asm/aes-gcm-ppc.pl
index 970283c559f8..7355c31cc129 100644
--- a/crypto/modes/asm/aes-gcm-ppc.pl
+++ b/crypto/modes/asm/aes-gcm-ppc.pl
@@ -409,7 +409,6 @@ my $code.=<<___;
################################################################################
.align 4
aes_gcm_crypt_1x:
-.localentry aes_gcm_crypt_1x,0
cmpdi 5, 16
bge __More_1x
@@ -492,7 +491,6 @@ __Encrypt_1x:
################################################################################
.align 4
__Process_partial:
-.localentry __Process_partial,0
# create partial mask
vspltisb 16, -1
@@ -564,7 +562,6 @@ __Encrypt_partial:
.global ppc_aes_gcm_encrypt
.align 5
ppc_aes_gcm_encrypt:
-.localentry ppc_aes_gcm_encrypt,0
SAVE_REGS
LOAD_HASH_TABLE
@@ -752,7 +749,6 @@ __Process_more_enc:
.global ppc_aes_gcm_decrypt
.align 5
ppc_aes_gcm_decrypt:
-.localentry ppc_aes_gcm_decrypt, 0
SAVE_REGS
LOAD_HASH_TABLE
@@ -1032,7 +1028,6 @@ __Process_more_dec:
.size ppc_aes_gcm_decrypt,.-ppc_aes_gcm_decrypt
aes_gcm_out:
-.localentry aes_gcm_out,0
mr 3, 11 # return count
diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
index 044f86f143f9..4ab6d8cb2b42 100644
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -55,7 +55,7 @@
# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
# Polynomial Multiplication on ARM Processors using the NEON Engine.
#
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
# ====================================================================
# Note about "528B" variant. In ARM case it makes lesser sense to
diff --git a/crypto/modes/build.info b/crypto/modes/build.info
index 52d2df19c6d9..9fb2d503d8d6 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
@@ -35,7 +35,7 @@ IF[{- !$disabled{asm} -}]
$MODESASM_ppc32=ghashp8-ppc.s
$MODESDEF_ppc32=
$MODESASM_ppc64=$MODESASM_ppc32
- IF[{- $target{sys_id} ne "AIX" && $target{sys_id} ne "MACOSX" -}]
+ IF[{- $target{perlasm_scheme} =~ /le$/ -}]
$MODESASM_ppc64=$MODESASM_ppc32 aes-gcm-ppc.s
ENDIF
$MODESDEF_ppc64=$MODESDEF_ppc32
diff --git a/crypto/o_str.c b/crypto/o_str.c
index 35540630be25..154393c7b3e7 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2003-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -296,6 +296,11 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
int has_sep = (sep != CH_ZERO);
size_t i, len = has_sep ? buflen * 3 : 1 + buflen * 2;
+ if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) {
+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
+ return 0;
+ }
+
if (len == 0)
++len;
if (strlength != NULL)
@@ -339,7 +344,13 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
if (buflen == 0)
return OPENSSL_zalloc(1);
- tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2;
+ if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3)
+ || (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) {
+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
+ return NULL;
+ }
+
+ tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2;
if ((tmp = OPENSSL_malloc(tmp_n)) == NULL)
return NULL;
diff --git a/crypto/param_build.c b/crypto/param_build.c
index 1eb36953ca52..4e90c581a0eb 100644
--- a/crypto/param_build.c
+++ b/crypto/param_build.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -121,12 +121,22 @@ void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
unsigned int num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -134,12 +144,22 @@ int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
long int num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
unsigned long int num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -147,12 +167,22 @@ int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
int32_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
uint32_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -160,12 +190,22 @@ int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
int64_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
uint64_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -173,6 +213,11 @@ int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
size_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -180,6 +225,11 @@ int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
time_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_INTEGER);
}
@@ -187,6 +237,11 @@ int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
double num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
}
@@ -196,6 +251,11 @@ static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
int n, secure = 0;
OSSL_PARAM_BLD_DEF *pd;
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (!ossl_assert(type == OSSL_PARAM_UNSIGNED_INTEGER
|| type == OSSL_PARAM_INTEGER))
return 0;
@@ -233,6 +293,11 @@ static int push_BN(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
const BIGNUM *bn)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (bn != NULL && BN_is_negative(bn))
return push_BN(bld, key, bn, BN_num_bytes(bn) + 1,
OSSL_PARAM_INTEGER);
@@ -243,6 +308,11 @@ int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
const BIGNUM *bn, size_t sz)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (bn != NULL && BN_is_negative(bn))
return push_BN(bld, key, bn, BN_num_bytes(bn),
OSSL_PARAM_INTEGER);
@@ -255,6 +325,11 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
OSSL_PARAM_BLD_DEF *pd;
int secure;
+ if (bld == NULL || key == NULL || buf == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (bsize == 0)
bsize = strlen(buf);
secure = CRYPTO_secure_allocated(buf);
@@ -270,6 +345,11 @@ int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
{
OSSL_PARAM_BLD_DEF *pd;
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (bsize == 0)
bsize = strlen(buf);
pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
@@ -285,6 +365,11 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
OSSL_PARAM_BLD_DEF *pd;
int secure;
+ if (bld == NULL || key == NULL || buf == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
secure = CRYPTO_secure_allocated(buf);
pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure);
if (pd == NULL)
@@ -298,6 +383,11 @@ int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
{
OSSL_PARAM_BLD_DEF *pd;
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
if (pd == NULL)
return 0;
@@ -362,10 +452,18 @@ OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
{
OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
OSSL_PARAM *params, *last;
- const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
- const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
- const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
- const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
+ int num;
+ size_t p_blks, total, ss;
+
+ if (bld == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
+ p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
+ total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
+ ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
if (ss > 0) {
s = OPENSSL_secure_malloc(ss);
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index d677963c6176..94ba8ad75930 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -663,8 +663,7 @@ my %globals;
);
# Following constants are defined in x86_64 ABI supplement, for
- # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf,
- # see section 3.7 "Stack Unwind Algorithm".
+ # example available at https://gitlab.com/x86-psABIs/x86-64-ABI.
my %DW_reg_idx = (
"%rax"=>0, "%rdx"=>1, "%rcx"=>2, "%rbx"=>3,
"%rsi"=>4, "%rdi"=>5, "%rbp"=>6, "%rsp"=>7,
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index 79ed41209c09..01956252df76 100644
--- a/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
@@ -519,6 +519,8 @@ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
X509_ALGOR_free(param->messageAuthScheme);
param->keyDerivationFunc = alg;
param->messageAuthScheme = hmac_alg;
+ alg = NULL;
+ hmac_alg = NULL;
X509_SIG_getm(p12->mac->dinfo, &macalg, &macoct);
if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), param, &macalg->parameter))
@@ -540,6 +542,8 @@ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
ret = 1;
err:
+ X509_ALGOR_free(alg);
+ X509_ALGOR_free(hmac_alg);
PBMAC1PARAM_free(param);
OPENSSL_free(known_salt);
return ret;
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index 9360f9930713..a6f3248c554c 100644
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -175,7 +175,7 @@ static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
utf32chr += 0x10000;
}
- return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
+ return UTF8_putc((unsigned char *)str, 4, utf32chr);
}
char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index b180b5848185..d6513cf3a379 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -831,6 +831,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
break;
case NID_pkcs7_signed:
si_sk = p7->d.sign->signer_info;
+ if (p7->d.sign->contents == NULL) {
+ ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+ goto err;
+ }
os = PKCS7_get_octet_string(p7->d.sign->contents);
/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
@@ -841,6 +845,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
break;
case NID_pkcs7_digest:
+ if (p7->d.digest->contents == NULL) {
+ ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+ goto err;
+ }
os = PKCS7_get_octet_string(p7->d.digest->contents);
/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 675c694e66cd..6cd0c3f025c5 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -48,7 +48,8 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
break;
case PKCS7_OP_GET_DETACHED_SIGNATURE:
if (nid == NID_pkcs7_signed) {
- if (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL)
+ if (p7->d.sign == NULL || p7->d.sign->contents == NULL
+ || p7->d.sign->contents->d.ptr == NULL)
ret = 1;
else
ret = 0;
@@ -742,6 +743,10 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
break;
case NID_pkcs7_signed:
+ if (p7->d.sign == NULL || p7->d.sign->contents == NULL) {
+ ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+ break;
+ }
os = p7->d.sign->contents->d.data;
break;
diff --git a/crypto/punycode.c b/crypto/punycode.c
index 18cbccf1ae7a..cb78c7f18f36 100644
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -268,7 +268,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t outlen)
return -1;
while (1) {
- char *tmpptr = strchr(inptr, '.');
+ const char *tmpptr = strchr(inptr, '.');
size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
if (!HAS_PREFIX(inptr, "xn--")) {
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index ba8aa34dc204..aeb9bd0d2384 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -108,10 +108,13 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
{
FILE *fp = NULL;
struct sockaddr_un addr;
- int mybuffer, ret = -1, i, numbytes, fd;
+ int mybuffer, ret = -1, i, numbytes, fd = -1;
unsigned char tempbuf[255];
+#if defined(OPENSSL_SYS_TANDEM)
+ int hpns_connect_attempt = 0;
+#endif
- if (bytes > (int)sizeof(tempbuf))
+ if (bytes <= 0 || bytes > (int)sizeof(tempbuf))
return -1;
/* Make socket. */
@@ -126,9 +129,8 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
#else
fd = socket(AF_UNIX, SOCK_STREAM, 0);
#endif
- if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL)
+ if (fd == -1)
return -1;
- setbuf(fp, NULL);
/* Try to connect */
for (;;) {
@@ -171,6 +173,14 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
}
}
+ /* Create stream only after a successful connect to avoid stale FILE* on fd swap. */
+ fp = fdopen(fd, "r+");
+ if (fp == NULL) {
+ close(fd);
+ return -1;
+ }
+ setbuf(fp, NULL);
+
/* Make request, see how many bytes we can get back. */
tempbuf[0] = 1;
tempbuf[1] = bytes;
@@ -180,6 +190,9 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
goto err;
numbytes = tempbuf[0];
+ if (numbytes <= 0 || numbytes > bytes || numbytes > (int)sizeof(tempbuf))
+ goto err;
+
/* Which buffer are we using? */
mybuffer = buf == NULL;
if (mybuffer)
@@ -196,6 +209,8 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
err:
if (fp != NULL)
fclose(fp);
+ else if (fd != -1)
+ close(fd);
return ret;
}
diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
index ccc69fa6bf8d..0ee6061486d2 100644
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
int *num, int encrypt)
{
register unsigned long v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned long ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
index b659b72a1005..fdc025bbd8f1 100644
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
int *num)
{
register unsigned long v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c
index f2f4b9bdfb3b..a7c447f681d3 100644
--- a/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num, int encrypt)
{
register unsigned long v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned long ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c
index 30487521f22f..5217303a28d2 100644
--- a/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num)
{
register unsigned long v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
diff --git a/crypto/riscvcap.c b/crypto/riscvcap.c
index f6db84bf16b6..64a45d87cec4 100644
--- a/crypto/riscvcap.c
+++ b/crypto/riscvcap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,9 +26,6 @@
extern size_t riscv_vlen_asm(void);
-static void parse_env(const char *envstr);
-static void strtoupper(char *str);
-
static size_t vlen = 0;
#ifdef OSSL_RISCV_HWPROBE
@@ -50,10 +47,15 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
return 0;
}
-static void strtoupper(char *str)
+static void strtoupper(const char *str, char *dst, size_t dstlen)
{
- for (char *x = str; *x; ++x)
- *x = toupper((unsigned char)*x);
+ for (size_t i = 0; i < dstlen; i++) {
+ if (i == dstlen - 1 || str[i] == '\0') {
+ dst[i] = '\0';
+ break;
+ }
+ dst[i] = toupper((unsigned char)str[i]);
+ }
}
/* parse_env() parses a RISC-V architecture string. An example of such a string
@@ -68,15 +70,24 @@ static void parse_env(const char *envstr)
char buf[BUFLEN];
/* Convert env str to all uppercase */
- OPENSSL_strlcpy(envstrupper, envstr, sizeof(envstrupper));
- strtoupper(envstrupper);
+ strtoupper(envstr, envstrupper, sizeof(envstrupper));
for (size_t i = 0; i < kRISCVNumCaps; ++i) {
+ size_t len = strlen(RISCV_capabilities[i].name);
/* Prefix capability with underscore in preparation for search */
- BIO_snprintf(buf, BUFLEN, "_%s", RISCV_capabilities[i].name);
- if (strstr(envstrupper, buf) != NULL) {
- /* Match, set relevant bit in OPENSSL_riscvcap_P[] */
- OPENSSL_riscvcap_P[RISCV_capabilities[i].index] |= (1 << RISCV_capabilities[i].bit_offset);
+ /*
+ * Avoid using higher level library functions which may require
+ * library initialization (such as BIO_snprintf) as this may be called
+ * in a constructor before library initialization
+ */
+ if (len < BUFLEN - 1) {
+ buf[0] = '_';
+ memcpy(buf + 1, RISCV_capabilities[i].name, len);
+ buf[len + 1] = '\0';
+ if (strstr(envstrupper, buf) != NULL) {
+ /* Match, set relevant bit in OPENSSL_riscvcap_P[] */
+ OPENSSL_riscvcap_P[RISCV_capabilities[i].index] |= (1 << RISCV_capabilities[i].bit_offset);
+ }
}
}
}
diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c
index 3315c50014fd..3cfa4a18be57 100644
--- a/crypto/rsa/rsa_backend.c
+++ b/crypto/rsa/rsa_backend.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -246,6 +246,8 @@ err:
BN_free(n);
BN_free(e);
BN_free(d);
+ BN_clear_free(p);
+ BN_clear_free(q);
sk_BIGNUM_pop_free(factors, BN_clear_free);
sk_BIGNUM_pop_free(exps, BN_clear_free);
sk_BIGNUM_pop_free(coeffs, BN_clear_free);
diff --git a/crypto/sha/asm/keccak1600-s390x.pl b/crypto/sha/asm/keccak1600-s390x.pl
index 7d5ebde11719..6cf0214bb932 100755
--- a/crypto/sha/asm/keccak1600-s390x.pl
+++ b/crypto/sha/asm/keccak1600-s390x.pl
@@ -1,5 +1,5 @@
#!/usr/bin/env perl
-# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -67,6 +67,7 @@ my @rhotates = ([ 0, 1, 62, 28, 27 ],
$code.=<<___;
.text
+.machine "z10"
.type __KeccakF1600,\@function
.align 32
diff --git a/crypto/slh_dsa/slh_dsa.c b/crypto/slh_dsa/slh_dsa.c
index 77c20daceb34..41fc494048b4 100644
--- a/crypto/slh_dsa/slh_dsa.c
+++ b/crypto/slh_dsa/slh_dsa.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -119,11 +119,11 @@ static int slh_sign_internal(SLH_DSA_HASH_CTX *hctx,
/* Generate ht signature and append to the SLH-DSA signature */
&& ossl_slh_ht_sign(hctx, pk_fors, sk_seed, pk_seed, tree_id, leaf_id,
wpkt);
- *sig_len = sig_len_expected;
- ret = 1;
err:
if (!WPACKET_finish(wpkt))
ret = 0;
+ if (ret)
+ *sig_len = sig_len_expected;
return ret;
}
@@ -232,6 +232,7 @@ static uint8_t *msg_encode(const uint8_t *msg, size_t msg_len,
const uint8_t *ctx, size_t ctx_len, int encode,
uint8_t *tmp, size_t tmp_len, size_t *out_len)
{
+ WPACKET pkt;
uint8_t *encoded = NULL;
size_t encoded_len;
@@ -240,11 +241,14 @@ static uint8_t *msg_encode(const uint8_t *msg, size_t msg_len,
*out_len = msg_len;
return (uint8_t *)msg;
}
+
if (ctx_len > SLH_DSA_MAX_CONTEXT_STRING_LEN)
return NULL;
/* Pure encoding */
encoded_len = 1 + 1 + ctx_len + msg_len;
+ if (encoded_len < msg_len) /* Check for overflow */
+ return NULL;
*out_len = encoded_len;
if (encoded_len <= tmp_len) {
encoded = tmp;
@@ -253,10 +257,17 @@ static uint8_t *msg_encode(const uint8_t *msg, size_t msg_len,
if (encoded == NULL)
return NULL;
}
- encoded[0] = 0;
- encoded[1] = (uint8_t)ctx_len;
- memcpy(&encoded[2], ctx, ctx_len);
- memcpy(&encoded[2 + ctx_len], msg, msg_len);
+ if (!WPACKET_init_static_len(&pkt, encoded, encoded_len, 0)
+ || !WPACKET_put_bytes_u8(&pkt, 0)
+ || !WPACKET_put_bytes_u8(&pkt, (uint8_t)ctx_len)
+ || !WPACKET_memcpy(&pkt, ctx, ctx_len)
+ || !WPACKET_memcpy(&pkt, msg, msg_len)
+ || !WPACKET_finish(&pkt)) {
+ if (encoded != tmp)
+ OPENSSL_free(encoded);
+ encoded = NULL;
+ WPACKET_cleanup(&pkt);
+ }
return encoded;
}
diff --git a/crypto/sm4/asm/vpsm4_ex-armv8.pl b/crypto/sm4/asm/vpsm4_ex-armv8.pl
index e8e33735852e..eac5a0f6a1d8 100644
--- a/crypto/sm4/asm/vpsm4_ex-armv8.pl
+++ b/crypto/sm4/asm/vpsm4_ex-armv8.pl
@@ -476,12 +476,13 @@ sub load_sbox () {
$code.=<<___;
adrp $xtmp2, .Lsbox_magic
- ldr $MaskQ, [$xtmp2, #:lo12:.Lsbox_magic]
- ldr $TAHMatQ, [$xtmp2, #:lo12:.Lsbox_magic+16]
- ldr $TALMatQ, [$xtmp2, #:lo12:.Lsbox_magic+32]
- ldr $ATAHMatQ, [$xtmp2, #:lo12:.Lsbox_magic+48]
- ldr $ATALMatQ, [$xtmp2, #:lo12:.Lsbox_magic+64]
- ldr $ANDMaskQ, [$xtmp2, #:lo12:.Lsbox_magic+80]
+ add $xtmp2, $xtmp2, #:lo12:.Lsbox_magic
+ ldr $MaskQ, [$xtmp2]
+ ldr $TAHMatQ, [$xtmp2, 16]
+ ldr $TALMatQ, [$xtmp2, 32]
+ ldr $ATAHMatQ, [$xtmp2, 48]
+ ldr $ATALMatQ, [$xtmp2, 64]
+ ldr $ANDMaskQ, [$xtmp2, 80]
___
}
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 7c111541388c..b7a9eaed8f7d 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -498,6 +498,10 @@ int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
int res = 0;
struct ossl_passphrase_data_st pwdata = { 0 };
+ if (uri == NULL) {
+ ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
OPENSSL_strlcpy(scheme, uri, sizeof(scheme));
if ((p = strchr(scheme, ':')) != NULL)
*p++ = '\0';
diff --git a/crypto/threads_none.c b/crypto/threads_none.c
index 1a67d51f29f4..fd2ab38d8097 100644
--- a/crypto/threads_none.c
+++ b/crypto/threads_none.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -217,7 +217,7 @@ int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
{
- return 0;
+ return 1;
}
int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c
index b1a4a63a2748..b4394f78fc1f 100644
--- a/crypto/threads_pthread.c
+++ b/crypto/threads_pthread.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -534,6 +534,9 @@ void ossl_rcu_assign_uptr(void **p, void **v)
CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
{
struct rcu_lock_st *new;
+ pthread_mutex_t *mutexes[3] = { NULL };
+ pthread_cond_t *conds[2] = { NULL };
+ int i;
/*
* We need a minimum of 2 qp's
@@ -550,19 +553,40 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
return NULL;
new->ctx = ctx;
- pthread_mutex_init(&new->write_lock, NULL);
- pthread_mutex_init(&new->prior_lock, NULL);
- pthread_mutex_init(&new->alloc_lock, NULL);
- pthread_cond_init(&new->prior_signal, NULL);
- pthread_cond_init(&new->alloc_signal, NULL);
-
+ i = 0;
+ mutexes[i] = pthread_mutex_init(&new->write_lock, NULL) == 0 ? &new->write_lock : NULL;
+ if (mutexes[i++] == NULL)
+ goto err;
+ mutexes[i] = pthread_mutex_init(&new->prior_lock, NULL) == 0 ? &new->prior_lock : NULL;
+ if (mutexes[i++] == NULL)
+ goto err;
+ mutexes[i] = pthread_mutex_init(&new->alloc_lock, NULL) == 0 ? &new->alloc_lock : NULL;
+ if (mutexes[i++] == NULL)
+ goto err;
+ conds[i - 3] = pthread_cond_init(&new->prior_signal, NULL) == 0 ? &new->prior_signal : NULL;
+ if (conds[i - 3] == NULL)
+ goto err;
+ i++;
+ conds[i - 3] = pthread_cond_init(&new->alloc_signal, NULL) == 0 ? &new->alloc_signal : NULL;
+ if (conds[i - 3] == NULL)
+ goto err;
+ i++;
new->qp_group = allocate_new_qp_group(new, num_writers);
- if (new->qp_group == NULL) {
- OPENSSL_free(new);
- new = NULL;
- }
+ if (new->qp_group == NULL)
+ goto err;
return new;
+
+err:
+ for (i = 0; i < 3; i++)
+ if (mutexes[i] != NULL)
+ pthread_mutex_destroy(mutexes[i]);
+ for (i = 0; i < 2; i++)
+ if (conds[i] != NULL)
+ pthread_cond_destroy(conds[i]);
+ OPENSSL_free(new->qp_group);
+ OPENSSL_free(new);
+ return NULL;
}
void ossl_rcu_lock_free(CRYPTO_RCU_LOCK *lock)
@@ -576,6 +600,17 @@ void ossl_rcu_lock_free(CRYPTO_RCU_LOCK *lock)
ossl_synchronize_rcu(rlock);
OPENSSL_free(rlock->qp_group);
+ /*
+ * Some targets (BSD) allocate heap when initializing
+ * a mutex or condition, to prevent leaks, those need
+ * to be destroyed here
+ */
+ pthread_mutex_destroy(&rlock->write_lock);
+ pthread_mutex_destroy(&rlock->prior_lock);
+ pthread_mutex_destroy(&rlock->alloc_lock);
+ pthread_cond_destroy(&rlock->prior_signal);
+ pthread_cond_destroy(&rlock->alloc_signal);
+
/* There should only be a single qp left now */
OPENSSL_free(rlock);
}
diff --git a/crypto/threads_win.c b/crypto/threads_win.c
index 51d489cdf03b..795d97a012eb 100644
--- a/crypto/threads_win.c
+++ b/crypto/threads_win.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -50,7 +50,7 @@ typedef struct {
* atomically updated
*/
struct rcu_qp {
- volatile uint64_t users;
+ uint64_t users;
};
struct thread_qp {
diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c
index 93a741d04d74..494e4e69d710 100644
--- a/crypto/ts/ts_asn1.c
+++ b/crypto/ts/ts_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -17,7 +17,7 @@ ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
- IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
{
@@ -51,7 +51,7 @@ ASN1_SEQUENCE(TS_REQ) = {
ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
} static_ASN1_SEQUENCE_END(TS_REQ)
- IMPLEMENT_ASN1_FUNCTIONS(TS_REQ)
+IMPLEMENT_ASN1_FUNCTIONS(TS_REQ)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
{
@@ -80,7 +80,7 @@ ASN1_SEQUENCE(TS_ACCURACY) = {
ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
} static_ASN1_SEQUENCE_END(TS_ACCURACY)
- IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY)
+IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
ASN1_SEQUENCE(TS_TST_INFO) = {
@@ -96,7 +96,7 @@ ASN1_SEQUENCE(TS_TST_INFO) = {
ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
} static_ASN1_SEQUENCE_END(TS_TST_INFO)
- IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
{
@@ -127,7 +127,7 @@ ASN1_SEQUENCE(TS_STATUS_INFO) = {
ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
} static_ASN1_SEQUENCE_END(TS_STATUS_INFO)
- IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
static int ts_resp_set_tst_info(TS_RESP *a)
@@ -175,7 +175,7 @@ ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = {
ASN1_OPT(TS_RESP, token, PKCS7),
} static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
- IMPLEMENT_ASN1_FUNCTIONS(TS_RESP)
+IMPLEMENT_ASN1_FUNCTIONS(TS_RESP)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
index 1d91e49cece1..f9d9990bd1d1 100644
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -680,8 +680,10 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
} else {
*pexplicit_policy = 1;
/* Tree empty and requireExplicit True: Error */
- if (init_ret & X509_PCY_TREE_EMPTY)
+ if (init_ret & X509_PCY_TREE_EMPTY) {
+ X509_policy_tree_free(tree);
return X509_PCY_TREE_FAILURE;
+ }
}
ret = tree_evaluate(tree);
@@ -707,13 +709,15 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
if (!ret)
goto error;
- *ptree = tree;
-
if (init_ret & X509_PCY_TREE_EXPLICIT) {
nodes = X509_policy_tree_get0_user_policies(tree);
- if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+ if (sk_X509_POLICY_NODE_num(nodes) <= 0) {
+ X509_policy_tree_free(tree);
return X509_PCY_TREE_FAILURE;
+ }
}
+
+ *ptree = tree;
return X509_PCY_TREE_VALID;
error:
diff --git a/crypto/x509/t_acert.c b/crypto/x509/t_acert.c
index 1ee6b9eacb05..1ef7fab682bb 100644
--- a/crypto/x509/t_acert.c
+++ b/crypto/x509/t_acert.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -62,8 +62,10 @@ static int print_attribute(BIO *bp, X509_ATTRIBUTE *a)
case V_ASN1_SEQUENCE:
if (BIO_puts(bp, "\n") <= 0)
goto err;
- ASN1_parse_dump(bp, at->value.sequence->data,
- at->value.sequence->length, i, 1);
+ if (ASN1_parse_dump(bp, at->value.sequence->data,
+ at->value.sequence->length, i, 1)
+ <= 0)
+ goto err;
break;
default:
if (BIO_printf(bp, "unable to print attribute of type 0x%X\n",
diff --git a/crypto/x509/v3_ac_tgt.c b/crypto/x509/v3_ac_tgt.c
index 4fe14070369a..b819f7659551 100644
--- a/crypto/x509/v3_ac_tgt.c
+++ b/crypto/x509/v3_ac_tgt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -41,7 +41,7 @@ ASN1_SEQUENCE(OSSL_ISSUER_SERIAL) = {
ASN1_OPT(OSSL_ISSUER_SERIAL, issuerUID, ASN1_BIT_STRING),
} static_ASN1_SEQUENCE_END(OSSL_ISSUER_SERIAL)
- ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO)
+ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO)
= {
ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, digestedObjectType, ASN1_ENUMERATED),
ASN1_OPT(OSSL_OBJECT_DIGEST_INFO, otherObjectTypeID, ASN1_OBJECT),
@@ -49,14 +49,14 @@ ASN1_SEQUENCE(OSSL_ISSUER_SERIAL) = {
ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, objectDigest, ASN1_BIT_STRING),
} static_ASN1_SEQUENCE_END(OSSL_OBJECT_DIGEST_INFO)
- ASN1_SEQUENCE(OSSL_TARGET_CERT)
+ASN1_SEQUENCE(OSSL_TARGET_CERT)
= {
ASN1_SIMPLE(OSSL_TARGET_CERT, targetCertificate, OSSL_ISSUER_SERIAL),
ASN1_OPT(OSSL_TARGET_CERT, targetName, GENERAL_NAME),
ASN1_OPT(OSSL_TARGET_CERT, certDigestInfo, OSSL_OBJECT_DIGEST_INFO),
} static_ASN1_SEQUENCE_END(OSSL_TARGET_CERT)
- ASN1_CHOICE(OSSL_TARGET)
+ASN1_CHOICE(OSSL_TARGET)
= {
ASN1_EXP(OSSL_TARGET, choice.targetName, GENERAL_NAME, 0),
ASN1_EXP(OSSL_TARGET, choice.targetGroup, GENERAL_NAME, 1),
diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c
index ab37f9dff625..c5a638e8a396 100644
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -256,7 +256,7 @@ err:
static int displaytext_get_tag_len(const char *tagstr)
{
- char *colon = strchr(tagstr, ':');
+ const char *colon = strchr(tagstr, ':');
return (colon == NULL) ? -1 : colon - tagstr;
}
diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.c
index 088cffed69f0..1992344d85be 100644
--- a/crypto/x509/v3_prn.c
+++ b/crypto/x509/v3_prn.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -191,9 +191,9 @@ static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
return 1;
case X509V3_EXT_PARSE_UNKNOWN:
- return ASN1_parse_dump(out, ext, extlen, indent, -1);
+ return ASN1_parse_dump(out, ext, extlen, indent, -1) > 0;
case X509V3_EXT_DUMP_UNKNOWN:
- return BIO_dump_indent(out, (const char *)ext, extlen, indent);
+ return BIO_dump_indent(out, (const char *)ext, extlen, indent) > 0;
default:
return 1;
diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index 76170bcb9516..2674b33cc565 100644
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -630,7 +630,8 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
{
- char *objtmp = NULL, *p;
+ char *objtmp = NULL;
+ const char *p;
int objlen;
if ((p = strchr(value, ';')) == NULL)
diff --git a/crypto/x509/v3_timespec.c b/crypto/x509/v3_timespec.c
index c23b94ad085f..4b7b07c3d0d0 100644
--- a/crypto/x509/v3_timespec.c
+++ b/crypto/x509/v3_timespec.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -167,7 +167,7 @@ static int i2r_OSSL_DAY_TIME(X509V3_EXT_METHOD *method,
return 0;
if (dt->minute && !ASN1_INTEGER_get_int64(&m, dt->minute))
return 0;
- if (dt->minute && !ASN1_INTEGER_get_int64(&s, dt->second))
+ if (dt->second && !ASN1_INTEGER_get_int64(&s, dt->second))
return 0;
return BIO_printf(out, "%02lld:%02lld:%02lld",
(long long int)h, (long long int)m, (long long int)s)
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index a3ee50e5cee7..99780cf4a32b 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1120,15 +1120,16 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
ASN1_OCTET_STRING *ret = NULL;
unsigned char ipout[32];
char *iptmp = NULL, *p;
+ const char *slash;
int iplen1, iplen2;
- p = strchr(ipasc, '/');
- if (p == NULL)
+ slash = strchr(ipasc, '/');
+ if (slash == NULL)
return NULL;
iptmp = OPENSSL_strdup(ipasc);
if (iptmp == NULL)
return NULL;
- p = iptmp + (p - ipasc);
+ p = iptmp + (slash - ipasc);
*p++ = 0;
iplen1 = ossl_a2i_ipadd(ipout, iptmp);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 20c012def2f3..0994c32ca533 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1123,6 +1123,7 @@ static int check_cert(X509_STORE_CTX *ctx)
goto done;
}
+ ctx->current_crl = NULL;
X509_CRL_free(crl);
X509_CRL_free(dcrl);
crl = NULL;
@@ -1307,6 +1308,8 @@ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
return 0;
/* Delta CRL number must exceed full CRL number */
+ if (delta->crl_number == NULL)
+ return 0;
return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0;
}
@@ -3015,7 +3018,7 @@ static int dane_match_cert(X509_STORE_CTX *ctx, X509 *cert, int depth)
break;
}
- OPENSSL_free(dane->mcert);
+ X509_free(dane->mcert);
dane->mcert = cert;
dane->mdpth = depth;
dane->mtlsa = t;
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 4c75560ef248..03f532ab9cb3 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -65,8 +65,8 @@ ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = {
ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
- X509_PUBKEY
- * ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx, const char *propq)
+X509_PUBKEY
+*ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx, const char *propq)
{
X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
diff --git a/doc/build.info b/doc/build.info
index bb1f00f49b76..eb4492ba9c75 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -2903,6 +2903,10 @@ DEPEND[html/man3/UI_new.html]=man3/UI_new.pod
GENERATE[html/man3/UI_new.html]=man3/UI_new.pod
DEPEND[man/man3/UI_new.3]=man3/UI_new.pod
GENERATE[man/man3/UI_new.3]=man3/UI_new.pod
+DEPEND[html/man3/X509V3_EXT_print.html]=man3/X509V3_EXT_print.pod
+GENERATE[html/man3/X509V3_EXT_print.html]=man3/X509V3_EXT_print.pod
+DEPEND[man/man3/X509V3_EXT_print.3]=man3/X509V3_EXT_print.pod
+GENERATE[man/man3/X509V3_EXT_print.3]=man3/X509V3_EXT_print.pod
DEPEND[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod
GENERATE[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod
DEPEND[man/man3/X509V3_get_d2i.3]=man3/X509V3_get_d2i.pod
@@ -3787,6 +3791,7 @@ html/man3/UI_STRING.html \
html/man3/UI_UTIL_read_pw.html \
html/man3/UI_create_method.html \
html/man3/UI_new.html \
+html/man3/X509V3_EXT_print.html \
html/man3/X509V3_get_d2i.html \
html/man3/X509V3_set_ctx.html \
html/man3/X509_ACERT_add1_attr.html \
@@ -4463,6 +4468,7 @@ man/man3/UI_STRING.3 \
man/man3/UI_UTIL_read_pw.3 \
man/man3/UI_create_method.3 \
man/man3/UI_new.3 \
+man/man3/X509V3_EXT_print.3 \
man/man3/X509V3_get_d2i.3 \
man/man3/X509V3_set_ctx.3 \
man/man3/X509_ACERT_add1_attr.3 \
diff --git a/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod b/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod
index 16bd7f205c2d..6c78c3a447af 100644
--- a/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod
+++ b/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod
@@ -80,7 +80,7 @@ This example is of a function that computes the size of a record that
has a four byte element count which is followed by that many elements.
