aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorEnji Cooper <ngie@FreeBSD.org>2026-04-07 22:39:14 +0000
committerEnji Cooper <ngie@FreeBSD.org>2026-04-07 22:39:14 +0000
commita8688e45ec5509793681275a8631726fdeb5663a (patch)
tree4782308649778cde79e7f2b8f0c18533a2470c24 /crypto
parent677808048e318ef0c4ad69c0c2cc8d82167bffbe (diff)
vendors/openssl/3.0.20vendor/openssl/3.0.20vendor/openssl-3.0
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/evp_asn1.c4
-rw-r--r--crypto/asn1/n_pkey.c4
-rw-r--r--crypto/asn1/p5_scrypt.c11
-rw-r--r--crypto/bf/bf_cfb64.c4
-rw-r--r--crypto/bf/bf_ofb64.c4
-rw-r--r--crypto/bio/bss_file.c15
-rw-r--r--crypto/bn/asm/armv4-gf2m.pl4
-rw-r--r--crypto/bn/asm/sparcv9-mont.pl4
-rw-r--r--crypto/bn/bn_dh.c64
-rw-r--r--crypto/bn/bn_exp.c34
-rw-r--r--crypto/bn/bn_local.h4
-rw-r--r--crypto/bn/bn_mont.c9
-rw-r--r--crypto/bn/bn_ppc.c6
-rw-r--r--crypto/bn/bn_prime.c4
-rw-r--r--crypto/bn/bn_rsa_fips186_4.c4
-rw-r--r--crypto/bn/bn_sparc.c16
-rw-r--r--crypto/bsearch.c4
-rw-r--r--crypto/cast/c_cfb64.c4
-rw-r--r--crypto/cast/c_ofb64.c4
-rw-r--r--crypto/cms/cms_asn1.c30
-rw-r--r--crypto/cms/cms_dh.c15
-rw-r--r--crypto/cms/cms_ec.c16
-rw-r--r--crypto/cms/cms_local.h5
-rw-r--r--crypto/cms/cms_rsa.c33
-rw-r--r--crypto/cms/cms_smime.c6
-rw-r--r--crypto/conf/conf_lib.c4
-rw-r--r--crypto/conf/conf_mod.c4
-rw-r--r--crypto/des/cfb64ede.c4
-rw-r--r--crypto/des/cfb64enc.c4
-rw-r--r--crypto/des/ofb64ede.c4
-rw-r--r--crypto/des/ofb64enc.c4
-rw-r--r--crypto/dh/dh_asn1.c7
-rw-r--r--crypto/dh/dh_rfc5114.c6
-rw-r--r--crypto/dsa/dsa_asn1.c8
-rw-r--r--crypto/ec/ec_asn1.c12
-rw-r--r--crypto/ec/ec_check.c4
-rw-r--r--crypto/ec/ec_lib.c4
-rw-r--r--crypto/err/err_all.c6
-rw-r--r--crypto/ess/ess_asn1.c8
-rw-r--r--crypto/evp/digest.c7
-rw-r--r--crypto/evp/e_aes.c56
-rw-r--r--crypto/evp/e_aria.c22
-rw-r--r--crypto/evp/e_camellia.c22
-rw-r--r--crypto/evp/e_des.c18
-rw-r--r--crypto/evp/e_des3.c24
-rw-r--r--crypto/evp/e_idea.c6
-rw-r--r--crypto/evp/evp_enc.c10
-rw-r--r--crypto/http/http_client.c8
-rw-r--r--crypto/http/http_lib.c8
-rw-r--r--crypto/idea/i_cfb64.c3
-rw-r--r--crypto/idea/i_ofb64.c3
-rw-r--r--crypto/init.c7
-rw-r--r--crypto/modes/asm/ghash-armv4.pl4
-rw-r--r--crypto/o_str.c17
-rw-r--r--crypto/param_build.c96
-rwxr-xr-xcrypto/perlasm/x86_64-xlate.pl5
-rw-r--r--crypto/pkcs12/p12_utl.c4
-rw-r--r--crypto/pkcs7/pk7_doit.c8
-rw-r--r--crypto/pkcs7/pk7_lib.c9
-rw-r--r--crypto/punycode.c4
-rw-r--r--crypto/rand/rand_egd.c25
-rw-r--r--crypto/rc2/rc2cfb64.c4
-rw-r--r--crypto/rc2/rc2ofb64.c4
-rw-r--r--crypto/rc5/rc5cfb64.c4
-rw-r--r--crypto/rc5/rc5ofb64.c4
-rwxr-xr-xcrypto/sha/asm/keccak1600-s390x.pl3
-rw-r--r--crypto/ts/ts_asn1.c14
-rw-r--r--crypto/x509/pcy_tree.c14
-rw-r--r--crypto/x509/v3_cpols.c4
-rw-r--r--crypto/x509/v3_prn.c6
-rw-r--r--crypto/x509/v3_san.c5
-rw-r--r--crypto/x509/v3_utl.c7
-rw-r--r--crypto/x509/x509_vfy.c7
-rw-r--r--crypto/x509/x_pubkey.c4
74 files changed, 512 insertions, 321 deletions
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index caa079fad0ec..2d50dc657bac 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -95,7 +95,7 @@ ASN1_SEQUENCE(asn1_int_oct) = {
ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(asn1_int_oct)
- DECLARE_ASN1_ITEM(asn1_int_oct)
+DECLARE_ASN1_ITEM(asn1_int_oct)
int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
int len)
@@ -158,7 +158,7 @@ ASN1_SEQUENCE(asn1_oct_int) = {
ASN1_EMBED(asn1_oct_int, num, INT32)
} static_ASN1_SEQUENCE_END(asn1_oct_int)
- DECLARE_ASN1_ITEM(asn1_oct_int)
+DECLARE_ASN1_ITEM(asn1_oct_int)
int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
unsigned char *data, int len)
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 7b70d6c7a0cf..47f3a9802f82 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -52,6 +52,6 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
- DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_PKEY, NETSCAPE_PKEY)
IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY)
diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index 613bf645b17d..5757ed046645 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -44,7 +44,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
uint64_t p)
{
X509_ALGOR *scheme = NULL, *ret = NULL;
- int alg_nid;
+ int alg_nid, ivlen;
size_t keylen = 0;
EVP_CIPHER_CTX *ctx = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -79,10 +79,11 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
goto merr;
/* Create random IV */
- if (EVP_CIPHER_get_iv_length(cipher)) {
+ ivlen = EVP_CIPHER_get_iv_length(cipher);
+ if (ivlen > 0) {
if (aiv)
- memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher));
- else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0)
+ memcpy(iv, aiv, ivlen);
+ else if (RAND_bytes(iv, ivlen) <= 0)
goto err;
}
diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
index e380972dbdc9..f2d42eefba80 100644
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num, int encrypt)
{
register BF_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
BF_LONG ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
index 5c9193add17e..2cd339dd27eb 100644
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num)
{
register BF_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index 54c04b989b6a..1c65d827ff0e 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -202,8 +202,19 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_INFO:
if (b->flags & BIO_FLAGS_UPLINK_INTERNAL)
ret = UP_ftell(b->ptr);
- else
+ else {
+#if defined(OPENSSL_SYS_WINDOWS)
+ /*
+ * On Windows, for non-seekable files (stdin), ftell() is undefined.
