From 90178926f3a2ccca93c11bc245f4265737260652 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 13 Oct 2023 22:30:31 +0200 Subject: [PATCH 01/24] PKCS7_SIGNER_INFO: point out confusing names of digest_enc_alg and enc_digest fields Reviewed-by: Viktor Dukhovni Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22390) (cherry picked from commit e15891b477fe9c3d3dc6f331812c9e8afc48dc05) Signed-off-by: fly2x --- include/openssl/pkcs7.h.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/pkcs7.h.in b/include/openssl/pkcs7.h.in index f5c55a3fbe..e53b9d3b08 100644 --- a/include/openssl/pkcs7.h.in +++ b/include/openssl/pkcs7.h.in @@ -57,8 +57,8 @@ typedef struct pkcs7_signer_info_st { PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *digest_alg; STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ - X509_ALGOR *digest_enc_alg; - ASN1_OCTET_STRING *enc_digest; + X509_ALGOR *digest_enc_alg; /* confusing name, actually used for signing */ + ASN1_OCTET_STRING *enc_digest; /* confusing name, actually signature */ STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ /* The private key to sign with */ EVP_PKEY *pkey; -- Gitee From ee7452f3e009d5363c4d81f114420ab694fff5f2 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 13 Oct 2023 22:39:25 +0200 Subject: [PATCH 02/24] CMS_add1_signer.pod: add missing info on CMS_SignerInfo_sign() return values Reviewed-by: Viktor Dukhovni Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22390) (cherry picked from commit 2c581eb2fd92e997dfe0761b086eb690271cefc2) Signed-off-by: fly2x --- doc/man3/CMS_add1_signer.pod | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/man3/CMS_add1_signer.pod b/doc/man3/CMS_add1_signer.pod index 800085b7b8..11afecb905 100644 --- a/doc/man3/CMS_add1_signer.pod +++ b/doc/man3/CMS_add1_signer.pod @@ -31,8 +31,8 @@ Unless the B flag is set the returned CMS_ContentInfo structure is not complete and must be finalized either by streaming (if applicable) or a call to CMS_final(). -The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo -structure, its main use is when B and B flags +The CMS_SignerInfo_sign() function explicitly signs a CMS_SignerInfo +structure, its main use is when the B and B flags are both set. =head1 NOTES @@ -90,6 +90,8 @@ before it is finalized. CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added or NULL if an error occurs. +CMS_SignerInfo_sign() returns 1 on success, 0 on failure. + =head1 SEE ALSO L, L, -- Gitee From 61e2fd3e2be8813b110ca3c161636a02ac75afca Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 13 Oct 2023 22:12:22 +0200 Subject: [PATCH 03/24] CMS_add1_signer(): add missing ERR_raise() calls Reviewed-by: Viktor Dukhovni Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22390) (cherry picked from commit 72a99ef665b26fa207c0eee6e7e4842d1e42752c) Signed-off-by: fly2x --- crypto/cms/cms_err.c | 4 +++- crypto/cms/cms_sd.c | 14 +++++++++++--- crypto/err/openssl.txt | 1 + include/openssl/cmserr.h | 3 ++- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c index dcbea201c8..4bd6a0dc1b 100644 --- a/crypto/cms/cms_err.c +++ b/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -154,6 +154,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { "unsupported recipientinfo type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), "unsupported recipient type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM), + "unsupported signature algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"}, diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 53c8e378f3..2093657a2a 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -354,11 +354,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (md == NULL) { int def_nid; - if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) + + if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) { + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; + } md = EVP_get_digestbynid(def_nid); if (md == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST); + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "default md nid=%d", def_nid); goto err; } } @@ -398,8 +403,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } } - if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) + if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) { + ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM, + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; + } if (!(flags & CMS_NOATTR)) { /* * Initialize signed attributes structure so other attributes diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a6f61ca3b0..e51504b7ab 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -375,6 +375,7 @@ CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\ CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type +CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM:195:unsupported signature algorithm CMS_R_UNSUPPORTED_TYPE:156:unsupported type CMS_R_UNWRAP_ERROR:157:unwrap error CMS_R_UNWRAP_FAILURE:180:unwrap failure diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index d48c2a4ab8..f2d7708f10 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -113,6 +113,7 @@ # define CMS_R_UNSUPPORTED_LABEL_SOURCE 193 # define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 # define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM 195 # define CMS_R_UNSUPPORTED_TYPE 156 # define CMS_R_UNWRAP_ERROR 157 # define CMS_R_UNWRAP_FAILURE 180 -- Gitee From 56275269e72e08ed46e77fb000e764f1297d419b Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 13 Oct 2023 22:27:31 +0200 Subject: [PATCH 04/24] EVP shake_ctrl(): add missing NULL evp_ctx check Reviewed-by: Viktor Dukhovni Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22390) (cherry picked from commit 410c80dc7bf2085167553ab9fa517189eed2b3a6) Signed-off-by: fly2x --- crypto/evp/legacy_sha.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c index 3859286eeb..0c2afc2900 100644 --- a/crypto/evp/legacy_sha.c +++ b/crypto/evp/legacy_sha.c @@ -71,7 +71,11 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) { - KECCAK1600_CTX *ctx = evp_ctx->md_data; + KECCAK1600_CTX *ctx; + + if (evp_ctx == NULL) + return 0; + ctx = evp_ctx->md_data; switch (cmd) { case EVP_MD_CTRL_XOF_LEN: -- Gitee From ad444bab325b1783fa3996143cf7ff6fcf4d35a5 Mon Sep 17 00:00:00 2001 From: James Muir Date: Tue, 10 Oct 2023 12:41:59 -0400 Subject: [PATCH 05/24] Update unix Makefile template to handle paths with spaces Fixes #4668 (on unix-like platforms) Testing: rm -rf "$HOME/tmp/beforespace afterspace" ./Configure -Werror --strict-warnings --prefix="$HOME/tmp/beforespace afterspace" make -j6 update make -j6 make install make test Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22386) (cherry picked from commit f4bc5568a973e640a70f416da37a030c25a38ebc) Signed-off-by: fly2x --- Configurations/unix-Makefile.tmpl | 294 +++++++++++++++--------------- 1 file changed, 147 insertions(+), 147 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 17e194f1ef..a48fae5fb8 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -614,28 +614,28 @@ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_de install_docs: install_man_docs install_html_docs uninstall_docs: uninstall_man_docs uninstall_html_docs - $(RM) -r $(DESTDIR)$(DOCDIR) + $(RM) -r "$(DESTDIR)$(DOCDIR)" {- output_off() if $disabled{fips}; "" -} install_fips: build_sw $(INSTALL_FIPSMODULECONF) @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)" @$(ECHO) "*** Installing FIPS module" @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" - @cp "$(INSTALL_FIPSMODULE)" $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new - @chmod 755 $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new - @mv -f $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new \ - $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) + @cp "$(INSTALL_FIPSMODULE)" "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" + @chmod 755 "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" + @mv -f "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new" \ + "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" @$(ECHO) "*** Installing FIPS module configuration" @$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" - @cp $(INSTALL_FIPSMODULECONF) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf + @cp $(INSTALL_FIPSMODULECONF) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" uninstall_fips: @$(ECHO) "*** Uninstalling FIPS module configuration" - $(RM) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf + $(RM) "$(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" @$(ECHO) "*** Uninstalling FIPS module" - $(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) + $(RM) "$(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" {- if ($disabled{fips}) { output_on(); } else { output_off(); } "" -} install_fips: @$(ECHO) "The 'install_fips' target requires the 'enable-fips' option" @@ -646,75 +646,75 @@ uninstall_fips: install_ssldirs: - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/certs" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/private" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(OPENSSLDIR)/misc" @set -e; for x in dummy $(MISC_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ x1=`echo "$$x" | cut -f1 -d:`; \ x2=`echo "$$x" | cut -f2 -d:`; \ fn=`basename $$x1`; \ $(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \ - $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \ + cp $$x1 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new"; \ + mv -f "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new" \ + "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ if [ "$$x1" != "$$x2" ]; then \ ln=`basename "$$x2"`; \ : {- output_off() unless windowsdll(); "" -}; \ $(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + cp "$(DESTDIR)$(OPENSSLDIR)/misc/$$fn" "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \ : {- output_on() unless windowsdll(); output_off() if windowsdll(); "" -}; \ $(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + ln -sf $$fn "$(DESTDIR)$(OPENSSLDIR)/misc/$$ln"; \ : {- output_on() if windowsdll(); "" -}; \ fi; \ done @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" - @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist + @cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" + @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" + @mv -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ - cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ + cp $(SRCDIR)/apps/openssl.cnf "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ + chmod 644 "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ fi @$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" - @cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist + @cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" + @chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" + @mv -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new" "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \ $(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ - cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ + cp $(SRCDIR)/apps/ct_log_list.cnf "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ + chmod 644 "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ fi install_dev: install_runtime_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @$(ECHO) "*** Installing development files" - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/include/openssl" @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @cp $(SRCDIR)/ms/applink.c "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" + @chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ $(ECHO) "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ - chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + cp $$i "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ + chmod 644 "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ done - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)" @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ $(ECHO) "install $$l -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$l $(DESTDIR)$(libdir)/$$fn.new; \ - $(RANLIB) $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 644 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ + cp $$l "$(DESTDIR)$(libdir)/$$fn.new"; \ + $(RANLIB) "$(DESTDIR)$(libdir)/$$fn.new"; \ + chmod 644 "$(DESTDIR)$(libdir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn.new" \ + "$(DESTDIR)$(libdir)/$$fn"; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -727,18 +727,18 @@ install_dev: install_runtime_libs : {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \ if [ "$$fn2" != "" ]; then \ $(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \ - ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \ + ln -sf $$fn1 "$(DESTDIR)$(libdir)/$$fn2"; \ fi; \ : {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \ if [ "$$fn3" != "" ]; then \ $(ECHO) "install $$s3 -> $(DESTDIR)$(libdir)/$$fn3"; \ - cp $$s3 $(DESTDIR)$(libdir)/$$fn3.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn3.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn3.new \ - $(DESTDIR)$(libdir)/$$fn3; \ + cp $$s3 "$(DESTDIR)$(libdir)/$$fn3.new"; \ + chmod 755 "$(DESTDIR)$(libdir)/$$fn3.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn3.new" \ + "$(DESTDIR)$(libdir)/$$fn3"; \ fi; \ : {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \ - a=$(DESTDIR)$(libdir)/$$fn2; \ + a="$(DESTDIR)$(libdir)/$$fn2"; \ $(ECHO) "install $$s1 -> $$a"; \ if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \ mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \ @@ -755,35 +755,35 @@ install_dev: install_runtime_libs : {- output_off() if sharedaix(); output_on(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)/pkgconfig" @$(ECHO) "install libcrypto.pc -> $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" - @cp libcrypto.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc + @cp libcrypto.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" @$(ECHO) "install libssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/libssl.pc" - @cp libssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libssl.pc + @cp libssl.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc" @$(ECHO) "install openssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/openssl.pc" - @cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc + @cp openssl.pc "$(DESTDIR)$(libdir)/pkgconfig" + @chmod 644 "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc" uninstall_dev: uninstall_runtime_libs @$(ECHO) "*** Uninstalling development files" @ : {- output_off() if $disabled{uplink}; "" -} @$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @$(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" @ : {- output_on() if $disabled{uplink}; "" -} @set -e; for i in $(SRCDIR)/include/openssl/*.h \ $(BLDDIR)/include/openssl/*.h; do \ fn=`basename $$i`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include/openssl" + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/include" @set -e; for l in $(INSTALL_LIBS); do \ fn=`basename $$l`; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn"; \ done @ : {- output_off() if $disabled{shared}; "" -} @set -e; for s in $(INSTALL_SHLIB_INFO); do \ @@ -795,39 +795,39 @@ uninstall_dev: uninstall_runtime_libs fn3=`basename "$$s3"`; \ : {- output_off() if windowsdll(); "" -}; \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn1; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn1"; \ if [ -n "$$fn2" ]; then \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn2; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn2"; \ fi; \ : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ if [ -n "$$fn3" ]; then \ $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn3"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn3; \ + $(RM) "$(DESTDIR)$(libdir)/$$fn3"; \ fi; \ : {- output_on() unless windowsdll(); "" -}; \ done @ : {- output_on() if $disabled{shared}; "" -} - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libssl.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/openssl.pc - -$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig - -$(RMDIR) $(DESTDIR)$(libdir) + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/libssl.pc" + $(RM) "$(DESTDIR)$(libdir)/pkgconfig/openssl.pc" + -$(RMDIR) "$(DESTDIR)$(libdir)/pkgconfig" + -$(RMDIR) "$(DESTDIR)$(libdir)" _install_modules_deps: install_runtime_libs build_modules install_engines: _install_modules_deps @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/ + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(ENGINESDIR)/" @$(ECHO) "*** Installing engines" @set -e; for e in dummy $(INSTALL_ENGINES); do \ if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \ - $(DESTDIR)$(ENGINESDIR)/$$fn; \ + cp $$e "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(ENGINESDIR)/$$fn.new"; \ + mv -f "$(DESTDIR)$(ENGINESDIR)/$$fn.new" \ + "$(DESTDIR)$(ENGINESDIR)/$$fn"; \ done uninstall_engines: @@ -836,22 +836,22 @@ uninstall_engines: if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \ + $(RM) "$(DESTDIR)$(ENGINESDIR)/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(ENGINESDIR) + -$(RMDIR) "$(DESTDIR)$(ENGINESDIR)" install_modules: _install_modules_deps @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)/ + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MODULESDIR)/" @$(ECHO) "*** Installing modules" @set -e; for e in dummy $(INSTALL_MODULES); do \ if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "install $$e -> $(DESTDIR)$(MODULESDIR)/$$fn"; \ - cp $$e $(DESTDIR)$(MODULESDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(MODULESDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(MODULESDIR)/$$fn.new \ - $(DESTDIR)$(MODULESDIR)/$$fn; \ + cp $$e "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(MODULESDIR)/$$fn.new"; \ + mv -f "$(DESTDIR)$(MODULESDIR)/$$fn.new" \ + "$(DESTDIR)$(MODULESDIR)/$$fn"; \ done uninstall_modules: @@ -860,18 +860,18 @@ uninstall_modules: if [ "$$e" = "dummy" ]; then continue; fi; \ fn=`basename $$e`; \ $(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(MODULESDIR)/$$fn; \ + $(RM) "$(DESTDIR)$(MODULESDIR)/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(MODULESDIR) + -$(RMDIR) "$(DESTDIR)$(MODULESDIR)" install_runtime: install_programs install_runtime_libs: build_libs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) @ : {- output_off() if windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(libdir)" @ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin" @ : {- output_on() unless windowsdll(); "" -} @$(ECHO) "*** Installing runtime libraries" @set -e; for s in dummy $(INSTALL_SHLIBS); do \ @@ -879,40 +879,40 @@ install_runtime_libs: build_libs fn=`basename $$s`; \ : {- output_off() unless windowsdll(); "" -}; \ $(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + cp $$s "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \ + "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \ $(ECHO) "install $$s -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$s $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ + cp $$s "$(DESTDIR)$(libdir)/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(libdir)/$$fn.new"; \ + mv -f "$(DESTDIR)$(libdir)/$$fn.new" \ + "$(DESTDIR)$(libdir)/$$fn"; \ : {- output_on() if windowsdll(); "" -}; \ done install_programs: install_runtime_libs build_programs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(INSTALLTOP)/bin" @$(ECHO) "*** Installing runtime programs" @set -e; for x in dummy $(INSTALL_PROGRAMS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \ + "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done @set -e; for x in dummy $(BIN_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + cp $$x "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + chmod 755 "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new"; \ + mv -f "$(DESTDIR)$(INSTALLTOP)/bin/$$fn.new" \ + "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done uninstall_runtime: uninstall_programs uninstall_runtime_libs @@ -924,16 +924,16 @@ uninstall_programs: if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done; @set -e; for x in dummy $(BIN_SCRIPTS); \ do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin + -$(RMDIR) "$(DESTDIR)$(INSTALLTOP)/bin" uninstall_runtime_libs: @$(ECHO) "*** Uninstalling runtime libraries" @@ -942,49 +942,49 @@ uninstall_runtime_libs: if [ "$$s" = "dummy" ]; then continue; fi; \ fn=`basename $$s`; \ $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + $(RM) "$(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ done @ : {- output_on() unless windowsdll(); "" -} install_man_docs: build_man_docs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man1 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man3 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man5 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man7 + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man1" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man3" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man5" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(MANDIR)/man7" @$(ECHO) "*** Installing manpages" @set -e; for x in dummy $(MANDOCS1); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \ + cp $$x "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \ done @set -e; for x in dummy $(MANDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \ + cp $$x "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \ done @set -e; for x in dummy $(MANDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \ + cp $$x "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \ done @set -e; for x in dummy $(MANDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \ + cp $$x "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ + chmod 644 "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \ done uninstall_man_docs: build_man_docs @@ -993,65 +993,65 @@ uninstall_man_docs: build_man_docs if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \ + $(RM) "$(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man1"; \ done @set -e; for x in dummy $(MANDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \ + $(RM) "$(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man3"; \ done @set -e; for x in dummy $(MANDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \ + $(RM) "$(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man5"; \ done @set -e; for x in dummy $(MANDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \ + $(RM) "$(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ + $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) "$(DESTDIR)$(MANDIR)/man7"; \ done install_html_docs: install_image_docs build_html_docs @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man1 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man3 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man5 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7 + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man1" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man3" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man5" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7" @$(ECHO) "*** Installing HTML manpages" @set -e; for x in dummy $(HTMLDOCS1); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ + cp $$x "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ done uninstall_html_docs: uninstall_image_docs @@ -1060,35 +1060,35 @@ uninstall_html_docs: uninstall_image_docs if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS3); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS5); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ done @set -e; for x in dummy $(HTMLDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ done install_image_docs: - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7/img + @$(PERL) $(SRCDIR)/util/mkdir-p.pl "$(DESTDIR)$(HTMLDIR)/man7/img" @set -e; for x in dummy $(IMAGEDOCS7); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ - cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ + cp $(SRCDIR)/$$x "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ + chmod 644 "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ done uninstall_image_docs: @@ -1096,7 +1096,7 @@ uninstall_image_docs: if [ "$$x" = "dummy" ]; then continue; fi; \ fn=`basename $$x`; \ $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ + $(RM) "$(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ done # Developer targets (note: these are only available on Unix) ######### -- Gitee From 4fb955c058bc6513217f6d244af3f4496a5edda0 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 16 Oct 2023 14:42:12 +0900 Subject: [PATCH 06/24] rsa: Accept NULL OAEP label for backward compatibility According to the manual page, EVP_PKEY_CTX_set0_rsa_oaep_label() should accept NULL as the label argument, though the function currently rejects it while setting the corresponding octet string parameter with OSSL_PARAM_construct_octet_string, which expects non-NULL input. This adds a workaround to the caller for backward compatibility. Signed-off-by: Daiki Ueno Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22397) (cherry picked from commit 21b98da9d80c561b6273b0c51c259196d6740e70) Signed-off-by: fly2x --- crypto/rsa/rsa_lib.c | 12 +++++++++++- test/evp_extra_test.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 449097b8b2..709ecb5daa 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1084,6 +1084,12 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen) { OSSL_PARAM rsa_params[2], *p = rsa_params; + const char *empty = ""; + /* + * Needed as we swap label with empty if it is NULL, and label is + * freed at the end of this function. + */ + void *plabel = label; int ret; if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { @@ -1096,9 +1102,13 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen) if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) return -1; + /* Accept NULL for backward compatibility */ + if (label == NULL && llen == 0) + plabel = (void *)empty; + /* Cast away the const. This is read only so should be safe */ *p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, - (void *)label, (size_t)llen); + (void *)plabel, (size_t)llen); *p++ = OSSL_PARAM_construct_end(); ret = evp_pkey_ctx_set_params_strict(ctx, rsa_params); diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 2899c69b19..cfffa21350 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -2912,6 +2912,36 @@ static int test_RSA_OAEP_set_get_params(void) return ret; } +/* https://github.com/openssl/openssl/issues/21288 */ +static int test_RSA_OAEP_set_null_label(void) +{ + int ret = 0; + EVP_PKEY *key = NULL; + EVP_PKEY_CTX *key_ctx = NULL; + + if (!TEST_ptr(key = load_example_rsa_key()) + || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL)) + || !TEST_true(EVP_PKEY_encrypt_init(key_ctx))) + goto err; + + if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING))) + goto err; + + if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0))) + goto err; + + if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0))) + goto err; + + ret = 1; + + err: + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(key_ctx); + + return ret; +} + #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) static int test_decrypt_null_chunks(void) { @@ -4899,6 +4929,7 @@ int setup_tests(void) #endif ADD_TEST(test_RSA_get_set_params); ADD_TEST(test_RSA_OAEP_set_get_params); + ADD_TEST(test_RSA_OAEP_set_null_label); #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) ADD_TEST(test_decrypt_null_chunks); #endif -- Gitee From a3d7b5c3eb01d33d11896488bd89e65485becdb4 Mon Sep 17 00:00:00 2001 From: Pavel Stetsuk Date: Thu, 14 Sep 2023 23:05:49 +0300 Subject: [PATCH 07/24] fix: LINEAR search doesn't work properly (if CHARSET_EBCDIC is defined) CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22108) (cherry picked from commit a47fc4ed401da4e2d84e035cc4add566e85b03d0) Signed-off-by: fly2x --- crypto/objects/obj_dat.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 1a52000e6e..85d30eb58a 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -642,13 +642,14 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, if (p == NULL) { const char *base_ = base; int l, h, i = 0, c = 0; + char *p1; for (i = 0; i < num; ++i) { - p = &(base_[i * size]); - c = (*cmp) (key, p); + p1 = &(base_[i * size]); + c = (*cmp) (key, p1); if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))) - return p; + return p1; } } #endif -- Gitee From 700c0be56bd39410b7b804a46018c9fdb21a39c3 Mon Sep 17 00:00:00 2001 From: James Muir Date: Sat, 14 Oct 2023 19:36:57 -0400 Subject: [PATCH 08/24] cms encrypt, better OBJ_nid2obj() return check Fixes #22225 In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to the special "undefined" ASN1_OBJECT is returned. Check for the undefined-ASN1_OBJECT and return an error. Also, add a test for this in 80-test_cms.t. Testing: #!/bin/bash -x shopt -s expand_aliases alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl" echo "This is a confidential message. It should be encrypted." > msg.txt ## this should fail b/c there is no OID for aes-256-ctr openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem echo $? Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22392) (cherry picked from commit bd160912dcc5e39bcdc925d9aa6538f20e37ad16) Signed-off-by: fly2x --- crypto/cms/cms_enc.c | 2 +- test/recipes/80-test_cms.t | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index f7007c1231..9143433986 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -81,7 +81,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, if (enc) { calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); - if (calg->algorithm == NULL) { + if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) { ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM); goto err; } diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index f99ae8327e..be77923313 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -50,7 +50,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) $no_rc2 = 1 if disabled("legacy"); -plan tests => 17; +plan tests => 18; ok(run(test(["pkcs7_test"])), "test pkcs7"); @@ -1008,3 +1008,14 @@ with({ exit_checker => sub { return shift == 3; } }, "issue#21986"); } }); + +# Test for problem reported in #22225 +with({ exit_checker => sub { return shift == 3; } }, + sub { + ok(run(app(['openssl', 'cms', '-encrypt', + '-in', srctop_file("test", "smcont.txt"), + '-aes-256-ctr', '-recip', + catfile($smdir, "smec1.pem"), + ])), + "Check for failure when cipher does not have an assigned OID (issue#22225)"); + }); -- Gitee From c8e57f6fd1452c42ae08b4db642452ef3d01450e Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 4 Sep 2023 11:10:42 +0200 Subject: [PATCH 09/24] ossl_param_build_set_multi_key_bn(): Do not set NULL BIGNUMs This makes them zeroes otherwise where NULLs actually mean the values aren't present. Fixes #21935 Reviewed-by: Richard Levitte Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/22334) (cherry picked from commit 15a39e7025e0ed4e31664c499894006e41582068) Signed-off-by: fly2x --- crypto/param_build_set.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/crypto/param_build_set.c b/crypto/param_build_set.c index 8b570ded96..cce19e6990 100644 --- a/crypto/param_build_set.c +++ b/crypto/param_build_set.c @@ -99,21 +99,22 @@ int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, { int i, sz = sk_BIGNUM_const_num(stk); OSSL_PARAM *p; - + const BIGNUM *bn; if (bld != NULL) { for (i = 0; i < sz && names[i] != NULL; ++i) { - if (!OSSL_PARAM_BLD_push_BN(bld, names[i], - sk_BIGNUM_const_value(stk, i))) + bn = sk_BIGNUM_const_value(stk, i); + if (bn != NULL && !OSSL_PARAM_BLD_push_BN(bld, names[i], bn)) return 0; } return 1; } for (i = 0; i < sz && names[i] != NULL; ++i) { + bn = sk_BIGNUM_const_value(stk, i); p = OSSL_PARAM_locate(params, names[i]); - if (p != NULL) { - if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(stk, i))) + if (p != NULL && bn != NULL) { + if (!OSSL_PARAM_set_BN(p, bn)) return 0; } } -- Gitee From 226f45f29e0b7761de2fcbebc397ea962238f8de Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Tue, 5 Sep 2023 12:08:19 -0400 Subject: [PATCH 10/24] remove sanity check from ossl_rsa_todata Theres no reason we should gate ossl_rsa_todata on there being a minimum set of parameters. EVP_PKEY_todata makes no guarantees about the validity of a key, it only returns the parameters that are set in the requested key, whatever they may be. Remove the check. Fixes #21935 Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22334) (cherry picked from commit 4ad3a44ba45a4026170336161228d435f6784564) Signed-off-by: fly2x --- crypto/rsa/rsa_backend.