src - FreeBSD source tree

diff options


context:
space:
mode:

author	Jung-uk Kim <jkim@FreeBSD.org>	2022-03-15 22:18:15 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2022-03-15 22:18:15 +0000
commit	d6d3d400982465ee2c394caa850ba51c537b5a09 (patch)
tree	b585b42a59bad0b1d2f9161d22da3b590692ea52
parent	56eae1b760adf10835560a9ee595549a1f10410f (diff)
download	src-d6d3d400982465ee2c394caa850ba51c537b5a09.tar.gz src-d6d3d400982465ee2c394caa850ba51c537b5a09.zip

Import OpenSSL 1.1.1nvendor/openssl/1.1.1n

-rw-r--r--

-rwxr-xr-x

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rwxr-xr-x

-rw-r--r--

crypto/asn1/charmap.h

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

-rw-r--r--

crypto/conf/conf_def.h

-rw-r--r--

crypto/engine/eng_all.c

-rw-r--r--

crypto/engine/eng_dyn.c

-rw-r--r--

crypto/evp/digest.c

-rw-r--r--

crypto/lhash/lhash.c

-rw-r--r--

crypto/objects/obj_dat.c

-rw-r--r--

crypto/objects/obj_dat.h

-rw-r--r--

crypto/objects/obj_xref.h

-rw-r--r--

crypto/ui/ui_openssl.c

-rw-r--r--

crypto/x509/x509_vfy.c

-rw-r--r--

crypto/x509v3/v3_utl.c

-rw-r--r--

doc/man1/cms.pod

-rw-r--r--

doc/man3/BIO_ctrl.pod

-rw-r--r--

doc/man3/BIO_f_base64.pod

-rw-r--r--

doc/man3/BN_add.pod

-rw-r--r--

doc/man3/DEFINE_STACK_OF.pod

-rw-r--r--

doc/man3/OBJ_nid2obj.pod

-rw-r--r--

doc/man3/SSL_CONF_cmd.pod

-rw-r--r--

doc/man3/X509_STORE_CTX_new.pod

-rw-r--r--

include/internal/sockets.h

-rw-r--r--

include/openssl/engine.h

-rw-r--r--

include/openssl/obj_mac.h

-rw-r--r--

include/openssl/opensslv.h

-rw-r--r--

ssl/s3_lib.c

-rw-r--r--

ssl/ssl_cert.c

41 files changed, 327 insertions, 133 deletions

diff --git a/CHANGES b/CHANGES
index 9d58cb0c58d9..3ef3fa28cfa8 100644
--- a/CHANGES
+++ b/CHANGES

@@ -7,6 +7,43 @@

https://github.com/openssl/openssl/commits/ and pick the appropriate

release branch.

+ Changes between 1.1.1m and 1.1.1n [15 Mar 2022]

+ *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever

+ for non-prime moduli.

+ Internally this function is used when parsing certificates that contain

+ elliptic curve public keys in compressed form or explicit elliptic curve

+ parameters with a base point encoded in compressed form.

+ It is possible to trigger the infinite loop by crafting a certificate that

+ has invalid explicit curve parameters.

+ Since certificate parsing happens prior to verification of the certificate

+ signature, any process that parses an externally supplied certificate may

+ thus be subject to a denial of service attack. The infinite loop can also

+ be reached when parsing crafted private keys as they can contain explicit

+ elliptic curve parameters.

+ Thus vulnerable situations include:

+ - TLS clients consuming server certificates

+ - TLS servers consuming client certificates

+ - Hosting providers taking certificates or private keys from customers

+ - Certificate authorities parsing certification requests from subscribers

+ - Anything else which parses ASN.1 elliptic curve parameters

+ Also any other applications that use the BN_mod_sqrt() where the attacker

+ can control the parameter values are vulnerable to this DoS issue.

+ (CVE-2022-0778)

+ [Tomáš Mráz]

+ *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)

+ to the list of ciphersuites providing Perfect Forward Secrecy as

+ required by SECLEVEL >= 3.

+ [Dmitry Belyavskiy, Nicola Tuveri]

Changes between 1.1.1l and 1.1.1m [14 Dec 2021]

*) Avoid loading of a dynamic engine twice.

diff --git a/Configure b/Configure
index faf57b155a1c..4bea49d7da76 100755
--- a/Configure
+++ b/Configure

@@ -3161,25 +3161,25 @@ sub resolve_config {

}

- foreach (sort keys %all_keys) {

- my $previous = $combined_inheritance{$_};

+ foreach my $key (sort keys %all_keys) {

+ my $previous = $combined_inheritance{$key};

# Current target doesn't have a value for the current key?

# Assign it the default combiner, the rest of this loop body

# will handle it just like any other coderef.

- if (!exists $table{$target}->{$_}) {

- $table{$target}->{$_} = $default_combiner;