+ */
+ if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK)
+ ret = -1;
+ else
+ ret = ftell(fp);
+#else
ret = ftell(fp);
+#endif
+ }
break;
case BIO_C_SET_FILE_PTR:
file_free(b);
diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
index d380c89f1f2b..77819595ab00 100644
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -37,7 +37,7 @@
# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
# Polynomial Multiplication on ARM Processors using the NEON Engine.
#
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
# $output is the last argument if it looks like a file (it has an extension)
# $flavour is the first argument if it doesn't look like a file
diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl
index fe51fcaf81c7..d438af562648 100644
--- a/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/bn/asm/sparcv9-mont.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -394,11 +394,11 @@ $code.=<<___;
mulx $car1,$mul1,$car1
mulx $npj,$mul1,$acc1
+ add $tmp1,$car0,$car0
add $tmp0,$car1,$car1
and $car0,$mask,$acc0
ld [$np+8],$npj ! np[2]
srlx $car1,32,$car1
- add $tmp1,$car1,$car1
srlx $car0,32,$car0
add $acc0,$car1,$car1
and $car0,1,$sbit
diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c
index 542c33d6a8d7..d069481e981b 100644
--- a/crypto/bn/bn_dh.c
+++ b/crypto/bn/bn_dh.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -14,7 +14,7 @@
#include "crypto/bn_dh.h"
#if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
#else
#define BN_DEF(lo, hi) lo, hi
#endif
@@ -1387,37 +1387,37 @@ const BIGNUM ossl_bignum_const_2 = {
};
make_dh_bn(dh1024_160_p)
- make_dh_bn(dh1024_160_q)
- make_dh_bn(dh1024_160_g)
- make_dh_bn(dh2048_224_p)
- make_dh_bn(dh2048_224_q)
- make_dh_bn(dh2048_224_g)
- make_dh_bn(dh2048_256_p)
- make_dh_bn(dh2048_256_q)
- make_dh_bn(dh2048_256_g)
+make_dh_bn(dh1024_160_q)
+make_dh_bn(dh1024_160_g)
+make_dh_bn(dh2048_224_p)
+make_dh_bn(dh2048_224_q)
+make_dh_bn(dh2048_224_g)
+make_dh_bn(dh2048_256_p)
+make_dh_bn(dh2048_256_q)
+make_dh_bn(dh2048_256_g)
- make_dh_bn(ffdhe2048_p)
- make_dh_bn(ffdhe2048_q)
- make_dh_bn(ffdhe3072_p)
- make_dh_bn(ffdhe3072_q)
- make_dh_bn(ffdhe4096_p)
- make_dh_bn(ffdhe4096_q)
- make_dh_bn(ffdhe6144_p)
- make_dh_bn(ffdhe6144_q)
- make_dh_bn(ffdhe8192_p)
- make_dh_bn(ffdhe8192_q)
+make_dh_bn(ffdhe2048_p)
+make_dh_bn(ffdhe2048_q)
+make_dh_bn(ffdhe3072_p)
+make_dh_bn(ffdhe3072_q)
+make_dh_bn(ffdhe4096_p)
+make_dh_bn(ffdhe4096_q)
+make_dh_bn(ffdhe6144_p)
+make_dh_bn(ffdhe6144_q)
+make_dh_bn(ffdhe8192_p)
+make_dh_bn(ffdhe8192_q)
#ifndef FIPS_MODULE
- make_dh_bn(modp_1536_p)
- make_dh_bn(modp_1536_q)
+make_dh_bn(modp_1536_p)
+make_dh_bn(modp_1536_q)
#endif
- make_dh_bn(modp_2048_p)
- make_dh_bn(modp_2048_q)
- make_dh_bn(modp_3072_p)
- make_dh_bn(modp_3072_q)
- make_dh_bn(modp_4096_p)
- make_dh_bn(modp_4096_q)
- make_dh_bn(modp_6144_p)
- make_dh_bn(modp_6144_q)
- make_dh_bn(modp_8192_p)
- make_dh_bn(modp_8192_q)
+make_dh_bn(modp_2048_p)
+make_dh_bn(modp_2048_q)
+make_dh_bn(modp_3072_p)
+make_dh_bn(modp_3072_q)
+make_dh_bn(modp_4096_p)
+make_dh_bn(modp_4096_q)
+make_dh_bn(modp_6144_p)
+make_dh_bn(modp_6144_q)
+make_dh_bn(modp_8192_p)
+make_dh_bn(modp_8192_q)
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 968573ae5824..1d2c971b85f5 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -771,16 +771,16 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
- int bn_pwr5_mont_t4_8(BN_ULONG * tp, const BN_ULONG *np,
+ int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
- int bn_pwr5_mont_t4_16(BN_ULONG * tp, const BN_ULONG *np,
+ int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
- int bn_pwr5_mont_t4_24(BN_ULONG * tp, const BN_ULONG *np,
+ int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
- int bn_pwr5_mont_t4_32(BN_ULONG * tp, const BN_ULONG *np,
+ int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
const BN_ULONG *n0, const void *table,
int power, int bits);
static const bn_pwr5_mont_f pwr5_funcs[4] = {
@@ -792,15 +792,15 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap, const void *bp,
+ int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
const BN_ULONG *np, const BN_ULONG *n0);
- int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0);
static const bn_mul_mont_f mul_funcs[4] = {
@@ -809,20 +809,20 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
};
bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
- void bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
- void bn_mul_mont_t4(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
const void *bp, const BN_ULONG *np,
const BN_ULONG *n0, int num);
- void bn_mul_mont_gather5_t4(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
void *table, size_t power);
- void bn_gather5_t4(BN_ULONG * out, size_t num,
+ void bn_gather5_t4(BN_ULONG *out, size_t num,
void *table, size_t power);
- void bn_flip_t4(BN_ULONG * dst, BN_ULONG * src, size_t num);
+ void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
BN_ULONG *np = mont->N.d, *n0 = mont->n0;
int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
@@ -922,13 +922,13 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
* Given those inputs, |bn_mul_mont| may not give reduced
* output, but it will still produce "almost" reduced output.