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 58187fa2ef..607bfbff68 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -141,18 +141,6 @@ int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], /* Check private key data integrity */ if (include_private && rsa_d != NULL) { - int numprimes = sk_BIGNUM_const_num(factors); - int numexps = sk_BIGNUM_const_num(exps); - int numcoeffs = sk_BIGNUM_const_num(coeffs); - - /* - * It's permissible to have zero primes, i.e. no CRT params. - * Otherwise, there must be at least two, as many exponents, - * and one coefficient less. - */ - if (numprimes != 0 - && (numprimes < 2 || numexps < 2 || numcoeffs < 1)) - goto err; if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, rsa_d) -- Gitee From 596e1a22a13927c976877db3d2b12c541975ebdf Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Tue, 10 Oct 2023 11:06:44 -0400 Subject: [PATCH 11/24] Dont require CRT params on ossl_rsa_set0_all_params Its not required that crt params be available in an RSA key, so don't perform an error check on them Fixes #29135 Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22334) (cherry picked from commit 2647726bd3ca63dc5f07ae3f10e16dff35d95626) Signed-off-by: fly2x --- crypto/rsa/rsa_lib.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 709ecb5daa..acc8db4cb0 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -753,18 +753,22 @@ int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, return 0; pnum = sk_BIGNUM_num(primes); - if (pnum < 2 - || pnum != sk_BIGNUM_num(exps) - || pnum != sk_BIGNUM_num(coeffs) + 1) + if (pnum < 2) return 0; if (!RSA_set0_factors(r, sk_BIGNUM_value(primes, 0), - sk_BIGNUM_value(primes, 1)) - || !RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0), - sk_BIGNUM_value(exps, 1), - sk_BIGNUM_value(coeffs, 0))) + sk_BIGNUM_value(primes, 1))) return 0; + if (pnum == sk_BIGNUM_num(exps) + && pnum == sk_BIGNUM_num(coeffs) + 1) { + + if (!RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0), + sk_BIGNUM_value(exps, 1), + sk_BIGNUM_value(coeffs, 0))) + return 0; + } + #ifndef FIPS_MODULE old_infos = r->prime_infos; #endif -- Gitee From 61de02bd73b86a00043e77bbc171546d7c0e624e Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Wed, 11 Oct 2023 12:45:44 -0400 Subject: [PATCH 12/24] Add a test to confirm that legacy rsa keys work Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/22334) (cherry picked from commit e62097f48c3d0b8b61ca6a061b8098b0086b3fbc) Signed-off-by: fly2x --- test/rsa_test.c | 116 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) diff --git a/test/rsa_test.c b/test/rsa_test.c index 62a54df74d..b2c190b2a4 100644 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -391,10 +391,126 @@ err: return r; } +static int test_EVP_rsa_legacy_key(void) +{ + int ret; + size_t buflen = 384; + size_t msglen = 64; + unsigned char sigbuf[384]; + unsigned char msgbuf[64]; + BIGNUM *p; + BIGNUM *q; + BIGNUM *n; + BIGNUM *d; + BIGNUM *e; + RSA *rsa; + const EVP_MD *md; + EVP_MD_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + + unsigned char n_data[] = { + 0x00, 0xc7, 0x28, 0x7a, 0x28, 0x91, 0x51, 0xa5, 0xe8, 0x3c, 0x45, 0xcf, + 0x1d, 0xa9, 0x69, 0x7a, 0x0d, 0xdb, 0xdd, 0x8f, 0xe2, 0xde, 0x85, 0xdd, + 0x85, 0x6d, 0x8f, 0x78, 0x20, 0xd6, 0xe, 0xe5, 0x06, 0xcb, 0x9c, 0xd6, + 0xd3, 0xca, 0xef, 0x1d, 0x80, 0xd3, 0x18, 0x23, 0x91, 0x5c, 0xe5, 0xc8, + 0x44, 0x37, 0x56, 0x1b, 0x68, 0x7f, 0x08, 0xa3, 0x1c, 0xf6, 0xe8, 0x11, + 0x38, 0x0f, 0x2e, 0xad, 0xb1, 0x89, 0x8b, 0x08, 0xe8, 0x35, 0xaf, 0x3b, + 0xfe, 0x37, 0x8d, 0x21, 0xd5, 0x3f, 0x1f, 0x4b, 0x01, 0x30, 0xd8, 0xd0, + 0x24, 0xf7, 0xab, 0x57, 0xad, 0xac, 0xbc, 0x53, 0x6d, 0x84, 0x8e, 0xa1, + 0xb2, 0x5b, 0x8e, 0xe7, 0xb3, 0xac, 0xfc, 0x60, 0x22, 0x10, 0x1e, 0x99, + 0xfa, 0xa0, 0x60, 0x00, 0x69, 0x5f, 0x8e, 0xca, 0x6d, 0x9c, 0xee, 0x5e, + 0x84, 0x4e, 0x53, 0x83, 0x42, 0x76, 0x4d, 0xb8, 0xc1, 0xeb, 0x4e, 0x3d, + 0xc3, 0xce, 0xac, 0x79, 0xbb, 0x29, 0x5d, 0x92, 0x33, 0x6e, 0xcf, 0x8f, + 0x5a, 0xf0, 0xb3, 0xb5, 0xdc, 0xd5, 0xa3, 0xaf, 0x40, 0x4b, 0x0f, 0x05, + 0xac, 0x46, 0x53, 0x2d, 0x5f, 0x20, 0x96, 0x42, 0xa8, 0x47, 0x61, 0x54, + 0x05, 0x2c, 0x8a, 0x26, 0x5d, 0x92, 0x1d, 0x01, 0x2a, 0x27, 0x8a, 0xfc, + 0x64, 0x24, 0x5c, 0x34, 0xde, 0x92, 0xc6, 0x82, 0xea, 0x4d, 0xe2, 0x52, + 0xe5, 0xad, 0x62, 0x00, 0xc6, 0xc8, 0xe9, 0x0c, 0x22, 0xf0, 0x9e, 0xbe, + 0xdc, 0x51, 0x58, 0xad, 0x3b, 0xba, 0x2e, 0x45, 0x65, 0xcc, 0x5b, 0x55, + 0x46, 0x67, 0x18, 0x4a, 0x80, 0x67, 0x5b, 0x84, 0x7f, 0x13, 0x37, 0x45, + 0xd8, 0x03, 0xc6, 0x22, 0xc3, 0x4a, 0x46, 0x6b, 0xde, 0x50, 0xbf, 0x16, + 0x0a, 0x23, 0x0b, 0xaa, 0x50, 0x54, 0xf6, 0x20, 0x83, 0x74, 0x33, 0x97, + 0x2e, 0xf2, 0x8e, 0x7e, 0x13 }; + + unsigned char e_data[] = { 0x01, 0x00, 0x01 }; + + unsigned char d_data[] = { + 0x09, 0x2d, 0xcb, 0xe7, 0x87, 0xbf, 0x10, 0x1a, 0xf2, 0x80, 0x33, 0x2a, + 0x06, 0x4f, 0x56, 0xb1, 0x41, 0xd3, 0x65, 0xd8, 0xca, 0x71, 0xb8, 0x02, + 0x78, 0xc8, 0xb6, 0x7c, 0x28, 0xf4, 0x6c, 0xe8, 0xd1, 0xc4, 0x92, 0x40, + 0x23, 0xa7, 0xbe, 0x9f, 0xdb, 0xda, 0xce, 0x74, 0xda, 0x27, 0xbb, 0x01, + 0xad, 0xdd, 0x39, 0x99, 0x28, 0xd5, 0xb0, 0x92, 0xda, 0xac, 0x5a, 0x72, + 0xcf, 0x7c, 0x52, 0xc4, 0x0e, 0x77, 0x4a, 0x7b, 0x4d, 0x52, 0x1c, 0xbd, + 0x3c, 0x39, 0x34, 0x78, 0x7c, 0x16, 0xc8, 0xa1, 0xae, 0xeb, 0x27, 0x38, + 0xb4, 0xf3, 0x80, 0x30, 0x80, 0x78, 0x13, 0x8e, 0x46, 0x20, 0x3e, 0xc2, + 0x96, 0x26, 0xb1, 0x76, 0x1e, 0x00, 0x69, 0xbb, 0xd8, 0x2b, 0x58, 0xe4, + 0x6c, 0xb4, 0xd0, 0x00, 0x0b, 0x47, 0xec, 0xfb, 0x7d, 0x52, 0x9d, 0x27, + 0x92, 0xe6, 0x95, 0x73, 0xa0, 0x39, 0x37, 0xcd, 0x1f, 0x60, 0x13, 0x1c, + 0x87, 0x9d, 0xa7, 0x91, 0x90, 0xf9, 0x36, 0xc5, 0xfa, 0x3f, 0xf9, 0x7f, + 0x50, 0xf8, 0xb3, 0x54, 0x65, 0xff, 0x6f, 0xa6, 0x22, 0xcc, 0x4a, 0x1e, + 0x49, 0x3f, 0x07, 0xc6, 0xf2, 0x65, 0x73, 0x13, 0x1b, 0x2d, 0xb6, 0x15, + 0xff, 0xcd, 0x9a, 0x1c, 0xea, 0xef, 0x58, 0x56, 0x91, 0x2d, 0x47, 0x81, + 0x56, 0x0d, 0xc3, 0xb0, 0x47, 0x58, 0x8d, 0x05, 0x7d, 0x5b, 0xc0, 0x22, + 0xa4, 0xf0, 0x2e, 0x70, 0x36, 0x01, 0x89, 0xa1, 0x71, 0xed, 0x76, 0xe9, + 0x8d, 0xf5, 0x49, 0xaf, 0x11, 0xbe, 0xe4, 0xd4, 0x48, 0x92, 0xb6, 0x5b, + 0xc2, 0x04, 0xd4, 0x0c, 0x5c, 0x8b, 0xe3, 0xfa, 0x29, 0x63, 0x86, 0xb4, + 0x10, 0xad, 0x32, 0x07, 0x85, 0xe2, 0x43, 0x76, 0x16, 0x90, 0xab, 0xdf, + 0xb3, 0x36, 0x0a, 0xc4, 0x49, 0x7b, 0x95, 0x48, 0x50, 0x72, 0x8f, 0x7d, + 0xf4, 0xfa, 0x60, 0xc1 }; + + unsigned char p_data[] = { + 0x00, 0xed, 0xf7, 0xa7, 0x00, 0x5a, 0xbb, 0xd1, 0x52, 0x65, 0x9b, 0xec, + 0xfe, 0x27, 0x8b, 0xe2, 0xbe, 0x40, 0x8c, 0x2f, 0x6f, 0xb4, 0x26, 0xb2, + 0xbe, 0x45, 0x4b, 0x3b, 0x5a, 0xaa, 0xc6, 0xaa, 0xfa, 0xc1, 0x3a, 0xa9, + 0xa1, 0xba, 0xb7, 0x86, 0x1a, 0x98, 0x15, 0x5f, 0x5c, 0x1c, 0x57, 0x78, + 0x78, 0x6a, 0x13, 0xc2, 0x40, 0x7d, 0x07, 0x87, 0x47, 0xc6, 0x96, 0xd5, + 0x92, 0xc9, 0x65, 0x2c, 0xfe, 0xbb, 0xe0, 0xd6, 0x76, 0x25, 0x5a, 0xa3, + 0xdf, 0x97, 0x4b, 0x64, 0xfd, 0x3b, 0x2b, 0xbc, 0xfb, 0x80, 0xad, 0x3b, + 0x7d, 0x1f, 0x48, 0x56, 0x27, 0xf7, 0x2f, 0x8e, 0x92, 0x07, 0xa8, 0x9f, + 0xbc, 0x5a, 0xce, 0xfa, 0xd5, 0x67, 0xad, 0xf4, 0xbf, 0xe0, 0xc9, 0x3e, + 0x8e, 0xb5, 0x90, 0x58, 0x54, 0x92, 0x9f, 0xda, 0x36, 0xc0, 0x0d, 0x57, + 0xfe, 0x6c, 0x23, 0x63, 0x8b, 0xd1, 0x1e, 0x4f, 0xd3 }; + + unsigned char q_data[] = { + 0x00, 0xd6, 0x3f, 0xf5, 0xee, 0xff, 0x4d, 0x7d, 0x8c, 0x1a, 0x85, 0x5d, + 0x3c, 0x4f, 0x9d, 0xdf, 0xc7, 0x68, 0x27, 0x7f, 0xe4, 0x4f, 0x4f, 0xd7, + 0xa2, 0x3b, 0xcd, 0x4a, 0x34, 0xd8, 0x55, 0x4a, 0x3e, 0x8e, 0xb3, 0xa8, + 0xe9, 0x8a, 0xc5, 0x94, 0xd1, 0x09, 0x32, 0x4b, 0x79, 0x8d, 0x7b, 0x03, + 0x0b, 0x5d, 0xca, 0x91, 0x41, 0xbc, 0x82, 0xc3, 0x89, 0x67, 0x4d, 0x03, + 0x68, 0x03, 0x2d, 0x0e, 0x4e, 0x97, 0x6c, 0xf6, 0x3e, 0x1f, 0xf4, 0x50, + 0x06, 0x5d, 0x05, 0x22, 0xf2, 0xf8, 0xf2, 0xde, 0xad, 0x2e, 0x9d, 0xc3, + 0x97, 0x1b, 0xc3, 0x75, 0xe7, 0x86, 0xde, 0xc5, 0x11, 0x89, 0xed, 0x6a, + 0x13, 0x14, 0x23, 0x4b, 0x98, 0x81, 0xf7, 0xd4, 0x1c, 0xee, 0x30, 0x92, + 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34, + 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 }; + + memset(msgbuf, 0xdeadbeef, 64); + + ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL))) + && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL))) + && TEST_ptr((n = BN_bin2bn(n_data, sizeof(n_data), NULL))) + && TEST_ptr((d = BN_bin2bn(d_data, sizeof(d_data), NULL))) + && TEST_ptr((e = BN_bin2bn(e_data, sizeof(e_data), NULL))) + && TEST_ptr((rsa = RSA_new())) + && TEST_ptr((md = EVP_sha256())) + && TEST_ptr((ctx = EVP_MD_CTX_new())) + && TEST_ptr((pkey = EVP_PKEY_new())) + && TEST_true(RSA_set0_factors(rsa, p, q)) + && TEST_true(RSA_set0_key(rsa, n, e, d)) + && TEST_true(EVP_PKEY_assign_RSA(pkey, rsa)) + && TEST_true(EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) + && TEST_true(EVP_DigestSign(ctx, sigbuf, &buflen, msgbuf, msglen))); + + EVP_MD_CTX_free(ctx); + EVP_PKEY_free(pkey); + return ret; +} + int setup_tests(void) { ADD_ALL_TESTS(test_rsa_pkcs1, 3); ADD_ALL_TESTS(test_rsa_oaep, 3); ADD_ALL_TESTS(test_rsa_security_bit, OSSL_NELEM(rsa_security_bits_cases)); + ADD_TEST(test_EVP_rsa_legacy_key); return 1; } -- Gitee From e6c4ac6dc081c4d7139e1412c3d0aa8667ec6f59 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 9 Oct 2023 11:36:50 +0200 Subject: [PATCH 13/24] apps: Print out a proper message when a store cannot be opened Fixes #22306 Reviewed-by: David von Oheimb Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/22318) (cherry picked from commit edc2b6e3b1950ab0fb71e2d7dca0836b43a9ec3b) Signed-off-by: fly2x --- apps/lib/apps.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 9de518f383..2c301f3ca8 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -960,10 +960,16 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata, params, NULL, NULL); } - if (ctx == NULL) + if (ctx == NULL) { + if (!quiet) + BIO_printf(bio_err, "Could not open file or uri for loading"); goto end; - if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) + } + if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) { + if (!quiet) + BIO_printf(bio_err, "Internal error trying to load"); goto end; + } failed = NULL; while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) { -- Gitee From 06a7d769a8a76c67b8c7ccbd47f2228631f5f644 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 19 Oct 2023 09:23:43 +0200 Subject: [PATCH 14/24] cms_enc.c: Include crypto/asn1.h for struct asn1_object_st Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/22432) (cherry picked from commit fa9e6ad46860ea92aa2e1ba997b20c6dff76b42c) Signed-off-by: fly2x --- crypto/cms/cms_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index 9143433986..b5faf5e3c6 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -15,6 +15,7 @@ #include #include #include "crypto/evp.h" +#include "crypto/asn1.h" #include "cms_local.h" /* CMS EncryptedData Utilities */ -- Gitee From 79eec8ac59398219a4c0a8f1abd5f417ac0542a8 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 19 Oct 2023 10:30:15 +0200 Subject: [PATCH 15/24] load_key_certs_crls(): There is no quiet argument This fixes broken cherry-pick from the master branch where there is a quiet argument. Reviewed-by: Matt Caswell Reviewed-by: Tom Cosgrove Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/22434) (cherry picked from commit 307048cd4e887de688eb71af713c64962261cd29) Signed-off-by: fly2x --- apps/lib/apps.