Skip to content

Instantly share code, notes, and snippets.

@FiloSottile
Created November 1, 2022 15:55
Show Gist options
  • Save FiloSottile/611fc3fa95c3aceebf2580983f76148c to your computer and use it in GitHub Desktop.
Save FiloSottile/611fc3fa95c3aceebf2580983f76148c to your computer and use it in GitHub Desktop.
diff -u -r openssl-openssl-3.0.6/CHANGES.md openssl-3.0.7/CHANGES.md
--- openssl-openssl-3.0.6/CHANGES.md 2022-10-11 14:39:09
+++ openssl-3.0.7/CHANGES.md 2022-11-01 15:14:36
@@ -28,6 +28,64 @@
[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
+### Changes between 3.0.6 and 3.0.7 [1 Nov 2022]
+
+ * Fixed two buffer overflows in punycode decoding functions.
+
+ A buffer overrun can be triggered in X.509 certificate verification,
+ specifically in name constraint checking. Note that this occurs after
+ certificate chain signature verification and requires either a CA to
+ have signed the malicious certificate or for the application to continue
+ certificate verification despite failure to construct a path to a trusted
+ issuer.
+
+ In a TLS client, this can be triggered by connecting to a malicious
+ server. In a TLS server, this can be triggered if the server requests
+ client authentication and a malicious client connects.
+
+ An attacker can craft a malicious email address to overflow
+ an arbitrary number of bytes containing the `.` character (decimal 46)
+ on the stack. This buffer overflow could result in a crash (causing a
+ denial of service).
+ ([CVE-2022-3786])
+
+ An attacker can craft a malicious email address to overflow four
+ attacker-controlled bytes on the stack. This buffer overflow could
+ result in a crash (causing a denial of service) or potentially remote code
+ execution depending on stack layout for any given platform/compiler.
+ ([CVE-2022-3602])
+
+ *Paul Dale*
+
+ * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
+ parameters in OpenSSL code.
+ Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
+ OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
+ Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
+ Using these invalid names may cause algorithms to use slower methods
+ that ignore the CRT parameters.
+
+ *Shane Lontis*
+
+ * Fixed a regression introduced in 3.0.6 version raising errors on some stack
+ operations.
+
+ *Tomáš Mráz*
+
+ * Fixed a regression introduced in 3.0.6 version not refreshing the certificate
+ data to be signed before signing the certificate.
+
+ *Gibeom Gwon*
+
+ * Added RIPEMD160 to the default provider.
+
+ *Paul Dale*
+
+ * Ensured that the key share group sent or accepted for the key exchange
+ is allowed for the protocol version.
+
+ *Matt Caswell*
+
### Changes between 3.0.5 and 3.0.6 [11 Oct 2022]
* OpenSSL supports creating a custom cipher via the legacy
diff -u -r openssl-openssl-3.0.6/NEWS.md openssl-3.0.7/NEWS.md
--- openssl-openssl-3.0.6/NEWS.md 2022-10-11 14:39:09
+++ openssl-3.0.7/NEWS.md 2022-11-01 15:14:36
@@ -18,6 +18,13 @@
OpenSSL 3.0
-----------
+### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022]
+
+ * Added RIPEMD160 to the default provider.
+ * Fixed regressions introduced in 3.0.6 version.
+ * Fixed two buffer overflows in punycode decoding functions.
+ ([CVE-2022-3786]) and ([CVE-2022-3602])
+
### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022]
* Fix for custom ciphers to prevent accidental use of NULL encryption
diff -u -r openssl-openssl-3.0.6/README-ENGINES.md openssl-3.0.7/README-ENGINES.md
--- openssl-openssl-3.0.6/README-ENGINES.md 2022-10-11 14:39:09
+++ openssl-3.0.7/README-ENGINES.md 2022-11-01 15:14:36
@@ -314,4 +314,3 @@
A quick test done right before the release showed that trying "openssl speed
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made
to write at memory address 0x00000002.
-
diff -u -r openssl-openssl-3.0.6/VERSION.dat openssl-3.0.7/VERSION.dat
--- openssl-openssl-3.0.6/VERSION.dat 2022-10-11 14:39:09
+++ openssl-3.0.7/VERSION.dat 2022-11-01 15:14:36
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
-PATCH=6
+PATCH=7
PRE_RELEASE_TAG=
BUILD_METADATA=
-RELEASE_DATE="11 Oct 2022"
+RELEASE_DATE="1 Nov 2022"
SHLIB_VERSION=3
diff -u -r openssl-openssl-3.0.6/apps/lib/apps.c openssl-3.0.7/apps/lib/apps.c
--- openssl-openssl-3.0.6/apps/lib/apps.c 2022-10-11 14:39:09
+++ openssl-3.0.7/apps/lib/apps.c 2022-11-01 15:14:36
@@ -2936,6 +2936,9 @@
BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
void *prefix = NULL;
+ if (b == NULL)
+ return NULL;
+
#ifdef OPENSSL_SYS_VMS
if (FMT_istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
@@ -2955,7 +2958,7 @@
BIO *b = BIO_new_fp(stderr,
BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
#ifdef OPENSSL_SYS_VMS
- if (FMT_istext(format))
+ if (b != NULL && FMT_istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
return b;
diff -u -r openssl-openssl-3.0.6/apps/list.c openssl-3.0.7/apps/list.c
--- openssl-openssl-3.0.6/apps/list.c 2022-10-11 14:39:09
+++ openssl-3.0.7/apps/list.c 2022-11-01 15:14:36
@@ -1474,7 +1474,7 @@
"List of cipher commands (deprecated)"},
#endif
{"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
- "List of cipher algorithms"},
+ "List of symmetric cipher algorithms"},
{"encoders", OPT_ENCODERS, '-', "List of encoding methods" },
{"decoders", OPT_DECODERS, '-', "List of decoding methods" },
{"key-managers", OPT_KEYMANAGERS, '-', "List of key managers" },
diff -u -r openssl-openssl-3.0.6/apps/openssl.c openssl-3.0.7/apps/openssl.c
--- openssl-openssl-3.0.6/apps/openssl.c 2022-10-11 14:39:09
+++ openssl-3.0.7/apps/openssl.c 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -307,7 +307,7 @@
BIO_free(bio_in);
BIO_free_all(bio_out);
apps_shutdown();
- BIO_free(bio_err);
+ BIO_free_all(bio_err);
EXIT(ret);
}
diff -u -r openssl-openssl-3.0.6/crypto/aes/asm/aesv8-armx.pl openssl-3.0.7/crypto/aes/asm/aesv8-armx.pl
--- openssl-openssl-3.0.6/crypto/aes/asm/aesv8-armx.pl 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/aes/asm/aesv8-armx.pl 2022-11-01 15:14:36
@@ -1825,7 +1825,7 @@
vorr $dat2,$ivec,$ivec
___
$code.=<<___ if ($flavour =~ /64/);
- cmp $len,#2
+ cmp $len,#32
b.lo .Loop3x_ctr32
add w13,$ctr,#1
diff -u -r openssl-openssl-3.0.6/crypto/bn/rsaz_exp_x2.c openssl-3.0.7/crypto/bn/rsaz_exp_x2.c
--- openssl-openssl-3.0.6/crypto/bn/rsaz_exp_x2.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/bn/rsaz_exp_x2.c 2022-11-01 15:14:36
@@ -31,6 +31,14 @@
# define ALIGN64
# endif
+# if defined(__GNUC__)
+# define ALIGN1 __attribute__((aligned(1)))
+# elif defined(_MSC_VER)
+# define ALIGN1 __declspec(align(1))
+# else
+# define ALIGN1
+# endif
+
# define ALIGN_OF(ptr, boundary) \
((unsigned char *)(ptr) + (boundary - (((size_t)(ptr)) & (boundary - 1))))
@@ -42,6 +50,8 @@
# define BITS2WORD8_SIZE(x) (((x) + 7) >> 3)
# define BITS2WORD64_SIZE(x) (((x) + 63) >> 6)
+typedef uint64_t ALIGN1 uint64_t_align1;
+
static ossl_inline uint64_t get_digit52(const uint8_t *in, int in_len);
static ossl_inline void put_digit52(uint8_t *out, int out_len, uint64_t digit);
static void to_words52(BN_ULONG *out, int out_len, const BN_ULONG *in,
@@ -468,9 +478,9 @@
in_str = (uint8_t *)in;
for (; in_bitsize >= (2 * DIGIT_SIZE); in_bitsize -= (2 * DIGIT_SIZE), out += 2) {
- out[0] = (*(uint64_t *)in_str) & DIGIT_MASK;
+ out[0] = (*(uint64_t_align1 *)in_str) & DIGIT_MASK;
in_str += 6;
- out[1] = ((*(uint64_t *)in_str) >> 4) & DIGIT_MASK;
+ out[1] = ((*(uint64_t_align1 *)in_str) >> 4) & DIGIT_MASK;
in_str += 7;
out_len -= 2;
}
@@ -527,9 +537,9 @@
uint8_t *out_str = (uint8_t *)out;
for (; out_bitsize >= (2 * DIGIT_SIZE); out_bitsize -= (2 * DIGIT_SIZE), in += 2) {
- (*(uint64_t *)out_str) = in[0];
+ (*(uint64_t_align1 *)out_str) = in[0];
out_str += 6;
- (*(uint64_t *)out_str) ^= in[1] << 4;
+ (*(uint64_t_align1 *)out_str) ^= in[1] << 4;
out_str += 7;
}
diff -u -r openssl-openssl-3.0.6/crypto/conf/conf_def.c openssl-3.0.7/crypto/conf/conf_def.c
--- openssl-openssl-3.0.6/crypto/conf/conf_def.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/conf/conf_def.c 2022-11-01 15:14:36
@@ -296,7 +296,7 @@
}
#endif
/* no more files in directory, continue with processing parent */
- if (sk_BIO_num(biosk) < 1 || (parent = sk_BIO_pop(biosk)) == NULL) {
+ if ((parent = sk_BIO_pop(biosk)) == NULL) {
/* everything processed get out of the loop */
break;
} else {
diff -u -r openssl-openssl-3.0.6/crypto/ec/ec_ameth.c openssl-3.0.7/crypto/ec/ec_ameth.c
--- openssl-openssl-3.0.6/crypto/ec/ec_ameth.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/ec/ec_ameth.c 2022-11-01 15:14:36
@@ -42,7 +42,6 @@
ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid);
if (asn1obj == NULL || OBJ_length(asn1obj) == 0) {
- ASN1_OBJECT_free(asn1obj);
ERR_raise(ERR_LIB_EC, EC_R_MISSING_OID);
return 0;
}
@@ -92,9 +91,7 @@
ptype, pval, penc, penclen))
return 1;
err:
- if (ptype == V_ASN1_OBJECT)
- ASN1_OBJECT_free(pval);
- else
+ if (ptype == V_ASN1_SEQUENCE)
ASN1_STRING_free(pval);
OPENSSL_free(penc);
return 0;
@@ -187,19 +184,22 @@
eplen = i2d_ECPrivateKey(&ec_key, &ep);
if (eplen <= 0) {
ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
- ASN1_STRING_free(pval);
- return 0;
+ goto err;
}
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
ptype, pval, ep, eplen)) {
- ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
- ASN1_STRING_free(pval);
+ ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB);
OPENSSL_clear_free(ep, eplen);
- return 0;
+ goto err;
}
return 1;
+
+ err:
+ if (ptype == V_ASN1_SEQUENCE)
+ ASN1_STRING_free(pval);
+ return 0;
}
static int int_ec_size(const EVP_PKEY *pkey)
diff -u -r openssl-openssl-3.0.6/crypto/evp/ctrl_params_translate.c openssl-3.0.7/crypto/evp/ctrl_params_translate.c
--- openssl-openssl-3.0.6/crypto/evp/ctrl_params_translate.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/evp/ctrl_params_translate.c 2022-11-01 15:14:36
@@ -1955,6 +1955,32 @@
IMPL_GET_RSA_PAYLOAD_COEFFICIENT(8)
IMPL_GET_RSA_PAYLOAD_COEFFICIENT(9)
+static int fix_group_ecx(enum state state,
+ const struct translation_st *translation,
+ struct translation_ctx_st *ctx)
+{
+ const char *value = NULL;
+
+ switch (state) {
+ case PRE_PARAMS_TO_CTRL:
+ if (!EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx))
+ return 0;
+ ctx->action_type = NONE;
+ return 1;
+ case POST_PARAMS_TO_CTRL:
+ if (OSSL_PARAM_get_utf8_string_ptr(ctx->params, &value) == 0 ||
+ OPENSSL_strcasecmp(ctx->pctx->keytype, value) != 0) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
+ ctx->p1 = 0;
+ return 0;
+ }
+ ctx->p1 = 1;
+ return 1;
+ default:
+ return 0;
+ }
+}
+
/*-
* The translation table itself
* ============================
@@ -2274,6 +2300,15 @@
{ GET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_GET_MD, NULL, NULL,
OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
+
+ /*-
+ * ECX
+ * ===
+ */
+ { SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
+ OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
+ { SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
+ OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
};
static const struct translation_st evp_pkey_translations[] = {
@@ -2692,7 +2727,7 @@
ret = fixup(PRE_PARAMS_TO_CTRL, translation, &ctx);
- if (ret > 0 && action_type != NONE)
+ if (ret > 0 && ctx.action_type != NONE)
ret = EVP_PKEY_CTX_ctrl(pctx, keytype, optype,
ctx.ctrl_cmd, ctx.p1, ctx.p2);
diff -u -r openssl-openssl-3.0.6/crypto/init.c openssl-3.0.7/crypto/init.c
--- openssl-openssl-3.0.6/crypto/init.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/init.c 2022-11-01 15:14:36
@@ -659,28 +659,26 @@
#if !defined(OPENSSL_USE_NODELETE)\
&& !defined(OPENSSL_NO_PINSHARED)
{
+# if defined(DSO_WIN32) && !defined(_WIN32_WCE)
+ HMODULE handle = NULL;
+ BOOL ret;
union {
void *sym;
void (*func)(void);
} handlersym;
handlersym.func = handler;
-# if defined(DSO_WIN32) && !defined(_WIN32_WCE)
- {
- HMODULE handle = NULL;
- BOOL ret;
- /*
- * We don't use the DSO route for WIN32 because there is a better
- * way
- */
- ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
- | GET_MODULE_HANDLE_EX_FLAG_PIN,
- handlersym.sym, &handle);
+ /*
+ * We don't use the DSO route for WIN32 because there is a better
+ * way
+ */
+ ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
+ | GET_MODULE_HANDLE_EX_FLAG_PIN,
+ handlersym.sym, &handle);
- if (!ret)
- return 0;
- }
+ if (!ret)
+ return 0;
# elif !defined(DSO_NONE)
/*
* Deliberately leak a reference to the handler. This will force the
@@ -688,18 +686,22 @@
* atexit handler. If -znodelete has been used then this is
* unnecessary.