+ if (!exists $table{$target}->{$key}) {

+ $table{$target}->{$key} = $default_combiner;

}

- $table{$target}->{$_} = process_values($table{$target}->{$_},

- $combined_inheritance{$_},

- $target, $_);

- unless(defined($table{$target}->{$_})) {

- delete $table{$target}->{$_};

+ $table{$target}->{$key} = process_values($table{$target}->{$key},

+ $combined_inheritance{$key},

+ $target, $key);

+ unless(defined($table{$target}->{$key})) {

+ delete $table{$target}->{$key};

}

# if ($extra_checks &&

-# $previous && !($add_called || $previous ~~ $table{$target}->{$_})) {

-# warn "$_ got replaced in $target\n";

+# $previous && !($add_called || $previous ~~ $table{$target}->{$key})) {

+# warn "$key got replaced in $target\n";

# }

}

diff --git a/NEWS b/NEWS
index 0769464fefa2..f4ac262888ad 100644
--- a/NEWS
+++ b/NEWS

@@ -5,6 +5,11 @@

This file gives a brief overview of the major changes between each OpenSSL

release. For more details please read the CHANGES file.

+ Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]

+ o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop

+ forever for non-prime moduli ([CVE-2022-0778])

Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]

o None

diff --git a/README b/README
index 50345c3c28eb..3e100933f388 100644
--- a/README
+++ b/README

@@ -1,5 +1,5 @@

- OpenSSL 1.1.1m 14 Dec 2021

+ OpenSSL 1.1.1n 15 Mar 2022

diff --git a/apps/apps.c b/apps/apps.c
index c06241abb975..1a92271595f1 100644
--- a/apps/apps.c
+++ b/apps/apps.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)

int ui_flags = 0;

const char *prompt_info = NULL;

char *prompt;

+ int pw_min_len = PW_MIN_LENGTH;

if (cb_data != NULL && cb_data->prompt_info != NULL)

prompt_info = cb_data->prompt_info;

+ if (cb_data != NULL && cb_data->password != NULL

+ && *(const char*)cb_data->password != '\0')

+ pw_min_len = 1;

prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);

if (!prompt) {

BIO_printf(bio_err, "Out of memory\n");

@@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)

(void)UI_add_user_data(ui, cb_data);

ok = UI_add_input_string(ui, prompt, ui_flags, buf,

- PW_MIN_LENGTH, bufsiz - 1);

+ pw_min_len, bufsiz - 1);

if (ok >= 0 && verify) {

buff = app_malloc(bufsiz, "password buffer");

ok = UI_add_verify_string(ui, prompt, ui_flags, buff,

- PW_MIN_LENGTH, bufsiz - 1, buf);

+ pw_min_len, bufsiz - 1, buf);

}

if (ok >= 0)

do {

diff --git a/apps/openssl.c b/apps/openssl.c
index ff7b759a40b1..f35d57f2648c 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -120,7 +120,6 @@ int main(int argc, char *argv[])

{

FUNCTION f, *fp;

LHASH_OF(FUNCTION) *prog = NULL;

- char **copied_argv = NULL;

char *p, *pname;

char buf[1024];

const char *prompt;

@@ -137,7 +136,7 @@ int main(int argc, char *argv[])

bio_err = dup_bio_err(FORMAT_TEXT);

#if defined(OPENSSL_SYS_VMS) && defined(__DECC)

- copied_argv = argv = copy_argv(&argc, argv);

+ argv = copy_argv(&argc, argv);

#elif defined(_WIN32)

* Replace argv[] with UTF-8 encoded strings.

@@ -258,7 +257,6 @@ int main(int argc, char *argv[])

}

ret = 1;

end:

- OPENSSL_free(copied_argv);

OPENSSL_free(default_config_file);

lh_FUNCTION_free(prog);

OPENSSL_free(arg.argv);

diff --git a/apps/passwd.c b/apps/passwd.c
index d741d05335f8..af08ccd4ac0f 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -407,7 +407,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)

n >>= 1;

}

if (!EVP_DigestFinal_ex(md, buf, NULL))

- return NULL;

+ goto err;

for (i = 0; i < 1000; i++) {

if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))

@@ -633,7 +633,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)

n >>= 1;

}

if (!EVP_DigestFinal_ex(md, buf, NULL))

- return NULL;

+ goto err;

/* P sequence */

if (!EVP_DigestInit_ex(md2, sha, NULL))

@@ -644,7 +644,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)

goto err;

if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))

- return NULL;

+ goto err;

if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)

goto err;

@@ -661,7 +661,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)

goto err;

if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))

- return NULL;

+ goto err;

if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)

goto err;

diff --git a/apps/s_client.c b/apps/s_client.c
index 121cd1444fe6..00effc80375a 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c

@@ -938,6 +938,7 @@ int s_client_main(int argc, char **argv)

struct timeval tv;

#endif

const char *servername = NULL;