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 2c301f3ca8..a632b0cff2 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -961,13 +961,11 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, params, NULL, NULL); } if (ctx == NULL) { - if (!quiet) - BIO_printf(bio_err, "Could not open file or uri for loading"); + BIO_printf(bio_err, "Could not open file or uri for loading"); goto end; } if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) { - if (!quiet) - BIO_printf(bio_err, "Internal error trying to load"); + BIO_printf(bio_err, "Internal error trying to load"); goto end; } -- Gitee From d89b52434f02c1c366e8605474d2f077f943e20c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Wed, 18 Oct 2023 15:35:55 +0200 Subject: [PATCH 16/24] Reference the non-"legacy" provider names directly from EVP_md5(3) &c. Earlier today, it took me five manuals! to find what on earth the "Performance"/"EVP_MD_fetch(3)" crosslinks actually mean: EVP_sha1(3) crypto(7) EVP_MD_fetch(3) (but not there! don't read that!) OSSL_PROVIDER-default(7) EVP_MD-SHA1(7) If, instead, EVP_sha1(3) referenced EVP_MD-SHA1(7) at /all/, which it should do, since it's supposed to be what you're replacing it with, but it doesn't actually say that, maybe people would use it. I know I didn't because it's basically just deadass buried As found by git grep -l 'and should consider using' Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/22420) (cherry picked from commit b6eb95fa4439ea6254a5330487dabb2a499fb6c8) Signed-off-by: fly2x --- doc/man3/EVP_aes_128_gcm.pod | 2 +- doc/man3/EVP_aria_128_gcm.pod | 2 +- doc/man3/EVP_bf_cbc.pod | 2 +- doc/man3/EVP_blake2b512.pod | 2 +- doc/man3/EVP_camellia_128_ecb.pod | 2 +- doc/man3/EVP_cast5_cbc.pod | 2 +- doc/man3/EVP_chacha20.pod | 2 +- doc/man3/EVP_des_cbc.pod | 2 +- doc/man3/EVP_desx_cbc.pod | 2 +- doc/man3/EVP_idea_cbc.pod | 2 +- doc/man3/EVP_md2.pod | 2 +- doc/man3/EVP_md4.pod | 2 +- doc/man3/EVP_md5.pod | 2 +- doc/man3/EVP_mdc2.pod | 2 +- doc/man3/EVP_rc2_cbc.pod | 2 +- doc/man3/EVP_rc4.pod | 2 +- doc/man3/EVP_rc5_32_12_16_cbc.pod | 2 +- doc/man3/EVP_ripemd160.pod | 2 +- doc/man3/EVP_seed_cbc.pod | 2 +- doc/man3/EVP_sha1.pod | 2 +- doc/man3/EVP_sha224.pod | 2 +- doc/man3/EVP_sha3_224.pod | 2 +- doc/man3/EVP_sm3.pod | 2 +- doc/man3/EVP_sm4_cbc.pod | 2 +- doc/man3/EVP_whirlpool.pod | 2 +- 25 files changed, 25 insertions(+), 25 deletions(-) diff --git a/doc/man3/EVP_aes_128_gcm.pod b/doc/man3/EVP_aes_128_gcm.pod index 067f17e8fc..485705ea78 100644 --- a/doc/man3/EVP_aes_128_gcm.pod +++ b/doc/man3/EVP_aes_128_gcm.pod @@ -167,7 +167,7 @@ the XTS "tweak" value. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_aria_128_gcm.pod b/doc/man3/EVP_aria_128_gcm.pod index 9291365263..91aa75ec38 100644 --- a/doc/man3/EVP_aria_128_gcm.pod +++ b/doc/man3/EVP_aria_128_gcm.pod @@ -96,7 +96,7 @@ correctly, see the L section for details. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_bf_cbc.pod b/doc/man3/EVP_bf_cbc.pod index 4df98f4bdf..11a909207a 100644 --- a/doc/man3/EVP_bf_cbc.pod +++ b/doc/man3/EVP_bf_cbc.pod @@ -41,7 +41,7 @@ Blowfish encryption algorithm in CBC, CFB, ECB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_blake2b512.pod b/doc/man3/EVP_blake2b512.pod index 98e1899f6a..55bd9f3bce 100644 --- a/doc/man3/EVP_blake2b512.pod +++ b/doc/man3/EVP_blake2b512.pod @@ -35,7 +35,7 @@ The BLAKE2b algorithm that produces a 512-bit output from a given input. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, diff --git a/doc/man3/EVP_camellia_128_ecb.pod b/doc/man3/EVP_camellia_128_ecb.pod index a6b597156a..cb6e12e212 100644 --- a/doc/man3/EVP_camellia_128_ecb.pod +++ b/doc/man3/EVP_camellia_128_ecb.pod @@ -79,7 +79,7 @@ Camellia for 128, 192 and 256 bit keys in the following modes: CBC, CFB with Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_cast5_cbc.pod b/doc/man3/EVP_cast5_cbc.pod index 85ff2ad014..7fef059815 100644 --- a/doc/man3/EVP_cast5_cbc.pod +++ b/doc/man3/EVP_cast5_cbc.pod @@ -41,7 +41,7 @@ CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_chacha20.pod b/doc/man3/EVP_chacha20.pod index 683faa326e..7e80c8de40 100644 --- a/doc/man3/EVP_chacha20.pod +++ b/doc/man3/EVP_chacha20.pod @@ -44,7 +44,7 @@ L section for more information. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. L diff --git a/doc/man3/EVP_des_cbc.pod b/doc/man3/EVP_des_cbc.pod index 501216cd6d..442be8993a 100644 --- a/doc/man3/EVP_des_cbc.pod +++ b/doc/man3/EVP_des_cbc.pod @@ -89,7 +89,7 @@ Triple-DES key wrap according to RFC 3217 Section 3. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_desx_cbc.pod b/doc/man3/EVP_desx_cbc.pod index fae827192e..c22c0de479 100644 --- a/doc/man3/EVP_desx_cbc.pod +++ b/doc/man3/EVP_desx_cbc.pod @@ -31,7 +31,7 @@ implementation. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_idea_cbc.pod b/doc/man3/EVP_idea_cbc.pod index 5a9adaedc4..a36aae0bc9 100644 --- a/doc/man3/EVP_idea_cbc.pod +++ b/doc/man3/EVP_idea_cbc.pod @@ -39,7 +39,7 @@ The IDEA encryption algorithm in CBC, CFB, ECB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_md2.pod b/doc/man3/EVP_md2.pod index 0b473887e0..a6f3a010de 100644 --- a/doc/man3/EVP_md2.pod +++ b/doc/man3/EVP_md2.pod @@ -28,7 +28,7 @@ The MD2 algorithm which produces a 128-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_md4.pod b/doc/man3/EVP_md4.pod index baaff9e4ea..a4e1a7d0a6 100644 --- a/doc/man3/EVP_md4.pod +++ b/doc/man3/EVP_md4.pod @@ -29,7 +29,7 @@ The MD4 algorithm which produces a 128-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_md5.pod b/doc/man3/EVP_md5.pod index 752fdd1f6c..42370fb3d0 100644 --- a/doc/man3/EVP_md5.pod +++ b/doc/man3/EVP_md5.pod @@ -40,7 +40,7 @@ WARNING: this algorithm is not intended for non-SSL usage. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L or L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_mdc2.pod b/doc/man3/EVP_mdc2.pod index e9de6f3c56..3681bd06a6 100644 --- a/doc/man3/EVP_mdc2.pod +++ b/doc/man3/EVP_mdc2.pod @@ -30,7 +30,7 @@ The MDC-2DES algorithm of using MDC-2 with the DES block cipher. It produces a Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_rc2_cbc.pod b/doc/man3/EVP_rc2_cbc.pod index bf4a13ba45..17f6f4b3e2 100644 --- a/doc/man3/EVP_rc2_cbc.pod +++ b/doc/man3/EVP_rc2_cbc.pod @@ -55,7 +55,7 @@ functions to set the key length and effective key length. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_rc4.pod b/doc/man3/EVP_rc4.pod index f22e88a652..0311ef278c 100644 --- a/doc/man3/EVP_rc4.pod +++ b/doc/man3/EVP_rc4.pod @@ -47,7 +47,7 @@ interface. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_rc5_32_12_16_cbc.pod b/doc/man3/EVP_rc5_32_12_16_cbc.pod index c177b18451..69fc2f2cc6 100644 --- a/doc/man3/EVP_rc5_32_12_16_cbc.pod +++ b/doc/man3/EVP_rc5_32_12_16_cbc.pod @@ -60,7 +60,7 @@ is an int. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_ripemd160.pod b/doc/man3/EVP_ripemd160.pod index 6ad2d3e018..5b96fd09f8 100644 --- a/doc/man3/EVP_ripemd160.pod +++ b/doc/man3/EVP_ripemd160.pod @@ -29,7 +29,7 @@ The RIPEMD-160 algorithm which produces a 160-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_seed_cbc.pod b/doc/man3/EVP_seed_cbc.pod index 010607e574..2c821d07c3 100644 --- a/doc/man3/EVP_seed_cbc.pod +++ b/doc/man3/EVP_seed_cbc.pod @@ -41,7 +41,7 @@ The SEED encryption algorithm in CBC, CFB, ECB and OFB modes respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_sha1.pod b/doc/man3/EVP_sha1.pod index 264ddd1add..6fc8f07b06 100644 --- a/doc/man3/EVP_sha1.pod +++ b/doc/man3/EVP_sha1.pod @@ -29,7 +29,7 @@ The SHA-1 algorithm which produces a 160-bit output from a given input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_sha224.pod b/doc/man3/EVP_sha224.pod index 7a50cf9b6c..be09e49ee3 100644 --- a/doc/man3/EVP_sha224.pod +++ b/doc/man3/EVP_sha224.pod @@ -49,7 +49,7 @@ their outputs are of the same size. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with Linstead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_sha3_224.pod b/doc/man3/EVP_sha3_224.pod index 5bb9ae1b89..93c0d0b9fb 100644 --- a/doc/man3/EVP_sha3_224.pod +++ b/doc/man3/EVP_sha3_224.pod @@ -54,7 +54,7 @@ B provides that of 256 bits. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L or L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_sm3.pod b/doc/man3/EVP_sm3.pod index 4e8112dc0a..65be55e88d 100644 --- a/doc/man3/EVP_sm3.pod +++ b/doc/man3/EVP_sm3.pod @@ -28,7 +28,7 @@ The SM3 hash function. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_sm4_cbc.pod b/doc/man3/EVP_sm4_cbc.pod index b67ade5499..48be7a31ad 100644 --- a/doc/man3/EVP_sm4_cbc.pod +++ b/doc/man3/EVP_sm4_cbc.pod @@ -45,7 +45,7 @@ respectively. Developers should be aware of the negative performance implications of calling these functions multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES diff --git a/doc/man3/EVP_whirlpool.pod b/doc/man3/EVP_whirlpool.pod index a9826e290a..c5d465b16f 100644 --- a/doc/man3/EVP_whirlpool.pod +++ b/doc/man3/EVP_whirlpool.pod @@ -30,7 +30,7 @@ input. Developers should be aware of the negative performance implications of calling this function multiple times and should consider using -L instead. +L with L instead. See L for further information. =head1 RETURN VALUES -- Gitee From 8c02eb73a38be034bace23210e9062848da76be0 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 19 Oct 2023 08:37:47 +0200 Subject: [PATCH 17/24] Fix Coverity 1547856: memset() uses only the lowest byte of c Reviewed-by: Hugo Landau Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/22430) (cherry picked from commit 0bf18140f491024232beca4e139c8feecfe207e9) Signed-off-by: fly2x --- test/rsa_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/rsa_test.c b/test/rsa_test.c index b2c190b2a4..e489aeaa29 100644 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -484,7 +484,7 @@ static int test_EVP_rsa_legacy_key(void) 0x85, 0x20, 0x4f, 0x35, 0x02, 0xfa, 0xda, 0x14, 0x77, 0xfa, 0x08, 0x34, 0x60, 0xc7, 0x93, 0x72, 0xdc, 0xc4, 0x18, 0x70, 0xc1 }; - memset(msgbuf, 0xdeadbeef, 64); + memset(msgbuf, 0xef, 64); ret = (TEST_ptr((p = BN_bin2bn(p_data, sizeof(p_data), NULL))) && TEST_ptr((q = BN_bin2bn(q_data, sizeof(q_data), NULL))) -- Gitee From 0aa621de94ddc05c3d5875ea7de9952b54b209fd Mon Sep 17 00:00:00 2001 From: Pauli Date: Fri, 6 Oct 2023 10:26:23 +1100 Subject: [PATCH 18/24] evp: process key length and iv length early if present evp_cipher_init_internal() takes a params array argument and this is processed late in the initialisation process for some ciphers (AEAD ones). This means that changing the IV length as a parameter will either truncate the IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised bytes. Truncation is very bad if SP 800-38d section 8.2.1 is being used to contruct a deterministic IV. This leads to an instant loss of confidentiality. Grabbing extra bytes isn't so serious, it will most likely result in a bad decryption. Problem reported by Tony Battersby of Cybernetics.com but earlier discovered and raised as issue #19822. Fixes CVE-2023-5363 Fixes #19822 Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (cherry picked from commit 5f69f5c65e483928c4b28ed16af6e5742929f1ee) Signed-off-by: fly2x --- crypto/evp/evp_enc.