It returns zero on overflow.
- OSSL_SAFE_MATH_UNSIGNED(sizet, size_t, SIZE_MAX)
+ OSSL_SAFE_MATH_UNSIGNED(sizet, size_t)
size_t compute_record_size(uint32_t n)
{
@@ -99,7 +99,7 @@ The functions described here were all added in OpenSSL 3.2.
=head1 COPYRIGHT
-Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/internal/man3/ossl_cmp_msg_check_update.pod b/doc/internal/man3/ossl_cmp_msg_check_update.pod
index 2a6a9fccb04c..4643be69b77b 100644
--- a/doc/internal/man3/ossl_cmp_msg_check_update.pod
+++ b/doc/internal/man3/ossl_cmp_msg_check_update.pod
@@ -51,6 +51,7 @@ The callback is passed also the arguments B<ctx>, B<msg>, and <cb_arg>
The callback should return 1 on acceptance, 0 on rejection, or -1 on error.
It should not put an error on the error stack since this could be misleading.
+Unless the B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS> is set in the B<ctx>,
ossl_cmp_msg_check_update() adds all extraCerts contained in the <msg> to
the list of untrusted certificates in B<ctx> such that they are already usable
for OSSL_CMP_validate_msg(), which is called internally, and for future use.
@@ -58,7 +59,7 @@ Thus they are available also to the certificate confirmation callback, and the
peer does not need to send them again (at least not in the same transaction).
Note that it does not help validating the message before storing the extraCerts
because they are not part of the protected portion of the message anyway.
-For efficiency, the extraCerts are prepended to the list so they get used first.
+For efficiency, the extraCerts being cached are prepended to the list so they get used first.
If all checks pass then ossl_cmp_msg_check_update()
records in B<ctx> the senderNonce of the received message as the new recipNonce
@@ -85,7 +86,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/internal/man7/deprecation.pod b/doc/internal/man7/deprecation.pod
index de34c30fa22f..4e954584f43e 100644
--- a/doc/internal/man7/deprecation.pod
+++ b/doc/internal/man7/deprecation.pod
@@ -2,6 +2,8 @@
=head1 NAME
+OPENSSL_NO_DEPRECATED_3_5, OSSL_DEPRECATEDIN_3_5,
+OPENSSL_NO_DEPRECATED_3_4, OSSL_DEPRECATEDIN_3_4,
OPENSSL_NO_DEPRECATED_3_1, OSSL_DEPRECATEDIN_3_1,
OPENSSL_NO_DEPRECATED_3_0, OSSL_DEPRECATEDIN_3_0,
OPENSSL_NO_DEPRECATED_1_1_1, OSSL_DEPRECATEDIN_1_1_1,
@@ -131,7 +133,7 @@ L<openssl_user_macros(7)>
=head1 COPYRIGHT
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod
index 184382ee8335..3bcbcace9a3e 100644
--- a/doc/man1/CA.pl.pod
+++ b/doc/man1/CA.pl.pod
@@ -106,7 +106,7 @@ If there is an additional argument on the command line it will be used as the
list box), otherwise the name "My Certificate" is used.
Delegates work to L<openssl-pkcs12(1)>.
-=item B<-sign>, B<-signcert>, B<-xsign>
+=item B<-sign>, B<-xsign>
Calls the L<openssl-ca(1)> command to sign a certificate request. It expects the
request to be in the file F<newreq.pem>. The new certificate is written to the
@@ -191,7 +191,7 @@ L<config(5)>
=head1 COPYRIGHT
-Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index 69195bcdcbd0..e1f9845cee57 100644
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -120,16 +120,16 @@ the IANA TLS Cipher Suites Registry
The actual cipher string can take several different forms.
-It can consist of a single cipher suite such as B<RC4-SHA>.
+It can consist of a single cipher suite such as B<AES256-SHA>.
It can represent a list of cipher suites containing a certain algorithm, or
-cipher suites of a certain type. For example B<SHA1> represents all ciphers
-suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
-algorithms.
+cipher suites of a certain type. For example B<SHA256> represents all cipher
+suites using the digest algorithm SHA256 and B<TLSv1.2> represents all
+cipher suites introduced in TLS v.1.2.
Lists of cipher suites can be combined in a single cipher string using the
B<+> character. This is used as a logical B<and> operation. For example
-B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
+B<SHA256+AES> represents all cipher suites using the SHA256 B<and> the AES
algorithms.
Each cipher string can be optionally preceded by the characters B<!>,
@@ -160,7 +160,7 @@ See L<SSL_CTX_set_security_level(3)> for a description of what each level means.
The cipher list can be prefixed with the B<DEFAULT> keyword, which enables
the default cipher list as defined below. Unlike cipher strings,
this prefix may not be combined with other strings using B<+> character.
-For example, B<DEFAULT+DES> is not valid.
+For example, B<DEFAULT+AES> is not valid.
The content of the default list is determined at compile time and normally
corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
@@ -173,11 +173,12 @@ The following is a list of all permitted cipher strings and their meanings.
=item B<COMPLEMENTOFDEFAULT>
-The ciphers included in B<ALL>, but not enabled by default. Currently
-this includes all RC4 and anonymous ciphers. Note that this rule does
-not cover B<eNULL>, which is not included by B<ALL> (use B<COMPLEMENTOFALL> if
-necessary). Note that RC4 based cipher suites are not built into OpenSSL by
-default (see the enable-weak-ssl-ciphers option to Configure).
+The cipher suites included in B<ALL>, but not enabled by default. The default
+cipher suite list provides strong security and reasonable interoperability.
+A cipher suite can be not included in the default list for different reasons:
+because it is weak, or not "mature" enough, or not widely used, etc.
+Note that this rule does not cover B<eNULL>, which is not included by B<ALL>
+(use B<COMPLEMENTOFALL> if necessary).
=item B<ALL>
@@ -205,6 +206,10 @@ encryption.
encryption algorithms but excluding export cipher suites. All these
cipher suites have been removed as of OpenSSL 1.1.0.
+=item B<FIPS>
+
+Cipher suites permitted in FIPS mode.
+
=item B<eNULL>, B<NULL>
The "NULL" ciphers that is those offering no encryption. Because these offer no
@@ -227,14 +232,8 @@ When in doubt, include B<!aNULL> in your cipherlist.
=item B<kRSA>, B<aRSA>, B<RSA>
-Cipher suites using RSA key exchange or authentication. B<RSA> is an alias for
-B<kRSA>.
-
-=item B<kDHr>, B<kDHd>, B<kDH>
-
-Cipher suites using static DH key agreement and DH certificates signed by CAs
-with RSA and DSS keys or either respectively.
-All these cipher suites have been removed in OpenSSL 1.1.0.
+Cipher suites using RSA key exchange, RSA authentication, or both of them
+respectively.
=item B<kDHE>, B<kEDH>, B<DH>
@@ -267,12 +266,6 @@ Anonymous Elliptic Curve Diffie-Hellman cipher suites.
Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
-=item B<aDH>
-
-Cipher suites effectively using DH authentication, i.e. the certificates carry
-DH keys.
-All these cipher suites have been removed in OpenSSL 1.1.0.
-
=item B<aECDSA>, B<ECDSA>
Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
@@ -280,8 +273,7 @@ keys.
=item B<TLSv1.2>, B<TLSv1.0>, B<SSLv3>
-Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or
-SSL v3.0 respectively.
+Lists cipher suites introduced in TLS v1.2, TLS v1.0 or SSL v3.0 respectively.
Note: there are no cipher suites specific to TLS v1.1.
Since this is only the minimum version, if, for example, TLSv1.0 is negotiated
then both TLSv1.0 and SSLv3.0 cipher suites are available.
@@ -305,10 +297,13 @@ cipher suites are only supported in TLS v1.2. B<AESCCM> references CCM
cipher suites using both 16 and 8 octet Integrity Check Value (ICV)
while B<AESCCM8> only references 8 octet ICV.
-=item B<ARIA128>, B<ARIA256>, B<ARIA>
+=item B<ARIA128>, B<ARIA256>
+
+Cipher suites using 128 bit ARIA or 256 bit ARIA respectively.
-Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit
-ARIA.
+=item B<ARIA>, B<ARIAGCM>
+
+Cipher suites using either 128 or 256 bit ARIA.
=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
@@ -358,24 +353,46 @@ Cipher suites using SHA256 or SHA384.
=item B<aGOST>
-Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
+Cipher suites using GOST R 34.10 (either 2001 or 2012) for authentication
(needs an engine supporting GOST algorithms).
=item B<aGOST01>
-Cipher suites using GOST R 34.10-2001 authentication.
+Cipher suites that can be uses with GOST R 34.10-2001 keys for authentication.
+
+=item B<aGOST12>
+
+Cipher suites that can be used with GOST R 34.10-2012 keys for authentication.
=item B<kGOST>
-Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
+Cipher suites using VKO 34.10 key exchange and key wrap specified in the
+RFC 4357 or RFC 7836.
+
+=item B<kGOST18>
+
+Cipher suites using VKO 34.10 key exchange specified in the RFC 7836 and
+KExp15 key export specified in the RFC 9189.
=item B<GOST94>
Cipher suites, using HMAC based on GOST R 34.11-94.
+=item B<GOST12>
+
+Cipher suites, using HMAC based on GOST R 34.11-2012 256 bits.
+
=item B<GOST89MAC>
-Cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
+Cipher suites using GOST 28147-89 MAC B<instead of> HMAC with S-boxes A.
+
+=item B<GOST89MAC12>
+
+Cipher suites using GOST 28147-89 MAC B<instead of> HMAC with S-boxes Z.
+
+=item B<GOST89>
+
+Cipher suites using any GOST cipher (GOST 28147-89, Magma or Kuznyechik).
=item B<PSK>
@@ -390,6 +407,14 @@ Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.
Cipher suites using PSK authentication (currently all PSK modes apart from
RSA_PSK).
+=item B<kSRP>, B<SRP>
+
+Cipher suites using SRP key exchange.
+
+=item B<aSRP>
+
+Cipher suites using SRP authentication.
+
=item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192>
Enables suite B mode of operation using 128 (permitting 192 bit mode by peer)
@@ -424,310 +449,398 @@ It should be noted, that several cipher suite names do not include the
authentication used, e.g. DES-CBC3-SHA. In these cases, RSA authentication
is used.
-=head2 SSL v3.0 cipher suites
-
- SSL_RSA_WITH_NULL_MD5 NULL-MD5
- SSL_RSA_WITH_NULL_SHA NULL-SHA
- SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
- SSL_RSA_WITH_RC4_128_SHA RC4-SHA
- SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
-
- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
-
- SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
-
- SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
- SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
- SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
-
-=head2 TLS v1.0 cipher suites
-
- TLS_RSA_WITH_NULL_MD5 NULL-MD5
- TLS_RSA_WITH_NULL_SHA NULL-SHA
- TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
- TLS_RSA_WITH_RC4_128_SHA RC4-SHA
- TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
-
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
-
- TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
-
-=head2 AES cipher suites from RFC3268, extending TLS v1.0
-
- TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
- TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA
- TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA
- TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA
- TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
- TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
-
-=head2 Camellia cipher suites from RFC4132, extending TLS v1.0
-
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA
-
- TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH-DSS-CAMELLIA128-SHA
- TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH-DSS-CAMELLIA256-SHA
- TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH-RSA-CAMELLIA128-SHA
- TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH-RSA-CAMELLIA256-SHA
-
- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA
- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA
+=head2 AES cipher suites for TLS v1.2
- TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA
- TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA
+ TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256
+ TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8
+ TLS_DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8
+ TLS_DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
+ TLS_DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8
+ TLS_DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
+ TLS_DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8
+ TLS_DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH-AES128-CCM8
+ TLS_ECDH_anon_WITH_AES_128_CCM AECDH-AES128-CCM
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA
+ TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH-AES256-CCM8
+ TLS_ECDH_anon_WITH_AES_256_CCM AECDH-AES256-CCM
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE-RSA-AES128-CCM8
+ TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE-RSA-AES128-CCM
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE-RSA-AES256-CCM8
+ TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE-RSA-AES256-CCM
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384
+ TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256
+ TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
+ TLS_PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8
+ TLS_PSK_WITH_AES_128_CCM PSK-AES128-CCM
+ TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
+ TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384
+ TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
+ TLS_PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8
+ TLS_PSK_WITH_AES_256_CCM PSK-AES256-CCM
+ TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384
+ TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256
+ TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
+ TLS_RSA_WITH_AES_128_CCM_8 AES128-CCM8
+ TLS_RSA_WITH_AES_128_CCM AES128-CCM
+ TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
+ TLS_RSA_WITH_AES_256_CCM_8 AES256-CCM8
+ TLS_RSA_WITH_AES_256_CCM AES256-CCM
+ TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384
-=head2 SEED cipher suites from RFC4162, extending TLS v1.0
+=head2 Camellia cipher suites for TLS v1.2
- TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 ADH-CAMELLIA128-SHA256
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA
+ TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 ADH-CAMELLIA128-GCM-SHA256
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 ADH-CAMELLIA256-SHA256
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA
+ TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 ADH-CAMELLIA256-GCM-SHA384
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 DHE-DSS-CAMELLIA128-SHA256
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 DHE-DSS-CAMELLIA128-GCM-SHA256
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 DHE-DSS-CAMELLIA256-SHA256
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 DHE-DSS-CAMELLIA256-GCM-SHA384
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DHE-RSA-CAMELLIA128-SHA256
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 DHE-RSA-CAMELLIA128-GCM-SHA256
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 DHE-RSA-CAMELLIA256-SHA256
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 DHE-RSA-CAMELLIA256-GCM-SHA384
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384
+ TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256
+ TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 CAMELLIA128-SHA256
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA
+ TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 CAMELLIA128-GCM-SHA256
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 CAMELLIA256-SHA256
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA
+ TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 CAMELLIA256-GCM-SHA384
- TLS_DH_DSS_WITH_SEED_CBC_SHA DH-DSS-SEED-SHA
- TLS_DH_RSA_WITH_SEED_CBC_SHA DH-RSA-SEED-SHA
+=head2 SEED cipher suites for TLS v1.2
- TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA
- TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA
+ TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA
+ TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA
- TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA
-
-=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0
+=head2 GOST cipher suites for TLS v1.2
Note: these ciphers require an engine which including GOST cryptographic
algorithms, such as the B<gost> engine, which isn't part of the OpenSSL
distribution.
- TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
- TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
- TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
- TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
-
-=head2 GOST cipher suites, extending TLS v1.2
-
-Note: these ciphers require an engine which including GOST cryptographic
-algorithms, such as the B<gost> engine, which isn't part of the OpenSSL
-distribution.
-
- TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012-GOST8912-GOST8912
- TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012-NULL-GOST12
-
-Note: GOST2012-GOST8912-GOST8912 is an alias for two ciphers ID
-old LEGACY-GOST2012-GOST8912-GOST8912 and new IANA-GOST2012-GOST8912-GOST8912
-
-
-=head2 Additional Export 1024 and other cipher suites
-
-Note: these ciphers can also be used in SSL v3.
-
- TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
-
-=head2 Elliptic curve cipher suites
-
- TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA
- TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA
-
- TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA
-
- TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA
- TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA
- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA
- TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA
- TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA
-
-=head2 TLS v1.2 cipher suites
-
- TLS_RSA_WITH_NULL_SHA256 NULL-SHA256
-
- TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384
-
- TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH-RSA-AES128-SHA256
- TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH-RSA-AES256-SHA256
- TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH-RSA-AES128-GCM-SHA256
- TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH-RSA-AES256-GCM-SHA384
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH-DSS-AES128-SHA256
- TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH-DSS-AES256-SHA256
- TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH-DSS-AES128-GCM-SHA256
- TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH-DSS-AES256-GCM-SHA384
-
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384
-
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384
-
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256
- TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256
- TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256
- TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384
-
- RSA_WITH_AES_128_CCM AES128-CCM
- RSA_WITH_AES_256_CCM AES256-CCM
- DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM
- DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM
- RSA_WITH_AES_128_CCM_8 AES128-CCM8
- RSA_WITH_AES_256_CCM_8 AES256-CCM8
- DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8
- DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8
- ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM
- ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM
- ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8
- ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
+ IANA-GOST2012-GOST8912-GOST8912
+ LEGACY-GOST2012-GOST8912-GOST8912
+ GOST2012-NULL-GOST12
+ GOST2012-KUZNYECHIK-KUZNYECHIKOMAC
+ GOST2012-MAGMA-MAGMAOMAC
=head2 ARIA cipher suites from RFC6209, extending TLS v1.2
Note: the CBC modes mentioned in this RFC are not supported.
- TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256
- TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384
- TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256
- TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384
- TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256
- TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384
- TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384
- TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ARIA128-GCM-SHA256
- TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ARIA256-GCM-SHA384
- TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256
- TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384
- TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256
- TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384
- TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256
- TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384
-
-=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2
-
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
- TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256
- TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384
-
-=head2 Pre-shared keying (PSK) cipher suites
-
- PSK_WITH_NULL_SHA PSK-NULL-SHA
- DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA
- RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA
+ TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 ADH-ARIA128-CBC-SHA256
+ TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 ADH-ARIA128-GCM-SHA256
+ TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 ADH-ARIA256-CBC-SHA384
+ TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 ADH-ARIA256-GCM-SHA384
+ TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256
+ TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384
+ TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE-PSK-ARIA128-CBC-SHA256
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256
+ TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE-PSK-ARIA256-CBC-SHA384
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384
+ TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 DHE-RSA-ARIA128-CBC-SHA256
+ TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256
+ TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 DHE-RSA-ARIA256-CBC-SHA384
+ TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE-ECDSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE-ECDSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE-RSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-RSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE-RSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-RSA-ARIA256-GCM-SHA384
+ TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK-ARIA128-CBC-SHA256
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384
+ TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA-PSK-ARIA128-CBC-SHA256
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256
+ TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA-PSK-ARIA256-CBC-SHA384
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384
+ TLS_RSA_WITH_ARIA_128_CBC_SHA256 ARIA128-CBC-SHA256
+ TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256
+ TLS_RSA_WITH_ARIA_256_CBC_SHA384 ARIA256-CBC-SHA384
+ TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384
- PSK_WITH_RC4_128_SHA PSK-RC4-SHA
- PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA
- PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
- PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
-
- DHE_PSK_WITH_RC4_128_SHA DHE-PSK-RC4-SHA
- DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE-PSK-3DES-EDE-CBC-SHA
- DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA
- DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA
-
- RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
- RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA
- RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA
- RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA
-
- PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
- PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
- DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256
- DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384
- RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256
- RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384
-
- PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256
- PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384
- PSK_WITH_NULL_SHA256 PSK-NULL-SHA256
- PSK_WITH_NULL_SHA384 PSK-NULL-SHA384
- DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256
- DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384
- DHE_PSK_WITH_NULL_SHA256 DHE-PSK-NULL-SHA256
- DHE_PSK_WITH_NULL_SHA384 DHE-PSK-NULL-SHA384
- RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256
- RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384
- RSA_PSK_WITH_NULL_SHA256 RSA-PSK-NULL-SHA256
- RSA_PSK_WITH_NULL_SHA384 RSA-PSK-NULL-SHA384
- PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
- PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
-
- ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA
- ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-3DES-EDE-CBC-SHA
- ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA
- ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA
- ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256
- ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384
- ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA
- ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256
- ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384
+=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
- PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256
- PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305
- DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256
- DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384
+=head2 Elliptic curve cipher suites for TLS v.1.2
- RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256
- RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH-AES128-CCM8
+ TLS_ECDH_anon_WITH_AES_128_CCM AECDH-AES128-CCM
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA
+ TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH-AES256-CCM8
+ TLS_ECDH_anon_WITH_AES_256_CCM AECDH-AES256-CCM
+ TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH-ECDSA-DES-CBC3-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH-ECDSA-RC4-SHA
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH-RSA-DES-CBC3-SHA
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384
+ TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256
+ TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384
+ TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH-RSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE-ECDSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE-ECDSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 ECDHE-ECDSA-SM4-CCM-SM3
+ TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 ECDHE-ECDSA-SM4-GCM-SM3
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE-RSA-AES128-CCM8
+ TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE-RSA-AES128-CCM
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE-RSA-AES256-CCM8
+ TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE-RSA-AES256-CCM
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE-RSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-RSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE-RSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-RSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA
+ TLS_ECDHE_RSA_WITH_SM4_CCM_SM3 ECDHE-RSA-SM4-CCM-SM3
+ TLS_ECDHE_RSA_WITH_SM4_GCM_SM3 ECDHE-RSA-SM4-GCM-SM3
+ TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-DES-CBC3-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA
+ TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE-PSK-SM4-CCM-SM3
+ TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE-PSK-SM4-GCM-SM3
- ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256
- ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384
+=head2 Pre-shared keying (PSK) cipher suites
- PSK_WITH_AES_128_CCM PSK-AES128-CCM
- PSK_WITH_AES_256_CCM PSK-AES256-CCM
- DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM
- DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM
- PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8
- PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8
- DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8
- DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8
+ TLS_DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8
+ TLS_DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384
+ TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE-PSK-ARIA128-CBC-SHA256
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256
+ TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE-PSK-ARIA256-CBC-SHA384
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305
+ TLS_DHE_PSK_WITH_SM4_CCM_SM3 DHE-PSK-SM4-CCM-SM3
+ TLS_DHE_PSK_WITH_SM4_GCM_SM3 DHE-PSK-SM4-GCM-SM3
+ TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-DES-CBC3-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA
+ TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE-PSK-SM4-CCM-SM3
+ TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE-PSK-SM4-GCM-SM3
+ TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256
+ TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
+ TLS_PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8
+ TLS_PSK_WITH_AES_128_CCM PSK-AES128-CCM
+ TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
+ TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384
+ TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
+ TLS_PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8
+ TLS_PSK_WITH_AES_256_CCM PSK-AES256-CCM
+ TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
+ TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK-ARIA128-CBC-SHA256
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384
+ TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA-PSK-ARIA128-CBC-SHA256
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256
+ TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA-PSK-ARIA256-CBC-SHA384
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_SM4_CCM_SM3 RSA-PSK-SM4-CCM-SM3
+ TLS_RSA_PSK_WITH_SM4_GCM_SM3 RSA-PSK-SM4-GCM-SM3
-=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
+=head2 Other TLS v1.2 cipher suites
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305
- TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305
- TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305
- TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305
- TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305
+ TLS_RSA_WITH_NULL_MD5 NULL-MD5
+ TLS_RSA_WITH_NULL_SHA NULL-SHA
+ TLS_RSA_WITH_NULL_SHA256 NULL-SHA256
+ TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA RC4-SHA
+ TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
+ TLS_RSA_WITH_SM4_CCM_SM3 SM4-CCM-SM3
+ TLS_RSA_WITH_SM4_GCM_SM3 SM4-GCM-SM3
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
+ TLS_DHE_RSA_WITH_SM4_CCM_SM3 DHE-RSA-SM4-CCM-SM3
+ TLS_DHE_RSA_WITH_SM4_GCM_SM3 DHE-RSA-SM4-GCM-SM3
+ TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
=head2 TLS v1.3 cipher suites
@@ -746,12 +859,12 @@ Note: these ciphers are purely HMAC based and do not provide any confidentiality
and thus are disabled by default.
These ciphers are only available at security level 0.
-=head2 Older names used by OpenSSL
+=head2 "EDH-" aliases to "DHE-" names for backward compatibility
The following names are accepted by older releases:
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
+ EDH-RSA-DES-CBC3-SHA - alias of DHE-RSA-DES-CBC3-SHA
+ EDH-DSS-DES-CBC3-SHA - alias of DHE-DSS-DES-CBC3-SHA
=head1 NOTES
@@ -774,13 +887,9 @@ authentication (aNULL):
openssl ciphers -v 'ALL:!aNULL'
-Include only 3DES ciphers and then place RSA ciphers last:
-
- openssl ciphers -v '3DES:+RSA'
-
-Include all RC4 ciphers but leave out those without authentication:
+Include only AES ciphers and then place RSA ciphers last:
- openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+ openssl ciphers -v 'AES:+RSA'
Include all ciphers with RSA authentication but leave out ciphers without
encryption.
@@ -814,7 +923,7 @@ The support for TLS v1.3 integrity-only cipher suites was added in OpenSSL 3.4.
=head1 COPYRIGHT
-Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 906143d2927d..0be66b3b7671 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -718,9 +718,15 @@ with a signature key."
=item B<-no_cache_extracerts>
Do not cache certificates in the extraCerts field of CMP messages received.
-By default, they are kept as they may be helful for validating further messages.
+By default, they are kept as they may be helpful for validating further messages.
This option applies to both CMP clients and the mock server.
+In any case, after successfully validating an incoming message, its protection
+certificate (if any) is cached for reuse with validation of subsequent messages.
+This is done not only for efficiency but also
+to eliminate the need for the sender to include its certificate and related chain
+in the extraCerts field of subsequent messages of the same transaction.
+
=item B<-srvcertout> I<filename>
The file where to save the successfully validated certificate, if any,
@@ -1533,7 +1539,7 @@ B<-rsp_keypass> were added in OpenSSL 3.5.
=head1 COPYRIGHT
-Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 13a436b07660..948ac8b80c77 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -881,7 +881,7 @@ Use SHA256 KDF with an ECDH certificate:
Print CMS signed binary data in human-readable form:
-openssl cms -in signed.cms -binary -inform DER -cmsout -print
+ openssl cms -in signed.cms -binary -inform DER -cmsout -print
=head1 BUGS
diff --git a/doc/man1/openssl-format-options.pod b/doc/man1/openssl-format-options.pod
index a9bd1d6971e0..115aa9936f8f 100644
--- a/doc/man1/openssl-format-options.pod
+++ b/doc/man1/openssl-format-options.pod
@@ -75,7 +75,7 @@ A password or PIN may be supplied to the engine using the B<-passin> option.
A DER-encoded file containing a PKCS#12 object.
It might be necessary to provide a decryption password to retrieve
-the private key.
+the private key or certificate.
=item B<PEM>
@@ -135,7 +135,7 @@ Note that the parsing is simple and might fail to parse some legal data.
=head1 COPYRIGHT
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in
index c5fb8378e8b1..46b62952590e 100644
--- a/doc/man1/openssl-pkeyutl.pod.in
+++ b/doc/man1/openssl-pkeyutl.pod.in
@@ -207,7 +207,7 @@ derived shared-secret value generated in the encapsulation process.
Encapsulation is supported with a number of public key algorithms, currently:
L<ML-KEM|EVP_PKEY-ML-KEM(7)>,
L<X25519|EVP_KEM-X25519(7)>,
-L<X449|EVP_KEM-X448(7)>,
+L<X448|EVP_KEM-X448(7)>,
and
L<EC|EVP_KEM-EC(7)>.
The ECX and EC algorithms use the
@@ -693,7 +693,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod
index 81a11c37f4c4..3edbe05b186f 100644
--- a/doc/man1/openssl-verification-options.pod
+++ b/doc/man1/openssl-verification-options.pod
@@ -142,6 +142,12 @@ equals the public key algorithm of the candidate issuer certificate.
The lookup first searches for issuer certificates in the trust store.
If it does not find a match there it consults
the list of untrusted ("intermediate" CA) certificates, if provided.
+If one issuer certificate was found in the trust store, the list of
+untrusted certificates will not be consulted anymore to find further
+issuer certificates. Therefore, either only the root certificate or an
+uninterrupted chain to the root certificate must be provided in the trust
+store for a successful verification, if B<X509_V_FLAG_PARTIAL_CHAIN>
+is not enabled.
=head2 Certification Path Validation
@@ -732,7 +738,7 @@ The checks enabled by B<-x509_strict> have been extended in OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in
index 7e51af6eac15..309d232c8c13 100644
--- a/doc/man1/openssl-verify.pod.in
+++ b/doc/man1/openssl-verify.pod.in
@@ -104,6 +104,11 @@ input.
=back
+Note that the first parameter that does not begin with a B<-> ends the list
+of options and starts the list of certificates. If you place any options
+after a certificate filename, they will be interpreted not as options
+but as certificates.
+
=head1 DIAGNOSTICS
When a verify operation fails the output messages can be somewhat cryptic. The
@@ -140,7 +145,7 @@ The B<-engine option> was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/ADMISSIONS.pod b/doc/man3/ADMISSIONS.pod
index f86aac922aa0..b6335cb73550 100644
--- a/doc/man3/ADMISSIONS.pod
+++ b/doc/man3/ADMISSIONS.pod
@@ -98,7 +98,7 @@ PROFESSION_INFO_set0_registrationNumber
The B<PROFESSION_INFOS>, B<ADMISSION_SYNTAX>, B<ADMISSIONS>, and
B<PROFESSION_INFO> types are opaque structures representing the
analogous types defined in the Common PKI Specification published
-by L<https://www.t7ev.org>.
+by L<T7 & TELETRUST|https://www.bundesnetzagentur.de/EVD/DE/SharedDocuments/Downloads/Anbieter_Infothek/Common_PKI_v2.0_02.pdf?__blob=publicationFile&v=1>.
Knowledge of those structures and their semantics is assumed.
The conventional routines to convert between DER and the local format
@@ -169,7 +169,7 @@ L<d2i_X509(3)>,
=head1 COPYRIGHT
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/BIO_get_data.pod b/doc/man3/BIO_get_data.pod
index aeb6b1c7e9ba..b2debd2bc504 100644
--- a/doc/man3/BIO_get_data.pod
+++ b/doc/man3/BIO_get_data.pod
@@ -18,7 +18,7 @@ BIO_get_shutdown - functions for managing BIO state information
=head1 DESCRIPTION
-These functions are mainly useful when implementing a custom BIO.
+These functions can be used when implementing a custom BIO.
The BIO_set_data() function associates the custom data pointed to by B<ptr> with
the BIO. This data can subsequently be retrieved via a call to BIO_get_data().
@@ -36,6 +36,13 @@ The BIO_set_shutdown() and BIO_get_shutdown() functions set and get the state of
this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource
is also closed when the BIO is freed.
+=head1 WARNINGS
+
+Do not use BIO_set_data(), BIO_get_data(), BIO_set_init(), BIO_get_init(), outside
+the implementation of a custom BIO.
+Calling BIO_set_data() on an existing BIO implementation with data that it does
+not expect will lead to unexpected results.
+
=head1 RETURN VALUES
BIO_get_data() returns a pointer to the implementation specific custom data
@@ -55,7 +62,7 @@ The functions described here were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/BIO_push.pod b/doc/man3/BIO_push.pod
index 84ce3f042d1e..739c2f1b855d 100644
--- a/doc/man3/BIO_push.pod
+++ b/doc/man3/BIO_push.pod
@@ -20,7 +20,7 @@ Otherwise it prepends I<b>, which may be a single BIO or a chain of BIOs,
to I<next> (unless I<next> is NULL).
It then makes a control call on I<b> and returns I<b>.
-BIO_pop() removes the BIO I<b> from any chain is is part of.
+BIO_pop() removes the BIO I<b> from any chain it is part of.
If I<b> is NULL the function does nothing and returns NULL.
Otherwise it makes a control call on I<b> and
returns the next BIO in the chain, or NULL if there is no next BIO.
@@ -88,7 +88,7 @@ The BIO_set_next() function was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/BIO_read.pod b/doc/man3/BIO_read.pod
index f337aab353bb..e2feb443f598 100644
--- a/doc/man3/BIO_read.pod
+++ b/doc/man3/BIO_read.pod
@@ -52,7 +52,9 @@ For implementing this, unfortunately the data needs to be read byte-by-byte.
BIO_write() attempts to write I<len> bytes from I<buf> to BIO I<b>.
-BIO_puts() attempts to write a NUL-terminated string I<buf> to BIO I<b>.
+BIO_puts() attempts to write a NUL-terminated string I<buf> to BIO I<b>,
+without the terminating NUL byte and without appending '\n'
+(so, similar to fputs(3), and not puts(3)).
=head1 RETURN VALUES
@@ -119,7 +121,7 @@ I<written> parameter of the function can be NULL since OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index f6b29d9daa9b..2af4ebec91f9 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -1453,6 +1453,9 @@ for failure.
EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names.
A return value of 0 means that the callback was not called for any names.
+EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() and
+EVP_CIPHER_CTX_set_params() return 1 for success and 0 for failure.
+
=head1 CIPHER LISTING
All algorithms have a fixed key length unless otherwise stated.
@@ -1477,7 +1480,12 @@ depending on the mode specified.
To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(),
EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output
parameter I<out> set to NULL. In this case, on success, the parameter
-I<outl> is set to the number of bytes authenticated.
+I<outl> is set to the number of AAD bytes processed in that call
+(that is, the value of I<inl>), and does not include any plaintext
+or ciphertext bytes processed by other calls.
+
+If no AAD is used, this call can be omitted. See the mode-specific notes
+below for any exceptions.
When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal()
indicates whether the operation was successful. If it does not indicate success,
diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod
index bdbf596ec3a5..38f8509f9b17 100644
--- a/doc/man3/OPENSSL_malloc.pod
+++ b/doc/man3/OPENSSL_malloc.pod
@@ -117,8 +117,8 @@ the returned pointer.
OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used
when the buffer at B<addr> holds sensitive information.
The old buffer is filled with zero's by calling OPENSSL_cleanse()
-before ultimately calling OPENSSL_free(). If the argument to OPENSSL_free() is
-NULL, nothing is done.
+before ultimately calling OPENSSL_free(). If the argument to
+OPENSSL_clear_free() is NULL, nothing is done.
OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
It is useful in cases when it is needed to ensure that memory (that contains
@@ -258,7 +258,7 @@ added in OpenSSL 3.4.