*/
- {
- DSO *dso = NULL;
+ DSO *dso = NULL;
+ union {
+ void *sym;
+ void (*func)(void);
+ } handlersym;
- ERR_set_mark();
- dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
- /* See same code above in ossl_init_base() for an explanation. */
- OSSL_TRACE1(INIT,
- "atexit: obtained DSO reference? %s\n",
- (dso == NULL ? "No!" : "Yes."));
- DSO_free(dso);
- ERR_pop_to_mark();
- }
+ handlersym.func = handler;
+
+ ERR_set_mark();
+ dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
+ /* See same code above in ossl_init_base() for an explanation. */
+ OSSL_TRACE1(INIT,
+ "atexit: obtained DSO reference? %s\n",
+ (dso == NULL ? "No!" : "Yes."));
+ DSO_free(dso);
+ ERR_pop_to_mark();
# endif
}
#endif
diff -u -r openssl-openssl-3.0.6/crypto/pem/pem_lib.c openssl-3.0.7/crypto/pem/pem_lib.c
--- openssl-openssl-3.0.6/crypto/pem/pem_lib.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/pem/pem_lib.c 2022-11-01 15:14:36
@@ -810,7 +810,7 @@
{
BIO *tmp = *header;
char *linebuf, *p;
- int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
+ int len, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
/* 0 if not seen (yet), 1 if reading header, 2 if finished header */
enum header_status got_header = MAYBE_HEADER;
unsigned int flags_mask;
@@ -824,7 +824,7 @@
return 0;
}
- for (line = 0; ; line++) {
+ while(1) {
flags_mask = ~0u;
len = BIO_gets(bp, linebuf, LINESIZE);
if (len <= 0) {
diff -u -r openssl-openssl-3.0.6/crypto/provider_core.c openssl-3.0.7/crypto/provider_core.c
--- openssl-openssl-3.0.6/crypto/provider_core.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/provider_core.c 2022-11-01 15:14:36
@@ -907,16 +907,28 @@
OPENSSL_free(allocated_load_dir);
}
- if (prov->module != NULL)
- prov->init_function = (OSSL_provider_init_fn *)
- DSO_bind_func(prov->module, "OSSL_provider_init");
+ if (prov->module == NULL) {
+ /* DSO has already recorded errors, this is just a tracepoint */
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_DSO_LIB,
+ "name=%s", prov->name);
+ goto end;
+ }
+
+ prov->init_function = (OSSL_provider_init_fn *)
+ DSO_bind_func(prov->module, "OSSL_provider_init");
#endif
}
- /* Call the initialise function for the provider. */
- if (prov->init_function == NULL
- || !prov->init_function((OSSL_CORE_HANDLE *)prov, core_dispatch,
- &provider_dispatch, &tmp_provctx)) {
+ /* Check for and call the initialise function for the provider. */
+ if (prov->init_function == NULL) {
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED,
+ "name=%s, provider has no provider init function",
+ prov->name);
+ goto end;
+ }
+
+ if (!prov->init_function((OSSL_CORE_HANDLE *)prov, core_dispatch,
+ &provider_dispatch, &tmp_provctx)) {
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL,
"name=%s", prov->name);
goto end;
@@ -1204,7 +1216,7 @@
if (!freeing) {
int acc;
- if (!CRYPTO_THREAD_read_lock(prov->opbits_lock))
+ if (!CRYPTO_THREAD_write_lock(prov->opbits_lock))
return 0;
OPENSSL_free(prov->operation_bits);
prov->operation_bits = NULL;
diff -u -r openssl-openssl-3.0.6/crypto/punycode.c openssl-3.0.7/crypto/punycode.c
--- openssl-openssl-3.0.6/crypto/punycode.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/punycode.c 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -123,7 +123,6 @@
unsigned int bias = initial_bias;
size_t processed_in = 0, written_out = 0;
unsigned int max_out = *pout_length;
-
unsigned int basic_count = 0;
unsigned int loop;
@@ -181,11 +180,11 @@
n = n + i / (written_out + 1);
i %= (written_out + 1);
- if (written_out > max_out)
+ if (written_out >= max_out)
return 0;
memmove(pDecoded + i + 1, pDecoded + i,
- (written_out - i) * sizeof *pDecoded);
+ (written_out - i) * sizeof(*pDecoded));
pDecoded[i] = n;
i++;
written_out++;
@@ -255,30 +254,35 @@
*/
char *outptr = out;
const char *inptr = in;
- size_t size = 0;
+ size_t size = 0, maxsize;
int result = 1;
-
+ unsigned int i, j;
unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */
- if (out == NULL)
+
+ if (out == NULL) {
result = 0;
+ maxsize = 0;
+ } else {
+ maxsize = *outlen;
+ }
+#define PUSHC(c) \
+ do \
+ if (size++ < maxsize) \
+ *outptr++ = c; \
+ else \
+ result = 0; \
+ while (0)
+
while (1) {
char *tmpptr = strchr(inptr, '.');
- size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr);
+ size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
if (strncmp(inptr, "xn--", 4) != 0) {
- size += delta + 1;
-
- if (size >= *outlen - 1)
- result = 0;
-
- if (result > 0) {
- memcpy(outptr, inptr, delta + 1);
- outptr += delta + 1;
- }
+ for (i = 0; i < delta + 1; i++)
+ PUSHC(inptr[i]);
} else {
unsigned int bufsize = LABEL_BUF_SIZE;
- unsigned int i;
if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0)
return -1;
@@ -286,26 +290,15 @@
for (i = 0; i < bufsize; i++) {
unsigned char seed[6];
size_t utfsize = codepoint2utf8(seed, buf[i]);
+
if (utfsize == 0)
return -1;
- size += utfsize;
- if (size >= *outlen - 1)
- result = 0;
-
- if (result > 0) {
- memcpy(outptr, seed, utfsize);
- outptr += utfsize;
- }
+ for (j = 0; j < utfsize; j++)
+ PUSHC(seed[j]);
}
- if (tmpptr != NULL) {
- *outptr = '.';
- outptr++;
- size++;
- if (size >= *outlen - 1)
- result = 0;
- }
+ PUSHC(tmpptr != NULL ? '.' : '\0');
}
if (tmpptr == NULL)
@@ -313,7 +306,9 @@
inptr = tmpptr + 1;
}
+#undef PUSHC
+ *outlen = size;
return result;
}
@@ -327,12 +322,11 @@
int ossl_a2ucompare(const char *a, const char *u)
{
- char a_ulabel[LABEL_BUF_SIZE];
+ char a_ulabel[LABEL_BUF_SIZE + 1];
size_t a_size = sizeof(a_ulabel);
- if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) {
+ if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0)
return -1;
- }
- return (strcmp(a_ulabel, u) == 0) ? 0 : 1;
+ return strcmp(a_ulabel, u) != 0;
}
diff -u -r openssl-openssl-3.0.6/crypto/ripemd/build.info openssl-3.0.7/crypto/ripemd/build.info
--- openssl-openssl-3.0.6/crypto/ripemd/build.info 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/ripemd/build.info 2022-11-01 15:14:36
@@ -20,7 +20,7 @@
# When all deprecated symbols are removed, libcrypto doesn't export the
# RIPEMD160 functions, so we must include them directly in liblegacy.a
-IF[{- $disabled{'deprecated-3.0'} -}]
+IF[{- $disabled{'deprecated-3.0'} && !$disabled{'module'} -}]
SOURCE[../../providers/liblegacy.a]=rmd_dgst.c rmd_one.c $RMD160ASM
DEFINE[../../providers/liblegacy.a]=$RMD160DEF
ENDIF
diff -u -r openssl-openssl-3.0.6/crypto/stack/stack.c openssl-3.0.7/crypto/stack/stack.c
--- openssl-openssl-3.0.6/crypto/stack/stack.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/stack/stack.c 2022-11-01 15:14:36
@@ -299,6 +299,9 @@
{
int i;
+ if (st == NULL)
+ return NULL;
+
for (i = 0; i < st->num; i++)
if (st->data[i] == p)
return internal_delete(st, i);
@@ -307,15 +310,8 @@
void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
{
- if (st == NULL) {
- ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+ if (st == NULL || loc < 0 || loc >= st->num)
return NULL;
- }
- if (loc < 0 || loc >= st->num) {
- ERR_raise_data(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT,
- "loc=%d", loc);
- return NULL;
- }
return internal_delete(st, loc);
}
@@ -399,38 +395,22 @@
void *OPENSSL_sk_shift(OPENSSL_STACK *st)
{
- if (st == NULL) {
- ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+ if (st == NULL || st->num == 0)
return NULL;
- }
- if (st->num == 0) {
- ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
- return NULL;
- }
return internal_delete(st, 0);
}
void *OPENSSL_sk_pop(OPENSSL_STACK *st)
{
- if (st == NULL) {
- ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+ if (st == NULL || st->num == 0)
return NULL;
- }
- if (st->num == 0) {
- ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
- return NULL;
- }
return internal_delete(st, st->num - 1);
}
void OPENSSL_sk_zero(OPENSSL_STACK *st)
{
- if (st == NULL) {
- ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+ if (st == NULL || st->num == 0)
return;
- }
- if (st->num == 0)
- return;
memset(st->data, 0, sizeof(*st->data) * st->num);
st->num = 0;
}
@@ -462,26 +442,19 @@
void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i)
{
- if (st == NULL) {
- ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+ if (st == NULL || i < 0 || i >= st->num)
return NULL;
- }
- if (i < 0 || i >= st->num) {
- ERR_raise_data(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT,
- "i=%d", i);
- return NULL;
- }
return (void *)st->data[i];
}
void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data)
{
if (st == NULL) {
- ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (i < 0 || i >= st->num) {
- ERR_raise_data(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT,
+ ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT,
"i=%d", i);
return NULL;
}
diff -u -r openssl-openssl-3.0.6/crypto/txt_db/txt_db.c openssl-3.0.7/crypto/txt_db/txt_db.c
--- openssl-openssl-3.0.6/crypto/txt_db/txt_db.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/txt_db/txt_db.c 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,7 +21,6 @@
{
TXT_DB *ret = NULL;
int esc = 0;
- long ln = 0;
int i, add, n;
int size = BUFSIZE;
int offset = 0;
@@ -61,7 +60,6 @@
}
buf->data[offset] = '\0';
BIO_gets(in, &(buf->data[offset]), size - offset);
- ln++;
if (buf->data[offset] == '\0')
break;
if ((offset == 0) && (buf->data[0] == '#'))
diff -u -r openssl-openssl-3.0.6/crypto/x509/x_all.c openssl-3.0.7/crypto/x509/x_all.c
--- openssl-openssl-3.0.6/crypto/x509/x_all.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/x509/x_all.c 2022-11-01 15:14:36
@@ -59,34 +59,34 @@
int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
{
- int ret;
-
if (x == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ret = ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
- &x->sig_alg, &x->signature, &x->cert_info, NULL,
- pkey, md, x->libctx, x->propq);
- if (ret > 0)
- x->cert_info.enc.modified = 1;
- return ret;
+
+ /*
+ * Setting the modified flag before signing it. This makes the cached
+ * encoding to be ignored, so even if the certificate fields have changed,
+ * they are signed correctly.
+ * The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions
+ * which exist below are the same.