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index d2ed3fd378..6a819590e6 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -223,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, return 0; } +#ifndef FIPS_MODULE + /* + * Fix for CVE-2023-5363 + * Passing in a size as part of the init call takes effect late + * so, force such to occur before the initialisation. + * + * The FIPS provider's internal library context is used in a manner + * such that this is not an issue. + */ + if (params != NULL) { + OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END, + OSSL_PARAM_END }; + OSSL_PARAM *q = param_lens; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL) + memcpy(q++, p, sizeof(*q)); + + /* + * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for + * OSSL_CIPHER_PARAM_IVLEN so both are covered here. + */ + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN); + if (p != NULL) + memcpy(q++, p, sizeof(*q)); + + if (q != param_lens) { + if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); + return 0; + } + } + } +#endif + if (enc) { if (ctx->cipher->einit == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); -- Gitee From 83f11ef56150103af2eae190d149bdb4ba04e450 Mon Sep 17 00:00:00 2001 From: Pauli Date: Fri, 6 Oct 2023 10:43:46 +1100 Subject: [PATCH 19/24] changes and news entries for CVE-2023-5363 Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (cherry picked from commit 3f636830e4dcfe9b6ab57bef42c0b3a1de194399) Signed-off-by: fly2x --- CHANGES.md | 7 ++++++- NEWS.md | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 61efa01bb6..6d0f495dcc 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,7 +30,11 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 3.0.11 and 3.0.12 [xx XXX xxxx] - * none yet + * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), + EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters + that alter the key or IV length ([CVE-2023-5363]). + + *Paul Dale* ### Changes between 3.0.10 and 3.0.11 [19 Sep 2023] @@ -19736,6 +19740,7 @@ ndif +[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 diff --git a/NEWS.md b/NEWS.md index 72f78d581e..b4e57b7fd8 100644 --- a/NEWS.md +++ b/NEWS.md @@ -20,7 +20,8 @@ OpenSSL 3.0 ### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [under development] - * none + * Mitigate incorrect resize handling for symmetric cipher keys and IVs. + ([CVE-2023-5363]) ### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023] @@ -1457,6 +1458,7 @@ OpenSSL 0.9.x +[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 -- Gitee From 2d9e4a01ab712318b908402ec9108a4dade88631 Mon Sep 17 00:00:00 2001 From: Pauli Date: Fri, 6 Oct 2023 10:32:20 +1100 Subject: [PATCH 20/24] test: add unit test for CVE-2023-5363 Reviewed-by: Hugo Landau Reviewed-by: Matt Caswell (cherry picked from commit efce76073edc228bbbbc09e65aa076ad5f15ac2c) Signed-off-by: fly2x --- test/evp_extra_test.c | 253 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 253 insertions(+) diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index cfffa21350..2318bf6a68 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -4851,6 +4851,253 @@ static int test_ecx_not_private_key(int tst) } #endif /* OPENSSL_NO_EC */ +static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, + const unsigned char *gcm_iv, size_t gcm_ivlen, + const unsigned char *gcm_pt, size_t gcm_pt_s, + const unsigned char *gcm_aad, size_t gcm_aad_s, + const unsigned char *gcm_ct, size_t gcm_ct_s, + const unsigned char *gcm_tag, size_t gcm_tag_s) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen, tmplen; + unsigned char outbuf[1024]; + unsigned char outtag[16]; + OSSL_PARAM params[2] = { + OSSL_PARAM_END, OSSL_PARAM_END + }; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, + &gcm_ivlen); + + if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) + || (gcm_aad != NULL + && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, + gcm_aad, gcm_aad_s))) + || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, + gcm_pt, gcm_pt_s)) + || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) + goto err; + + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + outtag, sizeof(outtag)); + + if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) + || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) + || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) + goto err; + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, + const unsigned char *gcm_iv, size_t gcm_ivlen, + const unsigned char *gcm_pt, size_t gcm_pt_s, + const unsigned char *gcm_aad, size_t gcm_aad_s, + const unsigned char *gcm_ct, size_t gcm_ct_s, + const unsigned char *gcm_tag, size_t gcm_tag_s) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen; + unsigned char outbuf[1024]; + OSSL_PARAM params[2] = { + OSSL_PARAM_END, OSSL_PARAM_END + }; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + + if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, + &gcm_ivlen); + + if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) + || (gcm_aad != NULL + && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, + gcm_aad, gcm_aad_s))) + || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, + gcm_ct, gcm_ct_s)) + || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) + goto err; + + params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, + (void*)gcm_tag, gcm_tag_s); + + if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) + ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) + goto err; + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int test_aes_gcm_ivlen_change_cve_2023_5363(void) +{ + /* AES-GCM test data obtained from NIST public test vectors */ + static const unsigned char gcm_key[] = { + 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, + 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, + 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b, + }; + static const unsigned char gcm_iv[] = { + 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, + 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca, + 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14, + 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09, + 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8, + 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24, + 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0, + 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, + 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, + 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, + 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d, + }; + static const unsigned char gcm_pt[] = { + 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, + 0x4f, 0xe3, 0x6f, 0x81, + }; + static const unsigned char gcm_ct[] = { + 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, + 0xe2, 0xd0, 0xec, 0xed, + }; + static const unsigned char gcm_tag[] = { + 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, + 0xdb, 0x99, 0x6c, 0x21, + }; + + return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), + gcm_pt, sizeof(gcm_pt), NULL, 0, + gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) + && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), + gcm_pt, sizeof(gcm_pt), NULL, 0, + gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); +} + +#ifndef OPENSSL_NO_RC4 +static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, + const unsigned char *rc4_pt, size_t rc4_pt_s, + const unsigned char *rc4_ct, size_t rc4_ct_s) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen, tmplen; + unsigned char outbuf[1024]; + OSSL_PARAM params[2] = { + OSSL_PARAM_END, OSSL_PARAM_END + }; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, + &rc4_key_s); + + if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) + || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, + rc4_pt, rc4_pt_s)) + || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) + goto err; + + if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) + goto err; + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, + const unsigned char *rc4_pt, size_t rc4_pt_s, + const unsigned char *rc4_ct, size_t rc4_ct_s) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen; + unsigned char outbuf[1024]; + OSSL_PARAM params[2] = { + OSSL_PARAM_END, OSSL_PARAM_END + }; + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + + if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, + &rc4_key_s); + + if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) + || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, + rc4_ct, rc4_ct_s)) + || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) + goto err; + + ret = 1; +err: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +static int test_aes_rc4_keylen_change_cve_2023_5363(void) +{ + /* RC4 test data obtained from RFC 6229 */ + static const struct { + unsigned char key[5]; + unsigned char padding[11]; + } rc4_key = { + { /* Five bytes of key material */ + 0x83, 0x32, 0x22, 0x77, 0x2a, + }, + { /* Random padding to 16 bytes */ + 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 + } + }; + static const unsigned char rc4_pt[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + static const unsigned char rc4_ct[] = { + 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, + 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda + }; + + if (lgcyprov == NULL) + return TEST_skip("Test requires legacy provider to be