*/
- void bn_mul_mont_gather5(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
void bn_scatter5(const BN_ULONG *inp, size_t num,
void *table, size_t power);
- void bn_gather5(BN_ULONG * out, size_t num, void *table, size_t power);
- void bn_power5(BN_ULONG * rp, const BN_ULONG *ap,
+ void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+ void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
int bn_get_bits5(const BN_ULONG *ap, int off);
diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h
index 14731bb074ce..144b9bc66d88 100644
--- a/crypto/bn/bn_local.h
+++ b/crypto/bn/bn_local.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -384,7 +384,7 @@ struct bn_gencb_st {
#elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
#if defined(__DECC)
#include <c_asm.h>
-#define BN_UMULT_HIGH(a, b) (BN_ULONG) asm("umulh %a0,%a1,%v0", (a), (b))
+#define BN_UMULT_HIGH(a, b) (BN_ULONG)asm("umulh %a0,%a1,%v0", (a), (b))
#elif defined(__GNUC__) && __GNUC__ >= 2
#define BN_UMULT_HIGH(a, b) ({ \
register BN_ULONG ret; \
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 198ebf3353b4..303f946301d6 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -8,10 +8,9 @@
*/
/*
- * Details about Montgomery multiplication algorithms can be found at
- * http://security.ece.orst.edu/publications.html, e.g.
- * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
- * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ * Details about Montgomery multiplication algorithms can be found in
+ * https://www.microsoft.com/en-us/research/wp-content/uploads/1996/01/j37acmon.pdf
+ * and https://cetinkayakoc.net/docs/r01.pdf
*/
#include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
index 0b419bf1234a..31ba308eb247 100644
--- a/crypto/bn/bn_ppc.c
+++ b/crypto/bn/bn_ppc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -15,9 +15,9 @@
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num)
{
- int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
- int bn_mul4x_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
if (num < 4)
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 28d3b2a5ffcd..91ddd83d6ed9 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -30,7 +30,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
#define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x))
#if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
#else
#define BN_DEF(lo, hi) lo, hi
#endif
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index 8f717f04c804..9980f8d08d70 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -29,7 +29,7 @@
#include "internal/nelem.h"
#if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
#else
#define BN_DEF(lo, hi) lo, hi
#endif
diff --git a/crypto/bn/bn_sparc.c b/crypto/bn/bn_sparc.c
index a236e42dfae9..7c902191d773 100644
--- a/crypto/bn/bn_sparc.c
+++ b/crypto/bn/bn_sparc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -16,11 +16,11 @@
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num)
{
- int bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
- int bn_mul_mont_fpu(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
- int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
if (!(num & 1) && num >= 6) {
@@ -29,16 +29,16 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *bp,
const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
- int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
+ int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp, const BN_ULONG *np,
const BN_ULONG *n0);
static const bn_mul_mont_f funcs[4] = {
diff --git a/crypto/bsearch.c b/crypto/bsearch.c
index 192ccbeb916f..c2ab0b812595 100644
--- a/crypto/bsearch.c
+++ b/crypto/bsearch.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -23,7 +23,7 @@ const void *ossl_bsearch(const void *key, const void *base, int num,
l = 0;
h = num;
while (l < h) {
- i = (l + h) / 2;
+ i = l + (h - l) / 2;
p = &(base_[i * size]);
c = (*cmp)(key, p);
if (c < 0)
diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
index 4170f77a78eb..3de52f56af46 100644
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num, int enc)
{
register CAST_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
CAST_LONG ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c
index 431446ab5fb7..dbd6e02729d2 100644
--- a/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num)
{
register CAST_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index a920f22d0d94..3d420974b2bd 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -23,7 +23,7 @@ ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
- ASN1_CHOICE(CMS_CertificateChoices)
+ASN1_CHOICE(CMS_CertificateChoices)
= { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) } ASN1_CHOICE_END(CMS_CertificateChoices)
ASN1_CHOICE(CMS_SignerIdentifier) = {
@@ -31,11 +31,11 @@ ASN1_CHOICE(CMS_SignerIdentifier) = {
ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
- ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
= { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) } static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
- /* Minor tweak to operation: free up signer key, cert */
- static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
if (operation == ASN1_OP_FREE_POST) {
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
@@ -62,7 +62,7 @@ ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
- ASN1_CHOICE(CMS_RevocationInfoChoice)
+ASN1_CHOICE(CMS_RevocationInfoChoice)
= { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
@@ -79,7 +79,7 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = {
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
- static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval;
@@ -117,7 +117,7 @@ ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
- static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
if (operation == ASN1_OP_FREE_POST) {
@@ -142,7 +142,7 @@ ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
- static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
if (operation == ASN1_OP_NEW_POST) {
@@ -172,7 +172,7 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
- ASN1_SEQUENCE(CMS_KEKRecipientInfo)
+ASN1_SEQUENCE(CMS_KEKRecipientInfo)
= { ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
@@ -187,8 +187,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
- /* Free up RecipientInfo additional data */
- static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
{
if (operation == ASN1_OP_FREE_PRE) {
CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
@@ -260,7 +260,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
- ASN1_NDEF_SEQUENCE(CMS_CompressedData)
+ASN1_NDEF_SEQUENCE(CMS_CompressedData)
= {
ASN1_EMBED(CMS_CompressedData, version, INT32),
ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
@@ -346,7 +346,7 @@ ASN1_CHOICE(CMS_ReceiptsFrom) = {
ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
- ASN1_SEQUENCE(CMS_ReceiptRequest)
+ASN1_SEQUENCE(CMS_ReceiptRequest)
= { ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
ASN1_SEQUENCE(CMS_Receipt) = {
@@ -373,7 +373,7 @@ ASN1_SEQUENCE(CMS_SharedInfo) = {
ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
- int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
{
union {
CMS_SharedInfo *pecsi;
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index a77b3304aa47..605c18ab28f2 100644
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -88,16 +88,21 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
int keylen, plen;
EVP_CIPHER *kekcipher = NULL;
EVP_CIPHER_CTX *kekctx;
+ const ASN1_OBJECT *aoid;
+ const void *parameter = NULL;
+ int ptype = 0;
char name[OSSL_MAX_NAME_SIZE];
if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
goto err;
+ X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
+
/*
* For DH we only have one OID permissible. If ever any more get defined
* we will need something cleverer.