=head1 COPYRIGHT
-Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod
index a966d9b17c9c..86239ee57205 100644
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@@ -356,6 +356,12 @@ Taking it over as a trust anchor implements trust-on-first-use (TOFU).
Do not cache certificates received in the extraCerts CMP message field.
Otherwise they are stored to potentially help validate further messages.
+In any case, after successfully validating an incoming message, its protection
+certificate (if any) is cached for reuse with validation of subsequent messages.
+This is done not only for efficiency but also
+to eliminate the need for the sender to include its certificate and related chain
+in the extraCerts field of subsequent messages of the same transaction.
+
=back
OSSL_CMP_CTX_get_option() reads the current value of the given option
@@ -877,14 +883,15 @@ OSSL_CMP_CTX_set1_serialNumber(),
OSSL_CMP_CTX_get0_libctx(), OSSL_CMP_CTX_get0_propq(), and
OSSL_CMP_CTX_get0_validatedSrvCert() were added in OpenSSL 3.2.
-OSSL_CMP_CTX_get0_geninfo_ITAVs() was added in OpenSSL 3.3.
+OSSL_CMP_CTX_get0_geninfo_ITAVs() and
+the B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS> option were added in OpenSSL 3.3.
Support for central key generation, requested via B<OSSL_CRMF_POPO_NONE>,
was added in OpenSSL 3.5.
=head1 COPYRIGHT
-Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/OSSL_HPKE_CTX_new.pod b/doc/man3/OSSL_HPKE_CTX_new.pod
index 89a6fcafe133..a7fd32122f32 100644
--- a/doc/man3/OSSL_HPKE_CTX_new.pod
+++ b/doc/man3/OSSL_HPKE_CTX_new.pod
@@ -451,12 +451,12 @@ OSSL_HPKE_get_ciphertext_size() and OSSL_HPKE_get_public_encap_size().
OSSL_HPKE_str2suite() maps input I<str> strings to an B<OSSL_HPKE_SUITE> object.
The input I<str> should be a comma-separated string with a KEM,
-KDF and AEAD name in that order, for example "x25519,hkdf-sha256,aes128gcm".
+KDF and AEAD name in that order, for example "x25519,hkdf-sha256,aes-128-gcm".
This can be used by command line tools that accept string form names for HPKE
codepoints. Valid (case-insensitive) names are:
"p-256", "p-384", "p-521", "x25519" and "x448" for KEM,
"hkdf-sha256", "hkdf-sha384" and "hkdf-sha512" for KDF, and
-"aes-gcm-128", "aes-gcm-256", "chacha20-poly1305" and "exporter" for AEAD.
+"aes-128-gcm", "aes-256-gcm", "chacha20-poly1305" and "exporter" for AEAD.
String variants of the numbers listed in L</OSSL_HPKE_SUITE Identifiers>
can also be used.
@@ -566,7 +566,7 @@ This functionality described here was added in OpenSSL 3.2.
=head1 COPYRIGHT
-Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/PKCS5_PBE_keyivgen.pod b/doc/man3/PKCS5_PBE_keyivgen.pod
index f697628db13b..2b925a09e17a 100644
--- a/doc/man3/PKCS5_PBE_keyivgen.pod
+++ b/doc/man3/PKCS5_PBE_keyivgen.pod
@@ -110,6 +110,13 @@ I<iter> less than 1 is treated as a single iteration.
I<digest> is the message digest function used in the derivation.
+I<aiv> is the initialization vector (IV) to use for the encryption algorithm.
+If I<aiv> is NULL, then a random IV will be generated.
+
+I<prf_nid> is the numeric identifier (NID) for the pseudo-random function to
+use with PBKDF2. If I<prf_nid> is not specified (for example, I<prf_nid> is set to 0),
+a default PRF is used, which is currently set to SHA-256 (NID_hmacWithSHA256).
+
Functions ending in _ex() take optional parameters I<libctx> and I<propq> which
are used to select appropriate algorithm implementations.
@@ -118,7 +125,9 @@ are used to select appropriate algorithm implementations.
PKCS5_pbe_set(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set(), PKCS5_pbe2_set_iv(),
PKCS5_pbe2_set_iv_ex() and PKCS5_pbe2_set_scrypt() generate an B<X509_ALGOR>
object which represents an AlgorithmIdentifier containing the algorithm OID and
-associated parameters for the PBE algorithm.
+associated parameters for the PBE algorithm. These functions encode the
+key derivation parameters (such as salt and iteration count) and the
+encryption parameters (such as the IV) into the ASN.1 structure.
PKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() generate an B<X509_ALGOR>
object which represents an AlgorithmIdentifier containing the algorithm OID and
@@ -177,7 +186,7 @@ This is required for PBKDF2 FIPS compliance.
=head1 COPYRIGHT
-Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod
index 21cfeed27b46..490932dc854b 100644
--- a/doc/man3/RSA_set_method.pod
+++ b/doc/man3/RSA_set_method.pod
@@ -148,13 +148,7 @@ and RSA_get_method() return pointers to the respective RSA_METHODs.
RSA_set_default_method() returns no value.
-RSA_set_method() returns a pointer to the old RSA_METHOD implementation
-that was replaced. However, this return value should probably be ignored
-because if it was supplied by an ENGINE, the pointer could be invalidated
-at any time if the ENGINE is unloaded (in fact it could be unloaded as a
-result of the RSA_set_method() function releasing its handle to the
-ENGINE). For this reason, the return type may be replaced with a B<void>
-declaration in a future release.
+RSA_set_method() returns 1 for success. It always succeeds.
RSA_new_method() returns NULL and sets an error code that can be obtained
by L<ERR_get_error(3)> if the allocation fails. Otherwise
@@ -185,7 +179,7 @@ was replaced to always return NULL in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 3e2de6e66be7..e78a2231dae3 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -176,16 +176,14 @@ respectively:
$ openssl list -tls1_2 -tls-groups
$ openssl list -tls1_3 -tls-groups
-The recommended groups (in order of decreasing performance) for TLS 1.3 are presently:
+The recommended groups for TLS 1.3 are presently documented in the default
+TLS group list in the OpenSSL code base. Starting with OpenSSL 3.5, the
+hybrid algorithm B<X25519MLKEM768> is first in this default list.
+It mitigates against threats from future quantum computers while
+still providing state-of-the-art classical key exchange protection.
-B<x25519>,
-B<secp256r1>,
-B<x448>,
-and
-B<secp384r1>.
-
-The stronger security margins of the last two, come at a significant
-performance penalty.
+Further details regarding post-quantum algorithm considerations are documented
+in the HISTORY section below.
An enriched alternative syntax, that enables clients to send multiple keyshares
and allows servers to prioritise some groups over others, is described in
@@ -884,7 +882,7 @@ As of OpenSSL 3.5 key exchange group names are case-insensitive.
=head1 COPYRIGHT
-Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod
index 017eefd3176a..6fedad01b4d0 100755
--- a/doc/man3/SSL_CTX_set1_curves.pod
+++ b/doc/man3/SSL_CTX_set1_curves.pod
@@ -40,13 +40,13 @@ SSL_get1_curves, SSL_get_shared_curve, SSL_CTX_get0_implemented_groups
For all of the functions below that set the supported groups there must be at
least one group in the list. A number of these functions identify groups via a
-unique integer NID value. However, support for some groups may be added by
-external providers. In this case there will be no NID assigned for the group.
+unique integer B<NID> value. However, support for some groups may be added by
+external providers. In this case there will be no B<NID> assigned for the group.
When setting such groups applications should use the "list" form of these
functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list()).
SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen>
-groups in the array B<glist>. The array consist of all NIDs of supported groups.
+groups in the array B<glist>. The array consist of all B<NIDs> of supported groups.
The supported groups for B<TLSv1.3> include:
B<NID_X9_62_prime256v1>,
B<NID_secp384r1>,
@@ -73,20 +73,27 @@ B<SSL_OP_CIPHER_SERVER_PREFERENCE> is set, the order of the elements in the
array determines the selected group. Otherwise, the order is ignored and the
client's order determines the selection.
-For a TLS 1.3 server, the groups determine the selected group, but
-selection is more complex. A TLS 1.3 client sends both a group list as well as a
-predicted subset of groups. Choosing a group outside the predicted subset incurs
-an extra roundtrip. However, in some situations, the most preferred group may
-not be predicted. OpenSSL considers all supported groups in I<clist> to be comparable
-in security and prioritizes avoiding roundtrips above either client or server
-preference order. If an application uses an external provider to extend OpenSSL
-with, e.g., a post-quantum algorithm, this behavior may allow a network attacker
-to downgrade connections to a weaker algorithm. It is therefore recommended
-to use SSL_CTX_set1_groups_list() with the ability to specify group tuples.
+For a TLS 1.3 server, the groups determine the selected group, but selection is
+more complex.
+A TLS 1.3 client sends both a group list and predicted keyshares for a subset
+of groups.
+A server choosing a group outside the client's predicted subset incurs an extra
+roundtrip.
+However, in some situations, the most preferred group may not be predicted.
+
+When groups are specified via SSL_CTX_set1_groups() as a list of B<NID>
+values, OpenSSL considers all supported groups in I<clist> to be comparable in
+security and prioritises avoiding roundtrips above either client or server
+preference order.
+If an application uses an external provider to extend OpenSSL with, e.g., a
+post-quantum algorithm, this behavior may allow a network attacker to downgrade
+connections to a weaker algorithm.
+It is therefore recommended to use SSL_CTX_set1_groups_list() instead, making
+it possible to specify group tuples as described below.
SSL_CTX_set1_groups_list() sets the supported groups for B<ctx> to
string I<list>. In contrast to SSL_CTX_set1_groups(), the names of the
-groups, rather than their NIDs, are used.
+groups, rather than their B<NIDs>, are used.
The commands below list the available groups for TLS 1.2 and TLS 1.3,
respectively:
@@ -102,30 +109,72 @@ The preferred group names are those defined by
L<IANA|https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>.
The I<list> can be used to define several group tuples of comparable security
-levels, and can specify which key shares should be sent by a client.
-The specified list elements can optionally be ignored, if not implemented
+levels, and can specify which predicted key shares should be sent by a client.
+Group tuples are used by OpenSSL TLS servers to decide whether to request a
+stronger keyshare than those predicted by sending a Hello Retry Request
+(B<HRR>) even if some of the predicted groups are supported.
+OpenSSL clients ignore tuple boundaries, and pay attenion only to the overall
+order of I<list> elements and which groups are selected as predicted keyshares
+as described below.
+
+The specified list elements can optionally be ignored if not implemented
(listing unknown groups otherwise results in error).
-It is also possible to specify the built-in default set of groups, and to explicitly
-remove a group from that list.
+It is also possible to specify the built-in default set of groups, and to
+explicitly remove a group from that list.
+
+In its simplest legacy form, the string I<list> is just a colon separated list
+of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048".
+The first group listed will in this case be used as the sole predicted
+B<key_share> sent by a client in a TLSv1.3 B<ClientHello>.
+The list should be in order of preference with the most preferred group first.
+
+A more expressive syntax supports definition of group tuples of comparable
+security by separating them from each other with C</> characters.
+
+The predicted keyshares to be sent by clients can be explicitly specified by
+adding a C<*> prefix to the associated group name.
+These C<*> prefixes are ignored by servers.
+
+If a group name is prefixed with the C<?> character, it will be ignored if an
+implementation is missing.
+Otherwise, listing an unknown group name will cause a failure to parse the
+I<list>.
+Note that whether a group is known or not may depend on the OpenSSL version,
+how OpenSSL was compiled and/or which providers are loaded.
+Make sure you have the correct spelling of the group name and when in doubt
+prefix it with a C<?> to handle configurations in which it might nevertheless
+be unknown.
+
+If a group name is prefixed with the C<-> character, it will be removed from
+the list of groups specified up to that point.
+It can be added again if specified later.
+Removal of groups that have not been included earlier in the list is silently
+ignored.
-In its simplest form, the string I<list> is just a colon separated list
-of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". The first
-group listed will also be used for the B<key_share> sent by a client in a
-TLSv1.3 B<ClientHello>. For servers note the discussion above. The list should
-be in order of preference with the most preferred group first.
+The pseudo group name C<DEFAULT> can be used to select the OpenSSL built-in
+default list of groups.
+Prepending one or more groups to C<DEFAULT> using only C<:> separators prepends those
+groups to the built-in default list's first tuple.
+Additional tuples can be prepended by use of the C</> separator.
+Appending a set of groups to C<DEFAULT> using only C<:> separators appends those
+groups to the built-in default list's last tuple.
+Additional tuples can be appended by use of the C</> separator.
-Group tuples of comparable security are defined by separating them from each
-other by a tuple separator C</>. Keyshares to be sent by a client are specified
-by prepending a C<*> to the group name, while any C<*> will be ignored by a
-server. The following string I<list> for example defines three tuples when
-used on the server-side, and triggers the generation of three key shares
-when used on the client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048.
+The B<DEFAULT> list selects B<X25519MLKEM768> as one of the predicted keyshares.
+In rare cases this can lead to failures or timeouts because the resulting
+larger TLS Client Hello message may no longer fit in a single TCP segment and
+firewall software may erroneously disrupt the TLS handshake.
+If this is an issue or concern, prepending C<?X25519MLKEM768:> without a C<*>
+prefix leads to its occurrence in the default list to be ignored as a duplicate,
+and along with that also the keyshare prediction.
+The group will then only be selected by servers that specifically expect it,
+after a Hello Retry Request (HRR).
+Servers that specifically prefer B<X25519MLKEM768>, are much less likely to be
+found behind problematic firewalls.
-If a group name is preceded with the C<?> character, it will be ignored if an
-implementation is missing. If a group name is preceded with the C<-> character, it
-will be removed from the list of groups if present (including not sending a
-key share for this group), ignored otherwise. The pseudo group name
-C<DEFAULT> can be used to select the OpenSSL built-in default list of groups.
+The following string I<list> for example defines three tuples when used on the
+server-side, and triggers the generation of three key shares when used on the
+client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048.
For a TLS 1.3 client, all the groups in the string I<list> are added to the
supported groups extension of a C<ClientHello>, in the order in which they are listed,
@@ -351,7 +400,7 @@ supported groups as comparable in security.
=head1 COPYRIGHT
-Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod
index dd302983fdde..146e3d03a51a 100644
--- a/doc/man3/SSL_CTX_set_psk_client_callback.pod
+++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod
@@ -93,6 +93,14 @@ be used as the basis for a PSK.
Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it
should not be freed by the application.
+Note that as described above, the callback may be called a second time during a
+handshake. Since ownership of the SSL_SESSION is transferred to OpenSSL on each
+call, if the callback wishes to return the same SSL_SESSION pointer on a
+subsequent invocation, it must first call L<SSL_SESSION_up_ref(3)> to increment
+the reference count. Failure to do so will result in a use-after-free error.
+Alternatively, the callback may return a different SSL_SESSION object on each
+call (e.g., by calling L<SSL_SESSION_dup(3)>).
+
It is also possible for the callback to succeed but not supply a PSK. In this
case no PSK will be sent to the server but the handshake will continue. To do
this the callback should return successfully and ensure that B<*sess> is
@@ -169,7 +177,7 @@ were added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/SSL_get_ciphers.pod b/doc/man3/SSL_get_ciphers.pod
index add0fc4cd045..8f32cc008e4b 100644
--- a/doc/man3/SSL_get_ciphers.pod
+++ b/doc/man3/SSL_get_ciphers.pod
@@ -75,6 +75,8 @@ description of SSL_get1_supported_ciphers() above). This function will return
available shared ciphersuites whether or not they are enabled. This is a server
side function only and must only be called after the completion of the initial
handshake.
+The function sets an empty string when B<ssl> fails the handshake due to the
+absence of shared ciphers.
=head1 NOTES
@@ -107,7 +109,7 @@ L<SSL_CIPHER_get_name(3)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man3/X509V3_EXT_print.pod b/doc/man3/X509V3_EXT_print.pod
new file mode 100644
index 000000000000..0727d35f88e5
--- /dev/null
+++ b/doc/man3/X509V3_EXT_print.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+X509V3_EXT_print, X509V3_EXT_print_fp - pretty print X509 certificate extensions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509v3.h>
+
+ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
+ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+=head1 DESCRIPTION
+
+X509V3_EXT_print() and X509V3_EXT_print_fp() parse and print the extension
+info from I<ext> to I<bio> or I<out> with indentation set via I<indent>.
+I<flag> determines the behaviour if an extension could not be parsed and can be
+one of:
+B<X509V3_EXT_DEFAULT> (equivalent to 0): an unknown or unparsable extension
+stops the parsing and the function returns a failure.
+B<X509V3_EXT_PARSE_UNKNOWN>: an unknown or unparsable extension is handled by
+printing it through the B<ASN1_parse_dump()> function, and the function returns
+success.
+B<X509V3_EXT_DUMP_UNKNOWN>: an unknown or unparsable extension is handled by
+printing it through the B<BIO_dump_indent()> function, and the function returns
+success,
+B<X509V3_EXT_ERROR_UNKNOWN>: an unknown or unparsable extension is handled by
+printing either "<Not Supported>" or "<Parse Error>", and the function returns
+success.
+
+=head1 RETURN VALUES
+
+X509V3_EXT_print() and X509V3_EXT_print_fp() return 1 for success and 0 for
+failure.
+
+=head1 SEE ALSO
+
+L<BIO_dump_indent(3)>,
+L<ASN1_parse_dump(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2026 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/X509_NAME_print_ex.pod b/doc/man3/X509_NAME_print_ex.pod
index e43bb191f523..f86849d26e2e 100644
--- a/doc/man3/X509_NAME_print_ex.pod
+++ b/doc/man3/X509_NAME_print_ex.pod
@@ -32,9 +32,8 @@ I<size> is ignored.
Otherwise, at most I<size> bytes will be written, including the ending '\0',
and I<buf> is returned.
-X509_NAME_print() prints out I<name> to I<bp> indenting each line by I<obase>
-characters. Multiple lines are used if the output (including indent) exceeds
-80 characters.
+X509_NAME_print() prints out I<name> to I<bp> on a single line.
+The I<obase> parameter is ignored and retained only for API compatibility.
=head1 NOTES
@@ -122,7 +121,7 @@ L<ASN1_STRING_print_ex(3)>
=head1 COPYRIGHT
-Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/EVP_SIGNATURE-DSA.pod b/doc/man7/EVP_SIGNATURE-DSA.pod
index 2c0f0073a4fa..d50e44f161ff 100644
--- a/doc/man7/EVP_SIGNATURE-DSA.pod
+++ b/doc/man7/EVP_SIGNATURE-DSA.pod
@@ -3,7 +3,7 @@
=head1 NAME
EVP_SIGNATURE-DSA
-- The B<EVP_PKEY> DSA signature implementation
+- The EVP_PKEY B<DSA> signature implementation
=head1 DESCRIPTION
@@ -116,7 +116,7 @@ OpenSSL 3.4. See L<fips_module(7)/FIPS indicators> for more information.
=head1 COPYRIGHT
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/EVP_SIGNATURE-ECDSA.pod b/doc/man7/EVP_SIGNATURE-ECDSA.pod
index bc75ed140814..aa1d1a8f0de9 100644
--- a/doc/man7/EVP_SIGNATURE-ECDSA.pod
+++ b/doc/man7/EVP_SIGNATURE-ECDSA.pod
@@ -2,7 +2,7 @@
=head1 NAME
-EVP_SIGNATURE-ECDSA - The EVP_PKEY ECDSA signature implementation.
+EVP_SIGNATURE-ECDSA - The EVP_PKEY B<ECDSA> signature implementation
=head1 DESCRIPTION
@@ -104,7 +104,7 @@ L<provider-signature(7)>,
=head1 COPYRIGHT
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/EVP_SIGNATURE-ED25519.pod b/doc/man7/EVP_SIGNATURE-ED25519.pod
index 559968664e1a..745955e5925e 100644
--- a/doc/man7/EVP_SIGNATURE-ED25519.pod
+++ b/doc/man7/EVP_SIGNATURE-ED25519.pod
@@ -6,7 +6,7 @@ EVP_SIGNATURE-ED25519,
EVP_SIGNATURE-ED448,
Ed25519,
Ed448
-- EVP_PKEY Ed25519 and Ed448 support
+- The EVP_PKEY B<Ed25519> and B<Ed448> signature implementations
=head1 DESCRIPTION
@@ -175,7 +175,7 @@ L<EVP_DigestVerifyInit(3)>,
=head1 COPYRIGHT
-Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/EVP_SIGNATURE-HMAC.pod b/doc/man7/EVP_SIGNATURE-HMAC.pod
index 6628d9ebc2bc..50578aa94c29 100644
--- a/doc/man7/EVP_SIGNATURE-HMAC.pod
+++ b/doc/man7/EVP_SIGNATURE-HMAC.pod
@@ -4,7 +4,7 @@
EVP_SIGNATURE-HMAC, EVP_SIGNATURE-Siphash, EVP_SIGNATURE-Poly1305,
EVP_SIGNATURE-CMAC
-- The legacy B<EVP_PKEY> MAC signature implementations
+- The legacy EVP_PKEY B<MAC> signature implementations
=head1 DESCRIPTION
@@ -39,7 +39,7 @@ L<provider-signature(7)>,
=head1 COPYRIGHT
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/EVP_SIGNATURE-ML-DSA.pod b/doc/man7/EVP_SIGNATURE-ML-DSA.pod
index c9ccf1aafb8e..fc2318364f89 100644
--- a/doc/man7/EVP_SIGNATURE-ML-DSA.pod
+++ b/doc/man7/EVP_SIGNATURE-ML-DSA.pod
@@ -3,8 +3,8 @@
=head1 NAME
EVP_SIGNATURE-ML-DSA,
-EVP_SIGNATURE-ML-DSA-44, EVP_SIGNATURE-ML-DSA-65, EVP_SIGNATURE-ML-DSA-87,
-- EVP_SIGNATURE ML-DSA support
+EVP_SIGNATURE-ML-DSA-44, EVP_SIGNATURE-ML-DSA-65, EVP_SIGNATURE-ML-DSA-87
+- The EVP_PKEY B<ML-DSA> signature implementations
=head1 DESCRIPTION
@@ -131,7 +131,7 @@ This functionality was added in OpenSSL 3.5.
=head1 COPYRIGHT
-Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod
index 5dc27ac2838e..7ec9eda5c1a5 100644
--- a/doc/man7/EVP_SIGNATURE-RSA.pod
+++ b/doc/man7/EVP_SIGNATURE-RSA.pod
@@ -3,7 +3,7 @@
=head1 NAME
EVP_SIGNATURE-RSA
-- The EVP_PKEY RSA signature implementation
+- The EVP_PKEY B<RSA> signature implementation
=head1 DESCRIPTION
@@ -192,7 +192,7 @@ L<provider-signature(7)>,
=head1 COPYRIGHT
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/EVP_SIGNATURE-SLH-DSA.pod b/doc/man7/EVP_SIGNATURE-SLH-DSA.pod
index c1699793ce3b..ef5dcd56222a 100644
--- a/doc/man7/EVP_SIGNATURE-SLH-DSA.pod
+++ b/doc/man7/EVP_SIGNATURE-SLH-DSA.pod
@@ -9,7 +9,7 @@ EVP_SIGNATURE-SLH-DSA-SHA2-256s, EVP_SIGNATURE-SLH-DSA-SHA2-256f,
EVP_SIGNATURE-SLH-DSA-SHAKE-128s, EVP_SIGNATURE-SLH-DSA-SHAKE-128f,
EVP_SIGNATURE-SLH-DSA-SHAKE-192s, EVP_SIGNATURE-SLH-DSA-SHAKE-192f,
EVP_SIGNATURE-SLH-DSA-SHAKE-256s, EVP_SIGNATURE-SLH-DSA-SHAKE-256f
-- EVP_PKEY SLH-DSA support
+- The EVP_PKEY B<SLH-DSA> signature implementations
=head1 DESCRIPTION
@@ -126,7 +126,7 @@ This functionality was added in OpenSSL 3.5.
=head1 COPYRIGHT
-Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod
index 218eb93632ca..73a2e933fa76 100644
--- a/doc/man7/openssl-env.pod
+++ b/doc/man7/openssl-env.pod
@@ -64,6 +64,13 @@ This output usually makes sense only if you know OpenSSL internals well.
The value of this environment variable is a comma-separated list of names,
with the following available:
+=item B<OPENSSL_RUNNING_UNIT_TESTS>
+
+This environment variable is used to flag the fact that unit tests are being run
+(i.e. `make test`). It is used to detect when the OpenSSL should behave in a special
+manner during unit tests (i.e. when unit tests are being run on fuzzing builds). It should
+generally not be set by users.
+
=over 4
=item B<TRACE>
@@ -205,7 +212,7 @@ Use of this feature should be restricted to test and debug environments only.
=head1 COPYRIGHT
-Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/ossl-guide-tls-introduction.pod b/doc/man7/ossl-guide-tls-introduction.pod
index 5789524324d1..adda37592378 100644
--- a/doc/man7/ossl-guide-tls-introduction.pod
+++ b/doc/man7/ossl-guide-tls-introduction.pod
@@ -165,7 +165,7 @@ directly in B<OPENSSLDIR>. For example if B<OPENSSLDIR> is "/usr/local/ssl",
then save it as "/usr/local/ssl/cert.pem".
You can also use environment variables to override the default location that
-OpenSSL will look for its trusted certificate store. Set the B<SSL_CERT_PATH>
+OpenSSL will look for its trusted certificate store. Set the B<SSL_CERT_DIR>
environment variable to give the directory where OpenSSL should looks for its
certificates or the B<SSL_CERT_FILE> environment variable to give the name of
a single file containing all of the certificates. See L<openssl-env(7)> for
@@ -311,7 +311,7 @@ L<ossl-guide-tls-server-block(7)>, L<ossl-guide-quic-introduction(7)>
=head1 COPYRIGHT
-Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/property.pod b/doc/man7/property.pod
index eb0f6b176ccb..7adf282ebfbe 100644
--- a/doc/man7/property.pod
+++ b/doc/man7/property.pod
@@ -142,6 +142,38 @@ Note that the local property query could not use "fips=no" because that would
disallow any implementations with "fips=yes" rather than not caring about the
setting.
+=head1 PREDEFINED NAMES
+
+=for comment This list should correspond to the array 'predefined_names' in crypto/property/property_parse.c
+
+Currently known predefined names are:
+
+=over 4
+
+=item C<provider>
+
+The conventional property value is the provider's name. This may be different from the name returned by L<OSSL_PROVIDER_get0_name(3)>.
+
+It is a convention among OpenSSL provider implementations to define a property with this name. It is not mandatory to do this.
+
+=item C<version>
+
+The conventional property value is the provider's version.
+
+OpenSSL provider implementations do not define a property with this name.
+
+=item C<fips>
+
+The conventional property value is boolean (C<"yes"> or C<"no">), indication whether the implementation conforms to FIPS standards or not.
+
+It is a convention among OpenSSL provider implementations to define a property with this name where applicable. It is not mandatory to do this, but is strongly recommended.
+
+=item C<output>, C<input>, C<structure>
+
+Properties with these names are used by encoders (see L<provider-encoder(7)>) and decoders (see L<provider-decoder(7)>).
+
+=back
+
=head1 SYNTAX
The lexical syntax in EBNF is given by:
@@ -167,7 +199,7 @@ Properties were added in OpenSSL 3.0
=head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 511195770581..7f5e8447bf18 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -141,7 +141,8 @@ For example, the "function" core_gettable_params() has these:
static ossl_inline OSSL_NAME_core_gettable_params_fn
OSSL_FUNC_core_gettable_params(const OSSL_DISPATCH *opf);
-L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as
+L<OSSL_DISPATCH(3)> array entries contain a I<function_id> field that
+identifies the function. The I<function_id> numbers are provided as
macros in L<openssl-core_dispatch.h(7)>, as follows:
For I<in> (the L<OSSL_DISPATCH(3)> array passed from F<libcrypto> to the
@@ -1016,7 +1017,7 @@ were added in OpenSSL 3.5.
=head1 COPYRIGHT
-Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/exporters/cmake/OpenSSLConfig.cmake.in b/exporters/cmake/OpenSSLConfig.cmake.in
index c023e78eafb9..125b94704a2b 100644
--- a/exporters/cmake/OpenSSLConfig.cmake.in
+++ b/exporters/cmake/OpenSSLConfig.cmake.in
@@ -1,4 +1,5 @@
# Generated by OpenSSL
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
{-
use lib catdir($config{sourcedir}, 'Configurations');
use platform;
diff --git a/exporters/cmake/OpenSSLConfigVersion.cmake.in b/exporters/cmake/OpenSSLConfigVersion.cmake.in
index b1290a9eec76..15bae5697220 100644
--- a/exporters/cmake/OpenSSLConfigVersion.cmake.in
+++ b/exporters/cmake/OpenSSLConfigVersion.cmake.in
@@ -1,4 +1,5 @@
# Generated by OpenSSL
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
set(PACKAGE_VERSION {- $config{version} -})
diff --git a/exporters/pkg-config/libcrypto.pc.in b/exporters/pkg-config/libcrypto.pc.in
index 3d56e9741831..eb6adffa911f 100644
--- a/exporters/pkg-config/libcrypto.pc.in
+++ b/exporters/pkg-config/libcrypto.pc.in
@@ -1,3 +1,4 @@
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
prefix={- $OpenSSL::safe::installdata::PREFIX[0] -}
exec_prefix=${prefix}
libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) {
diff --git a/exporters/pkg-config/libssl.pc.in b/exporters/pkg-config/libssl.pc.in
index 162db65c99a2..53228dde4a08 100644
--- a/exporters/pkg-config/libssl.pc.in
+++ b/exporters/pkg-config/libssl.pc.in
@@ -1,3 +1,4 @@
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
prefix={- $OpenSSL::safe::installdata::PREFIX[0] -}
exec_prefix=${prefix}
libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) {
diff --git a/exporters/pkg-config/openssl.pc.in b/exporters/pkg-config/openssl.pc.in
index 73eb8e73c2d2..fd3bc9ac86c4 100644
--- a/exporters/pkg-config/openssl.pc.in
+++ b/exporters/pkg-config/openssl.pc.in
@@ -1,3 +1,4 @@
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
prefix={- $OpenSSL::safe::installdata::PREFIX[0] -}
exec_prefix=${prefix}
libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) {
diff --git a/external/perl/Text-Template-1.56/lib/Text/Template.pm b/external/perl/Text-Template-1.56/lib/Text/Template.pm
index be38c73ce457..dec5b61419d1 100644
--- a/external/perl/Text-Template-1.56/lib/Text/Template.pm
+++ b/external/perl/Text-Template-1.56/lib/Text/Template.pm
@@ -2337,8 +2337,8 @@ There are not quite enough tests in the test suite.