+ */
+ x->cert_info.enc.modified = 1;
+ return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
+ &x->sig_alg, &x->signature, &x->cert_info, NULL,
+ pkey, md, x->libctx, x->propq);
}
int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
{
- int ret;
-
if (x == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ret = ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
- &x->cert_info.signature,
- &x->sig_alg, &x->signature, &x->cert_info, ctx);
- if (ret > 0)
- x->cert_info.enc.modified = 1;
- return ret;
+ x->cert_info.enc.modified = 1;
+ return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
+ &x->cert_info.signature,
+ &x->sig_alg, &x->signature, &x->cert_info, ctx);
}
static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
@@ -111,66 +111,50 @@
int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
{
- int ret;
-
if (x == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ret = ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
- x->signature, &x->req_info, NULL,
- pkey, md, x->libctx, x->propq);
- if (ret > 0)
- x->req_info.enc.modified = 1;
- return ret;
+ x->req_info.enc.modified = 1;
+ return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
+ x->signature, &x->req_info, NULL,
+ pkey, md, x->libctx, x->propq);
}
int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
{
- int ret;
-
if (x == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ret = ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
- &x->sig_alg, NULL, x->signature, &x->req_info,
- ctx);
- if (ret > 0)
- x->req_info.enc.modified = 1;
- return ret;
+ x->req_info.enc.modified = 1;
+ return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
+ &x->sig_alg, NULL, x->signature, &x->req_info,
+ ctx);
}
int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
{
- int ret;
-
if (x == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ret = ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
- &x->sig_alg, &x->signature, &x->crl, NULL,
- pkey, md, x->libctx, x->propq);
- if (ret > 0)
- x->crl.enc.modified = 1;
- return ret;
+ x->crl.enc.modified = 1;
+ return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
+ &x->sig_alg, &x->signature, &x->crl, NULL,
+ pkey, md, x->libctx, x->propq);
}
int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
{
- int ret;
-
if (x == NULL) {
ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- ret = ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
- &x->crl.sig_alg, &x->sig_alg, &x->signature,
- &x->crl, ctx);
- if (ret > 0)
- x->crl.enc.modified = 1;
- return ret;
+ x->crl.enc.modified = 1;
+ return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
+ &x->crl.sig_alg, &x->sig_alg, &x->signature,
+ &x->crl, ctx);
}
X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
diff -u -r openssl-openssl-3.0.6/crypto/x509/x_name.c openssl-3.0.7/crypto/x509/x_name.c
--- openssl-openssl-3.0.6/crypto/x509/x_name.c 2022-10-11 14:39:09
+++ openssl-3.0.7/crypto/x509/x_name.c 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -499,10 +499,8 @@
int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
{
char *s, *c, *b;
- int l, i;
+ int i;
- l = 80 - 2 - obase;
-
b = X509_NAME_oneline(name, NULL, 0);
if (b == NULL)
return 0;
@@ -527,12 +525,10 @@
if (BIO_write(bp, ", ", 2) != 2)
goto err;
}
- l--;
}
if (*s == '\0')
break;
s++;
- l--;
}
OPENSSL_free(b);
diff -u -r openssl-openssl-3.0.6/doc/man1/openssl-list.pod.in openssl-3.0.7/doc/man1/openssl-list.pod.in
--- openssl-openssl-3.0.6/doc/man1/openssl-list.pod.in 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man1/openssl-list.pod.in 2022-11-01 15:14:36
@@ -94,10 +94,10 @@
Display a list of cipher commands, which are typically used as input
to the L<openssl-enc(1)> or L<openssl-speed(1)> commands.
-=item B<-digest-algorithms>, B<-kdf-algorithms>, B<-mac-algorithms>,
-B<-cipher-algorithms>
+=item B<-cipher-algorithms>, B<-digest-algorithms>, B<-kdf-algorithms>,
+B<-mac-algorithms>,
-Display a list of cipher, digest, kdf and mac algorithms.
+Display a list of symmetric cipher, digest, kdf and mac algorithms.
See L</Display of algorithm names> for a description of how names are
displayed.
@@ -237,7 +237,7 @@
=head1 COPYRIGHT
-Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man3/CMS_add0_cert.pod openssl-3.0.7/doc/man3/CMS_add0_cert.pod
--- openssl-openssl-3.0.6/doc/man3/CMS_add0_cert.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man3/CMS_add0_cert.pod 2022-11-01 15:14:36
@@ -19,25 +19,33 @@
=head1 DESCRIPTION
-CMS_add0_cert() and CMS_add1_cert() add certificate B<cert> to B<cms>.
-must be of type signed data or enveloped data.
+CMS_add0_cert() and CMS_add1_cert() add certificate I<cert> to I<cms>.
+I<cms> must be of type signed data or (authenticated) enveloped data.
+For signed data, such a certificate can be used when signing or verifying
+to fill in the signer certificate or to provide an extra CA certificate
+that may be needed for chain building in certificate validation.
-CMS_get1_certs() returns all certificates in B<cms>.
+CMS_get1_certs() returns all certificates in I<cms>.
-CMS_add0_crl() and CMS_add1_crl() add CRL B<crl> to B<cms>. CMS_get1_crls()
-returns any CRLs in B<cms>.
+CMS_add0_crl() and CMS_add1_crl() add CRL I<crl> to I<cms>.
+I<cms> must be of type signed data or (authenticated) enveloped data.
+For signed data, such a CRL may be used in certificate validation.
+It may be given both for inclusion when signing a CMS message
+and when verifying a signed CMS message.
+CMS_get1_crls() returns all CRLs in I<cms>.
+
=head1 NOTES
-The CMS_ContentInfo structure B<cms> must be of type signed data or enveloped
+The CMS_ContentInfo structure I<cms> must be of type signed data or enveloped
data or an error will be returned.
-For signed data certificates and CRLs are added to the B<certificates> and
-B<crls> fields of SignedData structure. For enveloped data they are added to
+For signed data certificates and CRLs are added to the I<certificates> and
+I<crls> fields of SignedData structure. For enveloped data they are added to
B<OriginatorInfo>.
-As the B<0> implies CMS_add0_cert() adds B<cert> internally to B<cms> and it
-must not be freed up after the call as opposed to CMS_add1_cert() where B<cert>
+As the I<0> implies CMS_add0_cert() adds I<cert> internally to I<cms> and it
+must not be freed up after the call as opposed to CMS_add1_cert() where I<cert>
must be freed up.
The same certificate or CRL must not be added to the same cms structure more
@@ -50,7 +58,7 @@
CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs
or NULL if there are none or an error occurs. The only error which will occur
-in practice is if the B<cms> type is invalid.
+in practice is if the I<cms> type is invalid.
=head1 SEE ALSO
@@ -60,7 +68,7 @@
=head1 COPYRIGHT
-Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man3/CMS_verify.pod openssl-3.0.7/doc/man3/CMS_verify.pod
--- openssl-openssl-3.0.6/doc/man3/CMS_verify.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man3/CMS_verify.pod 2022-11-01 15:14:36
@@ -15,50 +15,58 @@
=head1 DESCRIPTION
-CMS_verify() verifies a CMS SignedData structure. B<cms> is the CMS_ContentInfo
-structure to verify. B<certs> is a set of certificates in which to search for
-the signing certificate(s). B<store> is a trusted certificate store used for
-chain verification. B<indata> is the detached content if the content is not
-present in B<cms>. The content is written to B<out> if it is not NULL.
+CMS_verify() is very similar to L<PKCS7_verify(3)>. It verifies a
+B<CMS SignedData> structure contained in a structure of type B<CMS_ContentInfo>.
+I<cms> points to the B<CMS_ContentInfo> structure to verify.
+The optional I<certs> parameter refers to a set of certificates
+in which to search for signing certificates.
+I<cms> may contain extra untrusted CA certificates that may be used for
+chain building as well as CRLs that may be used for certificate validation.
+I<store> may be NULL or point to
+the trusted certificate store to use for chain verification.
+I<indata> refers to the signed data if the content is detached from I<cms>.
+Otherwise I<indata> should be NULL and the signed data must be in I<cms>.
+The content is written to the BIO I<out> unless it is NULL.
+I<flags> is an optional set of flags, which can be used to modify the operation.
-B<flags> is an optional set of flags, which can be used to modify the verify
-operation.
-
-CMS_get0_signers() retrieves the signing certificate(s) from B<cms>, it may only
+CMS_get0_signers() retrieves the signing certificate(s) from I<cms>, it may only
be called after a successful CMS_verify() operation.
=head1 VERIFY PROCESS
Normally the verify process proceeds as follows.
-Initially some sanity checks are performed on B<cms>. The type of B<cms> must
+Initially some sanity checks are performed on I<cms>. The type of I<cms> must
be SignedData. There must be at least one signature on the data and if
-the content is detached B<indata> cannot be B<NULL>.
+the content is detached I<indata> cannot be NULL.
An attempt is made to locate all the signing certificate(s), first looking in
-the B<certs> parameter (if it is not NULL) and then looking in any
-certificates contained in the B<cms> structure itself. If any signing
-certificate cannot be located the operation fails.
+the I<certs> parameter (if it is not NULL) and then looking in any
+certificates contained in the I<cms> structure unless B<CMS_NOINTERN> is set.
+If any signing certificate cannot be located the operation fails.
-Each signing certificate is chain verified using the B<smimesign> purpose and
-the supplied trusted certificate store. Any internal certificates in the message
-are used as untrusted CAs. If CRL checking is enabled in B<store> any internal
-CRLs are used in addition to attempting to look them up in B<store>. If any
-chain verify fails an error code is returned.
+Each signing certificate is chain verified using the I<smimesign> purpose and
+using the trusted certificate store I<store> if supplied.
+Any internal certificates in the message, which may have been added using
+L<CMS_add1_cert(3)>, are used as untrusted CAs.
+If CRL checking is enabled in I<store> and B<CMS_NOCRL> is not set,
+any internal CRLs, which may have been added using L<CMS_add1_crl(3)>,
+are used in addition to attempting to look them up in I<store>.
+If I<store> is not NULL and any chain verify fails an error code is returned.
-Finally the signed content is read (and written to B<out> if it is not NULL)
-and the signature's checked.
+Finally the signed content is read (and written to I<out> unless it is NULL)
+and the signature is checked.
-If all signature's verify correctly then the function is successful.
+If all signatures verify correctly then the function is successful.
-Any of the following flags (ored together) can be passed in the B<flags>
+Any of the following flags (ored together) can be passed in the I<flags>
parameter to change the default verify behaviour.
If B<CMS_NOINTERN> is set the certificates in the message itself are not
-searched when locating the signing certificate(s). This means that all the
-signing certificates must be in the B<certs> parameter.
+searched when locating the signing certificate(s).
+This means that all the signing certificates must be in the I<certs> parameter.
-If B<CMS_NOCRL> is set and CRL checking is enabled in B<store> then any
+If B<CMS_NOCRL> is set and CRL checking is enabled in I<store> then any
CRLs in the message itself are ignored.
If the B<CMS_TEXT> flag is set MIME headers for type B<text/plain> are deleted
@@ -66,7 +74,7 @@
returned.
If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
-verified, unless CMS_CADES flag is also set.
+chain verified, unless B<CMS_CADES> flag is also set.
If B<CMS_NO_ATTR_VERIFY> is set the signed attributes signature is not
verified, unless CMS_CADES flag is also set.
@@ -81,20 +89,20 @@
One application of B<CMS_NOINTERN> is to only accept messages signed by
a small number of certificates. The acceptable certificates would be passed
-in the B<certs> parameter. In this case if the signer is not one of the
-certificates supplied in B<certs> then the verify will fail because the
+in the I<certs> parameter. In this case if the signer certificate is not one
+of the certificates supplied in I<certs> then the verify will fail because the
signer cannot be found.
In some cases the standard techniques for looking up and validating
certificates are not appropriate: for example an application may wish to
lookup certificates in a database or perform customised verification. This
-can be achieved by setting and verifying the signers certificates manually
+can be achieved by setting and verifying the signer certificates manually
using the signed data utility functions.
Care should be taken when modifying the default verify behaviour, for example
setting B<CMS_NO_CONTENT_VERIFY> will totally disable all content verification
and any modified content will be considered valid. This combination is however
-useful if one merely wishes to write the content to B<out> and its validity
+useful if one merely wishes to write the content to I<out> and its validity
is not considered important.
Chain verification should arguably be performed using the signing time rather
@@ -104,8 +112,7 @@
=head1 RETURN VALUES
-CMS_verify() returns 1 for a successful verification and zero if an error
-occurred.
+CMS_verify() returns 1 for a successful verification and 0 if an error occurred.
CMS_get0_signers() returns all signers or NULL if an error occurred.
@@ -113,8 +120,8 @@
=head1 BUGS
-The trusted certificate store is not searched for the signing certificate,
-this is primarily due to the inadequacies of the current B<X509_STORE>
+The trusted certificate store is not searched for the signing certificate.
+This is primarily due to the inadequacies of the current B<X509_STORE>
functionality.