*/
- if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
+ if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) {
ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
goto err;
}
@@ -106,11 +111,11 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
|| EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
goto err;
- if (alg->parameter->type != V_ASN1_SEQUENCE)
+ if (ptype != V_ASN1_SEQUENCE)
goto err;
- p = alg->parameter->value.sequence->data;
- plen = alg->parameter->value.sequence->length;
+ p = ASN1_STRING_get0_data(parameter);
+ plen = ASN1_STRING_length(parameter);
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
if (kekalg == NULL)
goto err;
diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
index 5b0984f09a60..f0b51f497c30 100644
--- a/crypto/cms/cms_ec.c
+++ b/crypto/cms/cms_ec.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -165,21 +165,27 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
int plen, keylen;
EVP_CIPHER *kekcipher = NULL;
EVP_CIPHER_CTX *kekctx;
+ const ASN1_OBJECT *aoid = NULL;
+ int ptype = 0;
+ const void *parameter = NULL;
+
char name[OSSL_MAX_NAME_SIZE];
if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
return 0;
- if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
+ X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
+
+ if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) {
ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
return 0;
}
- if (alg->parameter->type != V_ASN1_SEQUENCE)
+ if (ptype != V_ASN1_SEQUENCE)
return 0;
- p = alg->parameter->value.sequence->data;
- plen = alg->parameter->value.sequence->length;
+ p = ASN1_STRING_get0_data(parameter);
+ plen = ASN1_STRING_length(parameter);
kekalg = d2i_X509_ALGOR(NULL, &p, plen);
if (kekalg == NULL)
goto err;
diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h
index dbf71c50ec84..a92a67fa8b24 100644
--- a/crypto/cms/cms_local.h
+++ b/crypto/cms/cms_local.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,8 +37,7 @@ typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
-typedef struct CMS_KeyAgreeRecipientIdentifier_st
- CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index d31e8c5e5573..581e2c29f551 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
X509_ALGOR *cmsalg;
int nid;
int rv = -1;
- unsigned char *label = NULL;
+ const unsigned char *label = NULL;
int labellen = 0;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_OAEP_PARAMS *oaep;
+ const ASN1_OBJECT *aoid;
+ const void *parameter = NULL;
+ int ptype = 0;
pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (pkctx == NULL)
@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
goto err;
if (oaep->pSourceFunc != NULL) {
- X509_ALGOR *plab = oaep->pSourceFunc;
+ X509_ALGOR_get0(&aoid, &ptype, &parameter, oaep->pSourceFunc);
- if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
+ if (OBJ_obj2nid(aoid) != NID_pSpecified) {
ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
goto err;
}
- if (plab->parameter->type != V_ASN1_OCTET_STRING) {
+ if (ptype != V_ASN1_OCTET_STRING) {
ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
goto err;
}
- label = plab->parameter->value.octet_string->data;
- /* Stop label being freed when OAEP parameters are freed */
- plab->parameter->value.octet_string->data = NULL;
- labellen = plab->parameter->value.octet_string->length;
+ label = ASN1_STRING_get0_data(parameter);
+ labellen = ASN1_STRING_length(parameter);
}
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
- if (label != NULL
- && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
- OPENSSL_free(label);
- goto err;
+ if (label != NULL) {
+ unsigned char *dup_label = OPENSSL_memdup(label, labellen);
+
+ if (dup_label == NULL)
+ goto err;
+
+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
+ OPENSSL_free(dup_label);
+ goto err;
+ }
}
/* Carry on */
rv = 1;
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 8f095ecf31a8..b03cfb64c954 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -467,8 +467,10 @@ err:
} else {
if (dcont && (tmpin == dcont))
do_free_upto(cmsbio, dcont);
- else
+ else if (cmsbio != NULL)
BIO_free_all(cmsbio);
+ else
+ BIO_free(tmpin);
}
if (out != tmpout)
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 35a64ca627d5..caeb1dce24fd 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -313,7 +313,7 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
return NULL;
}
ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE,
- "group=%s name=%s", group, name);
+ "group=%s name=%s", group != NULL ? group : "", name);
return NULL;
}
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 7b6b04edba21..59a9846cc2c5 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -373,7 +373,7 @@ static CONF_MODULE *module_find(const char *name)
{
CONF_MODULE *tmod;
int i, nchar;
- char *p;
+ const char *p;
p = strrchr(name, '.');
if (p)
diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
index 26613a05fe8a..b73c805f1810 100644
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -28,7 +28,7 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
{
register DES_LONG v0, v1;
register long l = length;
- register int n = *num;
+ register int n = *num & 0x07;
DES_LONG ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
index 3ddd6819e2ed..c27400a97987 100644
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
{
register DES_LONG v0, v1;
register long l = length;
- register int n = *num;
+ register int n = *num & 0x07;
DES_LONG ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
index b0f9f0441cfb..c3bb7d7e1b36 100644
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
DES_key_schedule *k3, DES_cblock *ivec, int *num)
{
register DES_LONG v0, v1;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
DES_cblock d;
register char *dp;
diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
index df4e2077e96c..84b99d9d8ff7 100644
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -25,7 +25,7 @@ void DES_ofb64_encrypt(register const unsigned char *in,
DES_key_schedule *schedule, DES_cblock *ivec, int *num)
{
register DES_LONG v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
DES_cblock d;
register unsigned char *dp;
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index af78e2e84bf8..10bcdd2253f3 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -76,7 +76,7 @@ ASN1_SEQUENCE(DHvparams) = {
ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
- ASN1_SEQUENCE(DHxparams)
+ASN1_SEQUENCE(DHxparams)
= {
ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
@@ -85,8 +85,7 @@ ASN1_SEQUENCE(DHvparams) = {
ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
- int_dhx942_dh
- * d2i_int_dhx(int_dhx942_dh * *a, const unsigned char **pp, long length);
+int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, const unsigned char **pp, long length);
int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(int_dhx942_dh, DHxparams, int_dhx)
diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c
index 366776ce4ee3..67a9198a7071 100644
--- a/crypto/dh/dh_rfc5114.c
+++ b/crypto/dh/dh_rfc5114.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -43,5 +43,5 @@
}
make_dh(1024_160)
- make_dh(2048_224)
- make_dh(2048_256)
+make_dh(2048_224)
+make_dh(2048_256)
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 3366610a9fdc..9ebc7cc2596d 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,7 +47,7 @@ ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
ASN1_SIMPLE(DSA, params.p, BIGNUM),
@@ -55,7 +55,7 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
ASN1_SIMPLE(DSA, params.g, BIGNUM),
} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
ASN1_SIMPLE(DSA, pub_key, BIGNUM),
@@ -64,7 +64,7 @@ ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
ASN1_SIMPLE(DSA, params.g, BIGNUM)
} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
DSA *DSAparams_dup(const DSA *dsa)
{
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 350392a7393a..936b24ecea51 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -104,7 +104,7 @@ ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
- DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
@@ -121,7 +121,7 @@ ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
- DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
@@ -136,10 +136,10 @@ ASN1_SEQUENCE(X9_62_FIELDID) = {
ASN1_ADB_OBJECT(X9_62_FIELDID)
} static_ASN1_SEQUENCE_END(X9_62_FIELDID)
- ASN1_SEQUENCE(X9_62_CURVE)
+ASN1_SEQUENCE(X9_62_CURVE)
= { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(X9_62_CURVE)