=head1 SOURCE
-The development version is on github at L<https://https://github.com/mschout/perl-text-template>
-and may be cloned from L<git://https://github.com/mschout/perl-text-template.git>
+The development version is on github at L<https://github.com/mschout/perl-text-template>
+and may be cloned from L<https://github.com/mschout/perl-text-template.git>
=head1 BUGS
diff --git a/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm b/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm
index 4fea67b38313..b4f7d53ebaad 100644
--- a/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm
+++ b/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm
@@ -122,8 +122,8 @@ L<Text::Template>
=head1 SOURCE
-The development version is on github at L<https://https://github.com/mschout/perl-text-template>
-and may be cloned from L<git://https://github.com/mschout/perl-text-template.git>
+The development version is on github at L<https://github.com/mschout/perl-text-template>
+and may be cloned from L<https://github.com/mschout/perl-text-template.git>
=head1 BUGS
diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
index a6765d20d856..28beba8efb98 100644
--- a/include/crypto/aes_platform.h
+++ b/include/crypto/aes_platform.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -77,7 +77,9 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
#define HWAES_xts_decrypt aes_p8_xts_decrypt
#endif /* OPENSSL_SYS_MACOSX */
#if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX)
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
#define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300)
+#endif
#define AES_GCM_ENC_BYTES 128
#define AES_GCM_DEC_BYTES 128
size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index 456a64c943b1..443bfe8141a3 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -488,17 +488,17 @@ struct evp_cipher_st {
BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-#define BLOCK_CIPHER_defs(cname, kstruct, \
- nid, block_size, key_len, iv_len, cbits, flags, \
- init_key, cleanup, set_asn1, get_asn1, ctrl) \
- BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
- init_key, cleanup, set_asn1, get_asn1, ctrl) \
- BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
- flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
- BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
- flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
- BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
- init_key, cleanup, set_asn1, get_asn1, ctrl)
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+ nid, block_size, key_len, iv_len, cbits, flags, \
+ init_key, cleanup, set_asn1, get_asn1, ctrl) \
+ BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+ init_key, cleanup, set_asn1, get_asn1, ctrl) \
+ BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+ BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+ BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
+ init_key, cleanup, set_asn1, get_asn1, ctrl)
/*-
#define BLOCK_CIPHER_defs(cname, kstruct, \
diff --git a/include/crypto/httperr.h b/include/crypto/httperr.h
index f5550aa167fa..94d812295cd9 100644
--- a/include/crypto/httperr.h
+++ b/include/crypto/httperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/include/crypto/sparc_arch.h b/include/crypto/sparc_arch.h
index 8e72c3504f7a..6d47505ae96f 100644
--- a/include/crypto/sparc_arch.h
+++ b/include/crypto/sparc_arch.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -79,10 +79,14 @@
#if defined(__arch64__)
+/* clang-format off */
#define SPARC_LOAD_ADDRESS(SYM, reg) \
- setx SYM, % o7, reg;
+ setx SYM, %o7, reg;
+/* clang-format on */
#define LDPTR ldx
-#define SIZE_T_CC % xcc
+/* clang-format off */
+#define SIZE_T_CC %xcc
+/* clang-format on */
#define STACK_FRAME 192
#define STACK_BIAS 2047
#define STACK_7thARG (STACK_BIAS + 176)
@@ -92,7 +96,9 @@
#define SPARC_LOAD_ADDRESS(SYM, reg) \
set SYM, reg;
#define LDPTR ld
-#define SIZE_T_CC % icc
+/* clang-format off */
+#define SIZE_T_CC %icc
+/* clang-format on */
#define STACK_FRAME 112
#define STACK_BIAS 0
#define STACK_7thARG 92
diff --git a/include/crypto/sparse_array.h b/include/crypto/sparse_array.h
index d2629000eeaf..6529b4615132 100644
--- a/include/crypto/sparse_array.h
+++ b/include/crypto/sparse_array.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -62,7 +62,7 @@ extern "C" {
} \
static ossl_unused ossl_inline int \
ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) * sa, \
- ossl_uintmax_t n, ctype * val) \
+ ossl_uintmax_t n, ctype *val) \
{ \
return ossl_sa_set((OPENSSL_SA *)sa, n, (void *)val); \
} \
diff --git a/include/internal/time.h b/include/internal/time.h
index 2a54c491f16f..db1824842772 100644
--- a/include/internal/time.h
+++ b/include/internal/time.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -54,9 +54,8 @@ typedef struct {
OSSL_SAFE_MATH_UNSIGNED(time, uint64_t)
/* Convert a tick count into a time */
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_ticks2time(uint64_t ticks)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_ticks2time(uint64_t ticks)
{
OSSL_TIME r;
@@ -65,9 +64,8 @@ static ossl_unused ossl_inline
}
/* Convert a time to a tick count */
-static ossl_unused ossl_inline
- uint64_t
- ossl_time2ticks(OSSL_TIME t)
+static ossl_unused ossl_inline uint64_t
+ossl_time2ticks(OSSL_TIME t)
{
return t.t;
}
@@ -76,16 +74,14 @@ static ossl_unused ossl_inline
OSSL_TIME ossl_time_now(void);
/* The beginning and end of the time range */
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_zero(void)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_zero(void)
{
return ossl_ticks2time(0);
}
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_infinite(void)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_infinite(void)
{
return ossl_ticks2time(~(uint64_t)0);
}
@@ -114,9 +110,8 @@ static ossl_unused ossl_inline struct timeval ossl_time_to_timeval(OSSL_TIME t)
}
/* Convert timeval to time */
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_from_timeval(struct timeval tv)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_from_timeval(struct timeval tv)
{
OSSL_TIME t;
@@ -137,9 +132,8 @@ static ossl_unused ossl_inline
}
/* Convert time_t to OSSL_TIME */
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_from_time_t(time_t t)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_from_time_t(time_t t)
{
OSSL_TIME ot;
@@ -170,9 +164,8 @@ static ossl_unused ossl_inline int ossl_time_is_infinite(OSSL_TIME t)
return ossl_time_compare(t, ossl_time_infinite()) == 0;
}
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_add(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_add(OSSL_TIME a, OSSL_TIME b)
{
OSSL_TIME r;
int err = 0;
@@ -181,9 +174,8 @@ static ossl_unused ossl_inline
return err ? ossl_time_infinite() : r;
}
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_subtract(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_subtract(OSSL_TIME a, OSSL_TIME b)
{
OSSL_TIME r;
int err = 0;
@@ -193,17 +185,15 @@ static ossl_unused ossl_inline
}
/* Returns |a - b|. */
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_abs_difference(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_abs_difference(OSSL_TIME a, OSSL_TIME b)
{
return a.t > b.t ? ossl_time_subtract(a, b)
: ossl_time_subtract(b, a);
}
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_multiply(OSSL_TIME a, uint64_t b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_multiply(OSSL_TIME a, uint64_t b)
{
OSSL_TIME r;
int err = 0;
@@ -212,9 +202,8 @@ static ossl_unused ossl_inline
return err ? ossl_time_infinite() : r;
}
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_divide(OSSL_TIME a, uint64_t b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_divide(OSSL_TIME a, uint64_t b)
{
OSSL_TIME r;
int err = 0;
@@ -223,9 +212,8 @@ static ossl_unused ossl_inline
return err ? ossl_time_zero() : r;
}
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_muldiv(OSSL_TIME a, uint64_t b, uint64_t c)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_muldiv(OSSL_TIME a, uint64_t b, uint64_t c)
{
OSSL_TIME r;
int err = 0;
@@ -235,17 +223,15 @@ static ossl_unused ossl_inline
}
/* Return higher of the two given time values. */
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_max(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_max(OSSL_TIME a, OSSL_TIME b)
{
return a.t > b.t ? a : b;
}
/* Return the lower of the two given time values. */
-static ossl_unused ossl_inline
- OSSL_TIME
- ossl_time_min(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_min(OSSL_TIME a, OSSL_TIME b)
{
return a.t < b.t ? a : b;
}
diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in
index b600aa6bbdd3..8f3a835462be 100644
--- a/include/openssl/cmp.h.in
+++ b/include/openssl/cmp.h.in
@@ -1,7 +1,7 @@
/*
* {- join("\n * ", @autowarntext) -}
*
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -197,6 +197,8 @@ typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
* -- CertReqMsg
* }
*/
+#define OSSL_CMP_PKISTATUS_rejected_by_client -5
+#define OSSL_CMP_PKISTATUS_checking_response -4
#define OSSL_CMP_PKISTATUS_request -3
#define OSSL_CMP_PKISTATUS_trans -2
#define OSSL_CMP_PKISTATUS_unspecified -1
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index 65faa5f2cf12..2e87cd638b3b 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -162,16 +162,16 @@ OSSL_CORE_MAKE_FUNC(void,
OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, const char *mode))
OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_membuf, (const void *buf, int len))
-OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO * bio, void *data, size_t data_len, size_t *bytes_read))
-OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO * bio, const void *data, size_t data_len, size_t *written))
-OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO * bio, char *buf, int size))
-OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO * bio, const char *str))
-OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO * bio))
-OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO * bio))
-OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO * bio, const char *format, va_list args))
+OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read))
+OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, size_t data_len, size_t *written))
+OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO *bio, char *buf, int size))
+OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO *bio, const char *str))
+OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO *bio))
+OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio))
+OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, va_list args))
OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf,
(char *buf, size_t n, const char *fmt, va_list args))
-OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO * bio, int cmd, long num, void *ptr))
+OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, int cmd, long num, void *ptr))
/* New seeding functions prototypes with the 101-104 series */
#define OSSL_FUNC_CLEANUP_USER_ENTROPY 96
@@ -180,9 +180,9 @@ OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO * bio, int cmd, long num, void
#define OSSL_FUNC_GET_USER_NONCE 99
#define OSSL_FUNC_INDICATOR_CB 95
-OSSL_CORE_MAKE_FUNC(void, indicator_cb, (OPENSSL_CORE_CTX * ctx, OSSL_INDICATOR_CALLBACK **cb))
+OSSL_CORE_MAKE_FUNC(void, indicator_cb, (OPENSSL_CORE_CTX *ctx, OSSL_INDICATOR_CALLBACK **cb))
#define OSSL_FUNC_SELF_TEST_CB 100
-OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX * ctx, OSSL_CALLBACK **cb, void **cbarg))
+OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg))
/* Functions to get seed material from the operating system */
#define OSSL_FUNC_GET_ENTROPY 101
@@ -257,26 +257,26 @@ OSSL_CORE_MAKE_FUNC(int, provider_random_bytes, (void *provctx, int which, void
/* Libssl related functions */
#define OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND 2001
OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_crypto_send,
- (SSL * s, const unsigned char *buf, size_t buf_len,
+ (SSL *s, const unsigned char *buf, size_t buf_len,
size_t *consumed, void *arg))
#define OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD 2002
OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_crypto_recv_rcd,
- (SSL * s, const unsigned char **buf, size_t *bytes_read,
+ (SSL *s, const unsigned char **buf, size_t *bytes_read,
void *arg))
#define OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RELEASE_RCD 2003
OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_crypto_release_rcd,
- (SSL * s, size_t bytes_read, void *arg))
+ (SSL *s, size_t bytes_read, void *arg))
#define OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET 2004
OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_yield_secret,
- (SSL * s, uint32_t prot_level, int direction,
+ (SSL *s, uint32_t prot_level, int direction,
const unsigned char *secret, size_t secret_len, void *arg))
#define OSSL_FUNC_SSL_QUIC_TLS_GOT_TRANSPORT_PARAMS 2005
OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_got_transport_params,
- (SSL * s, const unsigned char *params, size_t params_len,
+ (SSL *s, const unsigned char *params, size_t params_len,
void *arg))
#define OSSL_FUNC_SSL_QUIC_TLS_ALERT 2006
OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_alert,
- (SSL * s, unsigned char alert_code, void *arg))
+ (SSL *s, unsigned char alert_code, void *arg))
/* Operations */
diff --git a/include/openssl/httperr.h b/include/openssl/httperr.h
index adac95018691..4c1cc6ad6bf7 100644
--- a/include/openssl/httperr.h
+++ b/include/openssl/httperr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,6 +21,7 @@
*/
#define HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN 108
#define HTTP_R_CONNECT_FAILURE 100
+#define HTTP_R_CONTENT_TYPE_MISMATCH 131
#define HTTP_R_ERROR_PARSING_ASN1_LENGTH 109
#define HTTP_R_ERROR_PARSING_CONTENT_LENGTH 119
#define HTTP_R_ERROR_PARSING_URL 101
diff --git a/include/openssl/macros.h b/include/openssl/macros.h
index de34b4640d49..315c1389c6dd 100644
--- a/include/openssl/macros.h
+++ b/include/openssl/macros.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -168,6 +168,7 @@
* 'no-deprecated'.
*/
+#undef OPENSSL_NO_DEPRECATED_3_5
#undef OPENSSL_NO_DEPRECATED_3_4
#undef OPENSSL_NO_DEPRECATED_3_1
#undef OPENSSL_NO_DEPRECATED_3_0
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index a06d4f0a0272..08335e0750b6 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -334,13 +334,13 @@ struct rsa_pss_params_st {
DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
DECLARE_ASN1_DUP_FUNCTION(RSA_PSS_PARAMS)
-typedef struct rsa_oaep_params_st {
+struct rsa_oaep_params_st {
X509_ALGOR *hashFunc;
X509_ALGOR *maskGenFunc;
X509_ALGOR *pSourceFunc;
/* Decoded hash algorithm from maskGenFunc */
X509_ALGOR *maskHash;
-} RSA_OAEP_PARAMS;
+};
DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
diff --git a/include/openssl/types.h b/include/openssl/types.h
index e4d105c99197..f9c437356769 100644
--- a/include/openssl/types.h
+++ b/include/openssl/types.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -155,7 +155,9 @@ typedef struct dsa_method DSA_METHOD;
typedef struct rsa_st RSA;
typedef struct rsa_meth_st RSA_METHOD;
#endif
+
typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
+typedef struct rsa_oaep_params_st RSA_OAEP_PARAMS;
#ifndef OPENSSL_NO_DEPRECATED_3_0
typedef struct ec_key_st EC_KEY;
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 7ce2f739bf5f..c0ee1bffe43e 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -10,12 +10,12 @@ da4942231014063d9e4fe1db91b6eb1b8f233904d169f3f1b8be7c6a59728d2e crypto/aes/aes
88b6f8396cd9d86004743d5c3b0f72b7b8c3d5a2b00b0bbb761ba91ae5a7cdc8 crypto/aes/asm/aes-mips.pl
7ff9c96ef3d591d45d776fa4b244601ea0d9328e289aeab1e1b92436ce7d02ad crypto/aes/asm/aes-parisc.pl
f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b crypto/aes/asm/aes-ppc.pl
-538ce0e80698d773c9419a9ca8892d61bc5b3cd1b071c5fc5f315d7f5573e96d crypto/aes/asm/aes-riscv32-zkn.pl
-b5cdd6858b1eff7d17b29b78ac8c4a7642c0a74710f8b50821a6265328845aaf crypto/aes/asm/aes-riscv64-zkn.pl
+f8cc2144b6cc9998d2c55ef446e451a31edde01eae624cb23de02b6b25b82420 crypto/aes/asm/aes-riscv32-zkn.pl
+fe42d33e668beeadd43aa7e67cbe82d3ce3b92c3223c1cc0a34d5cac5b5d501d crypto/aes/asm/aes-riscv64-zkn.pl
e1f3805332eb811d9d0c9377b67fe0681063364f1af84d8598f7daa30da65b4d crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl
ecd9bdfaf25cdd3d8ec0c50cb4306d98374da1c6056e27e0cf31a057dc5ee150 crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl
-d372152dac004b96a89f8531256bd05597ca0b614b444bb02aee93238dcf83ab crypto/aes/asm/aes-riscv64-zvkned.pl
-f0388e17ba4268ed0b562da60e0780072180a824a379b79fafb60e25b8da3b52 crypto/aes/asm/aes-riscv64.pl
+972e037dc955511eff7a371462af483e23dba86afeef25031abe1005eee635f3 crypto/aes/asm/aes-riscv64-zvkned.pl
+f1d8b7a3da1ec053d38be4fc776fef1e4fba328bfa2bfd928c2a2cd3b14f08ff crypto/aes/asm/aes-riscv64.pl
290ae2a09826d24e83763415a021e328d41a163f41cff8c9e3b882e973677f33 crypto/aes/asm/aes-s390x.pl
ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1 crypto/aes/asm/aes-sparcv9.pl
391497550eaca253f64b2aba7ba2e53c6bae7dff01583bc6bfc12e930bb7e217 crypto/aes/asm/aes-x86_64.pl
@@ -59,11 +59,11 @@ b27ec5181e387e812925bb26823b830f49d7a6e4971b6d11ea583f5632a1504b crypto/bn/asm/
0b3350f56d423a4df918a08e90c7c66227c4449a9f9c44096eacc254ebc65f9f crypto/bn/asm/ppc64-mont-fixed.pl
a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f crypto/bn/asm/ppc64-mont.pl
b3aad31ab658eceaa9c5e734e19f39c33991f4839ab55b0cec8018020b1a305e crypto/bn/asm/rsaz-2k-avx512.pl
-760cc579b8b464991177a337487bb32e22317cb47f69927232da76171c973954 crypto/bn/asm/rsaz-2k-avxifma.pl
+03f6cc678f377c5cd953e8da135c5d76dc1cd011565118c99e25bff91e7271df crypto/bn/asm/rsaz-2k-avxifma.pl
e914311420ae4486ab6000cc6ab424f04d8a042bda40ab8f288348dc9f0eb595 crypto/bn/asm/rsaz-3k-avx512.pl
-b8424d830f41a038f3c98d8664c6cf7d2d3e1748cdce260db41fa3c74f1d88d9 crypto/bn/asm/rsaz-3k-avxifma.pl
+95b11e0b04c38bde06d152dfde5ab970dab27cccdfeac998e1bc293e01520474 crypto/bn/asm/rsaz-3k-avxifma.pl
e13bd2df8c591052ddf16a839072f43353841f9f35e0ac95f836511838dbc771 crypto/bn/asm/rsaz-4k-avx512.pl
-afcf51a732c80eadae1650e22e4af34904112a8b95467087a16d9d2394934730 crypto/bn/asm/rsaz-4k-avxifma.pl
+cf92b66c4032703b7ce03ff6aa36887d14e31a8861e7aa21c46a466ea4802851 crypto/bn/asm/rsaz-4k-avxifma.pl
6e47bf041e51d8086c4933c2a5da3ce6d1b136592984754461d59aa81e4995a6 crypto/bn/asm/rsaz-avx2.pl
b42f6cf0fbf9eae58343df9629e7a9e5b8814195ea0c9882d7b143a0841cc018 crypto/bn/asm/rsaz-x86_64.pl
30fedf48dfc5fec1c2044b6c226dd9fc42a92522cc589797a23a79d452bdd2cf crypto/bn/asm/s390x-gf2m.pl
@@ -73,7 +73,7 @@ aa02597f3dc09cfbc190aedb75711859ba0f3efff87067ebfba1ec78ebee40d7 crypto/bn/asm/
ca21a9ccbc54e19fb7c2e6cdf286ce7cb08b0fba960c777c6edce5c57ccc2101 crypto/bn/asm/sparcv8.S
fbc93c8dbbecefe66086f58fe9719ed87b13b2cdc61454a10e841228296fecef crypto/bn/asm/sparcv8plus.S
127832c1e3d298aad805236776488f5f8836b6a0fdbce3f6b42678163df3909f crypto/bn/asm/sparcv9-gf2m.pl
-1622f04a8918724ac0e8804baf285fdafa0eeaaecc36c7facd459d0ff13a8cac crypto/bn/asm/sparcv9-mont.pl
+0ad54f0cdf6a52ee0b0aab03800cb2b6beb39b138378b93e151cfd6b1aa2f2d6 crypto/bn/asm/sparcv9-mont.pl
b69083f78b4b4f7097de4462d16649532fb82c453a82cdd9cc1393122661d6e2 crypto/bn/asm/sparcv9a-mont.pl
d404375a21d33396824a3da212d6646d4f3150dd141ee4b4a250aefae3482efb crypto/bn/asm/via-mont.pl
d24f3e97239c8eed5efc721521b025b7256c15e67a54ea6b5c4cf8f7cd0f89ea crypto/bn/asm/vis3-mont.pl
@@ -89,26 +89,26 @@ feef3a84a40034291286882d483ac23ab55631c3c93f40ba0ea98944916ff3ec crypto/bn/bn_b
d3b5f02a17ba1c71261f6dad0d4785846567c8a03368d41fc1a6ee7c45aaff78 crypto/bn/bn_const.c
eee3d2710144b0e860c57e84f5adc6b2bf64fc27cbd202a8ca2630aefed3b84c crypto/bn/bn_conv.c
282f06fbdeb991d90337787c6407020e940b6d5e187a06866f1a7787c10a0c1b crypto/bn/bn_ctx.c
-d84752b5835e9072cb93de0241f1f701933c61283a27679c1ba34e2bbd1bbf76 crypto/bn/bn_dh.c
+b1b1c5fb8a45fde5755dfd5da62b68100b94f8c492c950719c108c384ea7f3c4 crypto/bn/bn_dh.c
4824f271f0ddc487b5991fbd92f7f7695aeeac234e076078f37da027999cdd88 crypto/bn/bn_div.c
-306a4a4b671f299da0201719862a3ab4f76cd4a13d4d0baa214478603e5cf15d crypto/bn/bn_exp.c
+d36b2be05469f144f52173616e413a7bdd836607fccf94cf543cc7f5a343b962 crypto/bn/bn_exp.c
ce5219203bf869561297978d6d416357a441864cd801865503dfd455c481960c crypto/bn/bn_exp2.c
18ac3f6fe64225f72243689199839ea2ce2aa61d80b084bc4cd9efe1c7cc9d89 crypto/bn/bn_gcd.c
b643fdcd91ad7dfcfa97a0bb235221b024b8a77faa7890f0bcb9681ea2c64c49 crypto/bn/bn_gf2m.c
73ee247467879d4ec984c9900dfe7761233c5b889b8762be37c7e8fdd6d1d210 crypto/bn/bn_intern.c
ff147e5e032cc7c772b73a91fc6e24d8d9516e642d29354445d1f82d64b1d924 crypto/bn/bn_kron.c
df9aebbdcca87fc5715dde430687fb516d8de0dac70c8910409fb73d6dd2305b crypto/bn/bn_lib.c
-830e1932da4e8b409250a9dca0275b853a8d12bd6575649148aee5331180bbcd crypto/bn/bn_local.h
+cd7bade0f2e223fe34f6e2f8cc87098ac8f0af96ec62ada5e67f6a2344d48ef0 crypto/bn/bn_local.h
364600145964d5154224fdda2c94ca6fdab2907837a385550b242350be7a1197 crypto/bn/bn_mod.c
39a8fe0bb625b4c11b74998ce6fd99b7655228aaa7d7ad3076f61741937ae14d crypto/bn/bn_mont.c
c2a5230efbda6844b7b2eb10447b054496ae5029130d332536de6c3b12dc58a3 crypto/bn/bn_mpi.c
488dde761d25fb2eabd8acbea5b3b83520db7733480fab6499f60b8bf680b1ed crypto/bn/bn_mul.c
e80177361897632ac9f013415dee8f6d2d942a8b51a4daf84fc7ba51d9d75270 crypto/bn/bn_nist.c
-c7e1d12f14b20e0e34870060459581afcdd58d80097248de5187b9e72bbd7cf0 crypto/bn/bn_prime.c
+0aa8a381dc6ed47746ec90aa739aff1eece4474d92abdd3f9036e7dcb72ee891 crypto/bn/bn_prime.c
c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h
af5af7057643ee8d35e3a2d5f7b55e37647db46700f2818edc295d727450d521 crypto/bn/bn_rand.c
b5cc902624b3af2149c9ea91f9d18bea56302144e87dfe49105ec6789b73764b crypto/bn/bn_recp.c
-4ff6338c3d30ed029b3e4fe509e08d9abf2e84b61c14bf466f642f097a8b7036 crypto/bn/bn_rsa_fips186_4.c
+c4ef2dd742bcd76c40df08a3108a3cf2854d53e93ebf59bf549c3ebc3b0e47cc crypto/bn/bn_rsa_fips186_4.c
6889866bca4673bccb8adf870859a867757ccd3c8ad4652675615afff710add3 crypto/bn/bn_shift.c
97559e9e071a06b8cffa37b7df27af638de84c51d5da190a879752f39e2b6368 crypto/bn/bn_sqr.c
c748baddfec6734bb50facbadf151a1f22f8a885c677acfb08b4f814e96f0d52 crypto/bn/bn_sqrt.c
@@ -116,7 +116,7 @@ f42996cdd94f18fe0858552be7123e75cb3ced0ebd7dcb90a0c73740090dcac9 crypto/bn/bn_w
2f048ca8e8ddc5e2b8b82775197f79334381dd90bab417b2855bfeee07b99db8 crypto/bn/rsaz_exp.c
b89075a1c43de2e27a29db217c11c1fb4ec04f4270d0106c0679dd44f98eee58 crypto/bn/rsaz_exp.h
3c934b8abf163b95caf236647153d42d8d48f10f2f5f8b21c013362b1cb8aa8b crypto/bn/rsaz_exp_x2.c
-21ddcc6948e81597c9b9e9823311cd1c315708819e85f29d5ff80dc72e14e562 crypto/bsearch.c
+f6c72754667c90e3466243f9d21ce6a799db8e58c8b78b2707129dcc540adc3c crypto/bsearch.c
82117f6a7cfc31fc86ecd9629bd3bf614126b8e8b2c23717a03ff5c1db7c3c5c crypto/buffer/buffer.c
5f43844b5d8665de9ab895f93599150a327d73ec2674bbf7d7c512d30163022d crypto/c64xpluscpuid.pl
205f0be0317343b17003f261b427008aad1b31aacc6979c4557fc837e9548b92 crypto/cmac/cmac.c
@@ -182,12 +182,12 @@ f4490c0b575b79e63a897b1e85a87ede2645a2c521e67db461b3192884450d9d crypto/ec/ec2_
5d3567b3b6d3922fd82641acff29ed12b1028e83eb0c175132ce7f3470b9db6c crypto/ec/ec2_smpl.c
a1f22814f501780591da20de5e724895438094824fce440fd026850c46ad8149 crypto/ec/ec_asn1.c
dfbccf591879eecbd9ed75da1fbe6c7b1672d07648fd43b37755dfe248253bb2 crypto/ec/ec_backend.c
-7f19cebad4a94db291464b0d93006a87d15ccec93b94f725052a1037107a96be crypto/ec/ec_check.c
+3a3c4f4767513b4fbbabdea2918d7c7d105eb573334a7fd893b866989463c4d2 crypto/ec/ec_check.c
f3991bfc65a7371b84afd0cc328e3cbd4736edf7267e4b731dd82677bfab047a crypto/ec/ec_curve.c
8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c
add58bcaf43a28e66b3a6ec1f70ed9b0b4a4a0d40230e903a26a1ff1129649e0 crypto/ec/ec_key.c
35515133fb3c33c5736a9f744e835b9fc0775193357ab2492f11d0f63503c65e crypto/ec/ec_kmeth.c
-ad6f566595be1d72ef97be7322949092c4530da57793ef5b722025738882410d crypto/ec/ec_lib.c
+652a1544120bf0fecde46a8e18cc28fffcb7cd864be2e2b84c99d571ba320e64 crypto/ec/ec_lib.c
0d113ac5dbdb420ba3d1c060f4fa3300fc0a81b571a919c2b176022fdca89878 crypto/ec/ec_local.h
b545e4539ef2483982f35ee05866060478722e329cfbc4990293b46ccfe5c93c crypto/ec/ec_mult.c
c2a81f5f56d304038183ba6b02fdcba8767833f61773ec483e73b330b67ae59b crypto/ec/ec_oct.c
@@ -206,9 +206,9 @@ f38971ee893608f00d1ddd77d889aac9558509bda62d2e1b3eecd9bfa0c29095 crypto/ec/ecp_
8e50fd1e60ad1ac824e704375096e41f4ae535e533a3334d78c481e34d9d0fb8 crypto/ec/ecx_key.c
3ba8412897cbf17881fbf23cec27a487b2c587348e1f859ec44e47f366877249 crypto/evp/asymcipher.c
1f64d4752074f954af4f290788e4332e3874ba3282bd03d3e1d1f5ce4b0888bc crypto/evp/dh_support.c
-da3140dbda8a35cfe4a0748892a3e381e3988a94ddb945c2371922bb3010d96d crypto/evp/digest.c
+0e9e206dd4b179ad09e1475949ce9ddb5bce0e0d66072477d94b7788c57e70d9 crypto/evp/digest.c
4ffc3fc5ee5f0dcadf1516f1cc29338f0f4d85c59881c06d5a777cf4e47a6d5f crypto/evp/ec_support.c
-6f8a9bb4d8da878aab6bf5f4bef286a0045fee1b140a1f9151c830d03778f879 crypto/evp/evp_enc.c
+8bf5ddf1c8e352a9f9241c7275d3a8cbbd633fc0f93f609158d15aee7af5a9d0 crypto/evp/evp_enc.c
8683c25d4bcb598375a04d4682399c9eef095225b49498afe819e5193e9cc117 crypto/evp/evp_fetch.c
75855fc64e44e5bbfb728d85014c65e8b0668faee26f0901aaa729c16679dee8 crypto/evp/evp_lib.c
e997e921669076c51e230ccb2e36b1c6755fe408c61b1177d2aa67529cab15f3 crypto/evp/evp_local.h
@@ -217,7 +217,7 @@ e997e921669076c51e230ccb2e36b1c6755fe408c61b1177d2aa67529cab15f3 crypto/evp/evp
8f4194bcc2e0de69236925aa7515bc31f36ed113dcd3cee5d71167ac770cdfdd crypto/evp/exchange.c
294284ad040fe4b74845f91b1903c961c757e1ef3fcc2ffa35f43f37f1655e64 crypto/evp/kdf_lib.c
532f0ff4ab32068f160016f39cd520fadfbd09b81b3b3b562bf543acafb38889 crypto/evp/kdf_meth.c
-6669cf0969c6fcd4e3b240aad6335d159a8169aab891f1388822fe96c6ce0629 crypto/evp/kem.c
+4e60c9e37106b9c28d646f7234d857e8520da953ed7d319531467d334b77a72e crypto/evp/kem.c
84cebe10a50c88d0db12a90ad751eae43c7ba2954bc9f42f0c1490d66eac5bb8 crypto/evp/keymgmt_lib.c
80a5e310a3c3f551ca8e1992793ffbddc525274f90dbf4f36217b57acbc8bd94 crypto/evp/keymgmt_meth.c
15654f58c113d6eb7100caacd00ceae68113edfd6a921f6af1bea4040fa58f5d crypto/evp/mac_lib.c
@@ -238,7 +238,7 @@ e032f3d46830d31cd957e1f3917a6a663c5ad3b9d79fc3d661f025822318d0de crypto/ffc/ffc
bb208ef3a2c7ebdc518bd38f2f07a17cff356040f1c5d68eea13bd9275897a52 crypto/ffc/ffc_params_generate.c
e9a500ddbe96cb5b302fd2db74fac0924a6ac45732df5ee1c09e82b19d06ccfd crypto/ffc/ffc_params_validate.c
f172c8c2112ee82716a7bc3a3e05d5cc26188c66b9d768ac1ff906845063d2cc crypto/hashtable/hashfunc.c
-16090065da6b94199e997c930d465c613633bf322e89e3e674993ec5a785580e crypto/hashtable/hashtable.c
+653d1f67e01ce0e9dca48cf513df9e8864a0985ce9bfb094fc3f09d591e6f062 crypto/hashtable/hashtable.c
7a9af0b14f1463b36de0689bc434a318adcb7990bb23862bf1d2a0adf510583a crypto/hmac/hmac.c
907dd44e0bf873eebefcb4d82975b72ecec9e0f3c348c79314450fdaa78d4073 crypto/hmac/hmac_local.h
0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S
@@ -267,7 +267,7 @@ c2652262227348b8bb053a239e8491b26f08d6fadc47ba3471302f5797ae1c62 crypto/ml_dsa/
36e24eae5d38cc9666ae40e4e8a2dc12328e1159fea68447cb19dab174d25adf crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl
33357356cd739d4ae89d52f0804b6900e4b94d8829323819c6f64c8908e978df crypto/modes/asm/aes-gcm-armv8_64.pl
a91995f81b384b175ecf252690030bb068d6af64bfcdab2fe753484b2d07a184 crypto/modes/asm/aes-gcm-avx512.pl
-038e4ac89aa7d1962058f2170efce9024804473a62ae90102c3989555a7858cc crypto/modes/asm/aes-gcm-ppc.pl
+8fab6574aa99ee635d564dbe68b014562b61af37fa4f151210690837cdae6707 crypto/modes/asm/aes-gcm-ppc.pl
dd0de5ca8913a941cfff781a42fba43227e133976a24d0fddebf63909f7e010a crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl
9dcd3be86cda832ebe0394f5a859a761f4b711f2010fb606457f754722c5fb84 crypto/modes/asm/aesni-gcm-x86_64.pl
c2e874a8deb418b5d8c935b2e256370566a5150e040c9fa008cdb5b463c26904 crypto/modes/asm/ghash-alpha.pl
@@ -293,9 +293,9 @@ b431ff38c3a85943f71be0d76b063dbe2930967629b8721465b8152ab7867296 crypto/modes/o
02e7659d8776f5885ebbc25b930ddec046262f92c9e8fa7e093f2a6a8d973a3b crypto/modes/wrap128.c
0a10e0cae6f4ac164afe97a64df09c8412145c8a25f387ff3a53ff7495572cbc crypto/modes/xts128.c
9a34ad9ae361f689b0b98c454092e89567d0bfc969c08a14c8001e60976920b2 crypto/modes/xts128gb.c
-3f2c172dccf93227fc4b24f9960e1c0b01e987e1335dd9ab0e3c2d577195fed4 crypto/o_str.c
+515e110e01867d6527bec758a264473b62cb7edff213816e2197faf6e96ec048 crypto/o_str.c
44594139dab6ada1f34f9c6887c97e258c1204b833a6c20f58097f17d0f1645e crypto/packet.c
-05563d44cb345e7859093296f95a3ea5139fcc316e98fcb86c6748ee49363a84 crypto/param_build.c
+a108cacd961b0e5a95d279c737926afa4636d8b89a2a912593b01916ea3ce43d crypto/param_build.c
cae7bd4973d36edbdc3bdd8d2c8d157f2c4fcfae00fdf821b67aebb789bc8aa6 crypto/param_build_set.c
d362864eab6707ba2f4efd65c91dd90d669721f2d8fdebc875fd1d2957154396 crypto/params.c
c0e0ba07ca5d4acfe450e4ae53a10ed254097ed2f537f01a4a43a9f5b5cab501 crypto/params_dup.c
@@ -317,9 +317,9 @@ aa58d7800d3ccf2989b0de3c2e2710dfac36c88dc51659129897b0dfd2162527 crypto/provide
dce7413b4c4e588c9a099c6fd7c6c9a397e034f259a2027d4ea8bdfe149164fa crypto/rcu_internal.h
0c1d3e0e857e9e4f84752a8ef0b619d8af0d81427b52facbd0174e685dac9a47 crypto/riscv32cpuid.pl
231263dffc16987f5288592ebf4c0738902d5146bfc16bcd8a157e044cb697da crypto/riscv64cpuid.pl
-fff6a76f42f3caeff8244fffb379240e43570bc6caf25e4721471bc208b2be81 crypto/riscvcap.c
+32e427d3d75f7b2d37e2765e2d2c111d45ca5871200be98e8943219dc475e458 crypto/riscvcap.c
f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c
-aadf059519d33f41b859216246d215330a0c73d18153df580927fdfa6ef51b8f crypto/rsa/rsa_backend.c
+b1584c4a1a5f83a1fd43d854ce72bb11735aa34945f2b2f983228f36f27fdad2 crypto/rsa/rsa_backend.c
38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c
e762c599b17d5c89f4b1c9eb7d0ca1f04a95d815c86a3e72c30b231ce57fb199 crypto/rsa/rsa_crpt.c
e666568eadfd01ff3e435364dee2575fca7ff3e6855b2c258fa1e4d04239d933 crypto/rsa/rsa_gen.c
@@ -347,7 +347,7 @@ be1e7dd9998e3f31cfa6e1b17bc198aeec584a8b76820e38f71d51b05f8a9f2a crypto/sha/asm
33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034 crypto/sha/asm/keccak1600-c64x.pl
09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a crypto/sha/asm/keccak1600-mmx.pl
6689c3adaa270bd88026ca686ce76b8aaa83a7cadf3954d84d3cf89c044cc958 crypto/sha/asm/keccak1600-ppc64.pl