+ char *sname_alloc = NULL;

int noservername = 0;

const char *alpn_in = NULL;

tlsextctx tlsextcbp = { NULL, 0 };

@@ -1588,6 +1589,15 @@ int s_client_main(int argc, char **argv)

"%s: -proxy argument malformed or ambiguous\n", prog);

goto end;

}

+ if (servername == NULL && !noservername) {

+ res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST);

+ if (!res) {

+ BIO_printf(bio_err,

+ "%s: -connect argument malformed or ambiguous\n", prog);

+ goto end;

+ }

+ servername = sname_alloc;

+ }

} else {

int res = 1;

char *tmp_host = host, *tmp_port = port;

@@ -3149,6 +3159,7 @@ int s_client_main(int argc, char **argv)

#ifndef OPENSSL_NO_SRP

OPENSSL_free(srp_arg.srppassin);

#endif

+ OPENSSL_free(sname_alloc);

OPENSSL_free(connectstr);

OPENSSL_free(bindstr);

OPENSSL_free(bindhost);

diff --git a/apps/s_socket.c b/apps/s_socket.c
index aee366d5f457..96f16d2931cd 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port,

#endif

if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),

- protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {

+ BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {

BIO_closesocket(*sock);

*sock = INVALID_SOCKET;

continue;

diff --git a/config b/config
index 26225ca2a9e5..49422981ae84 100755
--- a/config
+++ b/config

@@ -704,6 +704,7 @@ case "$GUESSOS" in

__CNF_CPPFLAGS="$__CNF_CPPFLAGS -DL_ENDIAN" ;;

powerpc64-*-*bsd*) OUT="BSD-generic64";

__CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;;

+ riscv64-*-*bsd*) OUT="BSD-riscv64" ;;

sparc64-*-*bsd*) OUT="BSD-sparc64" ;;

ia64-*-*bsd*) OUT="BSD-ia64" ;;

x86_64-*-dragonfly*) OUT="BSD-x86_64" ;;

diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index e234c9e615d0..5630291bd58c 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h

@@ -2,7 +2,7 @@

* WARNING: do not edit!

* Generated by crypto/asn1/charmap.pl

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 8ea32bce401b..0af7a330bc68 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -744,7 +744,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,

# pragma pointer_size 32

#endif

/* Windows doesn't seem to have in_addr_t */

-#ifdef OPENSSL_SYS_WINDOWS

+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)

static uint32_t he_fallback_address;

static const char *he_fallback_addresses[] =

{ (char *)&he_fallback_address, NULL };

diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
index e542abe46fa1..eac0896e6869 100644
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -32,7 +32,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,

bn_check_top(p2);

bn_check_top(m);

- if (!(m->d[0] & 1)) {

+ if (!BN_is_odd(m)) {

BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);

return 0;

}

diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index 1a25c285773a..8f2d7e995a01 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h

@@ -2,7 +2,7 @@

* WARNING: do not edit!

* Generated by crypto/bn/bn_prime.pl

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 69749a9fa7dc..17ac6e7cac1c 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c

@@ -142,7 +142,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)

continue;

if (i == 0 || i > INT_MAX / 4)

- goto err;

+ return 0;

num = i + neg;

if (bn == NULL)

diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 1723d5ded5a8..6a42ce8a9413 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

* Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks

* algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number

- * Theory", algorithm 1.5.1). 'p' must be prime!

+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or

+ * an incorrect "result" will be returned.

{

BIGNUM *ret = in;

@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)

goto vrfy;

}

- /* find smallest i such that b^(2^i) = 1 */

- i = 1;

- if (!BN_mod_sqr(t, b, p, ctx))

- goto end;

- while (!BN_is_one(t)) {

- i++;

- if (i == e) {

- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);

- goto end;

+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */

+ for (i = 1; i < e; i++) {

+ if (i == 1) {

+ if (!BN_mod_sqr(t, b, p, ctx))

+ goto end;

+ } else {

+ if (!BN_mod_mul(t, t, t, p, ctx))

+ goto end;

}

- if (!BN_mod_mul(t, t, t, p, ctx))

- goto end;

+ if (BN_is_one(t))

+ break;

+ }

+ /* If not found, a is not a square or p is not prime. */

+ if (i >= e) {

+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);

+ goto end;

}

/* t := y^2^(e - i - 1) */

diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index 1e4a03e10bbd..0490236287ac 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h

@@ -2,7 +2,7 @@

* WARNING: do not edit!

* Generated by crypto/conf/keysets.pl

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

* in the file LICENSE in the source distribution or at

diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
index b675ed7892e2..474a60c9bf13 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -12,9 +12,6 @@

void ENGINE_load_builtin_engines(void)

{

- /* Some ENGINEs need this */

- OPENSSL_cpuid_setup();

OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);

}

diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index 87c762edb8a0..6a0ddc162d00 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -443,8 +443,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)

* We fail if the version checker veto'd the load *or* if it is

* deferring to us (by returning its version) and we think it is too

* old.