- ASN1_SEQUENCE(ECPARAMETERS)
+ASN1_SEQUENCE(ECPARAMETERS)
= { ASN1_EMBED(ECPARAMETERS, version, INT32), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS)
DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
@@ -162,7 +162,7 @@ ASN1_SEQUENCE(EC_PRIVATEKEY) = {
ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
- DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
+DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY)
IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY)
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index 426b1550f7a7..fc9be4189692 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -50,7 +50,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
* ECC domain parameter validation.
* See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
*/
- return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0;
+ return EC_GROUP_check_named_curve(group, 1, ctx) > 0 ? 1 : 0;
#else
int ret = 0;
const BIGNUM *order;
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index dba8e92d843b..b59f180c3da8 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -174,6 +174,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
dest->libctx = src->libctx;
dest->curve_name = src->curve_name;
+ EC_pre_comp_free(dest);
+
/* Copy precomputed */
dest->pre_comp_type = src->pre_comp_type;
switch (src->pre_comp_type) {
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 4884e1fee74f..4f7154668d79 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -40,6 +40,7 @@
#include "crypto/cmperr.h"
#include "crypto/cterr.h"
#include "crypto/asyncerr.h"
+#include "crypto/sm2err.h"
#include "crypto/storeerr.h"
#include "crypto/esserr.h"
#include "internal/propertyerr.h"
@@ -102,6 +103,9 @@ int ossl_err_load_crypto_strings(void)
#endif
|| ossl_err_load_ESS_strings() == 0
|| ossl_err_load_ASYNC_strings() == 0
+#ifndef OPENSSL_NO_SM2
+ || ossl_err_load_SM2_strings() == 0
+#endif
|| ossl_err_load_OSSL_STORE_strings() == 0
|| ossl_err_load_PROP_strings() == 0
|| ossl_err_load_PROV_strings() == 0
diff --git a/crypto/ess/ess_asn1.c b/crypto/ess/ess_asn1.c
index 297f2cead02a..d02076fabc5a 100644
--- a/crypto/ess/ess_asn1.c
+++ b/crypto/ess/ess_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,7 +21,7 @@ ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
} static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
- IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
ASN1_SEQUENCE(ESS_CERT_ID) = {
@@ -29,7 +29,7 @@ ASN1_SEQUENCE(ESS_CERT_ID) = {
ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID)
- IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
@@ -46,7 +46,7 @@ ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
- IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 876dcefa69c9..c81cb5a42400 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -792,8 +792,9 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
if (pctx != NULL
&& (pctx->operation == EVP_PKEY_OP_VERIFYCTX
|| pctx->operation == EVP_PKEY_OP_SIGNCTX)
- && pctx->op.sig.algctx != NULL
- && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
+ && pctx->op.sig.signature != NULL
+ && pctx->op.sig.signature->gettable_ctx_md_params != NULL
+ && pctx->op.sig.algctx != NULL)
return pctx->op.sig.signature->gettable_ctx_md_params(
pctx->op.sig.algctx);
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index ccd0e4284b27..f7b6ffbb43c1 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2307,14 +2307,14 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
#endif
-#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
@@ -2553,10 +2553,10 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
- BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
- BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
+BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
+BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
- static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
{
EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, c);
if (gctx == NULL)
@@ -3090,12 +3090,12 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c);
@@ -3274,9 +3274,9 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
| EVP_CIPH_CUSTOM_COPY)
BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
- static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
{
EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, c);
switch (type) {
@@ -3546,12 +3546,12 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- typedef struct {
+typedef struct {
union {
OSSL_UNION_ALIGN;
AES_KEY ks;
@@ -4034,8 +4034,8 @@ static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
- BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
+ EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
#endif /* OPENSSL_NO_OCB */
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index 724e57fd2065..4bfb10926659 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -194,13 +194,13 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
- BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
- BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
- /* Authenticated cipher modes (GCM/CCM) */
+/* Authenticated cipher modes (GCM/CCM) */
- /* increment counter (64-bit int) by 1 */
- static void ctr64_inc(unsigned char *counter)
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
{
int n = 8;
unsigned char c;
@@ -782,11 +782,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0)
- BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
- BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
- BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
- BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
- BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
#endif
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index c994bb395d8f..babc4f18f3be 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -183,14 +183,14 @@ static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#endif
-#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \
+ BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
/* The subkey for Camellia is generated. */
static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -347,5 +347,5 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
- BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
- BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
+BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
+BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index 71c24353ed3e..8c31b51154e1 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -196,16 +196,16 @@ BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
EVP_CIPH_RAND_KEY, des_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
- BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
- EVP_CIPH_RAND_KEY, des_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
+ EVP_CIPH_RAND_KEY, des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
- BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
- EVP_CIPH_RAND_KEY, des_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
+ EVP_CIPH_RAND_KEY, des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
- static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index b30489d5e0e6..2df6eaf2c2ca 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -209,20 +209,20 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
#define des_ede3_ofb_cipher des_ede_ofb_cipher
#define des_ede3_cbc_cipher des_ede_cbc_cipher
#define des_ede3_ecb_cipher des_ede_ecb_cipher
- BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
- BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
- BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
- static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
{
DES_cblock *deskey = (DES_cblock *)key;
DES_EDE_KEY *dat = data(ctx);
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index 0371094fe3bb..6f4f05842f87 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -54,8 +54,8 @@ BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
0, idea_init_key, NULL,
EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
- static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
{
if (!enc) {
if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 2bb53561e48c..bd370e37252e 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -651,6 +651,11 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
size_t soutl, inl_ = (size_t)inl;
int blocksize;
+ if (inl < 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+ return 0;