The lack of single pass processing means that the signed content must all
@@ -122,12 +129,13 @@
=head1 SEE ALSO
+L<PKCS7_verify(3)>, L<CMS_add1_cert(3)>, L<CMS_add1_crl(3)>,
L<OSSL_ESS_check_signing_certs(3)>,
L<ERR_get_error(3)>, L<CMS_sign(3)>
=head1 COPYRIGHT
-Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man3/DEFINE_STACK_OF.pod openssl-3.0.7/doc/man3/DEFINE_STACK_OF.pod
--- openssl-openssl-3.0.6/doc/man3/DEFINE_STACK_OF.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man3/DEFINE_STACK_OF.pod 2022-11-01 15:14:36
@@ -229,6 +229,13 @@
STACK_OF(), DEFINE_STACK_OF(), DEFINE_STACK_OF_CONST(), and
DEFINE_SPECIAL_STACK_OF() are implemented as macros.
+It is not an error to call B<sk_I<TYPE>_num>(), B<sk_I<TYPE>_value>(),
+B<sk_I<TYPE>_free>(), B<sk_I<TYPE>_zero>(), B<sk_I<TYPE>_pop_free>(),
+B<sk_I<TYPE>_delete>(), B<sk_I<TYPE>_delete_ptr>(), B<sk_I<TYPE>_pop>(),
+B<sk_I<TYPE>_shift>(), B<sk_I<TYPE>_find>(), B<sk_I<TYPE>_find_ex>(),
+and B<sk_I<TYPE>_find_all>() on a NULL stack, empty stack, or with
+an invalid index. An error is not raised in these conditions.
+
The underlying utility B<OPENSSL_sk_> API should not be used directly.
It defines these functions: OPENSSL_sk_deep_copy(),
OPENSSL_sk_delete(), OPENSSL_sk_delete_ptr(), OPENSSL_sk_dup(),
@@ -290,7 +297,7 @@
=head1 COPYRIGHT
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man3/OPENSSL_init_crypto.pod openssl-3.0.7/doc/man3/OPENSSL_init_crypto.pod
--- openssl-openssl-3.0.6/doc/man3/OPENSSL_init_crypto.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man3/OPENSSL_init_crypto.pod 2022-11-01 15:14:36
@@ -82,7 +82,7 @@
With this option the library will automatically load and make available all
libcrypto digests. This option is a default option. Once selected subsequent
calls to OPENSSL_init_crypto() with the option
-B<OPENSSL_INIT_NO_ADD_ALL_CIPHERS> will be ignored.
+B<OPENSSL_INIT_NO_ADD_ALL_DIGESTS> will be ignored.
=item OPENSSL_INIT_NO_ADD_ALL_CIPHERS
@@ -289,7 +289,7 @@
=head1 COPYRIGHT
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man3/OSSL_PARAM_BLD.pod openssl-3.0.7/doc/man3/OSSL_PARAM_BLD.pod
--- openssl-openssl-3.0.6/doc/man3/OSSL_PARAM_BLD.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man3/OSSL_PARAM_BLD.pod 2022-11-01 15:14:36
@@ -134,10 +134,12 @@
Both examples creating an OSSL_PARAM array that contains an RSA key.
For both, the predefined key variables are:
- BIGNUM *p, *q; /* both prime */
- BIGNUM *n; /* = p * q */
- unsigned int e; /* exponent, usually 65537 */
- BIGNUM *d; /* e^-1 */
+ BIGNUM *n; /* modulus */
+ unsigned int e; /* public exponent */
+ BIGNUM *d; /* private exponent */
+ BIGNUM *p, *q; /* first two prime factors */
+ BIGNUM *dmp1, *dmq1; /* first two CRT exponents */
+ BIGNUM *iqmp; /* first CRT coefficient */
=head2 Example 1
@@ -148,11 +150,14 @@
OSSL_PARAM *params = NULL;
if (bld == NULL
- || !OSSL_PARAM_BLD_push_BN(bld, "p", p)
- || !OSSL_PARAM_BLD_push_BN(bld, "q", q)
- || !OSSL_PARAM_BLD_push_uint(bld, "e", e)
|| !OSSL_PARAM_BLD_push_BN(bld, "n", n)
+ || !OSSL_PARAM_BLD_push_uint(bld, "e", e)
|| !OSSL_PARAM_BLD_push_BN(bld, "d", d)
+ || !OSSL_PARAM_BLD_push_BN(bld, "rsa-factor1", p)
+ || !OSSL_PARAM_BLD_push_BN(bld, "rsa-factor2", q)
+ || !OSSL_PARAM_BLD_push_BN(bld, "rsa-exponent1", dmp1)
+ || !OSSL_PARAM_BLD_push_BN(bld, "rsa-exponent2", dmq1)
+ || !OSSL_PARAM_BLD_push_BN(bld, "rsa-coefficient1", iqmp)
|| (params = OSSL_PARAM_BLD_to_param(bld)) == NULL)
goto err;
OSSL_PARAM_BLD_free(bld);
@@ -170,7 +175,7 @@
if (nld == NULL
|| !OSSL_PARAM_BLD_push_BN(bld, "n", n)
- || !OSSL_PARAM_BLD_push_BN(bld, "e", e)
+ || !OSSL_PARAM_BLD_push_uint(bld, "e", e)
|| (params = OSSL_PARAM_BLD_to_param(bld)) == NULL)
goto err;
OSSL_PARAM_BLD_free(bld);
diff -u -r openssl-openssl-3.0.6/doc/man3/PKCS7_sign.pod openssl-3.0.7/doc/man3/PKCS7_sign.pod
--- openssl-openssl-3.0.6/doc/man3/PKCS7_sign.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man3/PKCS7_sign.pod 2022-11-01 15:14:36
@@ -18,28 +18,28 @@
=head1 DESCRIPTION
PKCS7_sign_ex() creates and returns a PKCS#7 signedData structure.
-I<igncert> is the certificate to sign with, Ipkey> is the corresponding
-private key. I<certs> is an optional additional set of certificates to include
-in the PKCS#7 structure (for example any intermediate CAs in the chain). The
-library context I<libctx> and property query I<propq> are used when
+I<signcert> is the certificate to sign with, I<pkey> is the corresponding
+private key. I<certs> is an optional set of extra certificates to include
+in the PKCS#7 structure (for example any intermediate CAs in the chain).
+The library context I<libctx> and property query I<propq> are used when
retrieving algorithms from providers.
-The data to be signed is read from BIO B<data>.
+The data to be signed is read from BIO I<data>.
-B<flags> is an optional set of flags.
+I<flags> is an optional set of flags.
-Any of the following flags (ored together) can be passed in the B<flags>
+Any of the following flags (ored together) can be passed in the I<flags>
parameter.
Many S/MIME clients expect the signed content to include valid MIME headers. If
-the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+the B<PKCS7_TEXT> flag is set MIME headers for type C<text/plain> are prepended
to the data.
-If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
-PKCS7 structure, the signer's certificate must still be supplied in the
-B<signcert> parameter though. This can reduce the size of the signature if the
-signers certificate can be obtained by other means: for example a previously
-signed message.
+If B<PKCS7_NOCERTS> is set the signer's certificate and the extra I<certs>
+will not be included in the PKCS7 structure.
+The signer's certificate must still be supplied in the I<signcert> parameter
+though. This can reduce the size of the signatures if the signer's certificates
+can be obtained by other means: for example a previously signed message.
The data being signed is included in the PKCS7 structure, unless
B<PKCS7_DETACHED> is set in which case it is omitted. This is used for PKCS7
@@ -63,7 +63,7 @@
If the flags B<PKCS7_STREAM> is set then the returned B<PKCS7> structure is
just initialized ready to perform the signing operation. The signing is however
-B<not> performed and the data to be signed is not read from the B<data>
+B<not> performed and the data to be signed is not read from the I<data>
parameter. Signing is deferred until after the data has been written. In this
way data can be signed in a single pass.
@@ -82,20 +82,21 @@
If a signer is specified it will use the default digest for the signing
algorithm. This is B<SHA1> for both RSA and DSA keys.
-The B<certs>, B<signcert> and B<pkey> parameters can all be
-B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
+The I<certs>, I<signcert> and I<pkey> parameters can all be
+NULL if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
using the function PKCS7_sign_add_signer(). PKCS7_final() must also be
called to finalize the structure if streaming is not enabled. Alternative
signing digests can also be specified using this method.
-If B<signcert> and B<pkey> are NULL then a certificates only
+If I<signcert> and I<pkey> are NULL then a certificates only
PKCS#7 structure is output.
-In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must
-B<NOT> be NULL.
+In versions of OpenSSL before 1.0.0 the I<signcert> and I<pkey> parameters must
+not be NULL.
-PKCS7_sign() is similar to PKCS7_sign_ex() but uses default values of
+PKCS7_sign() is like PKCS7_sign_ex() except that it uses default values of
NULL for the library context I<libctx> and the property query I<propq>.
+This is retained for API backward compatibiliy.
=head1 BUGS
@@ -114,14 +115,14 @@
The function PKCS7_sign_ex() was added in OpenSSL 3.0.
-The B<PKCS7_PARTIAL> flag, and the ability for B<certs>, B<signcert>,
-and B<pkey> parameters to be B<NULL> were added in OpenSSL 1.0.0.
+The B<PKCS7_PARTIAL> flag, and the ability for I<certs>, I<signcert>,
+and I<pkey> parameters to be NULL were added in OpenSSL 1.0.0.
The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0.
=head1 COPYRIGHT
-Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man3/PKCS7_sign_add_signer.pod openssl-3.0.7/doc/man3/PKCS7_sign_add_signer.pod
--- openssl-openssl-3.0.6/doc/man3/PKCS7_sign_add_signer.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man3/PKCS7_sign_add_signer.pod 2022-11-01 15:14:36
@@ -2,7 +2,8 @@
=head1 NAME
-PKCS7_sign_add_signer - add a signer PKCS7 signed data structure
+PKCS7_sign_add_signer,
+PKCS7_add_certificate, PKCS7_add_crl - add information to PKCS7 structure
=head1 SYNOPSIS
@@ -10,22 +11,22 @@
PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
EVP_PKEY *pkey, const EVP_MD *md, int flags);
+ int PKCS7_add_certificate(PKCS7 *p7, X509 *cert);
+ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl);
-
=head1 DESCRIPTION
-PKCS7_sign_add_signer() adds a signer with certificate B<signcert> and private
-key B<pkey> using message digest B<md> to a PKCS7 signed data structure
-B<p7>.
+PKCS7_sign_add_signer() adds a signer with certificate I<signcert> and private
+key I<pkey> using message digest I<md> to a PKCS7 signed data structure I<p7>.
-The PKCS7 structure should be obtained from an initial call to PKCS7_sign()
-with the flag B<PKCS7_PARTIAL> set or in the case or re-signing a valid PKCS7
+The B<PKCS7> structure should be obtained from an initial call to PKCS7_sign()
+with the flag B<PKCS7_PARTIAL> set or in the case or re-signing a valid PKCS#7
signed data structure.
-If the B<md> parameter is B<NULL> then the default digest for the public
+If the I<md> parameter is NULL then the default digest for the public
key algorithm will be used.
-Unless the B<PKCS7_REUSE_DIGEST> flag is set the returned PKCS7 structure
+Unless the B<PKCS7_REUSE_DIGEST> flag is set the returned B<PKCS7> structure
is not complete and must be finalized either by streaming (if applicable) or
a call to PKCS7_final().
@@ -37,13 +38,13 @@
not appropriate. For example if multiple signers or non default digest
algorithms are needed.
-Any of the following flags (ored together) can be passed in the B<flags>
+Any of the following flags (ored together) can be passed in the I<flags>
parameter.
If B<PKCS7_REUSE_DIGEST> is set then an attempt is made to copy the content
-digest value from the PKCS7 structure: to add a signer to an existing structure.
+digest value from the B<PKCS7> structure: to add a signer to an existing structure.
An error occurs if a matching digest value cannot be found to copy. The
-returned PKCS7 structure will be valid and finalized when this flag is set.
+returned B<PKCS7> structure will be valid and finalized when this flag is set.
If B<PKCS7_PARTIAL> is set in addition to B<PKCS7_REUSE_DIGEST> then the
B<PKCS7_SIGNER_INO> structure will not be finalized so additional attributes
@@ -51,8 +52,8 @@
needed to finalize it.
If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
-PKCS7 structure, the signer's certificate must still be supplied in the
-B<signcert> parameter though. This can reduce the size of the signature if the
+B<PKCS7> structure, the signer's certificate must still be supplied in the
+I<signcert> parameter though. This can reduce the size of the signature if the
signers certificate can be obtained by other means: for example a previously
signed message.
@@ -66,20 +67,32 @@
algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
these algorithms is disabled then it will not be included.
-
-PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
-structure just added, this can be used to set additional attributes
+PKCS7_sign_add_signers() returns an internal pointer to the B<PKCS7_SIGNER_INFO>
+structure just added, which can be used to set additional attributes
before it is finalized.
+PKCS7_add_certificate() adds to the B<PKCS7> structure I<p7> the certificate
+I<cert>, which may be an end-entity (signer) certificate
+or a CA certificate useful for chain building.
+This is done internally by L<PKCS7_sign_ex(3)> and similar signing functions.
+It may have to be used before calling L<PKCS7_verify(3)>
+in order to provide any missing certificate(s) needed for verification.