+ * Unfortunately the version checker does not distinguish between

+ * engines built for openssl 1.1.x and openssl 3.x, but loading

+ * an engine that is built for openssl 3.x will cause a fatal

+ * error. Detect such engines, since EVP_PKEY_get_base_id is exported

+ * as a function in openssl 3.x, while it is named EVP_PKEY_base_id

+ * in openssl 1.1.x. Therefore we take the presence of that symbol

+ * as an indication that the engine will be incompatible.

- if (vcheck_res < OSSL_DYNAMIC_OLDEST) {

+ if (vcheck_res < OSSL_DYNAMIC_OLDEST

+ || DSO_bind_func(ctx->dynamic_dso,

+ "EVP_PKEY_get_base_id") != NULL) {

/* Fail */

ctx->bind_engine = NULL;

ctx->v_check = NULL;

diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index d1bfa274ca81..01a6f251f56e 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -15,6 +15,22 @@

#include "crypto/evp.h"

#include "evp_local.h"

+static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)

+ if (ctx->digest != NULL) {

+ if (ctx->digest->cleanup != NULL

+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))

+ ctx->digest->cleanup(ctx);

+ if (ctx->md_data != NULL && ctx->digest->ctx_size > 0

+ && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)

+ || force)) {

+ OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);

+ ctx->md_data = NULL;

+ }

/* This call frees resources associated with the context */

int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)

{

@@ -25,13 +41,8 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)

* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because

* sometimes only copies of the context are ever finalised.

- if (ctx->digest && ctx->digest->cleanup

- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))

- ctx->digest->cleanup(ctx);

- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data

- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {

- OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);

- }

+ cleanup_old_md_data(ctx, 0);

* pctx should be freed by the user of EVP_MD_CTX

* if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set

@@ -76,6 +87,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)

if (ctx->engine && ctx->digest &&

(type == NULL || (type->type == ctx->digest->type)))

goto skip_to_init;

if (type) {

* Ensure an ENGINE left lying around from last time is cleared (the

@@ -119,10 +131,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)

}

#endif

if (ctx->digest != type) {

- if (ctx->digest && ctx->digest->ctx_size) {

- OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);

- ctx->md_data = NULL;

- }

+ cleanup_old_md_data(ctx, 1);

ctx->digest = type;

if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {

ctx->update = type->update;

diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 9dc887d91e4b..603224975ca1 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -343,7 +343,8 @@ unsigned long OPENSSL_LH_strhash(const char *c)

v = n | (*c);

n += 0x100;

r = (int)((v >> 2) ^ v) & 0x0f;

- ret = (ret << r) | (ret >> (32 - r));

+ /* cast to uint64_t to avoid 32 bit shift of 32 bit value */

+ ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r));

ret &= 0xFFFFFFFFL;

ret ^= v * v;

c++;

@@ -364,7 +365,8 @@ unsigned long openssl_lh_strcasehash(const char *c)

for (n = 0x100; *c != '\0'; n += 0x100) {

v = n | ossl_tolower(*c);

r = (int)((v >> 2) ^ v) & 0x0f;

- ret = (ret << r) | (ret >> (32 - r));

+ /* cast to uint64_t to avoid 32 bit shift of 32 bit value */

+ ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r));

ret &= 0xFFFFFFFFL;

ret ^= v * v;

c++;

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 46006fe6cf9c..7e8de727f310 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -228,9 +228,10 @@ ASN1_OBJECT *OBJ_nid2obj(int n)

return NULL;

}

return (ASN1_OBJECT *)&(nid_objs[n]);

- } else if (added == NULL)

+ } else if (added == NULL) {

+ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);

return NULL;

- else {

+ } else {

ad.type = ADDED_NID;

ad.obj = &ob;

ob.nid = n;

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 24b49a2df258..63bf69e4437d 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h

@@ -2,7 +2,7 @@

* WARNING: do not edit!

* Generated by crypto/objects/obj_dat.pl

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

* in the file LICENSE in the source distribution or at

diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index 5c3561ab7d7e..5ef094bbfd84 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h

@@ -2,7 +2,7 @@

* WARNING: do not edit!