loaded"); + + return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), + rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) + && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), + rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); +} +#endif + int setup_tests(void) { OPTION_CHOICE o; @@ -4994,6 +5241,12 @@ int setup_tests(void) ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); #endif + /* Test cases for CVE-2023-5363 */ + ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); +#ifndef OPENSSL_NO_RC4 + ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); +#endif + return 1; } -- Gitee From dd04d783afdbca3f4ed3cee5ec68d2a74ec58cba Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 24 Oct 2023 14:47:21 +0100 Subject: [PATCH 21/24] Copyright year updates Reviewed-by: Tomas Mraz Release: yes Signed-off-by: fly2x --- apps/dhparam.c | 2 +- apps/dsaparam.c | 2 +- apps/gendsa.c | 2 +- apps/genpkey.c | 2 +- apps/genrsa.c | 2 +- crypto/arm_arch.h | 2 +- crypto/bn/bn_gcd.c | 2 +- crypto/cms/cms_enc.c | 2 +- crypto/dh/dh_key.c | 2 +- crypto/dh/dh_lib.c | 2 +- crypto/dsa/dsa_check.c | 2 +- crypto/dsa/dsa_lib.c | 2 +- crypto/engine/eng_pkey.c | 2 +- crypto/evp/evp_enc.c | 2 +- crypto/evp/legacy_sha.c | 2 +- crypto/ex_data.c | 2 +- crypto/lhash/lhash.c | 2 +- crypto/modes/asm/ghashv8-armx.pl | 2 +- crypto/param_build_set.c | 2 +- crypto/poly1305/asm/poly1305-armv8.pl | 2 +- crypto/property/property_parse.c | 2 +- crypto/rsa/rsa_backend.c | 2 +- crypto/rsa/rsa_lib.c | 2 +- doc/man3/CMS_add1_signer.pod | 2 +- doc/man3/DH_generate_parameters.pod | 2 +- doc/man3/DSA_generate_parameters.pod | 2 +- doc/man3/PKCS5_PBKDF2_HMAC.pod | 2 +- doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod | 2 +- doc/man3/SSL_CTX_set_info_callback.pod | 2 +- doc/man3/d2i_PKCS8PrivateKey_bio.pod | 2 +- include/openssl/evp.h | 2 +- include/openssl/pkcs7.h.in | 2 +- providers/implementations/encode_decode/encode_key2text.c | 2 +- providers/implementations/macs/kmac_prov.c | 2 +- test/recipes/05-test_rand.t | 2 +- test/rsa_test.c | 2 +- 36 files changed, 36 insertions(+), 36 deletions(-) diff --git a/apps/dhparam.c b/apps/dhparam.c index c4b5559ef8..2a54dca9d8 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/dsaparam.c b/apps/dsaparam.c index cb3f9d9eaf..ca91beb5b8 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/gendsa.c b/apps/gendsa.c index 34f7af377d..8aefca6556 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/genpkey.c b/apps/genpkey.c index 8774a4ee28..705e5c76b4 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/apps/genrsa.c b/apps/genrsa.c index 390a5d72a7..6a683517a1 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index 0b0d5f8d0b..ec4a087fed 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 6a31ff87ef..cd0b0151ec 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index b5faf5e3c6..ae88df33a7 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index fb9ef5dd7c..d84ea99241 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 57ea2ee492..5577413e1e 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c index ec3534d35c..fb0e9129a2 100644 --- a/crypto/dsa/dsa_check.c +++ b/crypto/dsa/dsa_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index ebe3685d46..2ae3f8e36b 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c index a8f1371a79..f84fcde460 100644 --- a/crypto/engine/eng_pkey.c +++ b/crypto/engine/eng_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 6a819590e6..4e6f83e3d0 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c index 0c2afc2900..ca9a326497 100644 --- a/crypto/evp/legacy_sha.c +++ b/crypto/evp/legacy_sha.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 455b63cd57..13b9288994 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index bd39b1ba57..a01cfa725e 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index 1c53ae0690..b3d9404172 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/param_build_set.c b/crypto/param_build_set.c index cce19e6990..5de06cc7ed 100644 --- a/crypto/param_build_set.c +++ b/crypto/param_build_set.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl index 0b7d4d8af8..dc39f4053f 100755 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ b/crypto/poly1305/asm/poly1305-armv8.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index b3d99d2544..e3a4998df1 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c index 607bfbff68..f9d1cb361d 100644 --- a/crypto/rsa/rsa_backend.c +++ b/crypto/rsa/rsa_backend.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index acc8db4cb0..71a17a9234 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_add1_signer.pod b/doc/man3/CMS_add1_signer.pod index 11afecb905..d606a02cc1 100644 --- a/doc/man3/CMS_add1_signer.pod +++ b/doc/man3/CMS_add1_signer.pod @@ -99,7 +99,7 @@ L, =head1 COPYRIGHT -Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod index fa4ac54fb8..9c1dff7aed 100644 --- a/doc/man3/DH_generate_parameters.pod +++ b/doc/man3/DH_generate_parameters.pod @@ -164,7 +164,7 @@ DH_generate_parameters_ex() instead. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DSA_generate_parameters.pod b/doc/man3/DSA_generate_parameters.pod index 32eecb6891..a10dc9ba27 100644 --- a/doc/man3/DSA_generate_parameters.pod +++ b/doc/man3/DSA_generate_parameters.pod @@ -126,7 +126,7 @@ DSA_generate_parameters_ex() instead. =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS5_PBKDF2_HMAC.pod b/doc/man3/PKCS5_PBKDF2_HMAC.pod index 3da271bdbf..8b5feff919 100644 --- a/doc/man3/PKCS5_PBKDF2_HMAC.pod +++ b/doc/man3/PKCS5_PBKDF2_HMAC.pod @@ -67,7 +67,7 @@ L =head1 COPYRIGHT -Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod b/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod index b74c869b83..3913ea9390 100644 --- a/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod +++ b/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod @@ -55,7 +55,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CTX_set_info_callback.pod b/doc/man3/SSL_CTX_set_info_callback.pod index 99f59b063c..c1c6a67f85 100644 --- a/doc/man3/SSL_CTX_set_info_callback.pod +++ b/doc/man3/SSL_CTX_set_info_callback.pod @@ -160,7 +160,7 @@ L =head1 COPYRIGHT -Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_PKCS8PrivateKey_bio.pod b/doc/man3/d2i_PKCS8PrivateKey_bio.pod index 55ec346575..51d8aa8cfb 100644 --- a/doc/man3/d2i_PKCS8PrivateKey_bio.pod +++ b/doc/man3/d2i_PKCS8PrivateKey_bio.pod @@ -64,7 +64,7 @@ L =head1 COPYRIGHT -Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 22e8c25098..e64072f965 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/pkcs7.h.in b/include/openssl/pkcs7.h.in index e53b9d3b08..006b38b604 100644 --- a/include/openssl/pkcs7.h.in +++ b/include/openssl/pkcs7.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c index 9ec3490c3a..3e75a9afb3 100644 --- a/providers/implementations/encode_decode/encode_key2text.c +++ b/providers/implementations/encode_decode/encode_key2text.c @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index 8ad454b2dc..99e7c60a74 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/test/recipes/05-test_rand.t b/test/recipes/05-test_rand.t index 1e72f7c20d..aa012c1907 100644 --- a/test/recipes/05-test_rand.t +++ b/test/recipes/05-test_rand.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy diff --git a/test/rsa_test.c b/test/rsa_test.c index e489aeaa29..18345b431a 100644 --- a/test/rsa_test.c +++ b/test/rsa_test.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy -- Gitee From 6fde017741aaeafffed8d615a6a93e142a087ae0 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 24 Oct 2023 14:48:41 +0100 Subject: [PATCH 22/24] make update Reviewed-by: Tomas Mraz Release: yes Signed-off-by: fly2x --- providers/fips-sources.checksums | 40 ++++++++++++++++---------------- providers/fips.checksum | 2 +- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index f55fa914be..fa977f5a98 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -21,7 +21,7 @@ c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7 crypto/aes/asm c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6 crypto/aes/asm/aesp8-ppc.pl e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl -a097f9d71de7cefa8e93629033ff1986fb01128623ec051d9b5afef55c0e5ebb crypto/aes/asm/aesv8-armx.pl +e3955352a92d56905d63e68937e4758f13190a14a10a3dcb1e5c641c49913c0c crypto/aes/asm/aesv8-armx.pl 5e8005fdb6641df465bdda20c3476f7176e6bcd63d5073044a0c02a327c7f172 crypto/aes/asm/bsaes-armv7.pl 0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl 1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196 crypto/aes/asm/vpaes-armv8.pl @@ -79,7 +79,7 @@ d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_d 74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c a29b8b7fa8460f11e50f880e3c3c9e0755b93889bcbb5476206c4d938a9c5735 crypto/bn/bn_exp.c ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c -1abab2cc5466b005b939d156e7d8664a4d42a191c9040dbb83941269d6844f0c crypto/bn/bn_gcd.c +baba7c8ae95af6aa36bc9f4be3a2eed33d500451e568ca4bfc6bc7cb48d4f7ea crypto/bn/bn_gcd.c 4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c 081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c 602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c @@ -122,20 +122,20 @@ eeef5722ad56bf1af2ff71681bcc8b8525bc7077e973c98cee920ce9bcc66c81 crypto/des/ecb 61926e30dd940616e80936d1c94c5f522daf0d475fb3a40a9e589e78f322901e crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h 816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c -d2d0569bea2598bd405f23b60e5283a6ce353f1145a25ff8f28cf15711743156 crypto/dh/dh_check.c +fcbfe5acb73e1b4094efec56a754b803d2c1a53644c78cf6a73ae868e3f3886d crypto/dh/dh_check.c 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c 6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c -0afa7dd237f9b21b0cfb0de10505facd57eb07ded905d888d43a1de2356d4002 crypto/dh/dh_key.c -b0046b2c4e1d74ff4e93f2486a00f63728909b8a75cbdd29b9100e607f97995c crypto/dh/dh_lib.c +9e61a0b5017d835b348b15e93760c42d8d899ffae4251455c7b3085cfd25294c crypto/dh/dh_key.c +92345c259ea2a8c09e6d6b069d0942bd6ca4642231580f3e8148ae7a832a1115 crypto/dh/dh_lib.c 8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c -b9c5992089203123c3fae46e39bb4d05e19854087bca7a30ad1f82a3505deec7 crypto/dsa/dsa_check.c +d7e0d87494e3b3f0898a56785a219e87a2ce14416393ec32d8c0b5f539c7bdbf crypto/dsa/dsa_check.c ae727bf6319eb57e682de35d75ea357921987953b3688365c710e7fba51c7c58 crypto/dsa/dsa_gen.c b1de1624e590dbf76f76953802ff162cc8de7c5e2eaba897313c866424d6902b crypto/dsa/dsa_key.c -9e436a2e0867920c3a5ac58bc14300cad4ab2c4c8fe5e40b355dfd21bfdfe146 crypto/dsa/dsa_lib.c +9f4837c5abe53613a2dc1c5db81d073d4f42bd28b6a2d1e93a2b350d8e25d52a crypto/dsa/dsa_lib.c f4d52d3897219786c6046bf76abb2f174655c584caa50272bf5d281720df5022 crypto/dsa/dsa_local.h -38062c6eebdb2f88fa0c6592837a96a49de2ae520d3ad483a3e02921c8adb094 crypto/dsa/dsa_ossl.c +c5c252f205482a71efeabe226d51a1c541a6ba2dfa9b8b8a70901087a9dc1667 crypto/dsa/dsa_ossl.c d612fd05ff98816ba6cf37f84c0e31443ad9d840ed587a7ab2066027da390325 crypto/dsa/dsa_sign.c 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1 crypto/dsa/dsa_vrf.c d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a crypto/ec/asm/ecp_nistp521-ppc64.pl @@ -193,7 +193,7 @@ b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_ 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c 1af3872164b4a4757bc7896a24b4d2f8eb2cfb4cba0d872a93db69975693e0a6 crypto/evp/digest.c 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c -1c3d1b1f800b1f1f5adb1fdbdd67cdf37ca7ea93b264d1468c72a63c140873ce crypto/evp/evp_enc.c +61df3942752307b7006f09d7628348a0cc9e5555469a3a8862349067a52824b7 crypto/evp/evp_enc.c 7f10367f9b6191c4a8c01784130d26b2d778485a41cdac5fa17c9a1c4096f132 crypto/evp/evp_fetch.c ebe32b2895f7f9767710674352c8949efe93b4bbb5e7b71c27bb5d1822339b46 crypto/evp/evp_lib.c 78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h @@ -213,11 +213,11 @@ e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac 1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c 76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c 4b2dbddf0f9ceed34c3822347138be754fb194febca1c21c46bcc3a5cce33674 crypto/evp/signature.c -b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c +f2acfb82aac20251d05a9c252cc6c282bd44e43feac4ac2e0faf68b9a38aef57 crypto/ex_data.c 1c8389c5d49616d491978f0f2b2a54ba82d805ec41c8f75c67853216953cf46a crypto/ffc/ffc_backend.c a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c 854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c -2695c9c8ad9193a8c1ab53d5d09712d50d12c91eb8d62e8a15cbc78f327afe84 crypto/ffc/ffc_key_validate.c +4e973d956d4ec2087994de8e963be1a512da1441f22e6e7b9cd7ee536e3ff834 crypto/ffc/ffc_key_validate.c 8b72d5a7452b2c15aec6d20027053a83f7df89d49a3b6cfedd77e2b1a29e9fc1 crypto/ffc/ffc_params.c 1a1d227f9a0f427d2ec93bc646c726c9cd49a84a343b4aff0c9c744fa6df05a9 crypto/ffc/ffc_params_generate.c 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c @@ -225,7 +225,7 @@ a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h 0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S f897493b50f4e9dd4cacb2a7accda6683c10ece602641874cdff1dac7128a751 crypto/initthread.c -5482c47c266523129980302426d25839fda662f1544f4b684707e6b272a952c9 crypto/lhash/lhash.c +7290d8d7ec31a98b17618f218d4f27b393501c7606c814a43db8af1975ad1d10 crypto/lhash/lhash.c 5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e crypto/lhash/lhash_local.h f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0 crypto/mem_clr.c e14f48d4112c0efe3826b4aa390cc24045a85298cc551ec7f3f36ac4236d7d81 crypto/modes/asm/aes-gcm-armv8_64.pl @@ -240,7 +240,7 @@ e472d73d06933667a51a0af973479993eed333c71b43af03095450acb36dbeb4 crypto/modes/a 26f55a57e77f774d17dfba93d757f78edfa3a03f68a71ffa37ccf3bfc468b1e2 crypto/modes/asm/ghash-x86.pl 72744131007d2389c09665a59a862f5f6bb61b64bd3456e9b400985cb56586b8 crypto/modes/asm/ghash-x86_64.pl a4e9f2e496bd9362b17a1b5989aa4682647cefcff6117f0607122a9e11a9dfd9 crypto/modes/asm/ghashp8-ppc.pl -0029b5beb1d4cd4c5ad47164c23f3e7c9d1eaff66ef54af025ee26795b11a1c7 crypto/modes/asm/ghashv8-armx.pl +69a13f423ca74c22543900c14aef4a848e3bc75504b65d2f51c6903aebcc17a7 crypto/modes/asm/ghashv8-armx.pl 65112dfe63cd59487e7bdb1706b44acfcf48ecede12cc3ae51daa5b661f41f06 crypto/modes/cbc128.c 1611e73dc1e01b5c2201f51756a7405b7673aa0bb872e2957d1ec80c3530486f crypto/modes/ccm128.c d8c2f256532a4b94db6d03aea5cb609cccc938069f644b2fc77c5015648d148d crypto/modes/cfb128.c @@ -252,7 +252,7 @@ e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/w 8aa2504f84a0637b5122f0c963c9d82773ba248bad972ab92be7169995d162b5 crypto/o_str.c 8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c a20bfd927d69737c86ca95d3cf636afa8cefd8fe23412d1a3897644a0da21211 crypto/param_build.c -c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c +2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d crypto/param_build_set.c 0e4a5388a92fabbe5a540176c0b4c5ce258b78dc9168ecc2e805352a06aaf0ba crypto/params.c 4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c @@ -261,7 +261,7 @@ a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_ b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c 3c4ade2fed4605e374d85ec1134a98da34e7124f89f44b81a754e8cfe81f14ba crypto/property/property.c 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h -921305e62749aec22da4843738bee3448b61e7e30d5309beddc7141ad07a8004 crypto/property/property_parse.c +099407e68e705f1458b701b9336f633565fc0843355fedf1ec83794349548a51 crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c 0ba5d0297837940c972224c97cbbf3ea4a723c1eed9ce1112538c9bb26208639 crypto/provider_core.c @@ -270,11 +270,11 @@ d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provide a5a4472636b8b0095ad8d4acd37e275ad79da1a67ecff7b7b5c3e46c9ebc65b7 crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c -9e7dd6fc91d3266d4aa4f0f41b7986381122b7d98114e63ebf04c5ee298b5fda crypto/rsa/rsa_backend.c +5834d7c518ad53ea0dd3db811c0e51568c81cc6c117012030101d29003d0725c crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e32cfa04221a2a3ea33f7bcb93ee51b84cbeba97e94c1fbf6e420b24f97fc9ce crypto/rsa/rsa_crpt.c e995da1c2e5007bd7f5907f369fe45ed15f4e657143a85078c755bd5e6863d0b crypto/rsa/rsa_gen.c -74ed75d1d8e0844800504a137bfd81c3dbcb6c4bd58b5d5fe9d0a362092b6e88 crypto/rsa/rsa_lib.c +f2222f270e57559537d3da8abbeb1390bc5376b73dae59d536af6e73eb48bba0 crypto/rsa/rsa_lib.c a65e85be5269d8cb88e86b3413c978fa8994419a671092cbf104ff1a08fda23b crypto/rsa/rsa_local.h cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c @@ -430,7 +430,7 @@ bc9ec2be442a4f49980ba2c63c8f0da701de1f6e23d7db35d781658f833dd7b9 include/openss 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h c6ee8f17d7252bdd0807a124dc6d50a95c32c04e17688b7c2e061998570b7028 include/openssl/err.h.in -12ec111c0e22581e0169be5e1838353a085fb51e3042ef59a7db1cee7da73c5b include/openssl/evp.h +b23bf3e2d0a60fe4d768afbe7aab48b47791e1274ae42b28895255119ae7f61d include/openssl/evp.h 5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h 5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h b1d41beba560a41383f899a361b786e04f889106fb5960ec831b0af7996c9783 include/openssl/fipskey.h.in @@ -567,7 +567,7 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/impl 589f6133799da80760e8bc3ab0191a341ab6d4d2706e92e6eb4a24b0250fefa6 providers/implementations/kdfs/tls1_prf.c 4d4a6d9a562d2dcfec941d3f113a544663b5ac2fbe4accd89ec70c1cc11751d0 providers/implementations/kdfs/x942kdf.c 6b6c776b12664164f3cb54c21df61e1c4477c7855d89431a16fb338cdae58d43 providers/implementations/kem/rsa_kem.c -9d5eb7e056e790b1b4292ec7af03fbf0b26e34625c70eb36643451965bcfc696 providers/implementations/keymgmt/dh_kmgmt.c +11a0d0fb88ed88e965f10b3a0ef6c880f60341df995128f57ad943053aaf15b2 providers/implementations/keymgmt/dh_kmgmt.c a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304 providers/implementations/keymgmt/dsa_kmgmt.c 9bc88451d3ae110c7a108ee73d3b3b6bda801ec3494d2dfb9c9970b85c2d34fe providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc @@ -578,7 +578,7 @@ a329f57cb041cd03907e9d996fbc2f378ee116c7f8d7fbf1ea08b7a5df7e0304 providers/impl aeb42590728ca87b916b8a3d337351b1c82ee0747213e5ce740c2350b3db7185 providers/implementations/macs/cmac_prov.c e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c 895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c -f75fbfe5348f93ad610da7d310f4e8fecf18c0549f27605da25d393c33e0edc2 providers/implementations/macs/kmac_prov.c +8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c 9d23df7f99beec7392c9d4ed813407050bc2d150098888fe802e2c9705fc33fa providers/implementations/rands/drbg.c bb5f8161a80d0d1a7ee919af2b167972b00afd62e326252ca6aa93101f315f19 providers/implementations/rands/drbg_ctr.c diff --git a/providers/fips.checksum b/providers/fips.checksum index db5ddc6cb7..347a961433 100644 --- a/providers/fips.checksum +++ b/providers/fips.checksum @@ -1 +1 @@ -8d97c837eeb1288f74788f0e48cb0cbc8498d4cf7ddc25c89344df7d5309ffc8 providers/fips-sources.checksums +114b59f288ec2d6ddfcd26187f43cad614c6d4e4a7aba24410494f46f627671c providers/fips-sources.checksums -- Gitee From e39768c605f6d32be08b293429d7f275ead87c85 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 24 Oct 2023 14:48:41 +0100 Subject: [PATCH 23/24] Prepare for release of 3.0.12 Reviewed-by: Tomas Mraz Release: yes Signed-off-by: fly2x --- CHANGES.md | 2 +- NEWS.md | 2 +- VERSION.dat | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6d0f495dcc..f464b2320e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -28,7 +28,7 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod -### Changes between 3.0.11 and 3.0.12 [xx XXX xxxx] +### Changes between 3.0.11 and 3.0.12 [24 Oct 2023] * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters diff --git a/NEWS.md b/NEWS.md index b4e57b7fd8..8f0d973e05 100644 --- a/NEWS.md +++ b/NEWS.md @@ -18,7 +18,7 @@ OpenSSL Releases OpenSSL 3.0 ----------- -### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [under development] +### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023] * Mitigate incorrect resize handling for symmetric cipher keys and IVs. ([CVE-2023-5363]) diff --git a/VERSION.dat b/VERSION.dat index b9d08f44f5..9d9448118e 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 PATCH=12 -PRE_RELEASE_TAG=dev +PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="" +RELEASE_DATE="24 Oct 2023" SHLIB_VERSION=3 -- Gitee From 757697393d8011a6f19bec5ded936bc1b5293667 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 24 Oct 2023 14:48:49 +0100 Subject: [PATCH 24/24] Prepare for 3.0.13 Reviewed-by: Tomas Mraz Release: yes Signed-off-by: fly2x --- CHANGES.md | 4 ++++ NEWS.md | 4 ++++ VERSION.dat | 6 +++--- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index f464b2320e..fad0e559aa 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -28,6 +28,10 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.12 and 3.0.13 [xx XXX xxxx] + + * none yet + ### Changes between 3.0.11 and 3.0.12 [24 Oct 2023] * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), diff --git a/NEWS.md b/NEWS.md index 8f0d973e05..1d1bda963c 100644 --- a/NEWS.md +++ b/NEWS.md @@ -18,6 +18,10 @@ OpenSSL Releases OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [under development] + + * none + ### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023] * Mitigate incorrect resize handling for symmetric cipher keys and IVs. diff --git a/VERSION.dat b/VERSION.dat index 9d9448118e..bb163d5b3e 100644 --- a/VERSION.dat +++ b/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=12 -PRE_RELEASE_TAG= +PATCH=13 +PRE_RELEASE_TAG=dev BUILD_METADATA= -RELEASE_DATE="24 Oct 2023" +RELEASE_DATE="" SHLIB_VERSION=3 -- Gitee