+
+PKCS7_add_crl() adds the CRL I<crl> to the B<PKCS7> structure I<p7>.
+This may be called to provide certificate status information
+to be included when signing or to use when verifying the B<PKCS7> structure.
+
=head1 RETURN VALUES
-PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO
+PKCS7_sign_add_signers() returns an internal pointer to the B<PKCS7_SIGNER_INFO>
structure just added or NULL if an error occurs.
+PKCS7_add_certificate() and PKCS7_add_crl() return 1 on success, 0 on error.
+
=head1 SEE ALSO
-L<ERR_get_error(3)>, L<PKCS7_sign(3)>,
-L<PKCS7_final(3)>,
+L<ERR_get_error(3)>, L<PKCS7_sign_ex(3)>,
+L<PKCS7_final(3)>, L<PKCS7_verify(3)>
=head1 HISTORY
@@ -87,7 +100,7 @@
=head1 COPYRIGHT
-Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man3/PKCS7_verify.pod openssl-3.0.7/doc/man3/PKCS7_verify.pod
--- openssl-openssl-3.0.6/doc/man3/PKCS7_verify.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man3/PKCS7_verify.pod 2022-11-01 15:14:36
@@ -15,64 +15,76 @@
=head1 DESCRIPTION
-PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
-structure to verify. B<certs> is a set of certificates in which to search for
-the signer's certificate. B<store> is a trusted certificate store (used for
-chain verification). B<indata> is the signed data if the content is not
-present in B<p7> (that is it is detached). The content is written to B<out>
-if it is not NULL.
+PKCS7_verify() is very similar to L<CMS_verify(3)>.
+It verifies a PKCS#7 signedData structure given in I<p7>.
+The optional I<certs> parameter refers to a set of certificates
+in which to search for signer's certificates.
+I<p7> may contain extra untrusted CA certificates that may be used for
+chain building as well as CRLs that may be used for certificate validation.
+I<store> may be NULL or point to
+the trusted certificate store to use for chain verification.
+I<indata> refers to the signed data if the content is detached from I<p7>.
+Otherwise I<indata> should be NULL, and then the signed data must be in I<p7>.
+The content is written to the BIO I<out> unless it is NULL.
+I<flags> is an optional set of flags, which can be used to modify the operation.
-B<flags> is an optional set of flags, which can be used to modify the verify
-operation.
+PKCS7_get0_signers() retrieves the signer's certificates from I<p7>, it does
+B<not> check their validity or whether any signatures are valid. The I<certs>
+and I<flags> parameters have the same meanings as in PKCS7_verify().
-PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
-B<not> check their validity or whether any signatures are valid. The B<certs>
-and B<flags> parameters have the same meanings as in PKCS7_verify().
-
=head1 VERIFY PROCESS
Normally the verify process proceeds as follows.
-Initially some sanity checks are performed on B<p7>. The type of B<p7> must
-be signedData. There must be at least one signature on the data and if
-the content is detached B<indata> cannot be B<NULL>. If the content is
-not detached and B<indata> is not B<NULL>, then the structure has both
+Initially some sanity checks are performed on I<p7>. The type of I<p7> must
+be SignedData. There must be at least one signature on the data and if
+the content is detached I<indata> cannot be NULL. If the content is
+not detached and I<indata> is not NULL then the structure has both
embedded and external content. To treat this as an error, use the flag
B<PKCS7_NO_DUAL_CONTENT>.
The default behavior allows this, for compatibility with older
versions of OpenSSL.
An attempt is made to locate all the signer's certificates, first looking in
-the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates
-contained in the B<p7> structure itself. If any signer's certificates cannot be
-located the operation fails.
+the I<certs> parameter (if it is not NULL). Then they are looked up in any
+certificates contained in the I<p7> structure unless B<PKCS7_NOINTERN> is set.
+If any signer's certificates cannot be located the operation fails.
Each signer's certificate is chain verified using the B<smimesign> purpose and
-the supplied trusted certificate store. Any internal certificates in the message
-are used as untrusted CAs. If any chain verify fails an error code is returned.
+using the trusted certificate store I<store> if supplied.
+Any internal certificates in the message, which may have been added using
+L<PKCS7_add_certificate(3)>, are used as untrusted CAs unless B<PKCS7_NOCHAIN>
+is set.
+If CRL checking is enabled in I<store> and B<PKCS7_NOCRL> is not set,
+any internal CRLs, which may have been added using L<PKCS7_add_crl(3)>,
+are used in addition to attempting to look them up in I<store>.
+If I<store> is not NULL and any chain verify fails an error code is returned.
-Finally the signed content is read (and written to B<out> is it is not NULL) and
-the signature's checked.
+Finally the signed content is read (and written to I<out> unless it is NULL)
+and the signature is checked.
-If all signature's verify correctly then the function is successful.
+If all signatures verify correctly then the function is successful.
-Any of the following flags (ored together) can be passed in the B<flags> parameter
-to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
-meaningful to PKCS7_get0_signers().
+Any of the following flags (ored together) can be passed in the I<flags>
+parameter to change the default verify behaviour.
+Only the flag B<PKCS7_NOINTERN> is meaningful to PKCS7_get0_signers().
If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
-searched when locating the signer's certificate. This means that all the signers
-certificates must be in the B<certs> parameter.
+searched when locating the signer's certificates.
+This means that all the signer's certificates must be in the I<certs> parameter.
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
-from the content. If the content is not of type B<text/plain> then an error is
+If B<PKCS7_NOCRL> is set and CRL checking is enabled in I<store> then any
+CRLs in the message itself are ignored.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type C<text/plain> are deleted
+from the content. If the content is not of type C<text/plain> then an error is
returned.
If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
not used as untrusted CAs. This means that the whole verify chain (apart from
-the signer's certificate) must be contained in the trusted store.
+the signer's certificates) must be contained in the trusted store.
If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
@@ -80,46 +92,46 @@
One application of B<PKCS7_NOINTERN> is to only accept messages signed by
a small number of certificates. The acceptable certificates would be passed
-in the B<certs> parameter. In this case if the signer is not one of the
-certificates supplied in B<certs> then the verify will fail because the
+in the I<certs> parameter. In this case if the signer's certificate is not one
+of the certificates supplied in I<certs> then the verify will fail because the
signer cannot be found.
Care should be taken when modifying the default verify behaviour, for example
setting C<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification
and any signed message will be considered valid. This combination is however
-useful if one merely wishes to write the content to B<out> and its validity
+useful if one merely wishes to write the content to I<out> and its validity
is not considered important.
-Chain verification should arguably be performed using the signing time rather
+Chain verification should arguably be performed using the signing time rather
than the current time. However, since the signing time is supplied by the
signer it cannot be trusted without additional evidence (such as a trusted
timestamp).
=head1 RETURN VALUES
-PKCS7_verify() returns one for a successful verification and zero
-if an error occurs.
+PKCS7_verify() returns 1 for a successful verification and 0 if an error occurs.
-PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
+PKCS7_get0_signers() returns all signers or NULL if an error occurred.
-The error can be obtained from L<ERR_get_error(3)>
+The error can be obtained from L<ERR_get_error(3)>.
=head1 BUGS
-The trusted certificate store is not searched for the signers certificate,
-this is primarily due to the inadequacies of the current B<X509_STORE>
+The trusted certificate store is not searched for the signer's certificates.
+This is primarily due to the inadequacies of the current B<X509_STORE>
functionality.
-The lack of single pass processing and need to hold all data in memory as
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
+The lack of single pass processing means that the signed content must all
+be held in memory if it is not detached.
=head1 SEE ALSO
+L<CMS_verify(3)>, L<PKCS7_add_certificate(3)>, L<PKCS7_add_crl(3)>,
L<ERR_get_error(3)>, L<PKCS7_sign(3)>
=head1 COPYRIGHT
-Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man7/EVP_CIPHER-AES.pod openssl-3.0.7/doc/man7/EVP_CIPHER-AES.pod
--- openssl-openssl-3.0.6/doc/man7/EVP_CIPHER-AES.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man7/EVP_CIPHER-AES.pod 2022-11-01 15:14:36
@@ -27,7 +27,7 @@
=item "AES-128-ECB", "AES-192-ECB" and "AES-256-ECB"
-=item "AES-192-OCB", "AES-128-OCB" and "AES-256-OCB"
+=item "AES-192-OFB", "AES-128-OFB" and "AES-256-OFB"
=item "AES-128-SIV", "AES-192-SIV" and "AES-256-SIV"
@@ -52,7 +52,7 @@
=over 4
-=item "AES-128-OFB", "AES-192-OFB" and "AES-256-OFB"
+=item "AES-128-OCB", "AES-192-OCB" and "AES-256-OCB"
=back
@@ -67,7 +67,7 @@
=head1 COPYRIGHT
-Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man7/EVP_MD-RIPEMD160.pod openssl-3.0.7/doc/man7/EVP_MD-RIPEMD160.pod
--- openssl-openssl-3.0.6/doc/man7/EVP_MD-RIPEMD160.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man7/EVP_MD-RIPEMD160.pod 2022-11-01 15:14:36
@@ -10,7 +10,7 @@
=head2 Identities
-This implementation is only available with the legacy provider, and is
+This implementation is available in both the default and legacy providers, and is
identified with any of the names "RIPEMD-160", "RIPEMD160", "RIPEMD" and
"RMD160".
@@ -23,9 +23,13 @@
L<provider-digest(7)>, L<OSSL_PROVIDER-default(7)>
+=head1 HISTORY
+
+This digest was added to the default provider in OpenSSL 3.0.7.
+
=head1 COPYRIGHT
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff -u -r openssl-openssl-3.0.6/doc/man7/OSSL_PROVIDER-default.pod openssl-3.0.7/doc/man7/OSSL_PROVIDER-default.pod
--- openssl-openssl-3.0.6/doc/man7/OSSL_PROVIDER-default.pod 2022-10-11 14:39:09
+++ openssl-3.0.7/doc/man7/OSSL_PROVIDER-default.pod 2022-11-01 15:14:36
@@ -69,6 +69,8 @@
=item MD5-SHA1, see L<EVP_MD-MD5-SHA1(7)>
+=item RIPEMD160, see L<EVP_MD-RIPEMD160(7)>
+
=back
=head2 Symmetric Ciphers
@@ -240,6 +242,10 @@
L<openssl-core.h(7)>, L<openssl-core_dispatch.h(7)>, L<provider(7)>,
L<OSSL_PROVIDER-base(7)>
+
+=head1 HISTORY
+
+The RIPEMD160 digest was added to the default provider in OpenSSL 3.0.7.