* Generated by objxref.pl

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 9526c16536cb..0f630a5bd963 100644
--- a/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -572,6 +572,8 @@ static int echo_console(UI *ui)

static int close_console(UI *ui)

{

+ int ret = 1;

if (tty_in != stdin)

fclose(tty_in);

if (tty_out != stderr)

@@ -584,12 +586,12 @@ static int close_console(UI *ui)

BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);

UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR);

ERR_add_error_data(2, "status=", tmp_num);

- return 0;

+ ret = 0;

}

# endif

CRYPTO_THREAD_unlock(ui->lock);

- return 1;

+ return ret;

}

# if !defined(OPENSSL_SYS_WINCE)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index e404fcc602df..b18489f67f6e 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -2201,6 +2201,12 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,

/* If purpose not set use default */

if (!purpose)

purpose = def_purpose;

+ /*

+ * If purpose is set but we don't have a default then set the default to

+ * the current purpose

+ */

+ else if (def_purpose == 0)

+ def_purpose = purpose;

/* If we have a purpose then check it is valid */

if (purpose) {

X509_PURPOSE *ptmp;

@@ -2213,11 +2219,6 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,

ptmp = X509_PURPOSE_get0(idx);

if (ptmp->trust == X509_TRUST_DEFAULT) {

idx = X509_PURPOSE_get_by_id(def_purpose);

- /*

- * XXX: In the two callers above def_purpose is always 0, which is

- * not a known value, so idx will always be -1. How is the

- * X509_TRUST_DEFAULT case actually supposed to be handled?

- */

if (idx == -1) {

X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,

X509_R_UNKNOWN_PURPOSE_ID);

diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index f41c699b5af0..a7ff4b4fb4d3 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -538,8 +538,11 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email

return 0;

emtmp = OPENSSL_strndup((char *)email->data, email->length);

- if (emtmp == NULL)

+ if (emtmp == NULL) {

+ X509_email_free(*sk);

+ *sk = NULL;

return 0;

+ }

/* Don't add duplicates */

if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {

@@ -828,8 +831,11 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,

rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);

else if (a->length == (int)blen && !memcmp(a->data, b, blen))

rv = 1;

- if (rv > 0 && peername)

+ if (rv > 0 && peername != NULL) {

*peername = OPENSSL_strndup((char *)a->data, a->length);

+ if (*peername == NULL)

+ return -1;

+ }

} else {

int astrlen;

unsigned char *astr;

@@ -842,8 +848,13 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,

return -1;

}

rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);

- if (rv > 0 && peername)

+ if (rv > 0 && peername != NULL) {

*peername = OPENSSL_strndup((char *)astr, astrlen);

+ if (*peername == NULL) {

+ OPENSSL_free(astr);

+ return -1;

+ }

OPENSSL_free(astr);

}

return rv;

diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod
index 2caf3ef4d156..c30e834cfae7 100644
--- a/doc/man1/cms.pod
+++ b/doc/man1/cms.pod

@@ -719,6 +719,9 @@ the list of permitted ciphers in a database and only use those.

No revocation checking is done on the signer's certificate.

+The B<-binary> option does not work correctly when processing text input which

+(contrary to the S/MIME specification) uses LF rather than CRLF line endings.

=head1 HISTORY

The use of multiple B<-signer> options and the B<-resign> command were first

@@ -735,7 +738,7 @@ The -no_alt_chains option was added in OpenSSL 1.0.2b.

=head1 COPYRIGHT

Licensed under the OpenSSL license (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod
index 2e438c3ce952..cf6ba135dfe9 100644
--- a/doc/man3/BIO_ctrl.pod
+++ b/doc/man3/BIO_ctrl.pod

@@ -16,7 +16,7 @@ BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb

long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);

long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb);

- char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);

+ void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);

long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);

int BIO_reset(BIO *b);

@@ -126,7 +126,7 @@ the case of BIO_seek() on a file BIO for a successful operation.

=head1 COPYRIGHT

Licensed under the OpenSSL license (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/BIO_f_base64.pod b/doc/man3/BIO_f_base64.pod
index 5097c2849ba1..c2c5309a6017 100644
--- a/doc/man3/BIO_f_base64.pod
+++ b/doc/man3/BIO_f_base64.pod

@@ -21,13 +21,26 @@ any data read through it.

Base64 BIOs do not support BIO_gets() or BIO_puts().

+For writing, output is by default divided to lines of length 64

+characters and there is always a newline at the end of output.

+For reading, first line should be at most 1024

+characters long. If it is longer then it is ignored completely.

+Other input lines can be of any length. There must be a newline

+at the end of input.

+This behavior can be changed with BIO_FLAGS_BASE64_NO_NL flag.

BIO_flush() on a base64 BIO that is being written through is

used to signal that no more data is to be encoded: this is used

to flush the final block through the BIO.

-The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags()

-to encode the data all on one line or expect the data to be all

-on one line.

+The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags().

+For writing, it causes all data to be written on one line without

+newline at the end.

+For reading, it forces the decoder to process the data regardless

+of newlines. All newlines are ignored and the input does not need

+to contain any newline at all.

=head1 NOTES

@@ -81,7 +94,7 @@ to reliably determine EOF (for example a MIME boundary).