-fea3ce181c7a33bc673e3a4607e0f737a3a3e5958a3826596fb911b1297e2ca4 crypto/sha/asm/keccak1600-s390x.pl
+79dec13ccbee4a6758a22d92bfd5694565416219e48b6894dfb63c6b0029ae28 crypto/sha/asm/keccak1600-s390x.pl
3fb93b9440f5c3008b5c876a8106acc5f8d38f1afedd79381f0befec7dd7d72b crypto/sha/asm/keccak1600-x86_64.pl
831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d crypto/sha/asm/keccak1600p8-ppc.pl
75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007 crypto/sha/asm/sha1-586.pl
@@ -391,7 +391,7 @@ a7e074a2f2cea0c33e7875eacc8adb465b5802e4c1d100cda79ac3dd52cdb453 crypto/sha/sha
61ab6d7d7da9e65120ec59cfa9f5ede785502ae371696c3e4e04e039743ca111 crypto/sha/sha_local.h
dfd99e02830973ab349409ac6ba0ee901ba7736216030965bd7e5a54356abd7c crypto/slh_dsa/slh_adrs.c
c9b270de1259d9fa71a4d352786357bcf1dd3d22075edab84501e2f8e550b271 crypto/slh_dsa/slh_adrs.h
-2aa41787214996542778a42eaf1bc754809f7d4d31185ac77424a3c686d6759c crypto/slh_dsa/slh_dsa.c
+95d42ca839ff34a050a7006734a06c157ad259512c1a10b978e9f899efe69f12 crypto/slh_dsa/slh_dsa.c
ab7b580b1cba302c5675918b457794a3b3d00aac42297312d9447bc6f6a40b09 crypto/slh_dsa/slh_dsa_hash_ctx.c
6a68c788eee184862cf90676324750fd4f17ca666b628ebc69b3b510d19ba819 crypto/slh_dsa/slh_dsa_key.c
4c7981f7db69025f52495c549fb3b3a76be62b9e13072c3f3b7f1dedeaf8cc91 crypto/slh_dsa/slh_dsa_key.h
@@ -415,13 +415,13 @@ cb214ad206ea69ab98d24a727a47d3a4c614fce709e6b7fe6997dbaeed92f0fc crypto/thread/
f06b08138d73b834471abc4a3ba43b2be838f7196c937c3e933694d6cd69f74d crypto/thread/arch/thread_win.c
55953eb5a84d03e8d915ee867ddf8ec8be8c5eb444ea0b21b12a040a57e2c2c1 crypto/thread/internal.c
2e5955d706b96c487e4875ffbe208fac15bdca06b33cee916d5343978c14efa1 crypto/threads_lib.c
-0585d64ace8f607cde3ae8aba27eb203e2fd648d3226c7b87fc49350b1f53d36 crypto/threads_none.c
-a8815d82ccf819040446fccc42984ee515341d7df14c896bee48d61aea55d2f4 crypto/threads_pthread.c
-794e50fd64df6c4da259bd951117291aebb0859c8a47d657a2524e67df3a850b crypto/threads_win.c
+ca77056d184232d6fcfe39328ab0b887a4fc939913209717fca65898ebbd45c0 crypto/threads_none.c
+021afe4321ff954f3f4dd1b1d07a5e3e7778f7bccfaede08fab193d5752d9740 crypto/threads_pthread.c
+1915c5e3de649873745479df5cc365c38cf56ecb2fa21be6a053055f97013dce crypto/threads_win.c
93f8fe09f96492a6be6772ddbf0cc37912fc2a90acb7faea378da1735fe20f6f crypto/time.c
88c5f9f4d2611223d283ebd2ae10ae5ecbb9972d00f747d93fcb74b62641e3f9 crypto/x86_64cpuid.pl
085d9fe93adf232f1ff838be9235046c2c2abe2daeb0e6342921d8f2e955dc18 crypto/x86cpuid.pl
-0f089e0c6ab4091eebc1d3d54dbd18603fa4f90238fc6512610c3ec3469536ba include/crypto/aes_platform.h
+6486afb23846d3c11c3a655e7e6cae24f8cdaf5dd4d6a887b5a04c53f52895b0 include/crypto/aes_platform.h
8b68c7b69b8da6e729789dbd99d45c341458786e2bc0e2c6c6a341e6792d6b10 include/crypto/asn1.h
9acd69adc80fbf9fa88fed4bcc7b3c0ba87e2add98d7ba311d8b092a2d5a0d2c include/crypto/asn1_dsa.h
21084935a7f88a5926a087832afe8bc6705b1a7813fe226eb4c0df12c753d3a4 include/crypto/bn.h
@@ -449,7 +449,7 @@ fd4a274688b694aaf010235e6ffd3fd1afd87bc5cee9cae1e4e8be69bf96a5cf include/crypto
3f28391ed526d791a578e76a40961592e15ae2bf62b81d5924525e1f21684659 include/crypto/security_bits.h
70b36014254ca6cbe4126573ea6a71069cc278a6ceaa36412343f19b204c4c13 include/crypto/sha.h
127ede705ecfa8ec504e57cdee1210c5d7a9044121ff05d1dcf72955958346ed include/crypto/slh_dsa.h
-8d50d439dd064b66fe349787228435d7a5ba4bc46917a1287c8d876f7faf37db include/crypto/sparse_array.h
+df915f569207111cdb011e85ee0f40bcd169ac0a413cc858ccee0b5001cefbb5 include/crypto/sparse_array.h
eb1f4f50bafdd357aa15b54f60f5ecde10876253038f00bf518fbf60840addc1 include/crypto/types.h
fd5e610fe38804f5de05931706b8efc717663a892f74aa6aee30301ff5e31a25 include/internal/bio.h
d32565e2b426131dc2415e60a97c94570ca982d29ddd97d2e23d6b9f73b1d81c include/internal/common.h
@@ -490,7 +490,7 @@ abf03dc8635f2925bdc2299feabe115f8d5d6eaa450b421172ded222872386ba include/intern
fb5bdada32614d7214569dc111b8bbc43592886799f0536b844a64a2541727cb include/internal/thread.h
a8fa7ddc1e54ca296bda9ee05a7a39bb7e803eb0567cc75a9b949b80cada7552 include/internal/thread_arch.h
1cc86957e734ce34acd949b9e9e9d588a6c82afb68a09c787fb69f5e4cb20b1a include/internal/thread_once.h
-d9f5e7c10f41913a25f1ef89bedef6070ed3b8bb3c6ae2fe9f7d8993082d86f4 include/internal/time.h
+07af0c702bf779720f6849dcc54b59235a5ac87513c77d6123aa334d71f5a7b3 include/internal/time.h
2a4f456b95ae6c60a1bd7be966400f7aa12f791ece6f2d31a22acae6fd77c623 include/internal/tlsgroups.h
79db205cd380711f09748b4ab020442050acaa0a8a940e2be38c4916e23dd1ff include/internal/to_hex.h
47c827eb0766d6aa82cec54648fc57b33a3dfec8539cab7bce161cf73455abaa include/internal/tsan_assist.h
@@ -511,7 +511,7 @@ c70499c9109b083beb69d1b17807266b041d0ff28694d5bc1ab7cf2a59331c39 include/openss
4e195b6f7a734756e21c4269cc245b292e1a563aaec5644402929d0eac423c41 include/openssl/configuration.h.in
f76830b31c947d86c2e6a302ab8df6b83076f8d29120bce9a58195551eb48e1a include/openssl/conftypes.h
a013fca5cc6b5cc26eb1c76eaeba31e99408e88fe89c343a44cc0b22f8e63eab include/openssl/core.h
-06eff5fb11c68f0fd4b70b0162517647afeefeff345e2541f7f2d820c97a8d95 include/openssl/core_dispatch.h
+8486d6f6818911651b0f3ba02366a362b0d4d988f014089a4f3a3f6ecca7926c include/openssl/core_dispatch.h
b47e5195bcf209e120858a2c671eaf0589fbd1baf1c5f69237ab94651772808a include/openssl/core_names.h.in
e623d4e8d36d7e0f0825fe5cb48e1176be19c0bedc5053fce488aa48602f351c include/openssl/crypto.h.in
128ef415305b704d51461ab98c688c69fde868acb5f5f74c92b2d0517823e71a include/openssl/cryptoerr.h
@@ -539,7 +539,7 @@ a7c65894dd0f3730769d56a46bc6e4777c9bd7c8826998373d2ccdd9a346f840 include/openss
1dc0dce58de44226fc0afb51073c39933fb65dfd3a0131c4eff17bcb93018665 include/openssl/indicator.h
36b0013002d44397aa41b021ec13433230221aa9722ce5fc31648f08d27ac448 include/openssl/kdf.h
f4a6b9adcd0158222878f5c55e3b40c620361d328bc624ce22d4937c0c054fbf include/openssl/lhash.h.in
-e7753bdc658187d6ac5fb51902c79bff929f3ad416fd907c02cd34568a30864c include/openssl/macros.h
+3a6bbc7833212d862484513a0f1ec895450c8377290a644c17061051fecd162c include/openssl/macros.h
0da95b5743f5c12ba1a30c1ef84f9fe57ccd5816febb1b5fd3a4f573ec885cd8 include/openssl/ml_kem.h
06f0d4621c344401f280a4e69e48ba987a0600b7f52ee16b25c4620277b081f9 include/openssl/modes.h
6d40e3edc18bac56826b2beb9439e7e43a680867a0a9ae1d3f75e07dc72b024d include/openssl/obj_mac.h
@@ -556,7 +556,7 @@ a15b0b69bc1e31d0091ad32f04021d4fba9750cf9e3c9c0d2509358543cac380 include/openss
d0fffeeaf8a20f6c86e8a6bfaeb1eab7c00188b1844c109ead4232c8dfb3705b include/openssl/provider.h
c467dcada2506c820e2dcb002dff9d797aaf9527c8778871d79d79a93bc673e7 include/openssl/rand.h
23d76dfea708747bdc2ffac41e25b156a22d2d0cb744323a3b9859c54bfbb98a include/openssl/randerr.h
-c477f6a040cbd444318469a9f5899d368b4e42680ab7337f6859549bc55cf2af include/openssl/rsa.h
+06dd86ec673693fc7c47a8b8489a72b648a56a667469064fbbfc91bcf20ad650 include/openssl/rsa.h
6f79765285a8244f6c1858b86db8e390e4bc6c7905a7e4576973316612f7b015 include/openssl/rsaerr.h
546e4277a9897ed5c01b9ab30168e82f4acf9a6a20da430ebf7dd698d5f888fc include/openssl/safestack.h.in
695683de2485c3b83d9116877f5d5ca3eb84a3bbb599f6bb02c9e595e7102b41 include/openssl/self_test.h
@@ -565,7 +565,7 @@ c477f6a040cbd444318469a9f5899d368b4e42680ab7337f6859549bc55cf2af include/openss
d381d0b4113f0fa18b3e421eae303fc84daf84eacb1236cb6e9976409a2d33a9 include/openssl/symhacks.h
fc527427bafa6862d9e3847c961dd6cbbcccc39d25762c65ad3b99fae9599e2e include/openssl/thread.h
a481e8762c694b3dac0e74aac8626fe60fa94962a14914f1f6969ea1214c40b1 include/openssl/trace.h
-1e0253d1f5487b8e92c39f8c3a15ee3030625c4d9735f9cdbbcc9974c213e925 include/openssl/types.h
+9e04a3e9ca5352adffbdd75a5ea5237e8ff96a8c0a842368cc3a29de006b2ee7 include/openssl/types.h
62e0cddeedfc217ac02bf37f3669ccea8d0822a88a74a8ec82b844a85b2700aa include/openssl/x509.h.in
869959c3d557d2ace84f38b7a8d0f23b3b0854de7f952f46310e828af04554dd include/openssl/x509_vfy.h.in
5dbee881fe4e1f08a773e8bd34eeda7639be7c474a3d4d6e7c8d779e19c7eb2a include/openssl/x509err.h
@@ -616,10 +616,10 @@ d8cb05784ae8533a7d9569d4fbaaea4175b63a7c9f4fb0f254215224069dea6b providers/fips
ef204adc49776214dbb299265bc4f2c40b48848cbea4c25b8029f2b46a5c9797 providers/fips/include/fips_indicator_params.inc
f2581d7b4e105f2bb6d30908f3c2d9959313be08cec6dbeb49030c125a7676d3 providers/fips/include/fips_selftest_params.inc
7b80823bb5613e17e8576789ec77712d89c81e7beb6ce50b58037e925e465abd providers/fips/include/fipscommon.h
-44a6e7b590de3d8a7711ac373348e4c9bc7a24dd57759897f2cb5db2cd8bba62 providers/fips/self_test.c
+c00c429b0e022db3ef9b08b3400627a1f268fb071e84d0538fb68c060da6a3db providers/fips/self_test.c
5c2c6c2f69e2eb01b88fa35630f27948e00dd2c2fd351735c74f34ccb2005cbe providers/fips/self_test.h
df83c901ad13675fbbb4708b6087feba6099870ad3dd0e8d09cfdb6798419770 providers/fips/self_test_data.inc
-bc58582893d748a0a61662cf9363ad73c91f35f2956dbcafc8d1ed37039b15d3 providers/fips/self_test_kats.c
+aab0bbdaa8e70f6cf9c3871d62b1efc6029cbe386c5d6318d7bc730da0fa8f19 providers/fips/self_test_kats.c
d942921caa433ae9e62959b0ad1caad277b50d005ffc439c6d0e7b0886dba882 providers/implementations/asymciphers/rsa_enc.c
c2f1b12c64fc369dfc3b9bc9e76a76de7280e6429adaee55d332eb1971ad1879 providers/implementations/ciphers/cipher_aes.c
6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6 providers/implementations/ciphers/cipher_aes.h
@@ -639,7 +639,7 @@ be18c20e0197f25fe7b9e0268657a2271a69d216b89cb100f082fa5fcaad1e07 providers/impl
60c4f604cf9b5457be48f31cc24ca21729660381081b2dbf99f362a013a09684 providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
e2886780637db72b12c9bc488d81647ed55a7f5c850efd4bdbf88ef7127e1913 providers/implementations/ciphers/cipher_aes_hw.c
89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68 providers/implementations/ciphers/cipher_aes_hw_aesni.inc
-e691fd1ee71c40bc76b01bbe2a6f027496a210a2e49e20908b87033552fc8c52 providers/implementations/ciphers/cipher_aes_ocb.c
+d95dde2258887edca985237a0623855b49dd9e93d21407e9fcfe33497513be4c providers/implementations/ciphers/cipher_aes_ocb.c
88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f providers/implementations/ciphers/cipher_aes_ocb.h
6c3a89771719b36d6917d23464be5441836378393731af96ba165fd788df1a41 providers/implementations/ciphers/cipher_aes_ocb_hw.c
c7aac28a9dca1ad46e5bce4de93e07dffec1f89fab82394c3ff7cf1bda8b483f providers/implementations/ciphers/cipher_aes_wrp.c
@@ -653,7 +653,7 @@ dc4626becaabc3990549483d9ef5f05c7dd9a9c2cf9be96ade3ba6a6e203f7f5 providers/impl
9cfdcc860a03b6e7ced8cc21bcbbc1c070c89aefab04b07f213c7a3db1895553 providers/implementations/ciphers/cipher_tdes.h
00b931090e26ce9a62ee4ea125586f439a9906db5d7b914ffc67d293a57c7c00 providers/implementations/ciphers/cipher_tdes_common.c
cca34f1c7baf3a98964f7ce19a59e06d1eaf2ada121a0d4a438f4078a072b325 providers/implementations/ciphers/cipher_tdes_hw.c
-5739bf4391b40a6715e25a03f42701e938b160e1189c33e72b21f57d4991586e providers/implementations/ciphers/ciphercommon.c
+d2f418806c7ed45f118683bc13329573804592684e522efced0fd0921f4548fd providers/implementations/ciphers/ciphercommon.c
ab9a2edb23aa61cf31da6addd8674a6028f93399eceeeee35a56ee770338fd6c providers/implementations/ciphers/ciphercommon_block.c
6b6090c233ddf29d819f2559361aeeae03505de7626a127628d5f0f6d3bce295 providers/implementations/ciphers/ciphercommon_ccm.c
6632a555d5bcd5af67d0355ce46c2906bb3a0dcdf1651595b29189c40a5ca675 providers/implementations/ciphers/ciphercommon_ccm_hw.c
@@ -670,8 +670,8 @@ d44c5a6d3156392757415f34afc1ab164fb0e9cd1e97977386d7cd13f3555df5 providers/impl
b1115636f53bf70f417b183cafeb6d38e230d11d8de731e6896ba60cc850d931 providers/implementations/exchange/kdf_exch.c
1644609260b996c1a46610d02474f991e1ee4bdff5d8175e759c49a92f2b5107 providers/implementations/include/prov/ciphercommon.h
f1dd49b30604d9b8e948c135329a270a4d3e04857f7f9159a3e84f46a024d59d providers/implementations/include/prov/ciphercommon_aead.h
-3226fc5162aff5b2e992b24944c49bc28855a47bbf69a789bc73ccabd886e9c0 providers/implementations/include/prov/ciphercommon_ccm.h
-45885a39d0f9e30a8032c6020970389104c69b909d9699fd1c79335184fb17fa providers/implementations/include/prov/ciphercommon_gcm.h
+af38be5b3d16c3ced0028bc9b3fbe957a6a817e23967bacc7df65566ba107edb providers/implementations/include/prov/ciphercommon_ccm.h
+35d1c063e840c9cd5114c5e57b007a19868982a82d8e40a99b2935c9f1f5e05e providers/implementations/include/prov/ciphercommon_gcm.h
35596c97faf324823d19a01e1b5674c7a15f1a6e7ff1ef1c7d46400c2a68f63b providers/implementations/include/prov/digestcommon.h
1baf1c06b20a0eb8ec271452544922d67c1cc168dbe9853b259191de4bd99918 providers/implementations/include/prov/ecx.h
b0d1f6fc3c9220fe6d4656e487bad8df16b6f840054018b95b2752ea9aef822d providers/implementations/include/prov/hmac_drbg.h
@@ -694,7 +694,7 @@ f01cbd7c5351d4aa9ae667627503b2cfef6fc0695e7a42296b7bf015c9a418b3 providers/impl
39207243a84beb670cb0e64b6d0fe7bfc6a3dd84000617b647a3ecf52a1da3c2 providers/implementations/kdfs/x942kdf.c
748af266d06006da10524f3a621c65b8c3eeddf8b1ccd06ecdc6b689564d220c providers/implementations/kem/ml_kem_kem.c
35549cec7031452bb5b46aa8a86028abc7a3a2b39f9f6564fa4bd402451bc647 providers/implementations/kem/mlx_kem.c
-c764555b9dc9b273c280514a5d2d44156f82f3e99155a77c627f2c773209bcd7 providers/implementations/kem/rsa_kem.c
+e89b894af920504160abfc11860b89b505d116d978162a02213f72500180903b providers/implementations/kem/rsa_kem.c
aa13d72bc69a374db72b6d44e2f2c2ddd5f7bddbe16b950e3c4666d876c63735 providers/implementations/keymgmt/dh_kmgmt.c
c0446d1b2101ddd977063516b87d23f424cdca33473f293db4c3974b674169b0 providers/implementations/keymgmt/dsa_kmgmt.c
2b98ba2124a86eae2adc7b88bfa26e47b548e9628b99180cc2cd841eed5ed8da providers/implementations/keymgmt/ec_kmgmt.c
@@ -703,7 +703,7 @@ f0a1b4c6599e6555c5784d6c036d2aae04cd01cd8d73a927505041e7df25125c providers/impl
daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d providers/implementations/keymgmt/kdf_legacy_kmgmt.c
69b509e9c7fe9692622d1059917c3adb991c0047e11bc116f0a393a3a0539445 providers/implementations/keymgmt/mac_legacy_kmgmt.c
3c63e65bd1a6a2e853828205c015a50c38a82f2fee9bf6787dce6dab7331bb91 providers/implementations/keymgmt/ml_dsa_kmgmt.c
-716e75fe56847f0c4c7bf7d86d78040ca575cdf1dcf63c1a93d351f0e836477f providers/implementations/keymgmt/ml_kem_kmgmt.c
+30db36c6fe6b4449179488da1761e219d0c772a8fb8e74c8411d1e0f57e4aed2 providers/implementations/keymgmt/ml_kem_kmgmt.c
01d75c1eba93ed23f98130d6c308550d0ab2e44c5651101628861bc0238623d0 providers/implementations/keymgmt/mlx_kmgmt.c
cd4b8129eaccbd77f9b6c725d3cb57b71109c4649115ec786b6495100afaddf2 providers/implementations/keymgmt/rsa_kmgmt.c
d640cff1c46911b69866eb83f48beba42a1741bb1d3f1db6e7201077a57761fc providers/implementations/keymgmt/slh_dsa_kmgmt.c
@@ -714,12 +714,12 @@ a3bb4d7914f45cf82f86cd92135e20a712274ca153d9ed5ad24db7f33710726c providers/impl
0ebc5a48655a697231918644397308e64914c32421e9b8ee7afd7779b6a2fdb8 providers/implementations/rands/drbg.c
d9e41abc1780bb253bdca6c58cc32af7d0a774e52c91fc5d64577f71defc52c2 providers/implementations/rands/drbg_ctr.c
cf98646defb0b385d6ce4bedcd51559c9a03424491f4576ea7eb41e3db8a18b3 providers/implementations/rands/drbg_hash.c
-45993825b1224097f6b9ea12643c09a09dc66beecfdfb3dd337d468931ab0f25 providers/implementations/rands/drbg_hmac.c
+57561d4bd3a79e6a250310a989958409437dfa68b2818d5f0dbb8a5e7ef04bb7 providers/implementations/rands/drbg_hmac.c
841617c81d6d5eae5ea59064e8b45947d436d3e53b49283329d17016866d8f34 providers/implementations/rands/drbg_local.h
355bd437dde9ecd1da89f42691147f2b5cf9a012ff5f55062bf83b6bead1e181 providers/implementations/rands/fips_crng_test.c
4913fec58a2648fcec0e5a94dba9decab0505a6d725bed6eb861ce854db81df8 providers/implementations/rands/test_rng.c
-74e60389dc5ab0a69701af0181b6a915fc87ce9a0874cc949f7e9e85ae4642e7 providers/implementations/signature/dsa_sig.c
-ca090b1987debf6a30f17551b0be613f7a2e6ce0d07b0d6924e0f759a970af4d providers/implementations/signature/ecdsa_sig.c
+c6c709dfd8b1be036e2a5232d3b21dc25f0150f2aae24cc7db6b09cd790a04ee providers/implementations/signature/dsa_sig.c
+d10d611713a6d9aa5cdbe636f1ba90404043431fd1df01fc1a1ce8499bf96ad0 providers/implementations/signature/ecdsa_sig.c
a837f69cb1aa5d0327372e26a63a8492b6ffb1156325f66e880c202011d07cbe providers/implementations/signature/eddsa_sig.c
e0e67e402ff19b0d2eb5228d7ebd70b9477c12595ac34d6f201373d7c8a516f4 providers/implementations/signature/mac_legacy_sig.c
51251a1ca4c0b6faea059de5d5268167fe47565163317177d09db39978134f78 providers/implementations/signature/ml_dsa_sig.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index b10e46c35192..8e36de6cf707 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-7fb222f49c7b3a423c4bb2f62da17eae3e209cb3e9b9a9a3db624bcdfba3151a providers/fips-sources.checksums
+541f8f3eafccc78db022af2226f0d6501b43a3d96e2e23fd7dffb29a80d218b8 providers/fips-sources.checksums
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index 008a4fac847f..aa5a8c765811 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -101,7 +101,9 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
init();
break;
case DLL_PROCESS_DETACH:
+#ifndef __CYGWIN__
cleanup();
+#endif
break;
default:
break;
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index f453b2f2fb49..0559a30cd69d 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1025,6 +1025,8 @@ static int set_kat_drbg(OSSL_LIB_CTX *ctx,
EVP_RAND *rand;
unsigned int strength = 256;
EVP_RAND_CTX *parent_rand = NULL;
+ int reseed_time_interval = 0;
+ unsigned int reseed_requests = 0;
OSSL_PARAM drbg_params[3] = {
OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
};
@@ -1071,7 +1073,12 @@ static int set_kat_drbg(OSSL_LIB_CTX *ctx,
EVP_RAND_CTX_free(parent_rand);
parent_rand = NULL;
- if (!EVP_RAND_instantiate(kat_rand, strength, 0, persstr, persstr_len, NULL))
+ /* Disable time/request based reseeding to make selftests deterministic */
+ drbg_params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL,
+ &reseed_time_interval);
+ drbg_params[1] = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS,
+ &reseed_requests);
+ if (!EVP_RAND_instantiate(kat_rand, strength, 0, persstr, persstr_len, drbg_params))
goto err;
/* When we set the new private generator this one is freed, so upref it */
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
index 153eb7989171..a1df534f2a7a 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -44,8 +44,8 @@ static inline u32 add32TOU(unsigned char buf[4], u32 n)
static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
{
- int s = 0;
- int ndone = 0;
+ size_t s = 0;
+ size_t ndone = 0;
int ctr_reset = 0;
u64 blocks_unused;
u64 nb = len / 16;
@@ -119,7 +119,7 @@ static int ppc_aes_gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
size_t res = (16 - ctx->gcm.mres) % 16;
if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
- return -1;
+ return 0;
bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
ctx->gcm.key,
diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c
index a50099719c4a..b724c425e392 100644
--- a/providers/implementations/ciphers/cipher_aes_ocb.c
+++ b/providers/implementations/ciphers/cipher_aes_ocb.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@
#define OCB_MIN_IV_LEN 1
#define OCB_MAX_IV_LEN 15
-PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX * ctx, const unsigned char *in, unsigned char *out, size_t nextblock));
+PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx, const unsigned char *in, unsigned char *out, size_t nextblock));
/* forward declarations */
static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit;
static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit;
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index ba2a9b68088b..9b6930e5c49b 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -691,6 +691,10 @@ int ossl_cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
return 0;
}
+ if (ctx->blocksize > 0 && num >= (unsigned int)ctx->blocksize) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
ctx->num = num;
}
return 1;
diff --git a/providers/implementations/include/prov/ciphercommon_ccm.h b/providers/implementations/include/prov/ciphercommon_ccm.h
index 59d77f0bb10d..fefe7ed31565 100644
--- a/providers/implementations/include/prov/ciphercommon_ccm.h
+++ b/providers/implementations/include/prov/ciphercommon_ccm.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -48,13 +48,13 @@ typedef struct prov_ccm_st {
const PROV_CCM_HW *hw; /* hardware specific methods */
} PROV_CCM_CTX;
-PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX * ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len));
-PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX * ctx, const unsigned char *key, size_t keylen));
-PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX * dat, const unsigned char *iv, size_t ivlen, size_t mlen));
-PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX * ctx, const unsigned char *aad, size_t aadlen));
-PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX * ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
-PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX * ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
-PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX * ctx, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len));
+PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, const unsigned char *key, size_t keylen));
+PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, const unsigned char *iv, size_t ivlen, size_t mlen));
+PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, const unsigned char *aad, size_t aadlen));
+PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, unsigned char *tag, size_t taglen));
/*
* CCM Mode internal method table used to handle hardware specific differences,
diff --git a/providers/implementations/include/prov/ciphercommon_gcm.h b/providers/implementations/include/prov/ciphercommon_gcm.h
index 7b411618f027..7c57e3cb7950 100644
--- a/providers/implementations/include/prov/ciphercommon_gcm.h
+++ b/providers/implementations/include/prov/ciphercommon_gcm.h
@@ -1,6 +1,6 @@
/*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -81,12 +81,12 @@ typedef struct prov_gcm_ctx_st {
ctr128_f ctr;
} PROV_GCM_CTX;
-PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX * ctx, const unsigned char *key, size_t keylen));
-PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX * dat, const unsigned char *iv, size_t ivlen));
-PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX * ctx, const unsigned char *aad, size_t aadlen));
-PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX * ctx, const unsigned char *in, size_t len, unsigned char *out));
-PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX * ctx, unsigned char *tag));
-PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX * ctx, unsigned char *aad, size_t aad_len, const unsigned char *in, size_t in_len, unsigned char *out, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key, size_t keylen));
+PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv, size_t ivlen));
+PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx, const unsigned char *aad, size_t aadlen));
+PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx, const unsigned char *in, size_t len, unsigned char *out));
+PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag));
+PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, const unsigned char *in, size_t in_len, unsigned char *out, unsigned char *tag, size_t taglen));
struct prov_gcm_hw_st {
OSSL_GCM_setkey_fn setkey;
OSSL_GCM_setiv_fn setiv;
diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c
index fa4b808f4e11..397cd50ec6a8 100644
--- a/providers/implementations/kdfs/pkcs12kdf.c
+++ b/providers/implementations/kdfs/pkcs12kdf.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -266,6 +266,15 @@ static int kdf_pkcs12_set_ctx_params(void *vctx, const OSSL_PARAM params[])
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_ITER)) != NULL)
if (!OSSL_PARAM_get_uint64(p, &ctx->iter))
return 0;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ /*
+ * If we're running the fuzzer, limit iteration count to
+ * 100 so we don't time out running the derivation for
+ * a really long time
+ */
+ if (getenv("OPENSSL_RUNNING_UNIT_TESTS") == NULL && p != NULL && ctx->iter > 100)
+ ctx->iter = 100;
+#endif
return 1;
}
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
index f7bf368a0dfc..78925809d985 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -316,17 +316,19 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
return 0;
/* Step(3): out = RSAEP((n,e), z) */
- ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING);
- if (ret) {
- ret = 1;
- if (outlen != NULL)
- *outlen = nlen;
- if (secretlen != NULL)
- *secretlen = nlen;
- } else {
+ ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa,
+ RSA_NO_PADDING);
+ if (ret <= 0 || ret != (int)nlen) {
OPENSSL_cleanse(secret, nlen);
+ return 0;
}
- return ret;
+
+ if (outlen != NULL)
+ *outlen = nlen;
+ if (secretlen != NULL)
+ *secretlen = nlen;
+
+ return 1;
}
/**
diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c b/providers/implementations/keymgmt/ml_kem_kmgmt.c
index 0be2a1e29839..7884f40ae58e 100644
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -799,7 +799,7 @@ static void ml_kem_gen_cleanup(void *vgctx)
return;
if (gctx->seed != NULL)
- OPENSSL_cleanse(gctx->seed, ML_KEM_RANDOM_BYTES);
+ OPENSSL_cleanse(gctx->seed, ML_KEM_SEED_BYTES);
OPENSSL_free(gctx->propq);
OPENSSL_free(gctx);
}
diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
index ff8a6cd6f0a6..d3191e55a929 100644
--- a/providers/implementations/rands/drbg_hmac.c
+++ b/providers/implementations/rands/drbg_hmac.c
@@ -437,7 +437,7 @@ static int drbg_fetch_algs_from_prov(const OSSL_PARAM params[],
p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST);
if (p) {
- if (OSSL_PARAM_get_utf8_string_ptr(p, &digest_name)) {
+ if (!OSSL_PARAM_get_utf8_string_ptr(p, &digest_name)) {
ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR);
goto done;
}
@@ -458,7 +458,7 @@ static int drbg_fetch_algs_from_prov(const OSSL_PARAM params[],
if (p == NULL) {
hmac_name = "HMAC";
} else {
- if (OSSL_PARAM_get_utf8_string_ptr(p, &hmac_name)) {
+ if (!OSSL_PARAM_get_utf8_string_ptr(p, &hmac_name)) {
ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR);
goto done;
}
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index 51dcc3f2300d..48237d7eb9ed 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -634,13 +634,14 @@ static void *dsa_dupctx(void *vpdsactx)
if (!ossl_prov_is_running())
return NULL;
- dstctx = OPENSSL_zalloc(sizeof(*srcctx));
- if (dstctx == NULL)
+ if ((dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL)
return NULL;
- *dstctx = *srcctx;
dstctx->dsa = NULL;
dstctx->propq = NULL;
+ dstctx->md = NULL;
+ dstctx->mdctx = NULL;
+ dstctx->sig = NULL;
if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa))
goto err;
@@ -650,18 +651,15 @@ static void *dsa_dupctx(void *vpdsactx)
goto err;
dstctx->md = srcctx->md;
- if (srcctx->mdctx != NULL) {
- dstctx->mdctx = EVP_MD_CTX_new();
- if (dstctx->mdctx == NULL
- || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
- goto err;
- }
-
- if (srcctx->propq != NULL) {
- dstctx->propq = OPENSSL_strdup(srcctx->propq);
- if (dstctx->propq == NULL)
- goto err;
- }
+ if (srcctx->mdctx != NULL
+ && (dstctx->mdctx = EVP_MD_CTX_dup(srcctx->mdctx)) == NULL)
+ goto err;
+ if (srcctx->propq != NULL
+ && ((dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL))
+ goto err;
+ if (srcctx->sig != NULL
+ && ((dstctx->sig = OPENSSL_memdup(srcctx->sig, srcctx->siglen)) == NULL))
+ goto err;
return dstctx;
err:
@@ -972,6 +970,12 @@ static int dsa_sigalg_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
if (!OSSL_PARAM_get_octet_string(p, (void **)&pdsactx->sig,
0, &pdsactx->siglen))
return 0;
+ /* The signature must not be empty */
+ if (pdsactx->siglen == 0) {
+ OPENSSL_free(pdsactx->sig);
+ pdsactx->sig = NULL;
+ return 0;
+ }
}
}
return 1;
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 0c04fc4ec683..3ce4cd0d2a82 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -630,40 +630,37 @@ static void *ecdsa_dupctx(void *vctx)
PROV_ECDSA_CTX *srcctx = (PROV_ECDSA_CTX *)vctx;
PROV_ECDSA_CTX *dstctx;
- if (!ossl_prov_is_running())
- return NULL;
-
- dstctx = OPENSSL_zalloc(sizeof(*srcctx));
- if (dstctx == NULL)
+ /* Test KATS should not need to be supported */
+ if (!ossl_prov_is_running()
+ || srcctx->kinv != NULL
+ || srcctx->r != NULL
+ || (dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL)
return NULL;
- *dstctx = *srcctx;
dstctx->ec = NULL;
dstctx->propq = NULL;
+ dstctx->md = NULL;
+ dstctx->mdctx = NULL;
+ dstctx->sig = NULL;
if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec))
goto err;
- /* Test KATS should not need to be supported */
- if (srcctx->kinv != NULL || srcctx->r != NULL)
- goto err;
dstctx->ec = srcctx->ec;
if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md))
goto err;
dstctx->md = srcctx->md;
- if (srcctx->mdctx != NULL) {
- dstctx->mdctx = EVP_MD_CTX_new();
- if (dstctx->mdctx == NULL
- || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
- goto err;
- }
-
- if (srcctx->propq != NULL) {
- dstctx->propq = OPENSSL_strdup(srcctx->propq);
- if (dstctx->propq == NULL)
- goto err;
- }
+ if (srcctx->mdctx != NULL
+ && ((dstctx->mdctx = EVP_MD_CTX_new()) == NULL
+ || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)))
+ goto err;
+ if (srcctx->propq != NULL
+ && (dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL)
+ goto err;
+ if (srcctx->sig != NULL
+ && (dstctx->sig = OPENSSL_memdup(srcctx->sig, srcctx->siglen)) == NULL)
+ goto err;
return dstctx;
err:
@@ -990,6 +987,12 @@ static int ecdsa_sigalg_set_ctx_params(void *vctx, const OSSL_PARAM params[])
if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sig,
0, &ctx->siglen))
return 0;
+ /* The signature must not be empty */
+ if (ctx->siglen == 0) {
+ OPENSSL_free(ctx->sig);
+ ctx->sig = NULL;
+ return 0;
+ }
}
}
return 1;
diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c
index d367c4938114..4322e49f592f 100644
--- a/providers/implementations/signature/sm2_sig.c
+++ b/providers/implementations/signature/sm2_sig.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -214,6 +214,12 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
int ret = 0;
unsigned char *aid = NULL;
+ /*
+ * Each EVP_Digest{Sign,Verify}Init_ex(3) starts with fresh content, that
+ * needs to recompute the "Z" digest.
