diff -Nru openssl-3.5.5/apps/cmp.c openssl-3.5.6/apps/cmp.c --- openssl-3.5.5/apps/cmp.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/apps/cmp.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -1421,7 +1421,10 @@ out_vpm = X509_STORE_get0_param(out_trusted); X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME); - (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted); + if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) { + X509_STORE_free(out_trusted); + return 0; + } } if (opt_disable_confirm) @@ -3390,6 +3393,12 @@ int paramtype; const void *param; + /* NULL check to prevent dereferencing a NULL pointer when print_keyspec is called */ + if (alg == NULL) { + BIO_puts(mem, "Key algorithm: \n"); + break; + } + X509_ALGOR_get0(&oid, ¶mtype, ¶m, alg); BIO_printf(mem, "Key algorithm: "); i2a_ASN1_OBJECT(mem, oid); @@ -3789,8 +3798,7 @@ if (opt_ignore_keyusage) (void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1); if (opt_no_cache_extracerts) - (void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS, - 1); + (void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS, 1); if (opt_reqout_only == NULL && (opt_use_mock_srv #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) @@ -3806,7 +3814,7 @@ srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx); if (!OSSL_CMP_CTX_set_log_cb(srv_cmp_ctx, print_to_bio_err)) { - CMP_err1("cannot set up error reporting and logging for %s", prog); + CMP_err1("cannot set up server-side error reporting and logging for %s", prog); goto err; } OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity); diff -Nru openssl-3.5.5/apps/include/cmp_mock_srv.h openssl-3.5.6/apps/include/cmp_mock_srv.h --- openssl-3.5.5/apps/include/cmp_mock_srv.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/apps/include/cmp_mock_srv.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -19,6 +19,8 @@ OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq); void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx); +OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req); int ossl_cmp_mock_srv_set1_refCert(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); @@ -34,6 +36,7 @@ int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status, int fail_info, const char *text); int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype); +int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype); int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count); int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec); diff -Nru openssl-3.5.5/apps/lib/app_provider.c openssl-3.5.6/apps/lib/app_provider.c --- openssl-3.5.5/apps/lib/app_provider.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/apps/lib/app_provider.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,6 +47,7 @@ app_providers = sk_OSSL_PROVIDER_new_null(); if (app_providers == NULL || !sk_OSSL_PROVIDER_push(app_providers, prov)) { + OSSL_PROVIDER_unload(prov); app_providers_cleanup(); return 0; } diff -Nru openssl-3.5.5/apps/lib/apps.c openssl-3.5.6/apps/lib/apps.c --- openssl-3.5.5/apps/lib/apps.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/apps/lib/apps.c 2026-04-07 14:26:30.000000000 +0200 @@ -191,8 +191,13 @@ } if (arg2 != NULL) { *pass2 = app_get_pass(arg2, same ? 2 : 0); - if (*pass2 == NULL) + if (*pass2 == NULL) { + if (pass1 != NULL) { + clear_free(*pass1); + *pass1 = NULL; + } return 0; + } } else if (pass2 != NULL) { *pass2 = NULL; } @@ -263,15 +268,15 @@ } } else { /* argument syntax error; do not reveal too much about arg */ - tmp = strchr(arg, ':'); - if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX) + const char *arg_ptr = strchr(arg, ':'); + if (arg_ptr == NULL || arg_ptr - arg > PASS_SOURCE_SIZE_MAX) BIO_printf(bio_err, "Invalid password argument, missing ':' within the first %d chars\n", PASS_SOURCE_SIZE_MAX + 1); else BIO_printf(bio_err, "Invalid password argument, starting with \"%.*s\"\n", - (int)(tmp - arg + 1), arg); + (int)(arg_ptr - arg + 1), arg); return NULL; } } @@ -2494,7 +2499,7 @@ error: X509_CRL_free(crl); - sk_X509_CRL_free(crls); + sk_X509_CRL_pop_free(crls, X509_CRL_free); return NULL; } diff -Nru openssl-3.5.5/apps/lib/cmp_mock_srv.c openssl-3.5.6/apps/lib/cmp_mock_srv.c --- openssl-3.5.5/apps/lib/cmp_mock_srv.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/apps/lib/cmp_mock_srv.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -10,6 +10,7 @@ #include "apps.h" #include "cmp_mock_srv.h" +#include "../../crypto/cmp/cmp_local.h" /* for access to msg->protection */ #include #include @@ -28,6 +29,7 @@ X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */ OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */ int sendError; /* send error response on given request type */ + int useBadProtection; /* use bad protection on given response type */ OSSL_CMP_MSG *req; /* original request message during polling */ int pollCount; /* number of polls before actual cert response */ int curr_pollCount; /* number of polls so far for current request */ @@ -59,6 +61,7 @@ goto err; ctx->sendError = -1; + ctx->useBadProtection = -1; /* all other elements are initialized to 0 or NULL, respectively */ return ctx; @@ -187,6 +190,19 @@ return 1; } +int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype) +{ + mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); + + if (ctx == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); + return 0; + } + /* might check bodytype, but this would require exporting all body types */ + ctx->useBadProtection = bodytype; + return 1; +} + int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count) { mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); @@ -591,6 +607,7 @@ if (rsp != NULL && sk_OSSL_CMP_ITAV_push(*out, rsp)) return 1; sk_OSSL_CMP_ITAV_free(*out); + OSSL_CMP_ITAV_free(rsp); return 0; } @@ -712,6 +729,25 @@ return 1; } +OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx, + const OSSL_CMP_MSG *req) +{ + OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_CTX_get_transfer_cb_arg(ctx); + OSSL_CMP_MSG *rsp = OSSL_CMP_CTX_server_perform(ctx, req); + + if (srv_ctx != NULL && rsp != NULL) { + mock_srv_ctx *mock_ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); + + if (mock_ctx != NULL && OSSL_CMP_MSG_get_bodytype(rsp) == mock_ctx->useBadProtection) { + ASN1_BIT_STRING *prot = rsp->protection; + + if (prot != NULL && prot->length != 0 && prot->data != NULL) + prot->data[0] ^= 0x80; /* flip most significant bit of the first byte */ + } + } + return rsp; +} + OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq) { OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq); diff -Nru openssl-3.5.5/apps/lib/win32_init.c openssl-3.5.6/apps/lib/win32_init.c --- openssl-3.5.5/apps/lib/win32_init.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/apps/lib/win32_init.