=head1 COPYRIGHT
diff -u -r openssl-openssl-3.0.6/include/openssl/err.h.in openssl-3.0.7/include/openssl/err.h.in
--- openssl-openssl-3.0.6/include/openssl/err.h.in 2022-10-11 14:39:09
+++ openssl-3.0.7/include/openssl/err.h.in 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -325,15 +325,27 @@
# define ERR_R_DSA_LIB (ERR_LIB_DSA/* 10 */ | ERR_RFLAG_COMMON)
# define ERR_R_X509_LIB (ERR_LIB_X509/* 11 */ | ERR_RFLAG_COMMON)
# define ERR_R_ASN1_LIB (ERR_LIB_ASN1/* 13 */ | ERR_RFLAG_COMMON)
+# define ERR_R_CONF_LIB (ERR_LIB_CONF/* 14 */ | ERR_RFLAG_COMMON)
# define ERR_R_CRYPTO_LIB (ERR_LIB_CRYPTO/* 15 */ | ERR_RFLAG_COMMON)
# define ERR_R_EC_LIB (ERR_LIB_EC/* 16 */ | ERR_RFLAG_COMMON)
+# define ERR_R_SSL_LIB (ERR_LIB_SSL/* 20 */ | ERR_RFLAG_COMMON)
# define ERR_R_BIO_LIB (ERR_LIB_BIO/* 32 */ | ERR_RFLAG_COMMON)
# define ERR_R_PKCS7_LIB (ERR_LIB_PKCS7/* 33 */ | ERR_RFLAG_COMMON)
# define ERR_R_X509V3_LIB (ERR_LIB_X509V3/* 34 */ | ERR_RFLAG_COMMON)
+# define ERR_R_PKCS12_LIB (ERR_LIB_PKCS12/* 35 */ | ERR_RFLAG_COMMON)
+# define ERR_R_RAND_LIB (ERR_LIB_RAND/* 36 */ | ERR_RFLAG_COMMON)
+# define ERR_R_DSO_LIB (ERR_LIB_DSO/* 37 */ | ERR_RFLAG_COMMON)
# define ERR_R_ENGINE_LIB (ERR_LIB_ENGINE/* 38 */ | ERR_RFLAG_COMMON)
# define ERR_R_UI_LIB (ERR_LIB_UI/* 40 */ | ERR_RFLAG_COMMON)
# define ERR_R_ECDSA_LIB (ERR_LIB_ECDSA/* 42 */ | ERR_RFLAG_COMMON)
# define ERR_R_OSSL_STORE_LIB (ERR_LIB_OSSL_STORE/* 44 */ | ERR_RFLAG_COMMON)
+# define ERR_R_CMS_LIB (ERR_LIB_CMS/* 46 */ | ERR_RFLAG_COMMON)
+# define ERR_R_TS_LIB (ERR_LIB_TS/* 47 */ | ERR_RFLAG_COMMON)
+# define ERR_R_CT_LIB (ERR_LIB_CT/* 50 */ | ERR_RFLAG_COMMON)
+# define ERR_R_PROV_LIB (ERR_LIB_PROV/* 57 */ | ERR_RFLAG_COMMON)
+# define ERR_R_ESS_LIB (ERR_LIB_ESS/* 54 */ | ERR_RFLAG_COMMON)
+# define ERR_R_CMP_LIB (ERR_LIB_CMP/* 58 */ | ERR_RFLAG_COMMON)
+# define ERR_R_OSSL_ENCODER_LIB (ERR_LIB_OSSL_ENCODER/* 59 */ | ERR_RFLAG_COMMON)
# define ERR_R_OSSL_DECODER_LIB (ERR_LIB_OSSL_DECODER/* 60 */ | ERR_RFLAG_COMMON)
/* Other common error codes, range 256..2^ERR_RFLAGS_OFFSET-1 */
diff -u -r openssl-openssl-3.0.6/providers/defltprov.c openssl-3.0.7/providers/defltprov.c
--- openssl-openssl-3.0.6/providers/defltprov.c 2022-10-11 14:39:09
+++ openssl-3.0.7/providers/defltprov.c 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
/*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -147,6 +147,10 @@
{ PROV_NAMES_MD5, "provider=default", ossl_md5_functions },
{ PROV_NAMES_MD5_SHA1, "provider=default", ossl_md5_sha1_functions },
#endif /* OPENSSL_NO_MD5 */
+
+#ifndef OPENSSL_NO_RMD160
+ { PROV_NAMES_RIPEMD_160, "provider=default", ossl_ripemd160_functions },
+#endif /* OPENSSL_NO_RMD160 */
{ PROV_NAMES_NULL, "provider=default", ossl_nullmd_functions },
{ NULL, NULL, NULL }
diff -u -r openssl-openssl-3.0.6/providers/fips/self_test_data.inc openssl-3.0.7/providers/fips/self_test_data.inc
--- openssl-openssl-3.0.6/providers/fips/self_test_data.inc 2022-10-11 14:39:09
+++ openssl-3.0.7/providers/fips/self_test_data.inc 2022-11-01 15:14:36
@@ -1270,11 +1270,11 @@
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e),
ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq),
- ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq),
+ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv),
ST_KAT_PARAM_END()
};
diff -u -r openssl-openssl-3.0.6/providers/fips-sources.checksums openssl-3.0.7/providers/fips-sources.checksums
--- openssl-openssl-3.0.6/providers/fips-sources.checksums 2022-10-11 14:39:09
+++ openssl-3.0.7/providers/fips-sources.checksums 2022-11-01 15:14:36
@@ -21,7 +21,7 @@
c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl
f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6 crypto/aes/asm/aesp8-ppc.pl
e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl
-1b0c52e693d040e6f80d7c7abddd157ce96fe282a8f02dfad16eceab9a5a8930 crypto/aes/asm/aesv8-armx.pl
+90d53250761de35280f57463855b1a41403c68dfe22771b2f622c5c9b3418eb4 crypto/aes/asm/aesv8-armx.pl
15cf92ba0ea6fb216c75bb0c134fa1e1b4159a3f9d3c571b2a8319252c4ae633 crypto/aes/asm/bsaes-armv7.pl
0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl
1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196 crypto/aes/asm/vpaes-armv8.pl
@@ -97,7 +97,7 @@
24e62baa56e02f2db6454e10168b7c7fa7638db9221b9acda1803d43f38f36e0 crypto/bn/bn_word.c
be27115efd36f0077a3ec26b1ff1f586b0b8969ba05d8ffa34b2ff4badf227bf crypto/bn/rsaz_exp.c
c4d64da1cdc732ea918fccd6a7bb2746b03365dd26f7ba1e74e08c307ca4c58e crypto/bn/rsaz_exp.h
-933eec28f16b82d3ef56fe01e99b81d7b40cf49caecee4fa4a69389ea101dc4f crypto/bn/rsaz_exp_x2.c
+d231fa689f53994616b9ef1f661e4f90333184deae324d5d4a218aad891c500d crypto/bn/rsaz_exp_x2.c
834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c
c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c
0e1a41a2d81b5765bca3df448f60bf1fad91e485fe89dd65a7300ffc419e316d crypto/cmac/cmac.c
@@ -256,7 +256,7 @@
921305e62749aec22da4843738bee3448b61e7e30d5309beddc7141ad07a8004 crypto/property/property_parse.c
a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c
065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c
-8011647732a08befb15438220d651c36f681911ca9b304c2c601596cfaf6888b crypto/provider_core.c
+9653ec9c1476350a94b9cc7f8be3d99961fd803870c9ac03315298d2909a6a8e crypto/provider_core.c
d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h
5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c
4e6b7d1d8278067c18bcb5e3ac9b7fe7e9b1d0d03bc5a276275483f541d1a12c crypto/rand/rand_lib.c
@@ -329,7 +329,7 @@
8038a5a97f826f519424db634be5b082b3f7eca3ccb89875ca40fa6bd7dfdcfd crypto/sha/sha512.c
6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea crypto/sha/sha_local.h
c50c584c55e56347bb43aca4b796b5344d70daece3061f586b79c871c21f5d1a crypto/sparse_array.c
-025b3df75cd37222ae4b3d4e8f46af5584909890dbeb1c2b0776ae2bb900de9a crypto/stack/stack.c
+8da78169fa8c09dc3c29c9bf1602b22e88c5eac4815e274ba1864c166e31584b crypto/stack/stack.c
7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c
a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c
2637a8727dee790812b000f2e02b336f7907949df633dda72938bbaafdb204fe crypto/threads_pthread.c
@@ -416,7 +416,7 @@
dad1943d309aaadb800be4a3056096abec611d81982b83c601b482405e11d5c0 include/openssl/ecerr.h
61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h
69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h
-0bb50eda4fe2600c20779d5e3c49668cf2dd8f295104549a33e57bc95a9219eb include/openssl/err.h.in
+c6ee8f17d7252bdd0807a124dc6d50a95c32c04e17688b7c2e061998570b7028 include/openssl/err.h.in
12ec111c0e22581e0169be5e1838353a085fb51e3042ef59a7db1cee7da73c5b include/openssl/evp.h
5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h
5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h
@@ -485,7 +485,7 @@
0f761a26c8fa6ad8d5a15c817afe1741352b21769b2164a2eb7dd50e1f6fe04f providers/fips/fipsprov.c
52b48aece6aa3592593c94b53326410c75efb95ac480697ce414679446b49943 providers/fips/self_test.c
f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h
-5b3379a3d382c4dad37841dbd58b77ed5ff712b0a37c485771b828fa9b39c351 providers/fips/self_test_data.inc
+d3c95c9c6cc4e3b1a5e4b2bfb2ae735a4109d763bcda7b1e9b8f9eb253f79820 providers/fips/self_test_data.inc
629f619ad055723e42624230c08430a3ef53e17ab405dc0fd35499e9ca4e389c providers/fips/self_test_kats.c
6b082c1af446ef9a2bfe68a9ee4362dfa4f1f09f975f11f9ba2e5010493039c6 providers/implementations/asymciphers/rsa_enc.c
4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c
diff -u -r openssl-openssl-3.0.6/providers/fips.checksum openssl-3.0.7/providers/fips.checksum
--- openssl-openssl-3.0.6/providers/fips.checksum 2022-10-11 14:39:09
+++ openssl-3.0.7/providers/fips.checksum 2022-11-01 15:14:36
@@ -1 +1 @@
-49b12ae1180f48918c38d9f71ab714a9707c61fec7f2efa374c97c22a79cc47d providers/fips-sources.checksums
+674597de1e7bfa5782d42c044d5475e6fd473c737008a297e8e90746eafb97d9 providers/fips-sources.checksums
diff -u -r openssl-openssl-3.0.6/providers/implementations/digests/build.info openssl-3.0.7/providers/implementations/digests/build.info
--- openssl-openssl-3.0.6/providers/implementations/digests/build.info 2022-10-11 14:39:09
+++ openssl-3.0.7/providers/implementations/digests/build.info 2022-11-01 15:14:36
@@ -15,7 +15,11 @@
$MD4_GOAL=../../liblegacy.a
$MDC2_GOAL=../../liblegacy.a
$WHIRLPOOL_GOAL=../../liblegacy.a
-$RIPEMD_GOAL=../../liblegacy.a
+IF[{- !$disabled{module} -}]
+ $RIPEMD_GOAL=../../libdefault.a ../../liblegacy.a
+ELSE
+ $RIPEMD_GOAL=../../libdefault.a
+ENDIF
# This source is common for all digests in all our providers.
SOURCE[$COMMON_GOAL]=digestcommon.c
diff -u -r openssl-openssl-3.0.6/providers/implementations/rands/seeding/rand_vms.c openssl-3.0.7/providers/implementations/rands/seeding/rand_vms.c
--- openssl-openssl-3.0.6/providers/implementations/rands/seeding/rand_vms.c 2022-10-11 14:39:09
+++ openssl-3.0.7/providers/implementations/rands/seeding/rand_vms.c 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -474,34 +474,6 @@
return ossl_rand_pool_entropy_available(pool);
}
-int ossl_pool_add_nonce_data(RAND_POOL *pool)
-{
- struct {
- pid_t pid;
- CRYPTO_THREAD_ID tid;
- unsigned __int64 time;
- } data;
-
- /* Erase the entire structure including any padding */
- memset(&data, 0, sizeof(data));
-
- /*
- * Add process id, thread id, and a high resolution timestamp
- * (where available, which is OpenVMS v8.4 and up) to ensure that
- * the nonce is unique with high probability for different process
- * instances.
- */
- data.pid = getpid();
- data.tid = CRYPTO_THREAD_get_current_id();
-#if __CRTL_VER >= 80400000
- sys$gettim_prec(&data.time);
-#else
- sys$gettim((void*)&data.time);
-#endif
-
- return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
-}
-
/*
* SYS$GET_ENTROPY METHOD
* ======================
@@ -575,28 +547,56 @@
return data_collect_method(pool);
}
-
-int ossl_rand_pool_add_additional_data(RAND_POOL *pool)
+int ossl_pool_add_nonce_data(RAND_POOL *pool)
{
+ /*
+ * Two variables to ensure that two nonces won't ever be the same
+ */
+ static unsigned __int64 last_time = 0;
+ static unsigned __int32 last_seq = 0;
+
struct {
+ pid_t pid;
CRYPTO_THREAD_ID tid;
unsigned __int64 time;
+ unsigned __int32 seq;
} data;
/* Erase the entire structure including any padding */
memset(&data, 0, sizeof(data));
/*
- * Add some noise from the thread id and a high resolution timer.
- * The thread id adds a little randomness if the drbg is accessed
- * concurrently (which is the case for the <master> drbg).
+ * Add process id, thread id, a timestamp, and a sequence number in case
+ * the same time stamp is repeated, to ensure that the nonce is unique
+ * with high probability for different process instances.
+ *
+ * The normal OpenVMS time is specified to be high granularity (100ns),
+ * but the time update granularity given by sys$gettim() may be lower.
+ *
+ * OpenVMS version 8.4 (which is the latest for Alpha and Itanium) and
+ * on have sys$gettim_prec() as well, which is supposedly having a better
+ * time update granularity, but tests on Itanium (and even Alpha) have
+ * shown that compared with sys$gettim(), the difference is marginal,
+ * so of very little significance in terms of entropy.
+ * Given that, and that it's a high ask to expect everyone to have
+ * upgraded to OpenVMS version 8.4, only sys$gettim() is used, and a
+ * sequence number is added as well, in case sys$gettim() returns the
+ * same time value more than once.
+ *
+ * This function is assumed to be called under thread lock, and does
+ * therefore not take concurrency into account.
*/
+ data.pid = getpid();
data.tid = CRYPTO_THREAD_get_current_id();
-#if __CRTL_VER >= 80400000
- sys$gettim_prec(&data.time);
-#else
+ data.seq = 0;
sys$gettim((void*)&data.time);
-#endif
+
+ if (data.time == last_time) {
+ data.seq = ++last_seq;
+ } else {
+ last_time = data.time;
+ last_seq = 0;
+ }
return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
}
diff -u -r openssl-openssl-3.0.6/ssl/ssl_ciph.c openssl-3.0.7/ssl/ssl_ciph.c
--- openssl-openssl-3.0.6/ssl/ssl_ciph.c 2022-10-11 14:39:09
+++ openssl-3.0.7/ssl/ssl_ciph.c 2022-11-01 15:14:36
@@ -1063,9 +1063,7 @@
* alphanumeric, so we call this an error.