=head1 COPYRIGHT

Licensed under the OpenSSL license (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
index dccd4790ede7..a4912fbab1d5 100644
--- a/doc/man3/BN_add.pod
+++ b/doc/man3/BN_add.pod

@@ -3,7 +3,7 @@

=head1 NAME

BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,

-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -

+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd -

arithmetic operations on BIGNUMs

=head1 SYNOPSIS

@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs

int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);

+ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);

int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,

@@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>.

BN_mod_sqr() takes the square of I<a> modulo B<m> and places the

result in I<r>.

+BN_mod_sqrt() returns the modular square root of I<a> such that

+C<in^2 = a (mod p)>. The modulus I<p> must be a

+prime, otherwise an error or an incorrect "result" will be returned.

+The result is stored into I<in> which can be NULL. The result will be

+newly allocated in that case.

BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>

(C<r=a^p>). This function is faster than repeated applications of

BN_mul().

@@ -108,7 +116,10 @@ the arguments.

=head1 RETURN VALUES

-For all functions, 1 is returned for success, 0 on error. The return

+The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is

+not a prime), or NULL.

+For all remaining functions, 1 is returned for success, 0 on error. The return

value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).

The error codes can be obtained by L<ERR_get_error(3)>.

@@ -119,7 +130,7 @@ L<BN_add_word(3)>, L<BN_set_bit(3)>

=head1 COPYRIGHT

Licensed under the OpenSSL license (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod
index 43a3214d584a..6f4ac7ec0ef0 100644
--- a/doc/man3/DEFINE_STACK_OF.pod
+++ b/doc/man3/DEFINE_STACK_OF.pod

@@ -238,7 +238,8 @@ sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and sk_TYPE_delete_ptr()

return a pointer to the deleted element or B<NULL> on error.

sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return the total

-number of elements in the stack and 0 if an error occurred.

+number of elements in the stack and 0 if an error occurred. sk_TYPE_push()

+further returns -1 if B<sk> is B<NULL>.

sk_TYPE_set() returns a pointer to the replacement element or B<NULL> on

error.

diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod
index 74379ad817da..b37d992307c2 100644
--- a/doc/man3/OBJ_nid2obj.pod
+++ b/doc/man3/OBJ_nid2obj.pod

@@ -68,13 +68,15 @@ If I<no_name> is 0 then long names and short names will be interpreted

as well as numerical forms. If I<no_name> is 1 only the numerical form

is acceptable.

-OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation.

-The representation is written as a null terminated string to B<buf>

-at most B<buf_len> bytes are written, truncating the result if necessary.

-The total amount of space required is returned. If B<no_name> is 0 then

-if the object has a long or short name then that will be used, otherwise

-the numerical form will be used. If B<no_name> is 1 then the numerical

-form will always be used.

+OBJ_obj2txt() converts the B<ASN1_OBJECT> I<a> into a textual representation.

+Unless I<buf> is NULL,

+the representation is written as a NUL-terminated string to I<buf>, where

+at most I<buf_len> bytes are written, truncating the result if necessary.

+In any case it returns the total string length, excluding the NUL character,

+required for non-truncated representation, or -1 on error.

+If I<no_name> is 0 then if the object has a long or short name

+then that will be used, otherwise the numerical form will be used.

+If I<no_name> is 1 then the numerical form will always be used.

i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the I<no_name> set to zero.

@@ -141,6 +143,13 @@ on error.

OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return

a NID or B<NID_undef> on error.

+OBJ_add_sigid() returns 1 on success or 0 on error.

+i2t_ASN1_OBJECT() an OBJ_obj2txt() return -1 on error.

+On success, they return the length of the string written to I<buf> if I<buf> is

+not NULL and I<buf_len> is big enough, otherwise the total string length.

+Note that this does not count the trailing NUL character.

=head1 EXAMPLES

Create an object for B<commonName>:

@@ -161,15 +170,6 @@ Create a new object directly:

obj = OBJ_txt2obj("1.2.3.4", 1);

-=head1 BUGS

-OBJ_obj2txt() is awkward and messy to use: it doesn't follow the

-convention of other OpenSSL functions where the buffer can be set

-to B<NULL> to determine the amount of data that should be written.

-Instead B<buf> must point to a valid buffer and B<buf_len> should

-be set to a positive value. A buffer length of 80 should be more

-than enough to handle any OID encountered in practice.

=head1 SEE ALSO

L<ERR_get_error(3)>

@@ -181,7 +181,7 @@ and should not be used.

=head1 COPYRIGHT

Licensed under the OpenSSL license (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 900c4f3a5648..7f0e08868725 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod

@@ -434,7 +434,7 @@ B<SessionTicket>: session ticket support, enabled by default. Inverse of

B<SSL_OP_NO_TICKET>: that is B<-SessionTicket> is the same as setting

B<SSL_OP_NO_TICKET>.

-B<Compression>: SSL/TLS compression support, enabled by default. Inverse

+B<Compression>: SSL/TLS compression support, disabled by default. Inverse

of B<SSL_OP_NO_COMPRESSION>.