+ */
+ ctx->flag_compute_z_digest = 1;
+
if (!sm2sig_signature_init(vpsm2ctx, ec, params)
|| !sm2sig_set_mdname(ctx, mdname))
return ret;
@@ -247,8 +253,6 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
goto error;
- ctx->flag_compute_z_digest = 1;
-
ret = 1;
error:
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 6568906ea1c4..f73c5fd5c831 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -104,6 +104,8 @@ struct file_ctx_st {
/* Expected object type. May be unspecified */
int expected_type;
+ /* Fatal error occurred. We should indicate EOF. */
+ int fatal_error;
};
static void free_file_ctx(struct file_ctx_st *ctx)
@@ -559,8 +561,10 @@ static int file_load_file(struct file_ctx_st *ctx,
/* Setup the decoders (one time shot per session */
- if (!file_setup_decoders(ctx))
+ if (!file_setup_decoders(ctx)) {
+ ctx->fatal_error = 1;
return 0;
+ }
/* Setup for this object */
@@ -758,6 +762,9 @@ static int file_eof(void *loaderctx)
{
struct file_ctx_st *ctx = loaderctx;
+ if (ctx->fatal_error)
+ return 1;
+
switch (ctx->type) {
case IS_DIR:
return ctx->_.dir.end_reached;
diff --git a/providers/implementations/storemgmt/winstore_store.c b/providers/implementations/storemgmt/winstore_store.c
index cd3e4b94fb3b..9da24b4f55c0 100644
--- a/providers/implementations/storemgmt/winstore_store.c
+++ b/providers/implementations/storemgmt/winstore_store.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -272,8 +272,10 @@ static int winstore_load_using(struct winstore_ctx_st *ctx,
const unsigned char *der_ = der;
size_t der_len_ = der_len;
- if (setup_decoder(ctx) == 0)
+ if (setup_decoder(ctx) == 0) {
+ ctx->state = STATE_EOF;
return 0;
+ }
data.object_cb = object_cb;
data.object_cbarg = object_cbarg;
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 1b4bbd4a9215..a8f9ac92c2a4 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4504,6 +4504,10 @@ SSL *ossl_quic_new_from_listener(SSL *ssl, uint64_t flags)
* to grab reference for qc.
*/
qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
+ if (qc->ch == NULL) {
+ QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
+ goto err;
+ }
ossl_quic_channel_set_msg_callback(qc->ch, ql->obj.ssl.ctx->msg_callback, &qc->obj.ssl);
ossl_quic_channel_set_msg_callback_arg(qc->ch, ql->obj.ssl.ctx->msg_callback_arg);
@@ -4600,9 +4604,10 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
int ret;
QCTX ctx;
SSL *conn_ssl = NULL;
+ SSL *conn_ssl_tmp = NULL;
SSL_CONNECTION *conn = NULL;
QUIC_CHANNEL *new_ch = NULL;
- QUIC_CONNECTION *qc;
+ QUIC_CONNECTION *qc = NULL;
int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0);
if (!expect_quic_listener(ssl, &ctx))
@@ -4651,28 +4656,38 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
* bound to new_ch. If channel constructor fails to create any item here
* it just fails to create channel.
*/
- if (!ossl_assert((conn_ssl = ossl_quic_channel_get0_tls(new_ch)) != NULL)
- || !ossl_assert((conn = SSL_CONNECTION_FROM_SSL(conn_ssl)) != NULL)
- || !ossl_assert((conn_ssl = SSL_CONNECTION_GET_USER_SSL(conn)) != NULL))
+ if (!ossl_assert((conn_ssl_tmp = ossl_quic_channel_get0_tls(new_ch)) != NULL)
+ || !ossl_assert((conn = SSL_CONNECTION_FROM_SSL(conn_ssl_tmp)) != NULL)
+ || !ossl_assert((conn_ssl_tmp = SSL_CONNECTION_GET_USER_SSL(conn)) != NULL))
goto out;
- qc = (QUIC_CONNECTION *)conn_ssl;
- qc->pending = 0;
- if (!SSL_up_ref(&ctx.ql->obj.ssl)) {
- /*
- * You might expect ossl_quic_channel_free() to be called here. Be
- * assured it happens, The process goes as follows:
- * - The SSL_free() here is being handled by ossl_quic_free().
- * - The very last step of ossl_quic_free() is call to qc_cleanup()
- * where channel gets freed.
- */
- SSL_free(conn_ssl);
+ qc = (QUIC_CONNECTION *)conn_ssl_tmp;
+ if (SSL_up_ref(&ctx.ql->obj.ssl)) {
+ qc->listener = ctx.ql;
+ conn_ssl = conn_ssl_tmp;
+ conn_ssl_tmp = NULL;
+ qc->pending = 0;
}
- qc->listener = ctx.ql;
out:
qctx_unlock(&ctx);
+ /*
+ * You might expect ossl_quic_channel_free() to be called here. Be
+ * assured it happens, The process goes as follows:
+ * - The SSL_free() here is being handled by ossl_quic_free().
+ * - The very last step of ossl_quic_free() is call to qc_cleanup()
+ * where channel gets freed.
+ * NOTE: We defer this SSL_free until after the call to qctx_unlock above
+ * to avoid the deadlock that would occur when ossl_quic_free attempts to
+ * re-acquire this mutex. We also do the gymnastics with conn_ssl and
+ * conn_ssl_tmp above so that we only actually do the free on the SSL
+ * object if the up-ref above fails, in such a way that we don't unbalance
+ * the listener refcount (i.e. if the up-ref fails above, we don't set the
+ * listener pointer so that we don't then drop the ref-count erroneously
+ * during the free operation.
+ */
+ SSL_free(conn_ssl_tmp);
return conn_ssl;
}
diff --git a/ssl/quic/quic_lcidm.c b/ssl/quic/quic_lcidm.c
index 660eb802ba32..89ee95055dc1 100644
--- a/ssl/quic/quic_lcidm.c
+++ b/ssl/quic/quic_lcidm.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -74,15 +74,21 @@ static unsigned long lcid_hash(const QUIC_LCID *lcid_obj)
0,
};
unsigned long hashval = 0;
+ unsigned char digest[SIPHASH_MIN_DIGEST_SIZE];
- if (!SipHash_set_hash_size(&siphash, sizeof(unsigned long)))
+ /* Use a supported SipHash digest size (8 or 16); 8 is sufficient here. */
+ if (!SipHash_set_hash_size(&siphash, SIPHASH_MIN_DIGEST_SIZE))
goto out;
if (!SipHash_Init(&siphash, (uint8_t *)lcid_obj->hash_key, 0, 0))
goto out;
SipHash_Update(&siphash, lcid_obj->cid.id, lcid_obj->cid.id_len);
- if (!SipHash_Final(&siphash, (unsigned char *)&hashval,
- sizeof(unsigned long)))
+ if (!SipHash_Final(&siphash, digest, SIPHASH_MIN_DIGEST_SIZE))
goto out;
+
+ /*
+ * Truncate the 64-bit SipHash digest into an unsigned long.
+ */
+ memcpy(&hashval, digest, sizeof(hashval) < sizeof(digest) ? sizeof(hashval) : sizeof(digest));
out:
return hashval;
}
diff --git a/ssl/quic/quic_reactor.c b/ssl/quic/quic_reactor.c
index 1a95f131e30c..c30bc3c595ab 100644
--- a/ssl/quic/quic_reactor.c
+++ b/ssl/quic/quic_reactor.c
@@ -76,6 +76,12 @@ void ossl_quic_reactor_cleanup(QUIC_REACTOR *rtor)
}
#if defined(OPENSSL_SYS_WINDOWS)
+
+/* Work around for MinGW builds. */
+#if defined(__MINGW32__) && !defined(SIO_UDP_NETRESET)
+#define SIO_UDP_NETRESET _WSAIOW(IOC_VENDOR, 15)
+#endif
+
/*
* On Windows recvfrom() may return WSAECONNRESET when destination port
* used in preceding call to sendto() is no longer reachable. The reset
diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c
index 83f66ef59e5a..786af9b4c221 100644
--- a/ssl/quic/quic_rx_depack.c
+++ b/ssl/quic/quic_rx_depack.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1316,6 +1316,7 @@ static int depack_process_frames(QUIC_CHANNEL *ch, PACKET *pkt,
OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
frame_type,
"NEW_CONN_ID valid only in 0/1-RTT");
+ return 0;
}
if (!depack_do_frame_new_conn_id(pkt, ch, ackm_data))
return 0;
diff --git a/ssl/quic/quic_srtm.c b/ssl/quic/quic_srtm.c
index 405376fc465d..46f675cef239 100644
--- a/ssl/quic/quic_srtm.c
+++ b/ssl/quic/quic_srtm.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -168,6 +168,11 @@ void ossl_quic_srtm_free(QUIC_SRTM *srtm)
lh_SRTM_ITEM_free(srtm->items_rev);
if (srtm->items_fwd != NULL) {
+ /*
+ * We don't need to call lh_SRTM_ITEM_set_down_load(..., 0)
+ * here because srtm_free_each() callback for _doall() does
+ * not call to lh_SRTIM_ITEM_delete().
+ */
lh_SRTM_ITEM_doall(srtm->items_fwd, srtm_free_each);
lh_SRTM_ITEM_free(srtm->items_fwd);
}
diff --git a/ssl/quic/quic_stream_map.c b/ssl/quic/quic_stream_map.c
index ae6a0a01e983..b8175849a019 100644
--- a/ssl/quic/quic_stream_map.c
+++ b/ssl/quic/quic_stream_map.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -122,6 +122,7 @@ static void release_each(QUIC_STREAM *stream, void *arg)
void ossl_quic_stream_map_cleanup(QUIC_STREAM_MAP *qsm)
{
+ lh_QUIC_STREAM_set_down_load(qsm->map, 0);
ossl_quic_stream_map_visit(qsm, release_each, qsm);
lh_QUIC_STREAM_free(qsm->map);
diff --git a/ssl/quic/uint_set.c b/ssl/quic/uint_set.c
index f81148c79af7..e217816a395b 100644
--- a/ssl/quic/uint_set.c
+++ b/ssl/quic/uint_set.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -303,6 +303,8 @@ int ossl_uint_set_remove(UINT_SET *s, const UINT_RANGE *range)
* handled by the above cases.
*/
y = create_set_item(end + 1, z->range.end);
+ if (y == NULL)
+ return 0;
ossl_list_uint_set_insert_after(s, z, y);
z->range.end = start - 1;
break;
diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index bbfb3620f195..bf035b13d54f 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -620,6 +620,11 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
thisrr->length = sslv2len & 0x7fff;
+ if (!rl->funcs->validate_record_header(rl, thisrr)) {
+ /* RLAYERfatal already called */
+ return OSSL_RECORD_RETURN_FATAL;
+ }
+
if (thisrr->length > TLS_BUFFER_get_len(rbuf)
- SSL2_RT_HEADER_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
@@ -656,6 +661,11 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
if (rl->msg_callback != NULL)
rl->msg_callback(0, version, SSL3_RT_HEADER, p, 5, rl->cbarg);
+ if (!rl->funcs->validate_record_header(rl, thisrr)) {
+ /* RLAYERfatal already called */
+ return OSSL_RECORD_RETURN_FATAL;
+ }
+
if (thisrr->length > TLS_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
SSL_R_PACKET_LENGTH_TOO_LONG);
@@ -663,11 +673,6 @@ int tls_get_more_records(OSSL_RECORD_LAYER *rl)
}
}
- if (!rl->funcs->validate_record_header(rl, thisrr)) {
- /* RLAYERfatal already called */
- return OSSL_RECORD_RETURN_FATAL;
- }
-
/* now rl->rstate == SSL_ST_READ_BODY */
}
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 0e1445b38fb7..213ec84b171d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -4322,7 +4322,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
switch (cmd) {
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB:
- sc->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
+ sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
ret = 1;
break;
#endif
@@ -4593,7 +4593,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
switch (cmd) {
#if !defined(OPENSSL_NO_DEPRECATED_3_0)
case SSL_CTRL_SET_TMP_DH_CB: {
- ctx->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
+ ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
} break;
#endif
case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 5d4ec7e6ed87..13ab6490b9a7 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -81,7 +81,7 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
ASN1_EXP_OPT(SSL_SESSION_ASN1, peer_rpk, ASN1_OCTET_STRING, 20)
} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
/* Utility functions for i2d_SSL_SESSION */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ac77faa677ce..05b0209a76b3 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -3412,22 +3412,21 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
int i;
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
- if (sc == NULL)
+ if (size < 2 || buf == NULL)
return NULL;
- if (!sc->server
- || sc->peer_ciphers == NULL
- || size < 2)
+ buf[0] = '\0';
+
+ if (sc == NULL || !sc->server)
return NULL;
p = buf;
clntsk = sc->peer_ciphers;
srvrsk = SSL_get_ciphers(s);
- if (clntsk == NULL || srvrsk == NULL)
- return NULL;
- if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
- return NULL;
+ if (clntsk == NULL || sk_SSL_CIPHER_num(clntsk) == 0
+ || srvrsk == NULL || sk_SSL_CIPHER_num(srvrsk) == 0)
+ return buf;
for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
int n;
@@ -3447,10 +3446,9 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
}
/* No overlap */
- if (p == buf)
- return NULL;
+ if (p != buf)
+ p[-1] = '\0';
- p[-1] = '\0';
return buf;
}
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index e54fb53e5294..04cbfa5cfa94 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -790,9 +790,9 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
}
}
- }
- SSL_SESSION_list_add(ctx, c);
+ SSL_SESSION_list_add(ctx, c);
+ }
if (s != NULL) {
/*
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index 4052ef6219b8..f62b757721fc 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1177,7 +1177,11 @@ int dtls1_buffer_message(SSL_CONNECTION *s, int is_ccs)
return 0;
}
- pqueue_insert(s->d1->sent_messages, item);
+ if (pqueue_insert(s->d1->sent_messages, item) == NULL) {
+ dtls1_hm_fragment_free(frag);
+ pitem_free(item);
+ return 0;
+ }
return 1;
}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index cd471a636db1..ded6a1eadfb8 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -211,7 +211,7 @@ static const uint16_t suiteb_curves[] = {
/* Group list string of the built-in pseudo group DEFAULT_SUITE_B */
#define SUITE_B_GROUP_NAME "DEFAULT_SUITE_B"
-#define SUITE_B_GROUP_LIST "secp256r1:secp384r1",
+#define SUITE_B_GROUP_LIST "?secp256r1:?secp384r1",
struct provider_ctx_data_st {
SSL_CTX *ctx;
@@ -1244,8 +1244,8 @@ typedef struct {
size_t ksidcnt; /* Number of key shares */
uint16_t *ksid_arr; /* The IDs of the key share groups (flat list) */
/* Variable to keep state between execution of callback or helper functions */
- size_t tuple_mode; /* Keeps track whether tuple_cb called from 'the top' or from gid_cb */
- int ignore_unknown_default; /* Flag such that unknown groups for DEFAULT[_XYZ] are ignored */
+ int inner; /* Are we expanding a DEFAULT list */
+ int first; /* First tuple of possibly nested expansion? */
} gid_cb_st;
/* Forward declaration of tuple callback function */
@@ -1264,7 +1264,7 @@ static int gid_cb(const char *elem, int len, void *arg)
int found_group = 0;
char etmp[GROUP_NAME_BUFFER_LENGTH];
int retval = 1; /* We assume success */
- char *current_prefix;
+ const char *current_prefix;
int ignore_unknown = 0;
int add_keyshare = 0;
int remove_group = 0;
@@ -1320,16 +1320,16 @@ static int gid_cb(const char *elem, int len, void *arg)
for (i = 0; i < OSSL_NELEM(default_group_strings); i++) {
if ((size_t)len == (strlen(default_group_strings[i].list_name))
&& OPENSSL_strncasecmp(default_group_strings[i].list_name, elem, len) == 0) {
+ int saved_first;
+
/*
* We're asked to insert an entire list of groups from a
* DEFAULT[_XYZ] 'pseudo group' which we do by
* recursively calling this function (indirectly via
* CONF_parse_list and tuple_cb); essentially, we treat a DEFAULT
* group string like a tuple which is appended to the current tuple
- * rather then starting a new tuple. Variable tuple_mode is the flag which
- * controls append tuple vs start new tuple.
+ * rather then starting a new tuple.
*/
-
if (ignore_unknown || remove_group)
return -1; /* removal or ignore not allowed here -> syntax error */
@@ -1350,15 +1350,17 @@ static int gid_cb(const char *elem, int len, void *arg)
default_group_strings[i].group_string,
strlen(default_group_strings[i].group_string));
restored_default_group_string[strlen(default_group_strings[i].group_string) + restored_prefix_index] = '\0';
- /* We execute the recursive call */
- garg->ignore_unknown_default = 1; /* We ignore unknown groups for DEFAULT_XYZ */
- /* we enforce group mode (= append tuple) for DEFAULT_XYZ group lists */
- garg->tuple_mode = 0;
- /* We use the tuple_cb callback to process the pseudo group tuple */
+ /*
+ * Append first tuple of result to current tuple, and don't
+ * terminate the last tuple until we return to a top-level
+ * tuple_cb.
+ */
+ saved_first = garg->first;
+ garg->inner = garg->first = 1;
retval = CONF_parse_list(restored_default_group_string,
TUPLE_DELIMITER_CHARACTER, 1, tuple_cb, garg);
- garg->tuple_mode = 1; /* next call to tuple_cb will again start new tuple */
- garg->ignore_unknown_default = 0; /* reset to original value */
+ garg->inner = 0;
+ garg->first = saved_first;
/* We don't need the \0-terminated string anymore */
OPENSSL_free(restored_default_group_string);
@@ -1378,9 +1380,6 @@ static int gid_cb(const char *elem, int len, void *arg)
if (len == 0)
return -1; /* Seems we have prefxes without a group name -> syntax error */
- if (garg->ignore_unknown_default == 1) /* Always ignore unknown groups for DEFAULT[_XYZ] */
- ignore_unknown = 1;
-
/* Memory management in case more groups are present compared to initial allocation */
if (garg->gidcnt == garg->gidmax) {
uint16_t *tmp = OPENSSL_realloc(garg->gid_arr,
@@ -1514,7 +1513,7 @@ static int gid_cb(const char *elem, int len, void *arg)
/* and update the book keeping for the number of groups in current tuple */
garg->tuplcnt_arr[garg->tplcnt]++;
- /* We memorize if needed that we want to add a key share for the current group */
+ /* We want to add a key share for the current group */
if (add_keyshare)
garg->ksid_arr[garg->ksidcnt++] = gid;
}
@@ -1523,6 +1522,39 @@ done:
return retval;
}
+static int grow_tuples(gid_cb_st *garg)
+{
+ static size_t max_tplcnt = (~(size_t)0) / sizeof(size_t);
+
+ /* This uses OPENSSL_realloc_array() in newer releases */
+ if (garg->tplcnt == garg->tplmax) {
+ size_t newcnt = garg->tplmax + GROUPLIST_INCREMENT;
+ size_t newsz = newcnt * sizeof(size_t);
+ size_t *tmp;
+
+ if (newsz > max_tplcnt
+ || (tmp = OPENSSL_realloc(garg->tuplcnt_arr, newsz)) == NULL)
+ return 0;
+
+ garg->tplmax = newcnt;
+ garg->tuplcnt_arr = tmp;
+ }
+ return 1;
+}
+
+static int close_tuple(gid_cb_st *garg)
+{
+ size_t gidcnt = garg->tuplcnt_arr[garg->tplcnt];
+
+ if (gidcnt == 0)
+ return 1;
+ if (!grow_tuples(garg))
+ return 0;
+
+ garg->tuplcnt_arr[++garg->tplcnt] = 0;
+ return 1;
+}
+
/* Extract and process a tuple of groups */
static int tuple_cb(const char *tuple, int len, void *arg)
{
@@ -1536,16 +1568,9 @@ static int tuple_cb(const char *tuple, int len, void *arg)
return 0;
}
- /* Memory management for tuples */
- if (garg->tplcnt == garg->tplmax) {
- size_t *tmp = OPENSSL_realloc(garg->tuplcnt_arr,
- (garg->tplmax + GROUPLIST_INCREMENT) * sizeof(*garg->tuplcnt_arr));
-
- if (tmp == NULL)
- return 0;
- garg->tplmax += GROUPLIST_INCREMENT;
- garg->tuplcnt_arr = tmp;
- }
+ if (garg->inner && !garg->first && !close_tuple(garg))
+ return 0;
+ garg->first = 0;
/* Convert to \0-terminated string */
restored_tuple_string = OPENSSL_malloc((len + 1 /* \0 */) * sizeof(char));
@@ -1560,15 +1585,8 @@ static int tuple_cb(const char *tuple, int len, void *arg)
/* We don't need the \o-terminated string anymore */
OPENSSL_free(restored_tuple_string);
- if (garg->tuplcnt_arr[garg->tplcnt] > 0) { /* Some valid groups are present in current tuple... */
- if (garg->tuple_mode) {
- /* We 'close' the tuple */
- garg->tplcnt++;
- garg->tuplcnt_arr[garg->tplcnt] = 0; /* Next tuple is initialized to be empty */
- garg->tuple_mode = 1; /* next call will start a tuple (unless overridden in gid_cb) */
- }
- }
-
+ if (!garg->inner && !close_tuple(garg))
+ return 0;
return retval;
}
@@ -1599,8 +1617,6 @@ int tls1_set_groups_list(SSL_CTX *ctx,
}
memset(&gcb, 0, sizeof(gcb));
- gcb.tuple_mode = 1; /* We prepare to collect the first tuple */
- gcb.ignore_unknown_default = 0;
gcb.gidmax = GROUPLIST_INCREMENT;
gcb.tplmax = GROUPLIST_INCREMENT;
gcb.ksidmax = GROUPLIST_INCREMENT;
diff --git a/test/README-external.md b/test/README-external.md
index d094c66f8254..7c01ef23a949 100644
--- a/test/README-external.md
+++ b/test/README-external.md
@@ -39,7 +39,7 @@ tests against the local OpenSSL build.
You will need a git checkout of krb5 at the top level:
- $ git clone https://github.com/krb5/krb5
+ $ git submodule update --init
krb5's master has to pass this same CI, but a known-good version is
krb5-1.15.1-final if you want to be sure.
diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c
index 7796968c2389..49af48c1605e 100644
--- a/test/asn1_decode_test.c
+++ b/test/asn1_decode_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -41,7 +41,7 @@ ASN1_SEQUENCE(ASN1_LONG_DATA) = {
ASN1_EMBED(ASN1_LONG_DATA, test_long, LONG),
} static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
static int test_long(void)
@@ -67,7 +67,7 @@ ASN1_SEQUENCE(ASN1_INT32_DATA) = {
ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32),
} static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
static int test_int32(void)
@@ -92,7 +92,7 @@ ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32),
} static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
static int test_uint32(void)
@@ -117,7 +117,7 @@ ASN1_SEQUENCE(ASN1_INT64_DATA) = {
ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64),
} static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
static int test_int64(void)
@@ -142,7 +142,7 @@ ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64),
} static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
static int test_uint64(void)
@@ -243,7 +243,7 @@ ASN1_SEQUENCE(INVALIDTEMPLATE) = {
ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
/* Empty sequence for invalid template test */
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index 7d7cc0100bf1..03913d1d0e70 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -198,7 +198,7 @@ ASN1_SEQUENCE(ASN1_LONG_DATA) = {
ASN1_EXP_OPT(ASN1_LONG_DATA, test_zlong, ZLONG, 0)
} static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
static ASN1_LONG_DATA long_expected_32bit[] = {
@@ -292,7 +292,7 @@ ASN1_SEQUENCE(ASN1_INT32_DATA) = {
ASN1_EXP_OPT_EMBED(ASN1_INT32_DATA, test_zint32, ZINT32, 0)
} static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
static ASN1_INT32_DATA int32_expected[] = {
@@ -340,7 +340,7 @@ ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
ASN1_EXP_OPT_EMBED(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0)
} static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
static ASN1_UINT32_DATA uint32_expected[] = {
@@ -388,7 +388,7 @@ ASN1_SEQUENCE(ASN1_INT64_DATA) = {
ASN1_EXP_OPT_EMBED(ASN1_INT64_DATA, test_zint64, ZINT64, 0)
} static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
static ASN1_INT64_DATA int64_expected[] = {
@@ -437,7 +437,7 @@ ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
ASN1_EXP_OPT_EMBED(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0)
} static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
static ASN1_UINT64_DATA uint64_expected[] = {
@@ -873,7 +873,7 @@ ASN1_SEQUENCE(INVALIDTEMPLATE) = {
ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
- IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
static int test_invalid_template(void)
diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
index 4e58da2b755c..865877d78f8a 100644
--- a/test/asn1_internal_test.c
+++ b/test/asn1_internal_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -20,6 +20,7 @@
#include <openssl/asn1.h>
#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
#include <openssl/objects.h>
#include "testutil.h"
#include "internal/nelem.h"
@@ -290,6 +291,22 @@ static int test_mbstring_ncopy(void)
return 1;
}
+static int test_ossl_uni2utf8(void)
+{
+ const unsigned char in[] = { 0x21, 0x92 }; /* unicode right arrow */
+ int inlen = 2;
+ char *out = NULL;
+ int ok = 0;
+
+ /* reproducer for CVE-2025-69419 */
+ out = OPENSSL_uni2utf8(in, inlen);
+ if (TEST_str_eq(out, "\xe2\x86\x92"))
+ ok = 1;
+
+ OPENSSL_free(out);
+ return ok;
+}
+
int setup_tests(void)
{
ADD_TEST(test_tbl_standard);
@@ -300,5 +317,6 @@ int setup_tests(void)
ADD_TEST(test_obj_create);
ADD_TEST(test_obj_nid_undef);
ADD_TEST(test_mbstring_ncopy);
+ ADD_TEST(test_ossl_uni2utf8);
return 1;
}
diff --git a/test/bntest.c b/test/bntest.c
index d8c71def932d..8eb5e7659a5b 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1664,6 +1664,52 @@ err:
return st;
}
+static int file_modsqr(STANZA *s)
+{
+ BIGNUM *a = NULL, *m = NULL, *mod_sqr = NULL, *ret = NULL;
+ int st = 0;
+
+ if (!TEST_ptr(a = getBN(s, "A"))
+ || !TEST_ptr(m = getBN(s, "M"))
+ || !TEST_ptr(mod_sqr = getBN(s, "ModSqr"))
+ || !TEST_ptr(ret = BN_new()))
+ goto err;
+
+ if (!TEST_true(BN_mod_sqr(ret, a, m, ctx))
+ || !equalBN("A^2 (mod M)", mod_sqr, ret))
+ goto err;
+
+ if (BN_is_odd(m)) {
+ /* Reduce |a| and test the Montgomery version. */
+ BN_MONT_CTX *mont = BN_MONT_CTX_new();
+ BIGNUM *a_tmp = BN_new();
+
+ if (mont == NULL || a_tmp == NULL
+ || !TEST_true(BN_MONT_CTX_set(mont, m, ctx))
+ || !TEST_true(BN_nnmod(a_tmp, a, m, ctx))
+ || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx))
+ || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, a_tmp,
+ mont, ctx))
+ || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx))
+ || !equalBN("A^2 (mod M) (mont)", mod_sqr, ret))
+ st = 0;
+ else
+ st = 1;
+ BN_MONT_CTX_free(mont);
+ BN_free(a_tmp);
+ if (st == 0)
+ goto err;
+ }
+
+ st = 1;
+err:
+ BN_free(a);
+ BN_free(m);
+ BN_free(mod_sqr);
+ BN_free(ret);
+ return st;
+}
+
static int file_modexp(STANZA *s)
{
BIGNUM *a = NULL, *e = NULL, *m = NULL, *mod_exp = NULL, *ret = NULL;
@@ -3274,6 +3320,7 @@ static int file_test_run(STANZA *s)
{ "Product", file_product },
{ "Quotient", file_quotient },
{ "ModMul", file_modmul },
+ { "ModSqr", file_modsqr },
{ "ModExp", file_modexp },
{ "Exp", file_exp },
{ "ModSqrt", file_modsqrt },
diff --git a/test/certs/cve-2026-28388-ca.pem b/test/certs/cve-2026-28388-ca.pem
new file mode 100644
index 000000000000..9e36d11c4b4b
--- /dev/null
+++ b/test/certs/cve-2026-28388-ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFTCCAf2gAwIBAgIUOl5NN/jfsuLU9JSGLZAfRzviF+owDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNjAzMTcwODE5NDdaFw0yNzAzMTcw
+ODE5NDdaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQD0m4KETjF0c25spNWUiNChWP0GalDL0gVDFbtAoMVF/lvlZEcp
+hcg62ifHJRPntWyVAmH70DAI87cWzl/73QYGaOcMVcH5yEM31BoK83FvhsS3RTPO
+FSrNCHaZrrWuga+QkBmMcR6qX7GF5eb6ASMBsLuuDqbkCRbTJ2ryhYeWF+VFemBF
+pSHpcinSSLvswTVbZiCqmoy0WkK8eiyfLMZA17PgVLQpyPZ3rp5YG5vEZZoqFc/f
+1bCHjwQ7fNdLCEMqPvE/I0mg2skRClb1L1Vieud/jmjL8nVd9I12j1eUOcSKtCkW
+nj4BFa7TRz13sN3LZOFvV774ZaXRJ1GxoAlnAgMBAAGjYzBhMB0GA1UdDgQWBBSt
+UxfaVbV9QMmfwMoImdgi4MZHzTAfBgNVHSMEGDAWgBStUxfaVbV9QMmfwMoImdgi
+4MZHzTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEA84w49n0pPJlqiD1/mn3pUZ66lBP0fFZiCuV/3YatBZcW+xcboW0Q
+xImYztjZo0i+sQLZOalI4GoBqD77Dv4Qas0QoJZIp0wM8DjE3YcudCr4cpUhT1XC
+ruHVHQA9bY5rW0GsfUBW6/3RbRpiK4SaFG3sUBbXPo0dC2EaLDjpLM7o2UljRrWu
+d/vg6ieKuAicexLxqQLdM4SxjyvBpCwHg/dnMxawSj4Xhks1BHJ0hTLKJGDgfVHh
+ex8+878u6Gf7fAOZa5idWUgTvdt5WHSW5x+Tm/P6LGG3HkM425ZU6BLTCHONoBud
+cOlfWTTuIyweX5TRL5HY3SuO1cpMBpjiAA==
+-----END CERTIFICATE-----
diff --git a/test/certs/cve-2026-28388-crls.pem b/test/certs/cve-2026-28388-crls.pem
new file mode 100644
index 000000000000..46cbd7876dcd
--- /dev/null
+++ b/test/certs/cve-2026-28388-crls.pem
@@ -0,0 +1,22 @@
+-----BEGIN X509 CRL-----
+MIIBizB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2
+MDMxNzA4MTk0N1oXDTI2MDQxNjA4MTk0N1qgLzAtMB8GA1UdIwQYMBaAFK1TF9pV
+tX1AyZ/AygiZ2CLgxkfNMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBl
+3vVknchCNA/oW0ovtnrE+xQs8yAk3uElooQlw88moTcts2YAcKWl49lnNWZk/RbF
+Zs8m+MUuNb2W861siuvY3EwnSKVaJB2tKPfCRBP4xt+Q0g/Tn5CWxzpzHjQfLT6l
+pvWOwaO7aE6bthX7MQ9XBpnHSPxsbul+MhV5PER11BYZGVh5MH0XxfMI0jDHFh2M
+klTamgaao3TkVOI3OQPgzUx/q0Lz/YoCIH0pYGGP6KTGUX2x7UfD1tcIOcUp6tvO
+6hG3utMgJOpZJl9yMzhG+ZURjbz4MSbBM0FVIaWnBn2VzY1jHGky0nK83IZhiddf
+OohWoSH8tqwrNFZkblAH
+-----END X509 CRL-----
+-----BEGIN X509 CRL-----
+MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2
+MDEwODEyMDAwMFoXDTI2MDIwODEyMDAwMFqgMjAwMB8GA1UdIwQYMBaAFK1TF9pV
+tX1AyZ/AygiZ2CLgxkfNMA0GA1UdGwEB/wQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
+AQCyYxa5iVUFxBpdXgBGSMqkuxJqQzVni8nXK0DiXHfgbTud+HD5Qp/6PX2EQuwK
+SrT0yeNJBU1gxxMMsbdA0yVTPa7N2Ny39mjq/27yBXduiljo3Gs4NLEW9grJRnep
+WOD1cQe3Fea5HlEfUoQJF1WVekF6CnOSqESaDvTAzqpZd7pxU8cuduiRJPin93ki
+1nicQAU/G4Td190+JEAWD3/dJTg2LF6LKrmHiv2ZUTuNsVBfcbhFSoC6FpnjFUAI
+kF8EgJpuBEfqV6erIuT1GD+5p1QGNqdcNl7LO9erJaUFnssJBJtj84iXd7RZARNs
+njcibOSKC9YWgNmZUy0QV5D8
+-----END X509 CRL-----
diff --git a/test/certs/cve-2026-28388-leaf.pem b/test/certs/cve-2026-28388-leaf.pem
new file mode 100644
index 000000000000..02b22997cdd8
--- /dev/null
+++ b/test/certs/cve-2026-28388-leaf.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTI2MDMxNzA4MTk0N1oXDTI3MDMxNzA4MTk0N1owFDESMBAGA1UEAwwJ
+VGVzdCBMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx7jpC6+
+nRZ4ol6sShkpv04hGYtt7y+Ns4oIfdQTqo57DItFab8D8cH04zR8NND42MMnsPPn
+Ovh9gv2l1mj9ZfwgXI5PvaKc6CoXvXb0ttekdDUS1iw9g04BxIXTDANxsdSXrCDd
+Npyr1Pxdo3N2fiH6qN9/Lsh7yg0vJW/aJzdvhLcCTFcr89qmCsh17XfcTR0wZJXP
+QdlRib9EK8aa6aKOYmm44SBbuXXyWojhheUaqVuzDj6A0L9opmh/DVXa9bdIN/FX
+CKJB+d60Qxy5pKwpzDDxbCdG2vA1U2cPz8yAgelFG5AmXSHF7Id4G6GTCAY6PbTO
+Jy2Z4I6NY+mj5wIDAQABo3wwejAdBgNVHQ4EFgQUlf2YZ93MvS4kZm7fshosgp+J
+ImkwHwYDVR0jBBgwFoAUrVMX2lW1fUDJn8DKCJnYIuDGR80wCQYDVR0TBAIwADAt
+BgNVHS4EJjAkMCKgIKAehhxodHRwOi8vZXhhbXBsZS5jb20vZGVsdGEucGVtMA0G
+CSqGSIb3DQEBCwUAA4IBAQDoNAQGLS0Juf3i2fhuVQyWIFvNIMElLexeLnnd/y80
+13nsP68ZGT2D3DoHQSz3SL7sNjLBc2CiUVftdaRQ4dNCz8sBY5BRTS5XEGbbTAFZ
+bQUReykuuTy83CGw/JYN6YT/OHcf4gEhUnWtRMCmIz3J/NMRVSRnpV2Ezjltm/Q+
+emFS/QclRhkP6Vu+lwM/nV6uAN8T7Ba68Hym2MN0clozrpoKeqFouB7D0i+iCZMw
+zbac5as0hn7Fm+HGTbfTs2/fqUslvE6PmagepceP37pTSSVmYRmdpOD2cyCb30A+
+nJFGQg7PcacGSL1re65W35XzdU8Si8OYD+PxjDaRbPcP
+-----END CERTIFICATE-----
diff --git a/test/certs/ext-timeSpecification-periodic-no-second.pem b/test/certs/ext-timeSpecification-periodic-no-second.pem
new file mode 100644
index 000000000000..9b23ddbb162c
--- /dev/null
+++ b/test/certs/ext-timeSpecification-periodic-no-second.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLzCCAhmgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMjEyMjExNDQ5NDJaGA8yMDIyMTIyMTE0NDk0MlowETEPMA0G
+A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
+m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
+3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
+1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
+rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
+nrAVMQHB4fReQPH0pQIDAQABo4GMMIGJMIGGBgNVHSsEfzB9MXUwUaAlMSMwIaAM
+MAqgAwIBBaEDAgEroREwD6ADAgEMoQMCASKiAwIBOKEIMQYCAQECAQKiCDEGAgED
+AgEEowgxBgIBBQIBBqQKMQgCAgfmAgIH5zAgoQgxBgIBAwIBBKMIMQYCAQcCAQik
+CjEIAgIH5wICB+gBAf8CAfswDQYJKoZIhvcNAQEFBQADAQA=
+-----END CERTIFICATE-----
diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
index 1cb4a9000c69..1749ca698a23 100755
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -1,6 +1,6 @@
#! /bin/bash
#
-# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2016 Viktor Dukhovni <openssl-users@dukhovni.org>.