*/
ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_COMMAND);
- retval = found = 0;
- l++;
- break;
+ return 0;
}
if (rule == CIPHER_SPECIAL) {
diff -u -r openssl-openssl-3.0.6/ssl/ssl_lib.c openssl-3.0.7/ssl/ssl_lib.c
--- openssl-openssl-3.0.6/ssl/ssl_lib.c 2022-10-11 14:39:09
+++ openssl-3.0.7/ssl/ssl_lib.c 2022-11-01 15:14:36
@@ -4987,8 +4987,7 @@
}
}
- while (sk_SCT_num(src) > 0) {
- sct = sk_SCT_pop(src);
+ while ((sct = sk_SCT_pop(src)) != NULL) {
if (SCT_set_source(sct, origin) != 1)
goto err;
diff -u -r openssl-openssl-3.0.6/ssl/statem/extensions_clnt.c openssl-3.0.7/ssl/statem/extensions_clnt.c
--- openssl-openssl-3.0.6/ssl/statem/extensions_clnt.c 2022-10-11 14:39:09
+++ openssl-3.0.7/ssl/statem/extensions_clnt.c 2022-11-01 15:14:36
@@ -679,6 +679,10 @@
if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
continue;
+ if (!tls_valid_group(s, pgroups[i], TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, NULL))
+ continue;
+
curve_id = pgroups[i];
break;
}
@@ -1775,7 +1779,9 @@
break;
}
if (i >= num_groups
- || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
+ || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)
+ || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, NULL)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE);
return 0;
}
diff -u -r openssl-openssl-3.0.6/ssl/statem/extensions_srvr.c openssl-3.0.7/ssl/statem/extensions_srvr.c
--- openssl-openssl-3.0.6/ssl/statem/extensions_srvr.c 2022-10-11 14:39:09
+++ openssl-3.0.7/ssl/statem/extensions_srvr.c 2022-11-01 15:14:36
@@ -648,7 +648,14 @@
}
/* Check if this share is for a group we can use */
- if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) {
+ if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)
+ || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)
+ /*
+ * We tolerate but ignore a group id that we don't think is
+ * suitable for TLSv1.3
+ */
+ || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION,
+ 0, NULL)) {
/* Share not suitable */
continue;
}
diff -u -r openssl-openssl-3.0.6/ssl/statem/statem_srvr.c openssl-3.0.7/ssl/statem/statem_srvr.c
--- openssl-openssl-3.0.6/ssl/statem/statem_srvr.c 2022-10-11 14:39:09
+++ openssl-3.0.7/ssl/statem/statem_srvr.c 2022-11-01 15:14:36
@@ -3551,7 +3551,7 @@
}
X509_free(s->session->peer);
- s->session->peer = sk_X509_num(sk) == 0 ? NULL: sk_X509_shift(sk);
+ s->session->peer = sk_X509_shift(sk);
s->session->verify_result = s->verify_result;
sk_X509_pop_free(s->session->peer_chain, X509_free);
diff -u -r openssl-openssl-3.0.6/test/build.info openssl-3.0.7/test/build.info
--- openssl-openssl-3.0.6/test/build.info 2022-10-11 14:39:09
+++ openssl-3.0.7/test/build.info 2022-11-01 15:14:36
@@ -40,7 +40,7 @@
exptest pbetest localetest evp_pkey_ctx_new_from_name\
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
evp_fetch_prov_test evp_libctx_test ossl_store_test \
- v3nametest v3ext \
+ v3nametest v3ext punycode_test \
evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \
evp_fetch_prov_test v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test sparse_array_test \
@@ -289,6 +289,10 @@
SOURCE[pkcs7_test]=pkcs7_test.c
INCLUDE[pkcs7_test]=../include ../apps/include
DEPEND[pkcs7_test]=../libcrypto libtestutil.a
+
+ SOURCE[punycode_test]=punycode_test.c
+ INCLUDE[punycode_test]=../include ../apps/include
+ DEPEND[punycode_test]=../libcrypto.a libtestutil.a
SOURCE[stack_test]=stack_test.c
INCLUDE[stack_test]=../include ../apps/include
diff -u -r openssl-openssl-3.0.6/test/cmsapitest.c openssl-3.0.7/test/cmsapitest.c
--- openssl-openssl-3.0.6/test/cmsapitest.c 2022-10-11 14:39:09
+++ openssl-3.0.7/test/cmsapitest.c 2022-11-01 15:14:36
@@ -327,8 +327,6 @@
long buf_len = 0;
int ret = 0;
- ERR_clear_error();
-
if (!TEST_ptr(bio = BIO_new_file(derin, "r")))
goto end;
diff -u -r openssl-openssl-3.0.6/test/drbgtest.c openssl-3.0.7/test/drbgtest.c
--- openssl-openssl-3.0.6/test/drbgtest.c 2022-10-11 14:39:09
+++ openssl-3.0.7/test/drbgtest.c 2022-11-01 15:14:36
@@ -277,7 +277,7 @@
}
-#if defined(OPENSSL_SYS_UNIX)
+#if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_RAND_SEED_EGD)
/* number of children to fork */
#define DRBG_FORK_COUNT 9
/* two results per child, two for the parent */
@@ -895,7 +895,7 @@
int setup_tests(void)
{
ADD_TEST(test_rand_reseed);
-#if defined(OPENSSL_SYS_UNIX)
+#if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_RAND_SEED_EGD)
ADD_ALL_TESTS(test_rand_fork_safety, RANDOM_SIZE);
#endif
ADD_TEST(test_rand_prediction_resistance);
diff -u -r openssl-openssl-3.0.6/test/evp_extra_test2.c openssl-3.0.7/test/evp_extra_test2.c
--- openssl-openssl-3.0.6/test/evp_extra_test2.c 2022-10-11 14:39:09
+++ openssl-3.0.7/test/evp_extra_test2.c 2022-11-01 15:14:36
@@ -21,7 +21,9 @@
#include <openssl/pem.h>
#include <openssl/provider.h>
#include <openssl/rsa.h>
+#include <openssl/dh.h>
#include <openssl/core_names.h>
+
#include "testutil.h"
#include "internal/nelem.h"
diff -u -r openssl-openssl-3.0.6/test/helpers/ssltestlib.c openssl-3.0.7/test/helpers/ssltestlib.c
--- openssl-openssl-3.0.6/test/helpers/ssltestlib.c 2022-10-11 14:39:09
+++ openssl-3.0.7/test/helpers/ssltestlib.c 2022-11-01 15:14:36
@@ -350,8 +350,7 @@
unsigned int seq, offset, len, epoch;
BIO_clear_retry_flags(bio);
- if (sk_MEMPACKET_num(ctx->pkts) <= 0
- || (thispkt = sk_MEMPACKET_value(ctx->pkts, 0)) == NULL
+ if ((thispkt = sk_MEMPACKET_value(ctx->pkts, 0)) == NULL
|| thispkt->num != ctx->currpkt) {
/* Probably run out of data */
BIO_set_retry_read(bio);
@@ -521,9 +520,8 @@
ctx->lastpkt++;
do {
i++;
- if (i < sk_MEMPACKET_num(ctx->pkts)
- && (nextpkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL
- && nextpkt->num == ctx->lastpkt)
+ nextpkt = sk_MEMPACKET_value(ctx->pkts, i);
+ if (nextpkt != NULL && nextpkt->num == ctx->lastpkt)
ctx->lastpkt++;
else
return inl;
Only in openssl-3.0.7/test: punycode_test.c
Only in openssl-3.0.7/test/recipes: 04-test_punycode.t
diff -u -r openssl-openssl-3.0.6/test/recipes/30-test_evp_data/evpmd_ripemd.txt openssl-3.0.7/test/recipes/30-test_evp_data/evpmd_ripemd.txt
--- openssl-openssl-3.0.6/test/recipes/30-test_evp_data/evpmd_ripemd.txt 2022-10-11 14:39:09
+++ openssl-3.0.7/test/recipes/30-test_evp_data/evpmd_ripemd.txt 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
#
-# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -13,42 +13,42 @@
Title = RIPEMD160 tests
-Availablein = legacy
+Availablein = legacy default
Digest = RIPEMD160
Input = ""
Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31
-Availablein = legacy
+Availablein = legacy default
Digest = RIPEMD160
Input = "a"
Output = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
-Availablein = legacy
+Availablein = legacy default
Digest = RIPEMD160
Input = "abc"
Output = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
-Availablein = legacy
+Availablein = legacy default
Digest = RIPEMD160
Input = "message digest"
Output = 5d0689ef49d2fae572b881b123a85ffa21595f36
-Availablein = legacy
+Availablein = legacy default
Digest = RIPEMD160
Input = "abcdefghijklmnopqrstuvwxyz"
Output = f71c27109c692c1b56bbdceb5b9d2865b3708dbc
-Availablein = legacy
+Availablein = legacy default
Digest = RIPEMD160
Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
Output = 12a053384a9c0c88e405a06c27dcf49ada62eb2b
-Availablein = legacy
+Availablein = legacy default
Digest = RIPEMD160
Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
Output = b0e20b6e3116640286ed3a87a5713079b21f5189
-Availablein = legacy
+Availablein = legacy default
Digest = RIPEMD160
Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb
diff -u -r openssl-openssl-3.0.6/test/recipes/70-test_key_share.t openssl-3.0.7/test/recipes/70-test_key_share.t
--- openssl-openssl-3.0.6/test/recipes/70-test_key_share.t 2022-10-11 14:39:09
+++ openssl-3.0.7/test/recipes/70-test_key_share.t 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -25,7 +25,8 @@
ZERO_LEN_KEX_DATA => 9,
TRAILING_DATA => 10,
SELECT_X25519 => 11,
- NO_KEY_SHARES_IN_HRR => 12
+ NO_KEY_SHARES_IN_HRR => 12,
+ NON_TLS1_3_KEY_SHARE => 13
};
use constant {
@@ -85,7 +86,7 @@
$proxy->serverflags("-groups P-256");
}
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 22;
+plan tests => 23;
ok(TLSProxy::Message->success(), "Success after HRR");
#Test 2: The server sending an HRR requesting a group the client already sent
@@ -290,11 +291,27 @@
$proxy->start();
ok(TLSProxy::Message->fail(), "Server sends HRR with no key_shares");
+SKIP: {
+ skip "No EC support in this OpenSSL build", 1 if disabled("ec");
+ #Test 23: Trailing data on key_share in ServerHello should fail
+ $proxy->clear();
+ $direction = CLIENT_TO_SERVER;
+ $proxy->clientflags("-groups secp192r1:P-256:X25519");
+ $proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
+ $testtype = NON_TLS1_3_KEY_SHARE;
+ $proxy->start();
+ my $ishrr = defined ${$proxy->message_list}[2]
+ &&(${$proxy->message_list}[0]->mt == TLSProxy::Message::MT_CLIENT_HELLO)
+ && (${$proxy->message_list}[2]->mt == TLSProxy::Message::MT_CLIENT_HELLO);
+ ok(TLSProxy::Message->success() && $ishrr,
+ "Client sends a key_share for a Non TLSv1.3 group");
+}
+
sub modify_key_shares_filter
{
my $proxy = shift;
- # We're only interested in the initial ClientHello
+ # We're only interested in the initial ClientHello/SererHello/HRR
if (($direction == CLIENT_TO_SERVER && $proxy->flight != 0
&& ($proxy->flight != 1 || $testtype != NO_KEY_SHARES_IN_HRR))
|| ($direction == SERVER_TO_CLIENT && $proxy->flight != 1)) {
@@ -307,12 +324,19 @@
my $ext;
my $suppgroups;
- #Setup supported groups to include some unrecognised groups
- $suppgroups = pack "C8",
- 0x00, 0x06, #List Length
- 0xff, 0xfe, #Non existing group 1
- 0xff, 0xff, #Non existing group 2
- 0x00, 0x1d; #x25519
+ if ($testtype != NON_TLS1_3_KEY_SHARE) {
+ #Setup supported groups to include some unrecognised groups
+ $suppgroups = pack "C8",
+ 0x00, 0x06, #List Length
+ 0xff, 0xfe, #Non existing group 1
+ 0xff, 0xff, #Non existing group 2
+ 0x00, 0x1d; #x25519
+ } else {
+ $suppgroups = pack "C6",
+ 0x00, 0x04, #List Length
+ 0x00, 0x13,
+ 0x00, 0x1d; #x25519
+ }
if ($testtype == EMPTY_EXTENSION) {
$ext = pack "C2",
@@ -376,6 +400,13 @@
0x00, 0x17, #P-256
0x00, 0x01, #key_exchange data length
0xff; #Dummy key_share data
+ } elsif ($testtype == NON_TLS1_3_KEY_SHARE) {
+ $ext = pack "C6H98",
+ 0x00, 0x35, #List Length
+ 0x00, 0x13, #P-192
+ 0x00, 0x31, #key_exchange data length
+ "04EE3B38D1CB800A1A2B702FC8423599F2AC7161E175C865F8".