B<EmptyFragments>: use empty fragments as a countermeasure against a

@@ -694,7 +694,7 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1.

=head1 COPYRIGHT

Licensed under the OpenSSL license (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod
index aba7fff781e5..b8024dc4af66 100644
--- a/doc/man3/X509_STORE_CTX_new.pod
+++ b/doc/man3/X509_STORE_CTX_new.pod

@@ -11,7 +11,10 @@ X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted,

X509_STORE_CTX_get_num_untrusted,

X509_STORE_CTX_set_default,

X509_STORE_CTX_set_verify,

-X509_STORE_CTX_verify_fn

+X509_STORE_CTX_verify_fn,

+X509_STORE_CTX_set_purpose,

+X509_STORE_CTX_set_trust,

+X509_STORE_CTX_purpose_inherit

- X509_STORE_CTX initialisation

=head1 SYNOPSIS

@@ -44,6 +47,11 @@ X509_STORE_CTX_verify_fn

typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);

void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify);

+ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);

+ int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);

+ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,

+ int purpose, int trust);

=head1 DESCRIPTION

These functions initialise an B<X509_STORE_CTX> structure for subsequent use

@@ -120,6 +128,65 @@ following signature:

This function should receive the current X509_STORE_CTX as a parameter and

return 1 on success or 0 on failure.

+X509 certificates may contain information about what purposes keys contained

+within them can be used for. For example "TLS WWW Server Authentication" or

+"Email Protection". This "key usage" information is held internally to the

+certificate itself. In addition the trust store containing trusted certificates

+can declare what purposes we trust different certificates for. This "trust"

+information is not held within the certificate itself but is "meta" information

+held alongside it. This "meta" information is associated with the certificate

+after it is issued and could be determined by a system administrator. For

+example a certificate might declare that it is suitable for use for both

+"TLS WWW Server Authentication" and "TLS Client Authentication", but a system

+administrator might only trust it for the former. An X.509 certificate extension

+exists that can record extended key usage information to supplement the purpose

+information described above. This extended mechanism is arbitrarily extensible

+and not well suited for a generic library API; applications that need to

+validate extended key usage information in certifiates will need to define a

+custom "purpose" (see below) or supply a nondefault verification callback

+(L<X509_STORE_set_verify_cb_func(3)>).

+X509_STORE_CTX_set_purpose() sets the purpose for the target certificate being

+verified in the I<ctx>. Built-in available values for the I<purpose> argument

+are B<X509_PURPOSE_SSL_CLIENT>, B<X509_PURPOSE_SSL_SERVER>,

+B<X509_PURPOSE_NS_SSL_SERVER>, B<X509_PURPOSE_SMIME_SIGN>,

+B<X509_PURPOSE_SMIME_ENCRYPT>, B<X509_PURPOSE_CRL_SIGN>, B<X509_PURPOSE_ANY>,

+B<X509_PURPOSE_OCSP_HELPER> and B<X509_PURPOSE_TIMESTAMP_SIGN>. It is also

+possible to create a custom purpose value. Setting a purpose will ensure that

+the key usage declared within certificates in the chain being verified is

+consistent with that purpose as well as, potentially, other checks. Every

+purpose also has an associated default trust value which will also be set at the

+same time. During verification this trust setting will be verified to check it

+is consistent with the trust set by the system administrator for certificates in

+the chain.

+X509_STORE_CTX_set_trust() sets the trust value for the target certificate

+being verified in the I<ctx>. Built-in available values for the I<trust>

+argument are B<X509_TRUST_COMPAT>, B<X509_TRUST_SSL_CLIENT>,

+B<X509_TRUST_SSL_SERVER>, B<X509_TRUST_EMAIL>, B<X509_TRUST_OBJECT_SIGN>,

+B<X509_TRUST_OCSP_SIGN>, B<X509_TRUST_OCSP_REQUEST> and B<X509_TRUST_TSA>. It is

+also possible to create a custom trust value. Since X509_STORE_CTX_set_purpose()

+also sets the trust value it is normally sufficient to only call that function.

+If both are called then X509_STORE_CTX_set_trust() should be called after

+X509_STORE_CTX_set_purpose() since the trust setting of the last call will be

+used.

+It should not normally be necessary for end user applications to call

+X509_STORE_CTX_purpose_inherit() directly. Typically applications should call

+X509_STORE_CTX_set_purpose() or X509_STORE_CTX_set_trust() instead. Using this

+function it is possible to set the purpose and trust values for the I<ctx> at

+the same time. The I<def_purpose> and I<purpose> arguments can have the same

+purpose values as described for X509_STORE_CTX_set_purpose() above. The I<trust>

+argument can have the same trust values as described in

+X509_STORE_CTX_set_trust() above. Any of the I<def_purpose>, I<purpose> or

+I<trust> values may also have the value 0 to indicate that the supplied

+parameter should be ignored. After calling this function the purpose to be used

+for verification is set from the I<purpose> argument, and the trust is set from

+the I<trust> argument. If I<trust> is 0 then the trust value will be set from

+the default trust value for I<purpose>. If the default trust value for the

+purpose is I<X509_TRUST_DEFAULT> and I<trust> is 0 then the default trust value

+associated with the I<def_purpose> value is used for the trust setting instead.