# All rights reserved.
#
@@ -257,7 +257,7 @@ genee() {
local cakey=$1; shift
local ca=$1; shift
- exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
+ exts=$(printf "%s\n%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
"subjectKeyIdentifier = hash" \
"authorityKeyIdentifier = keyid, issuer" \
"basicConstraints = CA:false" \
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index b0681e85876c..c2072c1be25c 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
@@ -35,7 +35,7 @@ static EVP_PKEY *server_key = NULL;
static X509 *server_cert = NULL;
static EVP_PKEY *client_key = NULL;
static X509 *client_cert = NULL;
-static unsigned char ref[CMP_TEST_REFVALUE_LENGTH];
+static unsigned char ref[CMP_TEST_REFVALUE_LENGTH]; /* not actually used */
/*
* For these unit tests, the client abandons message protection, and for
@@ -51,6 +51,30 @@ static void tear_down(CMP_SES_TEST_FIXTURE *fixture)
OPENSSL_free(fixture);
}
+static int set_simple_trust(OSSL_CMP_CTX *ctx, X509 *trusted)
+{
+ X509_STORE *ts = X509_STORE_new();
+ X509_VERIFY_PARAM *vpm;
+
+ /*
+ * not simply using OSSL_CMP_CTX_set1_srvCert() (to pin the server cert)
+ * in order to make sure that validated server cert gets cached,
+ * which is needed for the negative test case test_exec_KUR_bad_pkiConf_protection
+ */
+ if (ts == NULL || !X509_STORE_add_cert(ts, trusted))
+ goto err;
+
+ vpm = X509_STORE_get0_param(ts);
+ if (!X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME | X509_V_FLAG_PARTIAL_CHAIN)
+ || !OSSL_CMP_CTX_set0_trusted(ctx, ts))
+ goto err;
+
+ return 1;
+err:
+ X509_STORE_free(ts);
+ return 0;
+}
+
static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name)
{
CMP_SES_TEST_FIXTURE *fixture;
@@ -70,15 +94,15 @@ static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name)
goto err;
if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new(libctx, NULL))
|| !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)
- || !OSSL_CMP_CTX_set_transfer_cb(ctx, OSSL_CMP_CTX_server_perform)
+ /* using default verbosity: OSSL_CMP_LOG_INFO */
+ || !OSSL_CMP_CTX_set_transfer_cb(ctx, ossl_cmp_mock_server_perform)
|| !OSSL_CMP_CTX_set_transfer_cb_arg(ctx, fixture->srv_ctx)
|| !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1)
- || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1)
|| !OSSL_CMP_CTX_set1_oldCert(ctx, client_cert)
|| !OSSL_CMP_CTX_set1_pkey(ctx, client_key)
/* client_key is by default used also for newPkey */
- || !OSSL_CMP_CTX_set1_srvCert(ctx, server_cert)
- || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref)))
+ || !set_simple_trust(ctx, server_cert)
+ || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref))) /* not actually needed */
goto err;
fixture->req_type = -1;
return fixture;
@@ -128,9 +152,7 @@ static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture)
int status = OSSL_CMP_CTX_get_status(ctx);
OSSL_CMP_CTX_print_errors(ctx);
- if (!TEST_int_eq(status, fixture->expected)
- && !(fixture->expected == OSSL_CMP_PKISTATUS_waiting
- && TEST_int_eq(status, OSSL_CMP_PKISTATUS_trans)))
+ if (!TEST_int_eq(status, fixture->expected))
return 0;
if (fixture->expected != OSSL_CMP_PKISTATUS_accepted)
return TEST_ptr_null(res);
@@ -234,9 +256,9 @@ static int test_exec_IR_ses_poll_no_timeout(void)
static int test_exec_IR_ses_poll_total_timeout(void)
{
- return !test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter + 1,
+ return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter + 1,
3 /* pollCount */, checkAfter + 6,
- OSSL_CMP_PKISTATUS_waiting);
+ OSSL_CMP_PKISTATUS_trans);
}
static int test_exec_CR_ses(int implicit_confirm, int granted, int reject)
@@ -266,7 +288,9 @@ static int test_exec_CR_ses_implicit_confirm(void)
&& test_exec_CR_ses(1, 1 /* granted */, 0);
}
-static int test_exec_KUR_ses(int transfer_error, int pubkey, int raverified)
+/* the KUR transactions include certConf/pkiConf */
+static int test_exec_KUR_ses(int transfer_error, int server_use_bad_protection,
+ int pubkey, int raverified)
{
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->req_type = OSSL_CMP_PKIBODY_KUR;
@@ -274,6 +298,8 @@ static int test_exec_KUR_ses(int transfer_error, int pubkey, int raverified)
if (transfer_error)
OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL);
+ (void)ossl_cmp_mock_srv_set_useBadProtection(fixture->srv_ctx, server_use_bad_protection);
+
if (pubkey) {
EVP_PKEY *key = raverified /* wrong key */ ? server_key : client_key;
@@ -286,7 +312,8 @@ static int test_exec_KUR_ses(int transfer_error, int pubkey, int raverified)
if (pubkey || raverified)
OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_POPO_METHOD,
OSSL_CRMF_POPO_RAVERIFIED);
- fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : raverified ? OSSL_CMP_PKISTATUS_rejection
+ fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : raverified ? (pubkey ? OSSL_CMP_PKISTATUS_rejected_by_client : OSSL_CMP_PKISTATUS_rejection)
+ : server_use_bad_protection != -1 ? OSSL_CMP_PKISTATUS_checking_response
: OSSL_CMP_PKISTATUS_accepted;
EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
return result;
@@ -294,18 +321,23 @@ static int test_exec_KUR_ses(int transfer_error, int pubkey, int raverified)
static int test_exec_KUR_ses_ok(void)
{
- return test_exec_KUR_ses(0, 0, 0);
+ return test_exec_KUR_ses(0, -1, 0, 0);
}
static int test_exec_KUR_ses_transfer_error(void)
{
- return test_exec_KUR_ses(1, 0, 0);
+ return test_exec_KUR_ses(1, -1, 0, 0);
+}
+
+static int test_exec_KUR_bad_pkiConf_protection(void)
+{
+ return test_exec_KUR_ses(0, -1 /* disabled: OSSL_CMP_PKIBODY_PKICONF */, 0, 0);
}
static int test_exec_KUR_ses_wrong_popo(void)
{
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* cf ossl_cmp_verify_popo() */
- return test_exec_KUR_ses(0, 0, 1);
+ return test_exec_KUR_ses(0, -1, 0, 1);
#else
return 1;
#endif
@@ -313,12 +345,12 @@ static int test_exec_KUR_ses_wrong_popo(void)
static int test_exec_KUR_ses_pub(void)
{
- return test_exec_KUR_ses(0, 1, 0);
+ return test_exec_KUR_ses(0, -1, 1, 0);
}
static int test_exec_KUR_ses_wrong_pub(void)
{
- return test_exec_KUR_ses(0, 1, 1);
+ return test_exec_KUR_ses(0, -1, 1, 1);
}
static int test_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
@@ -340,7 +372,7 @@ static int test_exec_P10CR_ses(int reject)
SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
fixture->req_type = OSSL_CMP_PKIBODY_P10CR;
- fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection
+ fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejected_by_client
: OSSL_CMP_PKISTATUS_accepted;
ctx = fixture->cmp_ctx;
if (!TEST_ptr(csr = load_csr_der(pkcs10_f, libctx))
@@ -436,7 +468,7 @@ static int test_exec_GENM_ses_poll_total_timeout(void)
{
return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter + 1,
3 /* pollCount */, checkAfter + 2,
- OSSL_CMP_PKISTATUS_waiting);
+ OSSL_CMP_PKISTATUS_trans);
}
static int test_exec_GENM_ses(int transfer_error, int total_timeout, int expect)
@@ -546,7 +578,7 @@ int setup_tests(void)
|| !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx))
|| !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx))
|| !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx))
- || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) {
+ || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { /* not actually used */
cleanup_tests();
return 0;
}
@@ -562,6 +594,7 @@ int setup_tests(void)
ADD_TEST(test_exec_IR_ses_poll_total_timeout);
ADD_TEST(test_exec_KUR_ses_ok);
ADD_TEST(test_exec_KUR_ses_transfer_error);
+ ADD_TEST(test_exec_KUR_bad_pkiConf_protection);
ADD_TEST(test_exec_KUR_ses_wrong_popo);
ADD_TEST(test_exec_KUR_ses_pub);
ADD_TEST(test_exec_KUR_ses_wrong_pub);
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index f55d17258d1f..eec9364f42ba 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -929,6 +929,32 @@ static EVP_PKEY *load_example_ec_key(void)
#endif
#ifndef OPENSSL_NO_DEPRECATED_3_0
+
+static EVP_PKEY *make_bad_rsa_pubkey(void)
+{
+ RSA *rsa = NULL;
+ BIGNUM *n = NULL, *e = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ /* Deliberately invalid public key: n = 17, e = 17 */
+ if (!TEST_ptr(pkey = EVP_PKEY_new())
+ || !TEST_ptr(rsa = RSA_new())
+ || !TEST_ptr(n = BN_new())
+ || !TEST_ptr(e = BN_new())
+ || !TEST_true(BN_set_word(n, 17))
+ || !TEST_true(BN_set_word(e, 17))
+ || !TEST_true(RSA_set0_key(rsa, n, e, NULL))
+ || !EVP_PKEY_assign_RSA(pkey, rsa))
+ goto err;
+
+ return pkey;
+err:
+ BN_free(n);
+ BN_free(e);
+ RSA_free(rsa);
+ return NULL;
+}
+
#ifndef OPENSSL_NO_DH
static EVP_PKEY *load_example_dh_key(void)
{
@@ -5898,6 +5924,46 @@ err:
return testresult;
}
+static int test_rsasve_kem_with_invalid_pub_key(void)
+{
+ RSA *rsa = NULL;
+ EVP_PKEY *pkey = NULL;
+ EVP_PKEY_CTX *ctx = NULL;
+ unsigned char *ct = NULL;
+ unsigned char *secret = NULL;
+ size_t ctlen = 0, secretlen = 0;
+ int testresult = 0;
+
+ if (nullprov != NULL) {
+ testresult = TEST_skip("Test does not support a non-default library context");
+ goto err;
+ }
+
+ if (!TEST_ptr(pkey = make_bad_rsa_pubkey()))
+ goto err;
+
+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL))
+ || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1)
+ || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1)
+ || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1)
+ || !TEST_ptr(ct = OPENSSL_malloc(ctlen))
+ || !TEST_ptr(secret = OPENSSL_malloc(secretlen)))
+ goto err;
+
+ if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0))
+ goto err;
+
+ testresult = 1;
+
+err:
+ OPENSSL_free(secret);
+ OPENSSL_free(ct);
+ EVP_PKEY_CTX_free(ctx);
+ RSA_free(rsa);
+ EVP_PKEY_free(pkey);
+ return testresult;
+}
+
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
/* Test we can create a signature keys with an associated ENGINE */
static int test_signatures_with_engine(int tst)
@@ -6481,6 +6547,45 @@ static int test_invalid_ctx_for_digest(void)
return ret;
}
+static int test_evp_cipher_negative_length(void)
+{
+ EVP_CIPHER_CTX *ctx = NULL;
+ EVP_CIPHER *cipher = NULL;
+ unsigned char key[16] = { 0 };
+ unsigned char iv[16] = { 0 };
+ unsigned char buffer[32] = { 0 };
+ int outl = 0;
+ int ret = 0;
+
+ if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
+ goto end;
+
+ if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-128-CBC", testpropq)))
+ goto end;
+
+ /* Initialize encryption context */
+ if (!TEST_int_eq(EVP_EncryptInit_ex2(ctx, cipher, key, iv, NULL), 1))
+ goto end;
+
+ /* Test EVP_EncryptUpdate with negative length - should fail */
+ if (!TEST_int_eq(EVP_EncryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0))
+ goto end;
+
+ /* Reinitialize for decryption */
+ if (!TEST_int_eq(EVP_DecryptInit_ex2(ctx, cipher, key, iv, NULL), 1))
+ goto end;
+
+ /* Test EVP_DecryptUpdate with negative length - should fail */
+ if (!TEST_int_eq(EVP_DecryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0))
+ goto end;
+
+ ret = 1;
+end:
+ EVP_CIPHER_free(cipher);
+ EVP_CIPHER_CTX_free(ctx);
+ return ret;
+}
+
static int test_evp_cipher_pipeline(void)
{
OSSL_PROVIDER *fake_pipeline = NULL;
@@ -6854,6 +6959,7 @@ int setup_tests(void)
ADD_TEST(test_evp_md_cipher_meth);
ADD_TEST(test_custom_md_meth);
ADD_TEST(test_custom_ciph_meth);
+ ADD_TEST(test_rsasve_kem_with_invalid_pub_key);
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
/* Tests only support the default libctx */
@@ -6883,6 +6989,8 @@ int setup_tests(void)
ADD_TEST(test_invalid_ctx_for_digest);
+ ADD_TEST(test_evp_cipher_negative_length);
+
ADD_TEST(test_evp_cipher_pipeline);
return 1;
diff --git a/test/evp_test.c b/test/evp_test.c
index 582328c877e0..e742b647e3b7 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2607,7 +2607,7 @@ static int pkey_test_ctrl(EVP_TEST *t, EVP_PKEY_CTX *pctx,
static int pkey_add_control(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls,
const char *value)
{
- char *p;
+ const char *p;
if (controls == NULL)
return 0;
diff --git a/test/fake_rsaprov.c b/test/fake_rsaprov.c
index 6252456e8df1..ec5d5df5b85b 100644
--- a/test/fake_rsaprov.c
+++ b/test/fake_rsaprov.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -776,8 +776,7 @@ ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = {
ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
- static X509_PUBKEY
- * fake_rsa_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
+static X509_PUBKEY *fake_rsa_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
{
X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
diff --git a/test/http_test.c b/test/http_test.c
index 8b27e128cbf6..14942d511fcd 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -331,6 +331,18 @@ static int test_http_url_path_query_ok(const char *url, const char *exp_path_qu)
return res;
}
+static int test_http_url_host_ok(const char *url, const char *exp_host)
+{
+ char *host;
+ int res;
+
+ res = TEST_true(OSSL_HTTP_parse_url(url, NULL, NULL, &host, NULL, NULL,
+ NULL, NULL, NULL))
+ && TEST_str_eq(host, exp_host);
+ OPENSSL_free(host);
+ return res;
+}
+
static int test_http_url_dns(void)
{
return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path");
@@ -358,6 +370,13 @@ static int test_http_url_userinfo_query_fragment(void)
return test_http_url_ok("user:pass@host/p?q#fr", 0, "host", "80", "/p");
}
+static int test_http_url_at_sign_outside_authority(void)
+{
+ return test_http_url_host_ok("http://host/p@attacker.test", "host")
+ && test_http_url_host_ok("http://host/p?q=@attacker.test", "host")
+ && test_http_url_host_ok("http://host/p?q#fr@attacker.test", "host");
+}
+
static int test_http_url_ipv4(void)
{
return test_http_url_ok("https://1.2.3.4/p/q", 1, "1.2.3.4", "443", "/p/q");
@@ -576,6 +595,7 @@ int setup_tests(void)
ADD_TEST(test_http_url_timestamp);
ADD_TEST(test_http_url_path_query);
ADD_TEST(test_http_url_userinfo_query_fragment);
+ ADD_TEST(test_http_url_at_sign_outside_authority);
ADD_TEST(test_http_url_ipv4);
ADD_TEST(test_http_url_ipv6);
ADD_TEST(test_http_url_invalid_prefix);
diff --git a/test/ossl_store_test.c b/test/ossl_store_test.c
index f251313d1a69..50efd037a8ec 100644
--- a/test/ossl_store_test.c
+++ b/test/ossl_store_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -249,6 +249,12 @@ static int test_store_attach_unregistered_scheme(void)
return ret;
}
+static int test_store_delete_null_uri(void)
+{
+ /* Passing NULL uri must return 0, not crash */
+ return TEST_int_eq(OSSL_STORE_delete(NULL, NULL, NULL, NULL, NULL, NULL), 0);
+}
+
const OPTIONS *test_get_options(void)
{
static const OPTIONS test_options[] = {
@@ -303,6 +309,7 @@ int setup_tests(void)
ADD_TEST(test_store_open_winstore);
#endif
ADD_TEST(test_store_search_by_key_fingerprint_fail);
+ ADD_TEST(test_store_delete_null_uri);
ADD_ALL_TESTS(test_store_get_params, 3);
if (sm2file != NULL)
ADD_TEST(test_store_attach_unregistered_scheme);
diff --git a/test/pkcs12_api_test.c b/test/pkcs12_api_test.c
index b013818f0bf3..147d65bd665a 100644
--- a/test/pkcs12_api_test.c
+++ b/test/pkcs12_api_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -253,6 +253,35 @@ const OPTIONS *test_get_options(void)
return options;
}
+static int test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen(void)
+{
+ int ret = 0;
+ unsigned char salt[8] = { 0 };
+ EVP_PKEY *key = NULL;
+ X509 *cert = NULL;
+ STACK_OF(X509) *ca = NULL;
+ PKCS12 *p12 = NULL;
+
+ if (!TEST_ptr(p12 = PKCS12_load(in_file)))
+ return 0;
+ if (!TEST_true(PKCS12_parse(p12, in_pass, &key, &cert, &ca)))
+ goto err;
+ PKCS12_free(p12);
+
+ if (!TEST_ptr(p12 = PKCS12_create_ex2("pass", NULL, key, cert, ca,
+ NID_undef, NID_undef, 0, -1, 0,
+ testctx, NULL, NULL, NULL)))
+ goto err;
+ ret = TEST_false(PKCS12_set_pbmac1_pbkdf2(p12, "pass", -1,
+ salt, -1, 0, NULL, NULL));
+err:
+ PKCS12_free(p12);
+ EVP_PKEY_free(key);
+ X509_free(cert);
+ OSSL_STACK_OF_X509_free(ca);
+ return ret;
+}
+
int setup_tests(void)
{
OPTION_CHOICE o;
@@ -292,6 +321,7 @@ int setup_tests(void)
ADD_TEST(test_null_args);
ADD_TEST(pkcs12_parse_test);
ADD_ALL_TESTS(pkcs12_create_ex2_test, 3);
+ ADD_TEST(test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen);
return 1;
}
diff --git a/test/quicapitest.c b/test/quicapitest.c
index 6b9ee8e69ad8..c61dda6f7f7f 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2869,8 +2869,8 @@ static int test_ssl_set_verify(void)
serverssl = SSL_accept_connection(qlistener, 0);
/* Call SSL_accept() and SSL_connect() until we are connected */
- if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE, 0, 0)))
+ if (!TEST_ptr(serverssl)
+ || !TEST_true(create_bare_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE, 0, 0)))
goto err;
testresult = 1;
@@ -2923,8 +2923,8 @@ static int test_client_hello_retry(void)
serverssl = SSL_accept_connection(qlistener, 0);
/* Call SSL_accept() and SSL_connect() until we are connected */
- if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE, 0, 0)))
+ if (!TEST_ptr(serverssl)
+ || !TEST_true(create_bare_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE, 0, 0)))
goto err;
testresult = 1;
diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
index 85a17e0a05dc..a0a30df45e74 100644
--- a/test/recipes/10-test_bn_data/bnmod.txt
+++ b/test/recipes/10-test_bn_data/bnmod.txt
@@ -1,4 +1,4 @@
-# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -2010,6 +2010,14 @@ A = ca6c51ba2f410d09bf71d60fe
B = 8bdfa8fe5ef3b2ad02bc63c4d
M = 84daecf412b8c50ad6dfdb546c3eb783dcc6f32003eda914bb
+# These test vectors satisfy A ^ 2 = ModSqr (mod M) and 0 <= ModSqr < M.
+
+Title = ModSqr tests
+
+# Regression test for https://github.com/openssl/openssl/issues/15587
+ModSqr = 166794ed50cb31b6e6a319f7474416c266d5c3f3115ea2a7ed9638367d1f955f66a7179ee3ce5ee5e04e63c46781f1192beac3abb26ff238f5ed2f5505ae06003ff
+A = 1407833bd4c893195cc32f56a507f15140be687a1994febe0bdbe793125f010a3c1c814737b10ab690498b7990ce4e625ad2f32cbf42626cb9649da38a5c9c76a99
+M = 1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
# These test vectors satisfy A ^ E = ModExp (mod M) and 0 <= ModExp < M.
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 673c3d5f1772..ab8cdff23a21 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -30,7 +30,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 203;
+plan tests => 204;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -594,6 +594,18 @@ ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"],
"-explicit_policy"),
"Bad certificate policy");
+# CVE-2026-28388
+my $cve_28388_stderr = "cve-2026-28388.err";
+run(app(["openssl", "verify",
+ "-attime", "1739527200",
+ "-CAfile", srctop_file(@certspath, "cve-2026-28388-ca.pem"),
+ "-crl_check", "-use_deltas",
+ "-CRLfile", srctop_file(@certspath, "cve-2026-28388-crls.pem"),
+ srctop_file(@certspath, "cve-2026-28388-leaf.pem")],
+ stderr => $cve_28388_stderr));
+ok(grep(/CRL is not yet valid/, do { open my $fh, '<', $cve_28388_stderr; <$fh> }),
+ "CVE-2026-28388");
+
# CAstore option
my $rootcertname = "root-cert";
my $rootcert = srctop_file(@certspath, "${rootcertname}.pem");
diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
index dfa0a428f5f0..e4e373fd5d0e 100644
--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_x509");
-plan tests => 138;
+plan tests => 139;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
@@ -413,6 +413,12 @@ cert_contains($time_spec_per_cert,
"Years: 2023, 2024",
1, 'X.509 Time Specification (Periodic)');
+my $time_spec_per_no_second_cert =
+ srctop_file(@certs, "ext-timeSpecification-periodic-no-second.pem");
+cert_contains($time_spec_per_no_second_cert,
+ "05:43:00 - 12:34:56",
+ 1, 'X.509 Time Specification (Periodic, no second)');
+
my $attr_map_cert = srctop_file(@certs, "ext-attributeMappings.pem");
cert_contains($attr_map_cert,
"commonName == localityName",
diff --git a/test/recipes/61-test_bio_readbuffer.t b/test/recipes/61-test_bio_readbuffer.t
index e10ab746ae38..cd3db6a6ec54 100644
--- a/test/recipes/61-test_bio_readbuffer.t
+++ b/test/recipes/61-test_bio_readbuffer.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -16,7 +16,7 @@ setup('test_bio_readbuffer');
my $pemfile = srctop_file("test", "certs", "leaf.pem");
my $derfile = 'readbuffer_leaf.der';
-plan tests => 3;
+plan tests => 4;
ok(run(app([ 'openssl', 'x509', '-inform', 'PEM', '-in', $pemfile,
'-outform', 'DER', '-out', $derfile])),
@@ -27,3 +27,7 @@ ok(run(test(["bio_readbuffer_test", $derfile])),
ok(run(test(["bio_readbuffer_test", $pemfile])),
"Running bio_readbuffer_test $pemfile");
+
+ok(run(app([ 'openssl', 'x509', '-inform', 'DER', '-outform', 'PEM',
+ '-noout' ], stdin => $derfile)),
+ "Test stdin read buffer in openssl app");
diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv
index c6c54239b1d7..9e77baa4b127 100644
--- a/test/recipes/80-test_cmp_http_data/test_commands.csv
+++ b/test/recipes/80-test_cmp_http_data/test_commands.csv
@@ -147,6 +147,7 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty
0,using popo 1 with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,1, -newkeyout,_RESULT_DIR/newkeyout.pem
1, using popo -1 redundantly with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout2.pem
1, using popo -1 alternatively to -centralkeygen, -section,, -cmd,cr,, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout3.pem, -newkeypass,pass:12345, -certout,_RESULT_DIR/test.cert3.pem
-1, using centrally generated key (and cert) , -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345
+1, using centrally generated key (and cert) with existing chain, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, issuing.crt
+1, using centrally generated key (and cert) without giving chain (requires sender cert caching), -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, ""
0, using centrally generated key with wrong password, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:wrong
0, using popo -1 (instead of -centralkeygen) without -newkeyout, -section,, -cmd,cr,, -popo,-1,,BLANK,,BLANK,,BLANK,,BLANK
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 279a498475c8..d3adf2d1af77 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -53,7 +53,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
$no_rc2 = 1 if disabled("legacy");
-plan tests => 31;
+plan tests => 34;
ok(run(test(["pkcs7_test"])), "test pkcs7");
@@ -1360,6 +1360,49 @@ with({ exit_checker => sub { return shift == 3; } },
"Check for failure when cipher does not have an assigned OID (issue#22225)");
});
+# Test cases for CVE-2026-28389
+my $smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "dh-malformed.der");
+my $smdhcert = srctop_file("test", "recipes", "80-test_cms_data", "dh-cert.pem");
+my $smdhkey = srctop_file("test", "recipes", "80-test_cms_data", "dh-key.pem");
+
+with({ exit_checker => sub { return shift == 4; } },
+ sub {
+ SKIP: {
+ skip "DH is not supported in this build", 1 if $no_dh;
+
+ ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
+ "-inform", "DER", "-recip", $smdhcert, "-inkey", $smdhkey])),
+ "Must not crash on malformed cms inputs with dh key");
+ }
+ });
+
+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-malformed.der");
+my $smecdhcert = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-cert.pem");
+my $smecdhkey = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-key.pem");
+
+with({ exit_checker => sub { return shift == 4; } },
+ sub {
+ SKIP: {
+ skip "EC is not supported in this build", 1 if $no_ec;
+
+ ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
+ "-inform", "DER", "-recip", $smecdhcert, "-inkey", $smecdhkey])),
+ "Must not crash on malformed cms inputs with ecdh key");
+ }
+ });
+
+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "rsa-malformed.der");
+my $smrsacert = catfile($smdir, "smrsa3.pem");
+my $smrsakey = catfile($smdir, "smrsa3-key.pem");
+
+# Test case for CVE-2026-28390
+with({ exit_checker => sub { my $ret = shift; return $ret == 4 || $ret == 0; } },
+ sub {
+ ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, "-inform",
+ "DER", "-recip", $smrsacert, "-inkey", $smrsakey, "-out", "{output}.cms"])),
+ "Must not crash on malformed cms inputs with RSA key");
+ });