+ "3DAF78BCBAE561464E8144359BE70CB7989D28A2F43F8F2C"; #key_exchange data
}
if ($testtype != EMPTY_EXTENSION
@@ -383,7 +414,6 @@
$message->set_extension(
TLSProxy::Message::EXT_SUPPORTED_GROUPS, $suppgroups);
}
-
if ($testtype == MISSING_EXTENSION) {
$message->delete_extension(
TLSProxy::Message::EXT_KEY_SHARE);
diff -u -r openssl-openssl-3.0.6/test/recipes/95-test_external_pyca_data/cryptography.sh openssl-3.0.7/test/recipes/95-test_external_pyca_data/cryptography.sh
--- openssl-openssl-3.0.6/test/recipes/95-test_external_pyca_data/cryptography.sh 2022-10-11 14:39:09
+++ openssl-3.0.7/test/recipes/95-test_external_pyca_data/cryptography.sh 2022-11-01 15:14:36
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
# Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
@@ -39,22 +39,27 @@
rm -rf venv-cryptography
python -m venv venv-cryptography
. ./venv-cryptography/bin/activate
+# Upgrade pip to always have latest
+pip install -U pip
cd pyca-cryptography
-pip install .[test]
+echo "------------------------------------------------------------------"
+echo "Building cryptography and installing test requirements"
+echo "------------------------------------------------------------------"
+LDFLAGS="-L$O_LIB" CFLAGS="-I$O_BINC -I$O_SINC " pip install .[test]
pip install -e vectors
echo "------------------------------------------------------------------"
-echo "Building cryptography"
+echo "Print linked libraries"
echo "------------------------------------------------------------------"
-CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pip install .
+ldd $(find ../venv-cryptography/lib/ -iname '*.so')
+
echo "------------------------------------------------------------------"
echo "Running tests"
echo "------------------------------------------------------------------"
-
-CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pytest -n auto tests --wycheproof-root=../wycheproof
+pytest -n auto tests --wycheproof-root=../wycheproof
cd ../
deactivate
diff -u -r openssl-openssl-3.0.6/test/recordlentest.c openssl-3.0.7/test/recordlentest.c
--- openssl-openssl-3.0.6/test/recordlentest.c 2022-10-11 14:39:09
+++ openssl-3.0.7/test/recordlentest.c 2022-11-01 15:14:36
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -100,8 +100,6 @@
|| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK)
return 1;
#endif
-
- ERR_clear_error();
if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
TLS_client_method(),
diff -u -r openssl-openssl-3.0.6/test/ssl-tests/14-curves.cnf openssl-3.0.7/test/ssl-tests/14-curves.cnf
--- openssl-openssl-3.0.6/test/ssl-tests/14-curves.cnf 2022-10-11 14:39:09
+++ openssl-3.0.7/test/ssl-tests/14-curves.cnf 2022-11-01 15:14:36
@@ -1,6 +1,6 @@
# Generated with generate_ssl_tests.pl
-num_tests = 55
+num_tests = 80
test-0 = 0-curve-prime256v1
test-1 = 1-curve-secp384r1
@@ -32,31 +32,56 @@
test-27 = 27-curve-brainpoolP256r1
test-28 = 28-curve-brainpoolP384r1
test-29 = 29-curve-brainpoolP512r1
-test-30 = 30-curve-sect233k1-tls13
-test-31 = 31-curve-sect233r1-tls13
-test-32 = 32-curve-sect283k1-tls13
-test-33 = 33-curve-sect283r1-tls13
-test-34 = 34-curve-sect409k1-tls13
-test-35 = 35-curve-sect409r1-tls13
-test-36 = 36-curve-sect571k1-tls13
-test-37 = 37-curve-sect571r1-tls13
-test-38 = 38-curve-secp224r1-tls13
-test-39 = 39-curve-sect163k1-tls13
-test-40 = 40-curve-sect163r2-tls13
-test-41 = 41-curve-prime192v1-tls13
-test-42 = 42-curve-sect163r1-tls13
-test-43 = 43-curve-sect193r1-tls13
-test-44 = 44-curve-sect193r2-tls13
-test-45 = 45-curve-sect239k1-tls13
-test-46 = 46-curve-secp160k1-tls13
-test-47 = 47-curve-secp160r1-tls13
-test-48 = 48-curve-secp160r2-tls13
-test-49 = 49-curve-secp192k1-tls13
-test-50 = 50-curve-secp224k1-tls13
-test-51 = 51-curve-secp256k1-tls13
-test-52 = 52-curve-brainpoolP256r1-tls13
-test-53 = 53-curve-brainpoolP384r1-tls13
-test-54 = 54-curve-brainpoolP512r1-tls13
+test-30 = 30-curve-sect233k1-tls12-in-tls13
+test-31 = 31-curve-sect233r1-tls12-in-tls13
+test-32 = 32-curve-sect283k1-tls12-in-tls13
+test-33 = 33-curve-sect283r1-tls12-in-tls13
+test-34 = 34-curve-sect409k1-tls12-in-tls13
+test-35 = 35-curve-sect409r1-tls12-in-tls13
+test-36 = 36-curve-sect571k1-tls12-in-tls13
+test-37 = 37-curve-sect571r1-tls12-in-tls13
+test-38 = 38-curve-secp224r1-tls12-in-tls13
+test-39 = 39-curve-sect163k1-tls12-in-tls13
+test-40 = 40-curve-sect163r2-tls12-in-tls13
+test-41 = 41-curve-prime192v1-tls12-in-tls13
+test-42 = 42-curve-sect163r1-tls12-in-tls13
+test-43 = 43-curve-sect193r1-tls12-in-tls13
+test-44 = 44-curve-sect193r2-tls12-in-tls13
+test-45 = 45-curve-sect239k1-tls12-in-tls13
+test-46 = 46-curve-secp160k1-tls12-in-tls13
+test-47 = 47-curve-secp160r1-tls12-in-tls13
+test-48 = 48-curve-secp160r2-tls12-in-tls13
+test-49 = 49-curve-secp192k1-tls12-in-tls13
+test-50 = 50-curve-secp224k1-tls12-in-tls13
+test-51 = 51-curve-secp256k1-tls12-in-tls13
+test-52 = 52-curve-brainpoolP256r1-tls12-in-tls13
+test-53 = 53-curve-brainpoolP384r1-tls12-in-tls13
+test-54 = 54-curve-brainpoolP512r1-tls12-in-tls13
+test-55 = 55-curve-sect233k1-tls13
+test-56 = 56-curve-sect233r1-tls13
+test-57 = 57-curve-sect283k1-tls13
+test-58 = 58-curve-sect283r1-tls13
+test-59 = 59-curve-sect409k1-tls13
+test-60 = 60-curve-sect409r1-tls13
+test-61 = 61-curve-sect571k1-tls13
+test-62 = 62-curve-sect571r1-tls13
+test-63 = 63-curve-secp224r1-tls13
+test-64 = 64-curve-sect163k1-tls13
+test-65 = 65-curve-sect163r2-tls13
+test-66 = 66-curve-prime192v1-tls13
+test-67 = 67-curve-sect163r1-tls13
+test-68 = 68-curve-sect193r1-tls13
+test-69 = 69-curve-sect193r2-tls13
+test-70 = 70-curve-sect239k1-tls13
+test-71 = 71-curve-secp160k1-tls13
+test-72 = 72-curve-secp160r1-tls13
+test-73 = 73-curve-secp160r2-tls13
+test-74 = 74-curve-secp192k1-tls13
+test-75 = 75-curve-secp224k1-tls13
+test-76 = 76-curve-secp256k1-tls13
+test-77 = 77-curve-brainpoolP256r1-tls13
+test-78 = 78-curve-brainpoolP384r1-tls13
+test-79 = 79-curve-brainpoolP512r1-tls13
# ===========================================================
[0-curve-prime256v1]
@@ -929,676 +954,1426 @@
# ===========================================================
-[30-curve-sect233k1-tls13]
-ssl_conf = 30-curve-sect233k1-tls13-ssl
+[30-curve-sect233k1-tls12-in-tls13]
+ssl_conf = 30-curve-sect233k1-tls12-in-tls13-ssl
-[30-curve-sect233k1-tls13-ssl]
-server = 30-curve-sect233k1-tls13-server
-client = 30-curve-sect233k1-tls13-client
+[30-curve-sect233k1-tls12-in-tls13-ssl]
+server = 30-curve-sect233k1-tls12-in-tls13-server
+client = 30-curve-sect233k1-tls12-in-tls13-client
-[30-curve-sect233k1-tls13-server]
+[30-curve-sect233k1-tls12-in-tls13-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect233k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-curve-sect233k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect233k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[31-curve-sect233r1-tls12-in-tls13]
+ssl_conf = 31-curve-sect233r1-tls12-in-tls13-ssl
+
+[31-curve-sect233r1-tls12-in-tls13-ssl]
+server = 31-curve-sect233r1-tls12-in-tls13-server
+client = 31-curve-sect233r1-tls12-in-tls13-client
+
+[31-curve-sect233r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect233r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-curve-sect233r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect233r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[32-curve-sect283k1-tls12-in-tls13]
+ssl_conf = 32-curve-sect283k1-tls12-in-tls13-ssl
+
+[32-curve-sect283k1-tls12-in-tls13-ssl]
+server = 32-curve-sect283k1-tls12-in-tls13-server
+client = 32-curve-sect283k1-tls12-in-tls13-client
+
+[32-curve-sect283k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect283k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-curve-sect283k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect283k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[33-curve-sect283r1-tls12-in-tls13]
+ssl_conf = 33-curve-sect283r1-tls12-in-tls13-ssl
+
+[33-curve-sect283r1-tls12-in-tls13-ssl]
+server = 33-curve-sect283r1-tls12-in-tls13-server
+client = 33-curve-sect283r1-tls12-in-tls13-client
+
+[33-curve-sect283r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect283r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-curve-sect283r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect283r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[34-curve-sect409k1-tls12-in-tls13]
+ssl_conf = 34-curve-sect409k1-tls12-in-tls13-ssl
+
+[34-curve-sect409k1-tls12-in-tls13-ssl]
+server = 34-curve-sect409k1-tls12-in-tls13-server
+client = 34-curve-sect409k1-tls12-in-tls13-client
+
+[34-curve-sect409k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect409k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-curve-sect409k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect409k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[35-curve-sect409r1-tls12-in-tls13]
+ssl_conf = 35-curve-sect409r1-tls12-in-tls13-ssl
+
+[35-curve-sect409r1-tls12-in-tls13-ssl]
+server = 35-curve-sect409r1-tls12-in-tls13-server
+client = 35-curve-sect409r1-tls12-in-tls13-client
+
+[35-curve-sect409r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect409r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-curve-sect409r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect409r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[36-curve-sect571k1-tls12-in-tls13]
+ssl_conf = 36-curve-sect571k1-tls12-in-tls13-ssl
+
+[36-curve-sect571k1-tls12-in-tls13-ssl]
+server = 36-curve-sect571k1-tls12-in-tls13-server
+client = 36-curve-sect571k1-tls12-in-tls13-client
+
+[36-curve-sect571k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect571k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-curve-sect571k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect571k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[37-curve-sect571r1-tls12-in-tls13]
+ssl_conf = 37-curve-sect571r1-tls12-in-tls13-ssl
+
+[37-curve-sect571r1-tls12-in-tls13-ssl]
+server = 37-curve-sect571r1-tls12-in-tls13-server
+client = 37-curve-sect571r1-tls12-in-tls13-client
+
+[37-curve-sect571r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect571r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-curve-sect571r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect571r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[38-curve-secp224r1-tls12-in-tls13]
+ssl_conf = 38-curve-secp224r1-tls12-in-tls13-ssl
+
+[38-curve-secp224r1-tls12-in-tls13-ssl]
+server = 38-curve-secp224r1-tls12-in-tls13-server
+client = 38-curve-secp224r1-tls12-in-tls13-client
+
+[38-curve-secp224r1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = secp224r1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-curve-secp224r1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = secp224r1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[39-curve-sect163k1-tls12-in-tls13]
+ssl_conf = 39-curve-sect163k1-tls12-in-tls13-ssl
+
+[39-curve-sect163k1-tls12-in-tls13-ssl]
+server = 39-curve-sect163k1-tls12-in-tls13-server
+client = 39-curve-sect163k1-tls12-in-tls13-client
+
+[39-curve-sect163k1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect163k1:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-curve-sect163k1-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect163k1:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[40-curve-sect163r2-tls12-in-tls13]
+ssl_conf = 40-curve-sect163r2-tls12-in-tls13-ssl
+
+[40-curve-sect163r2-tls12-in-tls13-ssl]
+server = 40-curve-sect163r2-tls12-in-tls13-server
+client = 40-curve-sect163r2-tls12-in-tls13-client
+
+[40-curve-sect163r2-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = sect163r2:P-256
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-curve-sect163r2-tls12-in-tls13-client]
+CipherString = ECDHE@SECLEVEL=1
+Curves = sect163r2:P-256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+ExpectedTmpKeyType = P-256
+
+
+# ===========================================================
+
+[41-curve-prime192v1-tls12-in-tls13]
+ssl_conf = 41-curve-prime192v1-tls12-in-tls13-ssl
+
+[41-curve-prime192v1-tls12-in-tls13-ssl]
+server = 41-curve-prime192v1-tls12-in-tls13-server
+client = 41-curve-prime192v1-tls12-in-tls13-client
+
+[41-curve-prime192v1-tls12-in-tls13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT@SECLEVEL=1
+Curves = prim