+ }
+
if (outl != NULL) {
*outl = 0;
} else {
@@ -800,6 +805,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
size_t soutl, inl_ = (size_t)inl;
int blocksize;
+ if (inl < 0) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+ return 0;
+ }
+
if (outl != NULL) {
*outl = 0;
} else {
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 6ff8a92c0e92..615df58a80a2 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Siemens AG 2018-2020
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -1329,7 +1329,11 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
}
BIO_push(fbio, bio);
- BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
+ /* Add square brackets around a naked IPv6 address */
+ if (server[0] != '[' && strchr(server, ':') != NULL)
+ BIO_printf(fbio, "CONNECT [%s]:%s " HTTP_1_0 "\r\n", server, port);
+ else
+ BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
/*
* Workaround for broken proxies which would otherwise close
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 171cbb1b47a5..8a5f1e3f32b1 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -55,6 +55,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
char **ppath, char **pquery, char **pfrag)
{
const char *p, *tmp;
+ const char *authority_end;
const char *scheme, *scheme_end;
const char *user, *user_end;
const char *host, *host_end;
@@ -92,7 +93,10 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
/* parse optional "userinfo@" */
user = user_end = host = p;
- host = strchr(p, '@');
+ authority_end = strpbrk(p, "/?#");
+ if (authority_end == NULL)
+ authority_end = p + strlen(p);
+ host = memchr(p, '@', authority_end - p);
if (host != NULL)
user_end = host++;
else
diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index c8ed3853285a..9e95ed7323fe 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -37,6 +37,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
*num = -1;
return;
}
+ n = n & 0x07;
iv = (unsigned char *)ivec;
if (encrypt) {
diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
index afa6a960d4ed..64f8469abc60 100644
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -39,6 +39,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
*num = -1;
return;
}
+ n = n & 0x07;
iv = (unsigned char *)ivec;
n2l(iv, v0);
diff --git a/crypto/init.c b/crypto/init.c
index f6d31a962826..4a8e300cc987 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -244,27 +244,24 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
}
static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
-static int config_inited = 0;
static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
DEFINE_RUN_ONCE_STATIC(ossl_init_config)
{
int ret = ossl_config_int(NULL);
- config_inited = 1;
return ret;
}
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config)
{
int ret = ossl_config_int(conf_settings);
- config_inited = 1;
return ret;
}
DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
{
OSSL_TRACE(INIT, "ossl_no_config_int()\n");
ossl_no_config_int();
- config_inited = 1;
+
return 1;
}
diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
index 044f86f143f9..4ab6d8cb2b42 100644
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -55,7 +55,7 @@
# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
# Polynomial Multiplication on ARM Processors using the NEON Engine.
#
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
# ====================================================================
# Note about "528B" variant. In ARM case it makes lesser sense to
diff --git a/crypto/o_str.c b/crypto/o_str.c
index d7090acef45b..c55b4236bbbe 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2003-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -236,6 +236,11 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
int has_sep = (sep != CH_ZERO);
size_t len = has_sep ? buflen * 3 : 1 + buflen * 2;
+ if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) {
+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
+ return 0;
+ }
+
if (len == 0)
++len;
if (strlength != NULL)
@@ -277,10 +282,18 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
char *tmp;
size_t tmp_n;
+ if (buflen < 0)
+ return NULL;
if (buflen == 0)
return OPENSSL_zalloc(1);
- tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2;
+ if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3)
+ || (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) {
+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
+ return NULL;
+ }
+
+ tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2;
if ((tmp = OPENSSL_malloc(tmp_n)) == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
return NULL;
diff --git a/crypto/param_build.c b/crypto/param_build.c
index d0a1113c72f1..a3acc93a6d6f 100644
--- a/crypto/param_build.c
+++ b/crypto/param_build.c
@@ -121,12 +121,22 @@ void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
unsigned int num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -134,12 +144,22 @@ int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
long int num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
unsigned long int num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -147,12 +167,22 @@ int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
int32_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
uint32_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -160,12 +190,22 @@ int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
int64_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
}
int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
uint64_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -173,6 +213,11 @@ int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
size_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_UNSIGNED_INTEGER);
}
@@ -180,6 +225,11 @@ int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
time_t num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num),
OSSL_PARAM_INTEGER);
}
@@ -187,6 +237,11 @@ int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
double num)
{
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
}
@@ -203,6 +258,11 @@ int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
int n, secure = 0;
OSSL_PARAM_BLD_DEF *pd;
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (bn != NULL) {
if (BN_is_negative(bn)) {
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED,
@@ -239,6 +299,11 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
OSSL_PARAM_BLD_DEF *pd;
int secure;
+ if (bld == NULL || key == NULL || buf == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (bsize == 0)
bsize = strlen(buf);
if (bsize > INT_MAX) {
@@ -258,6 +323,11 @@ int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
{
OSSL_PARAM_BLD_DEF *pd;
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (bsize == 0)
bsize = strlen(buf);
if (bsize > INT_MAX) {
@@ -277,6 +347,11 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
OSSL_PARAM_BLD_DEF *pd;
int secure;
+ if (bld == NULL || key == NULL || buf == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (bsize > INT_MAX) {
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
return 0;
@@ -294,6 +369,11 @@ int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
{
OSSL_PARAM_BLD_DEF *pd;
+ if (bld == NULL || key == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
if (bsize > INT_MAX) {
ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
return 0;
@@ -359,10 +439,18 @@ OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
{
OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
OSSL_PARAM *params, *last;
- const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
- const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
- const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
- const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
+ int num;
+ size_t p_blks, total, ss;
+
+ if (bld == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
+ p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
+ total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
+ ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
if (ss > 0) {
s = OPENSSL_secure_malloc(ss);
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index b2bf96cef01e..dfa644b66874 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -585,8 +585,7 @@ my %globals;
);
# Following constants are defined in x86_64 ABI supplement, for
- # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf,
- # see section 3.7 "Stack Unwind Algorithm".