+
# Test encrypt to three recipients, and decrypt using key-only;
# i.e. do not follow the recommended practice of providing the
# recipient cert in the decrypt op.
diff --git a/test/recipes/80-test_cms_data/dh-cert.pem b/test/recipes/80-test_cms_data/dh-cert.pem
new file mode 100644
index 000000000000..f5fb90b9009b
--- /dev/null
+++ b/test/recipes/80-test_cms_data/dh-cert.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSjCCBDKgAwIBAgIUAV5WB+HkJTxtCmGX88OYfIRfEu8wDQYJKoZIhvcNAQEL
+BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGcm9vdENBMB4XDTI2
+MDMzMTA4NDUwOVoXDTI2MDQwMTA4NDUwOVowDjEMMAoGA1UEAwwDcG9jMIIDJzCC
+AhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xWICc9PPHYucWD
+zi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e1dX9ZWEkM/Uf
+XwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFYoTat5zUwrMpP
+SDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt52NyuxkLB6fI
+7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47G0xvrXM7tfy8
+LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgECAoIBAH//////
+////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7nEk2ffL6X8bGx
+hjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mvP6vkmswnhjhw
+c0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl2WRx/dy1bVuw
+a/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJmlBoXsMi5f050
+wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUTYNl3/UQ1oRww
+lC5L//////////8DggEGAAKCAQEA8IGxSTAsrdMqlK3rFejocWZ0fmXhLzlhnARX
+l3RL+jHyiFoCyCPRLmGBMaL9HqfcVp7E98IvFBxEjtDVc2tcbUJrbv922QaNYqQl
+IwuUhdBHDpg0aSbDTV0Vvbny0hDuD7T7VTUO5D7XJammA2hlbpcfO8xuWFmRjdBJ
+ctA+MaUbWL21ZzsF8A5rz58mVRHchrAez5ksNb8xaLd0lZqtbiBDntA52XnSp1bO
+M2CPlKcb4qMMxVop2DGakChcxu7BUzob22HpRQl+k5K4Tq+kkToHKMR6obpl9Leu
+lzJdR8cH9WqF6TE2YFYkpvzE7V7/Rp4uC6UqOGr62oS4thwLtqNTMFEwHwYDVR0j
+BBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0wDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUIpXhOwY+ufefb4dBhx3niO/ntO0wDQYJKoZIhvcNAQELBQADggEBABWo
+cJfSVwpnYmDHi9U0r0yickvRyFLiOK1vruoKfbkxfYk9J9OwLr4n4S5P5bGXXOSW
+AAVXnvYKs6Xn07sg+1X1Sti/1wd/OLOvjaz1ebRqP5MiZRbKIlRHkv2maJEmcdyp
+JGR4gHGnu/0I5Zp4DOi+xv1R3vGIkkcl/WIncrJflMJcCRMM4YdMV838kFU2esGm
+eB8pTv7acyYsGeSTIk+AYEtS84w3ZQ2sOuGAep0hp9saV/LKiRzNUG0yX2LWP8EO
+VMqGSXJqg1TYgAa7lcidtXfQgm+xdTeZzJRbl8Ti3d5YbgXW2vt4vhwkXtPGy5Y3
+NGpnrpeWX4rk4kQmx/I=
+-----END CERTIFICATE-----
diff --git a/test/recipes/80-test_cms_data/dh-key.pem b/test/recipes/80-test_cms_data/dh-key.pem
new file mode 100644
index 000000000000..16010785214e
--- /dev/null
+++ b/test/recipes/80-test_cms_data/dh-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN PRIVATE KEY-----
+MIICQAIBADCCAhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xW
+ICc9PPHYucWDzi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e
+1dX9ZWEkM/UfXwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFY
+oTat5zUwrMpPSDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt
+52NyuxkLB6fI7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47
+G0xvrXM7tfy8LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgEC
+AoIBAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7n
+Ek2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mv
+P6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl
+2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJm
+lBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUT
+YNl3/UQ1oRwwlC5L//////////8EHgIcJmHQRSrQ2wQnNyMZhx9Xdkf8hro/xi1r
+xDHoWg==
+-----END PRIVATE KEY-----
diff --git a/test/recipes/80-test_cms_data/dh-malformed.der b/test/recipes/80-test_cms_data/dh-malformed.der
new file mode 100644
index 000000000000..20a5ed84bde9
--- /dev/null
+++ b/test/recipes/80-test_cms_data/dh-malformed.der
Binary files differ
diff --git a/test/recipes/80-test_cms_data/ecdh-cert.pem b/test/recipes/80-test_cms_data/ecdh-cert.pem
new file mode 100644
index 000000000000..3a0ab6624ca2
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ecdh-cert.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBcTCCARegAwIBAgIUFyBfipahA11TzFxBhYY2WfTejGswCgYIKoZIzj0EAwIw
+DjEMMAoGA1UEAwwDcG9jMB4XDTI2MDMzMTA3MzQyOVoXDTI2MDQwMTA3MzQyOVow
+DjEMMAoGA1UEAwwDcG9jMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6iA2FR7s
+OgRtpf8cRXDSLSSB5nSzQt2/hzueZTiQXUT1Knto2U5zRqUoioZ/FKsazdhQVQQC
+EN0/WYGND+XwmaNTMFEwHwYDVR0jBBgwFoAU+AH0MqgJJ4WYRK+BmEDebmjREYcw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+AH0MqgJJ4WYRK+BmEDebmjREYcw
+CgYIKoZIzj0EAwIDSAAwRQIhAPTS8MWoylN+jfLgRfr75WkJqNFlsrfxCDvMtWV+
+NT2yAiBaY72EVG36EP2gGFEhkBaXb0vLx0r7umDgejEwBWQ9mQ==
+-----END CERTIFICATE-----
diff --git a/test/recipes/80-test_cms_data/ecdh-key.pem b/test/recipes/80-test_cms_data/ecdh-key.pem
new file mode 100644
index 000000000000..ef9488b3c516
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ecdh-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgeDjy2W+FHVPt1Kg1
+unwzzD9yBC+NtbH/UaZ9PY4wZP6hRANCAATqIDYVHuw6BG2l/xxFcNItJIHmdLNC
+3b+HO55lOJBdRPUqe2jZTnNGpSiKhn8UqxrN2FBVBAIQ3T9ZgY0P5fCZ
+-----END PRIVATE KEY-----
diff --git a/test/recipes/80-test_cms_data/ecdh-malformed.der b/test/recipes/80-test_cms_data/ecdh-malformed.der
new file mode 100644
index 000000000000..14ddc1dea290
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ecdh-malformed.der
Binary files differ
diff --git a/test/recipes/80-test_cms_data/rsa-malformed.der b/test/recipes/80-test_cms_data/rsa-malformed.der
new file mode 100644
index 000000000000..4182a465ce79
--- /dev/null
+++ b/test/recipes/80-test_cms_data/rsa-malformed.der
Binary files differ
diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
index 0539c79d5613..dfba630de42f 100644
--- a/test/recipes/80-test_ocsp.t
+++ b/test/recipes/80-test_ocsp.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -37,22 +37,24 @@ sub test_ocsp {
}
my $expected_exit = shift;
my $nochecks = shift;
+ my $opt_untrusted = shift // "-verify_other";
my $outputfile = basename($inputfile, '.ors') . '.dat';
run(app(["openssl", "base64", "-d",
"-in", catfile($ocspdir,$inputfile),
"-out", $outputfile]));
+ my @certopt = ($opt_untrusted, catfile($ocspdir, $untrusted));
with({ exit_checker => sub { return shift == $expected_exit; } },
sub { ok(run(app(["openssl", "ocsp", "-respin", $outputfile,
"-partial_chain", @check_time,
"-CAfile", catfile($ocspdir, $CAfile),
- "-verify_other", catfile($ocspdir, $untrusted),
+ @certopt,
"-no-CApath", "-no-CAstore",
$nochecks ? "-no_cert_checks" : ()])),
$title); });
}
-plan tests => 12;
+plan tests => 13;
subtest "=== VALID OCSP RESPONSES ===" => sub {
plan tests => 7;
@@ -230,6 +232,14 @@ subtest "=== OCSP API TESTS===" => sub {
"running ocspapitest");
};
+subtest "=== UNTRUSTED ISSUER HINTS ===" => sub {
+ plan tests => 1;
+
+ test_ocsp("NON-DELEGATED; invalid issuer via -issuer",
+ "ND1.ors", "ND1_Cross_Root.pem",
+ "ISIC_ND1_Issuer_ICA.pem", 1, 0, "-issuer");
+};
+
subtest "=== OCSP handling of identical input and output files ===" => sub {
plan tests => 5;
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 993d9e601805..078b1dcf2e77 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8343,6 +8343,13 @@ static struct {
NULL,
"AES128-SHA",
"AES128-SHA" },
+ { TLS1_2_VERSION,
+ "AES256-SHA",
+ NULL,
+ "AES128-SHA",
+ NULL,
+ "",
+ "" },
#endif
/*
* This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be
@@ -8367,6 +8374,13 @@ static struct {
"TLS_AES_256_GCM_SHA384",
"TLS_AES_256_GCM_SHA384",
"TLS_AES_256_GCM_SHA384" },
+ { TLS1_3_VERSION,
+ "AES128-SHA",
+ "TLS_AES_128_GCM_SHA256",
+ "AES256-SHA",
+ "TLS_AES_256_GCM_SHA384",
+ "",
+ "" },
#endif
};
@@ -8377,6 +8391,9 @@ static int int_test_ssl_get_shared_ciphers(int tst, int clnt)
int testresult = 0;
char buf[1024];
OSSL_LIB_CTX *tmplibctx = OSSL_LIB_CTX_new();
+ const char *expbuf = is_fips ? shared_ciphers_data[tst].fipsshared
+ : shared_ciphers_data[tst].shared;
+ int handshakeok = strcmp(expbuf, "") != 0;
if (!TEST_ptr(tmplibctx))
goto end;
@@ -8417,18 +8434,22 @@ static int int_test_ssl_get_shared_ciphers(int tst, int clnt)
shared_ciphers_data[tst].srvrtls13ciphers))))
goto end;
- if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
- NULL, NULL))
- || !TEST_true(create_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE)))
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+ NULL)))
goto end;
+ if (handshakeok) {
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+ } else {
+ if (!TEST_false(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+ }
+
if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf)))
- || !TEST_int_eq(strcmp(buf,
- is_fips
- ? shared_ciphers_data[tst].fipsshared
- : shared_ciphers_data[tst].shared),
- 0)) {
+ || !TEST_int_eq(strcmp(buf, expbuf), 0)) {
TEST_info("Shared ciphers are: %s\n", buf);
goto end;
}
@@ -9714,6 +9735,7 @@ static int test_session_cache_overflow(int idx)
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
+ int references;
#ifdef OSSL_NO_USABLE_TLS1_3
/* If no TLSv1.3 available then do nothing in this case */
@@ -9787,6 +9809,15 @@ static int test_session_cache_overflow(int idx)
get_sess_val = SSL_get_session(serverssl);
if (!TEST_ptr(get_sess_val))
goto end;
+ /*
+ * Normally the session is also stored in the cache, thus we have more than
+ * one reference, but due to an out-of-memory error it can happen that this
+ * is the only reference, and in that case the SSL_free(serverssl) below
+ * would free the get_sess_val, causing a use-after-free error.
+ */
+ if (!TEST_true(CRYPTO_GET_REF(&get_sess_val->references, &references))
+ || !TEST_int_ge(references, 2))
+ goto end;
sess = SSL_get1_session(clientssl);
if (!TEST_ptr(sess))
goto end;
@@ -13507,6 +13538,52 @@ end:
#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
}
+/*
+ * Test that if we attempt to send HTTP to a TLS server that we get the expected
+ * failure reason code.
+ */
+static int test_http_verbs(int idx)
+{
+ SSL_CTX *sctx = NULL;
+ SSL *serverssl = NULL;
+ int testresult = 0;
+ const char *verbs[] = { "GET", "POST", "HEAD" };
+ const char *http_trailer = " / HTTP/1.0\r\n\r\n";
+ BIO *b = BIO_new(BIO_s_mem());
+
+ if (!TEST_true((unsigned int)idx < OSSL_NELEM(verbs)))
+ goto end;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ NULL, 0, 0, &sctx, NULL, cert, privkey)))
+ goto end;
+
+ serverssl = SSL_new(sctx);
+ if (!TEST_ptr(serverssl))
+ goto end;
+
+ if (!TEST_int_gt(BIO_write(b, verbs[idx], (int)strlen(verbs[idx])), 0))
+ goto end;
+ if (!TEST_int_gt(BIO_write(b, http_trailer, (int)strlen(http_trailer)), 0))
+ goto end;
+ SSL_set_bio(serverssl, b, b);
+ b = NULL;
+
+ ERR_clear_error();
+ if (!TEST_int_le(SSL_accept(serverssl), 0))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_HTTP_REQUEST))
+ goto end;
+
+ testresult = 1;
+end:
+ SSL_free(serverssl);
+ SSL_CTX_free(sctx);
+ BIO_free(b);
+
+ return testresult;
+}
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
int setup_tests(void)
@@ -13840,6 +13917,7 @@ int setup_tests(void)
ADD_TEST(test_ssl_trace);
#endif
ADD_ALL_TESTS(test_ssl_set_groups_unsupported_keyshare, 2);
+ ADD_ALL_TESTS(test_http_verbs, 3);
return 1;
err:
diff --git a/test/tls-provider.c b/test/tls-provider.c
index 37f6e32dfd63..354f75fbec31 100644
--- a/test/tls-provider.c
+++ b/test/tls-provider.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2163,8 +2163,7 @@ ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = {
ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
- static X509_PUBKEY
- * xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
+static X509_PUBKEY *xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
{
X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
diff --git a/test/tls13groupselection_test.c b/test/tls13groupselection_test.c
index 8340a9fd2b3b..a3335b0e0dae 100644
--- a/test/tls13groupselection_test.c
+++ b/test/tls13groupselection_test.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -40,6 +40,12 @@ typedef enum SERVER_RESPONSE {
SH = 2
} SERVER_RESPONSE;
+static const char *response_desc[] = {
+ "HRR",
+ "INIT",
+ "SH",
+};
+
static char *cert = NULL;
static char *privkey = NULL;
@@ -307,7 +313,23 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] = {
{ "*brainpoolP256r1:X25519", /* test 43 */
"X25519",
SERVER_PREFERENCE,
- NEGOTIATION_FAILURE, INIT }
+ NEGOTIATION_FAILURE, INIT },
+
+ /* DEFAULT retains tuple structure */
+ { "*X25519:secp256r1",
+ "secp256r1:DEFAULT", /* test 44 */
+ SERVER_PREFERENCE,
+ "secp256r1", HRR },
+#ifndef OPENSSL_NO_DH
+ { "*ffdhe2048:secp256r1",
+ "DEFAULT:ffdhe4096", /* test 45 */
+ CLIENT_PREFERENCE,
+ "secp256r1", HRR },
+ { "x25519:ffdhe2048:*ffdhe4096",
+ "DEFAULT:ffdhe4096", /* test 46 */
+ SERVER_PREFERENCE,
+ "x25519", HRR },
+#endif
};
static void server_response_check_cb(int write_p, int version,
@@ -318,10 +340,12 @@ static void server_response_check_cb(int write_p, int version,
enum SERVER_RESPONSE *server_response = (enum SERVER_RESPONSE *)arg;
/* Prepare check for HRR */
const uint8_t *incoming_random = (uint8_t *)buf + 6;
- const uint8_t magic_HRR_random[32] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
+ const uint8_t magic_HRR_random[32] = {
+ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
- 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C };
+ 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
+ };
/* Did a server hello arrive? */
if (write_p == 0 && /* Incoming data... */
@@ -450,13 +474,16 @@ static int test_groupnegotiation(const struct tls13groupselection_test_st *curre
group_name_client = SSL_group_to_name(clientssl, negotiated_group_client);
if (!TEST_int_eq(negotiated_group_client, negotiated_group_server))
goto end;
- if (!TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response))
+ if (!TEST_str_eq(response_desc[current_test_vector->expected_server_response],
+ response_desc[server_response]))
goto end;
if (TEST_str_eq(group_name_client, current_test_vector->expected_group))
ok = 1;
} else {
TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE));
- if (test_type == TEST_NEGOTIATION_FAILURE && !TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response))
+ if (test_type == TEST_NEGOTIATION_FAILURE
+ && !TEST_str_eq(response_desc[current_test_vector->expected_server_response],
+ response_desc[server_response]))
goto end;
ok = 1;
}
diff --git a/util/checkplatformsyms.pl b/util/checkplatformsyms.pl
index 742dd8ea84fe..73f2a1b62184 100755
--- a/util/checkplatformsyms.pl
+++ b/util/checkplatformsyms.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -14,6 +14,13 @@ my $expectedsyms=$ARGV[0];
shift(@ARGV);
+# Check that object files exist
+foreach (@ARGV) {
+ unless (-f $_ && -r $_) {
+ die "Path is not a regular readable file: '$_'";
+ }
+}
+
my $objlist;
my $objfilelist = join(" ", @ARGV);
my $expsyms;
@@ -36,13 +43,13 @@ if ($Config{osname} eq "MSWin32") {
{
chomp;
my $dllfile = $_;
- $dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE \2/;
+ $dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE $2/;
if (index($dllfile, "DLLFILE") >= 0) {
$currentdll = substr($dllfile, 8);
$currentdll =~ s/^\s+|s+$//g;
}
# filter imports from our own library
- if ("$currentdll" ne "libcrypto-3-x64") {
+ if ("$currentdll" !~ /^libcrypto-[1-9][0-9]*(-x64)?$/) {
my $line = $_;
$line =~ s/ [0-9a-fA-F]{1,2} /SYMBOL /;
if (index($line, "SYMBOL") != -1) {
@@ -51,18 +58,28 @@ if ($Config{osname} eq "MSWin32") {
}
}
}
+
+ close($OBJFH);
+ ($? >> 8 == 0) or die "Command '$cmd' has failed.";
+
+ my $ok = 1;
foreach (@symlist) {
+ chomp;
if (index($exps, $_) < 0) {
print "Symbol $_ not in the allowed platform symbols list\n";
- exit 1;
+ $ok = 0;
}
}
- exit 0;
+ exit !$ok;
}
else {
- $cmd = "objdump -t " . $objfilelist . " | grep UND | grep -v \@OPENSSL";
- $cmd = $cmd . " | awk '{print \$NF}' |";
- $cmd = $cmd . " sed -e\"s/@.*\$//\" | sort | uniq";
+ $cmd = "objdump -t " . $objfilelist . " | awk " .
+ "'/\\\\*UND\\\\*/ {" .
+ "split(\$NF, sym_lib, \"@\");" .
+ "if (sym_lib[2] !~ \"OPENSSL_[1-9][0-9]*\\\\.[0-9]+\\\\.[0-9]+\$\")" .
+ "syms[sym_lib[1]] = 1;" .
+ "}" .
+ "END { for (s in syms) print s; };'";
open $expsyms, '<', $expectedsyms or die;
{
@@ -72,13 +89,16 @@ else {
close($expsyms);
open($OBJFH, "$cmd|") or die "Cannot open process: $!";
+ my $ok = 1;
while (<$OBJFH>)
{
+ chomp;
if (index($exps, $_) < 0) {
print "Symbol $_ not in the allowed platform symbols list\n";
- exit 1;
+ $ok = 0;
}
}
close($OBJFH);
- exit 0;
+
+ exit !(!($? >> 8) || !$ok);
}
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 3bed02a6ca79..269c1d3fa106 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -1043,8 +1043,6 @@ X509V3_EXT_get(3)
X509V3_EXT_get_nid(3)
X509V3_EXT_nconf(3)
X509V3_EXT_nconf_nid(3)
-X509V3_EXT_print(3)
-X509V3_EXT_print_fp(3)
X509V3_EXT_val_prn(3)
X509V3_NAME_from_section(3)
X509V3_add_standard_extensions(3)
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 803a3efc83cf..e2479e727b74 100755
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -339,21 +339,21 @@ foreach my $lib ( keys %errorfile ) {
*/
#ifndef $guard
-# define $guard
-# pragma once
+#define $guard
+#pragma once
-# include <openssl/opensslconf.h>
-# include <openssl/symhacks.h>
+#include <openssl/opensslconf.h>
+#include <openssl/symhacks.h>
-# ifdef __cplusplus
+#ifdef __cplusplus
extern \"C\" {
-# endif
+#endif
EOF
$indent = ' ';
if ($disablable) {
print OUT <<"EOF";
-# ifndef OPENSSL_NO_${lib}
+#ifndef OPENSSL_NO_${lib}
EOF
$indent = " ";
@@ -380,7 +380,7 @@ EOF
$rassigned{$lib} .= "$findcode:";
print STDERR "New Reason code $i\n" if $debug;
}
- printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z;
+ printf OUT "#define $i $rcodes{$i}\n";
}
print OUT "\n";
}
@@ -389,14 +389,14 @@ EOF
# brace for 'extern "C" {'.
while (length($indent) > 1) {
$indent = substr $indent, 0, -1;
- print OUT "#${indent}endif\n";
+ print OUT "#endif\n";
}
print OUT <<"EOF";
-# ifdef __cplusplus
+#ifdef __cplusplus
}
-# endif
+#endif
#endif
EOF
close OUT;
@@ -408,8 +408,8 @@ EOF
my $extra_include =
$internal
? ($lib ne 'SSL'
- ? "# include <openssl/cryptoerr_legacy.h>\n"
- : "# include <openssl/sslerr_legacy.h>\n")
+ ? "#include <openssl/cryptoerr_legacy.h>\n"
+ : "#include <openssl/sslerr_legacy.h>\n")
: '';
my $hfile = $hpubinc{$lib};
my $guard = $hfile;
@@ -430,46 +430,43 @@ EOF
*/
#ifndef $guard
-# define $guard
-# pragma once
+#define $guard
+#pragma once
-# include <openssl/opensslconf.h>
-# include <openssl/symhacks.h>
+#include <openssl/opensslconf.h>
+#include <openssl/symhacks.h>
$extra_include
-
EOF
$indent = ' ';
if ( $internal ) {
if ($disablable) {
print OUT <<"EOF";
-# ifndef OPENSSL_NO_${lib}
-
+#ifndef OPENSSL_NO_${lib}
EOF
$indent .= ' ';
}
} else {
print OUT <<"EOF";
-# define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE)
-# define ERR_R_${lib}_LIB ERR_${lib}_lib()
-
+#define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE)
+#define ERR_R_${lib}_LIB ERR_${lib}_lib()
EOF
if ( ! $static ) {
print OUT <<"EOF";
-# ifdef __cplusplus
+#ifdef __cplusplus
extern \"C\" {
-# endif
+#endif
int ERR_load_${lib}_strings(void);
void ERR_unload_${lib}_strings(void);
void ERR_${lib}_error(int function, int reason, const char *file, int line);
-# ifdef __cplusplus
+#ifdef __cplusplus
}
-# endif
+#endif
EOF
}
}
- print OUT "\n/*\n * $lib reason codes.\n */\n";
+ print OUT "/*\n * $lib reason codes.\n */\n";
foreach my $i ( @reasons ) {
my $z = 48 - length($i);
$z = 0 if $z < 0;
@@ -484,13 +481,13 @@ EOF
$rassigned{$lib} .= "$findcode:";
print STDERR "New Reason code $i\n" if $debug;
}
- printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z;
+ printf OUT "#define $i $rcodes{$i}\n";
}
print OUT "\n";
while (length($indent) > 0) {
$indent = substr $indent, 0, -1;
- print OUT "#${indent}endif\n";
+ print OUT "#endif\n";
}
close OUT;
}
@@ -550,7 +547,7 @@ EOF
}
}
print OUT <<"EOF";
-#${indent}ifndef OPENSSL_NO_ERR
+#ifndef OPENSSL_NO_ERR
static ${const}ERR_STRING_DATA ${lib}_str_reasons[] = {
EOF
@@ -568,26 +565,26 @@ EOF
$strings{$i} = $rn;
}
my $lines;
- $lines = " {ERR_PACK($pack_lib, 0, $i), \"$rn\"},";
- $lines = " {ERR_PACK($pack_lib, 0, $i),\n \"$rn\"},"
- if length($lines) > 80;
+ $lines = " { ERR_PACK($pack_lib, 0, $i), \"$rn\" },";
+ $lines = " { ERR_PACK($pack_lib, 0, $i),\n \"$rn\" },"
+ if length($lines) > 82;
print OUT "$lines\n";
}
print OUT <<"EOF";
- {0, NULL}
+ { 0, NULL }
};
-#${indent}endif
+#endif
EOF
if ( $internal ) {
print OUT <<"EOF";
int ossl_err_load_${lib}_strings(void)
{
-#${indent}ifndef OPENSSL_NO_ERR
+#ifndef OPENSSL_NO_ERR
if (ERR_reason_error_string(${lib}_str_reasons[0].error) == NULL)
ERR_load_strings_const(${lib}_str_reasons);
-#${indent}endif
+#endif
return 1;
}
EOF
@@ -642,7 +639,7 @@ EOF
while (length($indent) > 1) {
$indent = substr $indent, 0, -1;
- print OUT "#${indent}endif\n";
+ print OUT "#endif\n";
}
if ($internal && $disablable) {
print OUT <<"EOF";
diff --git a/util/mkinstallvars.pl b/util/mkinstallvars.pl
index 706bf38d02db..6e15282ddbff 100644
--- a/util/mkinstallvars.pl
+++ b/util/mkinstallvars.pl
@@ -29,7 +29,7 @@ my @subdirs = _pairs (PREFIX => [ qw(BINDIR LIBDIR INCLUDEDIR APPLINKDIR) ],
LIBDIR => [ qw(ENGINESDIR MODULESDIR PKGCONFIGDIR
CMAKECONFIGDIR) ]);
# For completeness, other expected variables
-my @others = qw(VERSION LDLIBS);
+my @others = qw(COMMENT VERSION LDLIBS);
my %all = ( );
foreach (@absolutes) { $all{$_} = 1 }
@@ -135,9 +135,10 @@ foreach my $pair (@subdirs) {
}
print <<_____;
- \$VERSION \@LDLIBS
+ \$COMMENT \$VERSION \@LDLIBS
);
+our \$COMMENT = '$values{COMMENT}->[0]';
_____
foreach my $k (@absolutes) {
diff --git a/util/platform_symbols/windows-symbols.txt b/util/platform_symbols/windows-symbols.txt
index ef82cb14c8c2..0f6cc11450cd 100644
--- a/util/platform_symbols/windows-symbols.txt
+++ b/util/platform_symbols/windows-symbols.txt
@@ -1,236 +1,175 @@
-CryptGenRandom
-RegisterEventSourceW
-ReportEventW
-CryptAcquireContextW
-CryptReleaseContext
-DeregisterEventSource
+AcquireSRWLockExclusive
+AcquireSRWLockShared
+CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenSystemStoreW
-CertCloseStore
-GetUserObjectInformationW
-GetProcessWindowStation
-MessageBoxW
-GetCurrentProcess
-ReadConsoleW
-ReadConsoleA
-SetConsoleMode
-GetConsoleMode
+CloseHandle
+ConvertFiberToThread
+ConvertThreadToFiberEx
+CreateFiberEx
CreateSemaphoreA
-GetExitCodeThread
-WaitForSingleObject
-ReleaseSemaphore
-GetCurrentProcessId
-TryEnterCriticalSection
-LeaveCriticalSection
+CryptAcquireContextW
+CryptGenRandom
+CryptReleaseContext
+DeleteCriticalSection
+DeleteFiber
+DeregisterEventSource
+DisableThreadLibraryCalls
EnterCriticalSection
-InitializeCriticalSection
-SystemTimeToFileTime
+FindClose
+FindFirstFileW
+FindNextFileW
+FormatMessageA
+FreeLibrary
+GetACP
+GetConsoleMode
+GetCurrentProcess
+GetCurrentProcessId
+GetCurrentThreadId
+GetEnvironmentVariableW
+GetExitCodeThread
+GetFileType
+GetLastError
+GetModuleHandleExW
+GetModuleHandleW
+GetProcAddress
+GetProcessWindowStation
+GetStartupInfoW
+GetStdHandle
+GetSystemDirectoryA
+GetSystemInfo
GetSystemTime
-TlsFree
-TlsSetValue
-TlsGetValue
GetSystemTimeAsFileTime
+GetUserObjectInformationW
+InitializeCriticalSection
+InitializeSListHead
+InitializeSRWLock
+IsDebuggerPresent
+IsProcessorFeaturePresent
+LeaveCriticalSection
+LoadLibraryA
+LoadLibraryW
+MessageBoxW
+MultiByteToWideChar
+QueryPerformanceCounter
+ReadConsoleA
+ReadConsoleW
+RegisterEventSourceW
+ReleaseSRWLockExclusive
+ReleaseSRWLockShared
+ReleaseSemaphore
+ReportEventW
RtlCaptureContext
RtlLookupFunctionEntry
-UnhandledExceptionFilter
+RtlVirtualUnwind
+SetConsoleMode
+SetLastError
SetUnhandledExceptionFilter
-IsProcessorFeaturePresent
-IsDebuggerPresent
-GetStartupInfoW
-QueryPerformanceCounter
-InitializeSListHead
-DeleteCriticalSection
+Sleep
+SwitchToFiber
+SystemTimeToFileTime
TerminateProcess
TlsAlloc
-GetCurrentThreadId
-AcquireSRWLockShared
-AcquireSRWLockExclusive
-RtlVirtualUnwind
-ConvertFiberToThread
-ConvertThreadToFiberEx
-SwitchToFiber
-DeleteFiber
-CreateFiberEx
-GetSystemDirectoryA
-FreeLibrary
-GetProcAddress
-LoadLibraryA
-FormatMessageA
-GetLastError
-SetLastError
-CloseHandle
-LoadLibraryW
-GetEnvironmentVariableW
-GetStdHandle
-GetFileType
-WriteFile
-GetModuleHandleW
-MultiByteToWideChar
-WideCharToMultiByte
-GetACP
-GetModuleHandleExW
-GetSystemInfo
+TlsFree
+TlsGetValue
+TlsSetValue
+TryEnterCriticalSection
+UnhandledExceptionFilter
VirtualAlloc
-VirtualProtect
VirtualFree
VirtualLock
-FindClose
-FindFirstFileW
-FindNextFileW
-Sleep
-InitializeSRWLock
-ReleaseSRWLockExclusive
-ReleaseSRWLockShared
-__current_exception
+VirtualProtect
+WSAIoctl
+WSASocketA
+WaitForSingleObject
+WideCharToMultiByte
+WriteFile
__C_specific_handler
-wcsstr
+__acrt_iob_func
+__current_exception
__current_exception_context
-strlen
-strstr
-strchr
-memmove
-strrchr
-memcmp
-memset
-memcpy
-memchr
__std_type_info_destroy_list
-__stdio_common_vsprintf
__stdio_common_vfprintf
+__stdio_common_vsnprintf_s
+__stdio_common_vsprintf
+__stdio_common_vsprintf_s
__stdio_common_vsscanf
-ftell
-fseek
-fread
-_fileno
__stdio_common_vswprintf
-_wfopen
-fopen
-setvbuf
-fflush
-ferror
-feof
-clearerr
-setbuf
-fclose
-fputs
-__acrt_iob_func
-__stdio_common_vsprintf_s
-fwrite
-fgets
-_setmode
-strtoul
-atoi
-strtol
-tolower
-strspn
-strcspn
-strncpy
-strpbrk
-strncmp
-strcmp
-strcat_s
-isspace
-_strdup
-isdigit
-strncpy_s
-strcpy_s
-_gmtime64_s
__timezone
-_mktime64
-_time64
-qsort
-malloc
-realloc
-calloc
-free
-terminate
-signal
-_initialize_narrow_environment
_beginthreadex
+_cexit
+_chmod
+_configure_narrow_argv
+_crt_at_quick_exit
+_crt_atexit
+_dclass
_endthreadex
-_register_onexit_function
-strerror_s
+_errno
_execute_onexit_table
-raise
-_crt_atexit
_exit
-_crt_at_quick_exit
-_errno
-_cexit
-_initterm_e
-_configure_narrow_argv
+_fileno
+_fstat64i32
+_get_osfhandle
+_gmtime64_s
+_initialize_narrow_environment
_initialize_onexit_table
_initterm
+_initterm_e
+_mktime64
+_register_onexit_function
_seh_filter_dll
-_chmod
+_setmode
_stat64i32
-_fstat64i32
+_strdup
+_time64
+_wfopen
+atoi
+calloc
+clearerr
+fclose
+feof
+ferror
+fflush
+fgets
+fopen
+fputs
+fread
+free
+fseek
+ftell
+fwrite
getenv
-GetStartupInfoW
-RtlLookupFunctionEntry
-RtlVirtualUnwind
-UnhandledExceptionFilter
-GetSystemTime
-SystemTimeToFileTime
-CloseHandle
-InitializeCriticalSection
-EnterCriticalSection
-LeaveCriticalSection
-TryEnterCriticalSection
-DeleteCriticalSection
-ReleaseSemaphore
-WaitForSingleObject
-WSASocketA
-WSAIoctl
-GetCurrentThreadId
-SetUnhandledExceptionFilter
-GetExitCodeThread
-CreateSemaphoreA
-SetLastError
-GetLastError
-GetCurrentProcess
-TerminateProcess
-IsProcessorFeaturePresent
-QueryPerformanceCounter
-RtlCaptureContext
-GetCurrentProcessId
-GetSystemTimeAsFileTime
-DisableThreadLibraryCalls
-InitializeSListHead
-IsDebuggerPresent
-GetModuleHandleW
+isdigit
+isspace
+malloc
+memchr
+memcmp
memcpy
+memmove
memset
-__current_exception_context
+qsort
+raise
+realloc
+setbuf
+setvbuf
+signal
+strcat_s
strchr
-memcmp
-memchr
+strcmp
+strcpy_s
+strcspn
+strerror_s
+strlen
+strncmp
+strncpy
+strncpy_s
+strpbrk
+strrchr
+strspn
strstr
-memmove
-__std_type_info_destroy_list
-__current_exception
-__C_specific_handler
-_errno
-_endthreadex
+strtol
+strtoul
terminate
-_initterm
-_initterm_e
-_seh_filter_dll
-_configure_narrow_argv
-_initialize_narrow_environment
-_initialize_onexit_table
-_register_onexit_function
-_execute_onexit_table
-_crt_atexit
-_crt_at_quick_exit
-_cexit
-_beginthreadex
-_time64
-strncmp
-strcmp
-qsort
-_stat64i32
-atoi
-__stdio_common_vsprintf
-_dclass
+tolower
+wcsstr
diff --git a/util/wrap.pl.in b/util/wrap.pl.in
index 2c9cb29fec04..5b6b2a51428f 100644
--- a/util/wrap.pl.in
+++ b/util/wrap.pl.in
@@ -79,6 +79,7 @@ if ($ARGV[0] eq '-jitter') {
$std_openssl_conf_include = catdir($there, 'providers');
}
+local $ENV{OPENSSL_RUNNING_UNIT_TESTS} = "yes";
local $ENV{OPENSSL_CONF_INCLUDE} = $std_openssl_conf_include
if defined $std_openssl_conf_include
generated by cgit v1.3 (git 2.53.0) at 2026-04-19 06:31:58 +0000