=head1 NOTES

The certificates and CRLs in a store are used internally and should B<not>

@@ -164,7 +231,7 @@ The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0.

=head1 COPYRIGHT

Licensed under the OpenSSL license (the "License"). You may not use

this file except in compliance with the License. You can obtain a copy

diff --git a/include/internal/sockets.h b/include/internal/sockets.h
index 39186efef207..4fc1aecdbb20 100644
--- a/include/internal/sockets.h
+++ b/include/internal/sockets.h

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -30,6 +30,8 @@

# include <sys/un.h>

# include <tcp.h>

# include <netdb.h>

+# include <arpa/inet.h>

+# include <netinet/tcp.h>

# elif defined(_WIN32_WCE) && _WIN32_WCE<410

# define getservbyname _masked_declaration_getservbyname

# endif

diff --git a/include/openssl/engine.h b/include/openssl/engine.h
index 0780f0fb5f32..d707eaeb6ee3 100644
--- a/include/openssl/engine.h
+++ b/include/openssl/engine.h

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

@@ -722,6 +722,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,

CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \

fns->mem_fns.realloc_fn, \

fns->mem_fns.free_fn); \

+ OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \

skip_cbs: \

if (!fn(e, id)) return 0; \

return 1; }

diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index eb812ed18dcc..53516a06c69b 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h

@@ -2,7 +2,7 @@

* WARNING: do not edit!

* Generated by crypto/objects/objects.pl

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

* in the file LICENSE in the source distribution or at

diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index 261d7cb326cb..c48626447036 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h

@@ -39,8 +39,8 @@ extern "C" {

* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for

* major minor fix final patch/beta)

-# define OPENSSL_VERSION_NUMBER 0x101010dfL

-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1m 14 Dec 2021"

+# define OPENSSL_VERSION_NUMBER 0x101010efL

+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n 15 Mar 2022"

/*-

* The macros below are to be used for shared library (.so, .dll, ...)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b256a4b93503..e4cf007f82a5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -1,5 +1,5 @@

@@ -2171,7 +2171,7 @@ static SSL_CIPHER ssl3_ciphers[] = {

TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,

TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,

TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,

- SSL_kEDH,

+ SSL_kDHE,

SSL_aDSS,

SSL_CAMELLIA128,

SSL_SHA256,

@@ -2187,7 +2187,7 @@ static SSL_CIPHER ssl3_ciphers[] = {

TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,

TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,

TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,

- SSL_kEDH,

+ SSL_kDHE,

SSL_aRSA,

SSL_CAMELLIA128,

SSL_SHA256,

@@ -2203,7 +2203,7 @@ static SSL_CIPHER ssl3_ciphers[] = {

TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,

TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,

TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,

- SSL_kEDH,

+ SSL_kDHE,

SSL_aNULL,

SSL_CAMELLIA128,

SSL_SHA256,

@@ -2235,7 +2235,7 @@ static SSL_CIPHER ssl3_ciphers[] = {

TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,

TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,

TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,

- SSL_kEDH,

+ SSL_kDHE,

SSL_aDSS,

SSL_CAMELLIA256,

SSL_SHA256,

@@ -2251,7 +2251,7 @@ static SSL_CIPHER ssl3_ciphers[] = {

TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,

TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,

TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,

- SSL_kEDH,

+ SSL_kDHE,

SSL_aRSA,

SSL_CAMELLIA256,

SSL_SHA256,

@@ -2267,7 +2267,7 @@ static SSL_CIPHER ssl3_ciphers[] = {

TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,

TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,

TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,

- SSL_kEDH,

+ SSL_kDHE,

SSL_aNULL,

SSL_CAMELLIA256,

SSL_SHA256,

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index e7feda81d046..eba96b207eee 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -1,5 +1,5 @@

* Licensed under the OpenSSL license (the "License"). You may not use

@@ -901,7 +901,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,

int op, int bits, int nid, void *other,

void *ex)

{

- int level, minbits;

+ int level, minbits, pfs_mask;

minbits = ssl_get_security_level_bits(s, ctx, &level);

@@ -936,8 +936,9 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,

if (level >= 2 && c->algorithm_enc == SSL_RC4)

return 0;

/* Level 3: forward secure ciphersuites only */

+ pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;

if (level >= 3 && c->min_tls != TLS1_3_VERSION &&

- !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))

+ !(c->algorithm_mkey & pfs_mask))

return 0;

break;

}