+ # example available at https://gitlab.com/x86-psABIs/x86-64-ABI.
my %DW_reg_idx = (
"%rax"=>0, "%rdx"=>1, "%rcx"=>2, "%rbx"=>3,
"%rsi"=>4, "%rdi"=>5, "%rbp"=>6, "%rsp"=>7,
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index 0943f2efd17c..177de3615b74 100644
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -179,7 +179,7 @@ static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
utf32chr += 0x10000;
}
- return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
+ return UTF8_putc((unsigned char *)str, 4, utf32chr);
}
char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index a38e8a38c6df..ad8902f7dd13 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -792,6 +792,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
break;
case NID_pkcs7_signed:
si_sk = p7->d.sign->signer_info;
+ if (p7->d.sign->contents == NULL) {
+ ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+ goto err;
+ }
os = PKCS7_get_octet_string(p7->d.sign->contents);
/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
@@ -802,6 +806,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
break;
case NID_pkcs7_digest:
+ if (p7->d.digest->contents == NULL) {
+ ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+ goto err;
+ }
os = PKCS7_get_octet_string(p7->d.digest->contents);
/* If detached data then the content is excluded */
if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index d65fc592a4a8..d0fb6589b178 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -48,7 +48,8 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
break;
case PKCS7_OP_GET_DETACHED_SIGNATURE:
if (nid == NID_pkcs7_signed) {
- if (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL)
+ if (p7->d.sign == NULL || p7->d.sign->contents == NULL
+ || p7->d.sign->contents->d.ptr == NULL)
ret = 1;
else
ret = 0;
@@ -737,6 +738,10 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
break;
case NID_pkcs7_signed:
+ if (p7->d.sign == NULL || p7->d.sign->contents == NULL) {
+ ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+ break;
+ }
os = p7->d.sign->contents->d.data;
break;
diff --git a/crypto/punycode.c b/crypto/punycode.c
index fcd488431f82..1e7635bf110c 100644
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -276,7 +276,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
while (0)
while (1) {
- char *tmpptr = strchr(inptr, '.');
+ const char *tmpptr = strchr(inptr, '.');
size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
if (strncmp(inptr, "xn--", 4) != 0) {
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index ba8aa34dc204..aeb9bd0d2384 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -108,10 +108,13 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
{
FILE *fp = NULL;
struct sockaddr_un addr;
- int mybuffer, ret = -1, i, numbytes, fd;
+ int mybuffer, ret = -1, i, numbytes, fd = -1;
unsigned char tempbuf[255];
+#if defined(OPENSSL_SYS_TANDEM)
+ int hpns_connect_attempt = 0;
+#endif
- if (bytes > (int)sizeof(tempbuf))
+ if (bytes <= 0 || bytes > (int)sizeof(tempbuf))
return -1;
/* Make socket. */
@@ -126,9 +129,8 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
#else
fd = socket(AF_UNIX, SOCK_STREAM, 0);
#endif
- if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL)
+ if (fd == -1)
return -1;
- setbuf(fp, NULL);
/* Try to connect */
for (;;) {
@@ -171,6 +173,14 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
}
}
+ /* Create stream only after a successful connect to avoid stale FILE* on fd swap. */
+ fp = fdopen(fd, "r+");
+ if (fp == NULL) {
+ close(fd);
+ return -1;
+ }
+ setbuf(fp, NULL);
+
/* Make request, see how many bytes we can get back. */
tempbuf[0] = 1;
tempbuf[1] = bytes;
@@ -180,6 +190,9 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
goto err;
numbytes = tempbuf[0];
+ if (numbytes <= 0 || numbytes > bytes || numbytes > (int)sizeof(tempbuf))
+ goto err;
+
/* Which buffer are we using? */
mybuffer = buf == NULL;
if (mybuffer)
@@ -196,6 +209,8 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
err:
if (fp != NULL)
fclose(fp);
+ else if (fd != -1)
+ close(fd);
return ret;
}
diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
index ccc69fa6bf8d..0ee6061486d2 100644
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
int *num, int encrypt)
{
register unsigned long v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned long ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
index b659b72a1005..fdc025bbd8f1 100644
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
int *num)
{
register unsigned long v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c
index f2f4b9bdfb3b..a7c447f681d3 100644
--- a/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -27,7 +27,7 @@ void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num, int encrypt)
{
register unsigned long v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned long ti[2];
unsigned char *iv, c, cc;
diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c
index 30487521f22f..5217303a28d2 100644
--- a/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,7 +26,7 @@ void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
unsigned char *ivec, int *num)
{
register unsigned long v0, v1, t;
- register int n = *num;
+ register int n = *num & 0x07;
register long l = length;
unsigned char d[8];
register char *dp;
diff --git a/crypto/sha/asm/keccak1600-s390x.pl b/crypto/sha/asm/keccak1600-s390x.pl
index 86233c7e38f2..983327445b88 100755
--- a/crypto/sha/asm/keccak1600-s390x.pl
+++ b/crypto/sha/asm/keccak1600-s390x.pl
@@ -1,5 +1,5 @@
#!/usr/bin/env perl
-# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -67,6 +67,7 @@ my @rhotates = ([ 0, 1, 62, 28, 27 ],
$code.=<<___;
.text
+.machine "z10"
.type __KeccakF1600,\@function
.align 32
diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c
index 93a741d04d74..494e4e69d710 100644
--- a/crypto/ts/ts_asn1.c
+++ b/crypto/ts/ts_asn1.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -17,7 +17,7 @@ ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
} static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
- IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
{
@@ -51,7 +51,7 @@ ASN1_SEQUENCE(TS_REQ) = {
ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
} static_ASN1_SEQUENCE_END(TS_REQ)
- IMPLEMENT_ASN1_FUNCTIONS(TS_REQ)
+IMPLEMENT_ASN1_FUNCTIONS(TS_REQ)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
{
@@ -80,7 +80,7 @@ ASN1_SEQUENCE(TS_ACCURACY) = {
ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
} static_ASN1_SEQUENCE_END(TS_ACCURACY)
- IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY)
+IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
ASN1_SEQUENCE(TS_TST_INFO) = {
@@ -96,7 +96,7 @@ ASN1_SEQUENCE(TS_TST_INFO) = {
ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
} static_ASN1_SEQUENCE_END(TS_TST_INFO)
- IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
{
@@ -127,7 +127,7 @@ ASN1_SEQUENCE(TS_STATUS_INFO) = {
ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
} static_ASN1_SEQUENCE_END(TS_STATUS_INFO)
- IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
static int ts_resp_set_tst_info(TS_RESP *a)
@@ -175,7 +175,7 @@ ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = {
ASN1_OPT(TS_RESP, token, PKCS7),
} static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
- IMPLEMENT_ASN1_FUNCTIONS(TS_RESP)
+IMPLEMENT_ASN1_FUNCTIONS(TS_RESP)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
index 2fcf8cec3dac..e1dc87088a73 100644
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -679,8 +679,10 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
} else {
*pexplicit_policy = 1;
/* Tree empty and requireExplicit True: Error */
- if (init_ret & X509_PCY_TREE_EMPTY)
+ if (init_ret & X509_PCY_TREE_EMPTY) {
+ X509_policy_tree_free(tree);
return X509_PCY_TREE_FAILURE;
+ }
}
ret = tree_evaluate(tree);
@@ -705,13 +707,15 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
if (!ret)
goto error;
- *ptree = tree;
-
if (init_ret & X509_PCY_TREE_EXPLICIT) {
nodes = X509_policy_tree_get0_user_policies(tree);
- if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+ if (sk_X509_POLICY_NODE_num(nodes) <= 0) {
+ X509_policy_tree_free(tree);
return X509_PCY_TREE_FAILURE;
+ }
}
+
+ *ptree = tree;
return X509_PCY_TREE_VALID;
error:
diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c
index f2437a9b728d..89dd0f862591 100644
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -245,7 +245,7 @@ err:
static int displaytext_get_tag_len(const char *tagstr)
{
- char *colon = strchr(tagstr, ':');
+ const char *colon = strchr(tagstr, ':');
return (colon == NULL) ? -1 : colon - tagstr;
}
diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.c
index 088cffed69f0..1992344d85be 100644
--- a/crypto/x509/v3_prn.c
+++ b/crypto/x509/v3_prn.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -191,9 +191,9 @@ static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
return 1;
case X509V3_EXT_PARSE_UNKNOWN:
- return ASN1_parse_dump(out, ext, extlen, indent, -1);
+ return ASN1_parse_dump(out, ext, extlen, indent, -1) > 0;
case X509V3_EXT_DUMP_UNKNOWN:
- return BIO_dump_indent(out, (const char *)ext, extlen, indent);
+ return BIO_dump_indent(out, (const char *)ext, extlen, indent) > 0;
default:
return 1;
diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index 60dcd4f16a9c..eda121968dd4 100644
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -633,7 +633,8 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
{
- char *objtmp = NULL, *p;
+ char *objtmp = NULL;
+ const char *p;
int objlen;
if ((p = strchr(value, ';')) == NULL)
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index 41311fc823de..4e9d16db0dc8 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -1120,15 +1120,16 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
ASN1_OCTET_STRING *ret = NULL;
unsigned char ipout[32];
char *iptmp = NULL, *p;
+ const char *slash;
int iplen1, iplen2;
- p = strchr(ipasc, '/');
- if (p == NULL)
+ slash = strchr(ipasc, '/');
+ if (slash == NULL)
return NULL;
iptmp = OPENSSL_strdup(ipasc);
if (iptmp == NULL)
return NULL;
- p = iptmp + (p - ipasc);
+ p = iptmp + (slash - ipasc);
*p++ = 0;
iplen1 = ossl_a2i_ipadd(ipout, iptmp);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 1f1fe26b98c7..55c156abf685 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -993,6 +993,7 @@ static int check_cert(X509_STORE_CTX *ctx)
goto done;
}
+ ctx->current_crl = NULL;
X509_CRL_free(crl);
X509_CRL_free(dcrl);
crl = NULL;
@@ -1176,6 +1177,8 @@ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
return 0;
/* Delta CRL number must exceed full CRL number */
+ if (delta->crl_number == NULL)
+ return 0;
return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0;
}
@@ -2813,7 +2816,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
if (matched || dane->mdpth < 0) {
dane->mdpth = depth;
dane->mtlsa = t;
- OPENSSL_free(dane->mcert);
+ X509_free(dane->mcert);
dane->mcert = cert;
X509_up_ref(cert);
}
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 04942a7e7beb..61cfa0210661 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -65,8 +65,8 @@ ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = {
ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
- X509_PUBKEY
- * ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
+X509_PUBKEY
+*ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
{
X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
generated by cgit v1.3 (git 2.53.0) at 2026-04-17 04:44:21 +0000