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,6 @@ #include #include #include -#include #if defined(CP_UTF8) diff -Nru openssl-3.5.5/apps/ocsp.c openssl-3.5.6/apps/ocsp.c --- openssl-3.5.5/apps/ocsp.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/apps/ocsp.c 2026-04-07 14:26:30.000000000 +0200 @@ -876,7 +876,7 @@ i = OCSP_basic_verify(bs, verify_other, store, verify_flags); if (i <= 0 && issuers) { - i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER); + i = OCSP_basic_verify(bs, issuers, store, verify_flags); if (i > 0) ERR_clear_error(); } diff -Nru openssl-3.5.5/apps/s_client.c openssl-3.5.6/apps/s_client.c --- openssl-3.5.5/apps/s_client.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/apps/s_client.c 2026-04-07 14:26:30.000000000 +0200 @@ -3892,7 +3892,11 @@ static int user_data_add(struct user_data_st *user_data, size_t i) { - if (user_data->buflen != 0 || i > user_data->bufmax) + /* + * We must allow one byte for a NUL terminator so i must be less than + * bufmax + */ + if (user_data->buflen != 0 || i >= user_data->bufmax) return 0; user_data->buflen = i; diff -Nru openssl-3.5.5/apps/ts.c openssl-3.5.6/apps/ts.c --- openssl-3.5.5/apps/ts.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/apps/ts.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -348,7 +348,7 @@ if ((in != NULL) && (queryfile != NULL)) goto opthelp; if (in == NULL) { - if ((conf == NULL) || (token_in != 0)) + if (conf == NULL || token_in != 0 || queryfile == NULL) goto opthelp; } ret = !reply_command(conf, section, engine, queryfile, diff -Nru openssl-3.5.5/build.info openssl-3.5.6/build.info --- openssl-3.5.5/build.info 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/build.info 2026-04-07 14:26:30.000000000 +0200 @@ -108,12 +108,10 @@ SHARED_SOURCE[libssl]=libssl.rc ENDIF -# This file sets the build directory up for CMake inclusion -# Note: This generation of OpenSSLConfig[Version].cmake is used -# for building openssl locally, and so the build variables are -# taken from builddata.pm rather than installdata.pm. For exportable -# versions of these generated files, you'll find them in the exporters -# directory +# These files set the build directory up for CMake inclusion. +# To achieve this, their variables are taken from builddata.pm. +# These files are not installed; you will find the installable +# versions in the 'exporters' directory. GENERATE[OpenSSLConfig.cmake]=exporters/cmake/OpenSSLConfig.cmake.in DEPEND[OpenSSLConfig.cmake]=builddata.pm GENERATE[OpenSSLConfigVersion.cmake]=exporters/cmake/OpenSSLConfigVersion.cmake.in @@ -121,7 +119,10 @@ DEPEND[OpenSSLConfigVersion.cmake]=OpenSSLConfig.cmake DEPEND[""]=OpenSSLConfigVersion.cmake -# This file sets the build directory up for pkg-config +# These files set the build directory up for pkg-config use. +# To achieve this, their variables are taken from builddata.pm. +# These files are not installed; you will find the installable +# versions in the 'exporters' directory. GENERATE[libcrypto.pc]=exporters/pkg-config/libcrypto.pc.in DEPEND[libcrypto.pc]=builddata.pm GENERATE[libssl.pc]=exporters/pkg-config/libssl.pc.in @@ -131,6 +132,7 @@ DEPEND[openssl.pc]=libcrypto.pc libssl.pc GENERATE[builddata.pm]=util/mkinstallvars.pl \ + COMMENT="This file should be used when building against this OpenSSL build, and should never be installed" \ PREFIX=. BINDIR=apps APPLINKDIR=ms \ LIBDIR= INCLUDEDIR=include "INCLUDEDIR=$(SRCDIR)/include" \ ENGINESDIR=engines MODULESDIR=providers \ diff -Nru openssl-3.5.5/CHANGES.md openssl-3.5.6/CHANGES.md --- openssl-3.5.5/CHANGES.md 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/CHANGES.md 2026-04-07 14:26:30.000000000 +0200 @@ -28,6 +28,150 @@ OpenSSL 3.5 ----------- +### Changes between 3.5.5 and 3.5.6 [7 Apr 2026] + + * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. + + Severity: Moderate + + Issue summary: Applications using RSASVE key encapsulation to establish + a secret encryption key can send contents of an uninitialized memory buffer + to a malicious peer. + + Impact summary: The uninitialized buffer might contain sensitive data + from the previous execution of the application process which leads + to sensitive data leakage to an attacker. + + Reported by: Simo Sorce (Red Hat). + + ([CVE-2026-31790]) + + *Nikola Pajkovsky* + + * Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword + is used in the server-side configuration of the key-agreement group list. + + Severity: Low + + Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected + preferred key exchange group when its key exchange group configuration + includes the default by using the 'DEFAULT' keyword. + + Impact summary: A less preferred key exchange may be used even when a more + preferred group is supported by both client and server, if the group + was not included among the client's initial predicated keyshares. + This will sometimes be the case with the new hybrid post-quantum groups, + if the client chooses to defer their use until specifically requested by + the server. + + + ([CVE-2026-2673]) + + *Viktor Dukhovni* + + * Fixed potential use-after-free in DANE client code. + + Severity: Low + + Issue summary: An uncommon configuration of clients performing DANE + TLSA-based server authentication, when paired with uncommon server DANE TLSA + records, may result in a use-after-free and/or double-free on the client + side. + + Impact summary: A use after free can have a range of potential consequences + such as the corruption of valid data, crashes, or execution of arbitrary + code. + + Reported by: Igor Morgenstern (Aisle Research). + + ([CVE-2026-28387]) + + *Viktor Dukhovni* + + * Fixed NULL pointer dereference when processing a delta CRL. + + Severity: Low + + Issue summary: When a delta CRL that contains a Delta CRL Indicator extension + is processed, a NULL pointer dereference might happen if the required CRL + Number extension is missing. + + Impact summary: A NULL pointer dereference can trigger a crash which + leads to a Denial of Service for an application. + + Reported by: Igor Morgenstern (Aisle Research). + + ([CVE-2026-28388]) + + *Igor Morgenstern* + + * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. + + Severity: Low + + Issue summary: During processing of a crafted CMS EnvelopedData message + with KeyAgreeRecipientInfo a NULL pointer dereference can happen. + + Impact summary: Applications that process attacker-controlled CMS data may + crash before authentication or cryptographic operations occur resulting in + Denial of Service. + + Reported by: Nathan Sportsman (Praetorian), Daniel Rhea, + Jaeho Nam (Seoul National University), Muhammad Daffa, + Zhanpeng Liu (Tencent Xuanwu Lab), Guannan Wang (Tencent Xuanwu Lab), + Guancheng Li (Tencent Xuanwu Lab), and Joshua Rogers. + + ([CVE-2026-28389]) + + *Neil Horman* + + * Fixed possible NULL dereference when processing CMS + KeyTransportRecipientInfo. + + Severity: Low + + Issue summary: During processing of a crafted CMS EnvelopedData message + with KeyTransportRecipientInfo a NULL pointer dereference can happen. + + Impact summary: Applications that process attacker-controlled CMS data may + crash before authentication or cryptographic operations occur resulting in + Denial of Service. + + Reported by: Muhammad Daffa, Zhanpeng Liu (Tencent Xuanwu Lab), + Guannan Wang (Tencent Xuanwu Lab), Guancheng Li (Tencent Xuanwu Lab), + Joshua Rogers, and Chanho Kim. + + ([CVE-2026-28390]) + + *Neil Horman* + + * Fixed heap buffer overflow in hexadecimal conversion. + + Severity: Low + + Issue summary: Converting an excessively large OCTET STRING value to + a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. + + Impact summary: A heap buffer overflow may lead to a crash or possibly + an attacker controlled code execution or other undefined behavior. + + Reported by: Quoc Tran (Xint.io - US Team). + + ([CVE-2026-31789]) + + *Igor Ustinov* + + * Fixed usage of `openssl s_client -connect HOST -proxy PROXY` with `HOST` + containing a raw IPv6 address. + + + *Peter Zhang* + + * Fixed broken detection of plantext HTTP over TLS. + + + *Matt Caswell* + ### Changes between 3.5.4 and 3.5.5 [27 Jan 2026] * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. @@ -3461,7 +3605,7 @@ *Richard Levitte* - * Fixed an overflow bug in the x64_64 Montgomery squaring procedure + * Fixed an overflow bug in the x86_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very @@ -21607,216 +21751,223 @@ -[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796 -[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795 -[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421 -[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420 -[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419 -[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418 -[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160 -[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199 -[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469 -[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468 -[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467 -[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187 -[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 -[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231 -[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 -[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 -[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 -[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 -[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 -[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 -[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 -[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 -[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 -[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 -[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 -[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 -[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 -[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 -[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 -[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 -[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 -[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 -[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 -[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 -[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 -[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 -[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 -[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 -[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 -[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 -[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 -[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 -[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 -[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 -[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 -[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 -[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 -[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 -[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097 -[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 -[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 -[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 -[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 -[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552 -[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551 -[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549 -[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547 -[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543 -[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407 -[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739 -[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737 -[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735 -[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734 -[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733 -[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732 -[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738 -[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737 -[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736 -[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735 -[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733 -[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732 -[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731 -[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730 -[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055 -[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054 -[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053 -[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052 -[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309 -[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308 -[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307 -[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306 -[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305 -[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304 -[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303 -[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302 -[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183 -[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182 -[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181 -[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180 -[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179 -[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178 -[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177 -[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176 -[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109 -[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107 -[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106 -[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105 -[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800 -[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799 -[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798 -[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797 -[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705 -[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702 -[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701 -[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197 -[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196 -[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195 -[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194 -[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193 -[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793 -[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792 -[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791 -[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790 -[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789 -[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788 -[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787 -[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293 -[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291 -[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290 -[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289 -[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288 -[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287 -[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286 -[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285 -[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209 -[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208 -[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207 -[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206 -[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205 -[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204 -[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275 -[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139 -[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572 -[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571 -[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570 -[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569 -[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568 -[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567 -[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566 -[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513 -[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512 -[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511 -[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510 -[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509 -[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508 -[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507 -[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506 -[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505 -[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470 -[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224 -[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221 -[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195 -[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160 -[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076 -[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450 -[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353 -[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169 -[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166 -[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686 -[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333 -[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110 -[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884 -[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050 -[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027 -[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619 -[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577 -[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576 -[CVE-2011-4109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4109 -[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108 -[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210 -[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207 -[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014 -[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252 -[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180 -[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864 -[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633 -[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740 -[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433 -[CVE-2009-4355]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-4355 -[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555 -[CVE-2009-3245]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3245 -[CVE-2009-1386]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1386 -[CVE-2009-1379]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1379 -[CVE-2009-1378]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1378 -[CVE-2009-1377]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1377 -[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789 -[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591 -[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590 -[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077 -[CVE-2008-1678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1678 -[CVE-2008-1672]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1672 -[CVE-2008-0891]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-0891 -[CVE-2007-5135]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-5135 -[CVE-2007-4995]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-4995 -[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343 -[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339 -[CVE-2006-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3738 -[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940 -[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937 -[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969 -[CVE-2004-0112]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0112 -[CVE-2004-0079]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0079 -[CVE-2003-0851]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0851 -[CVE-2003-0545]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0545 -[CVE-2003-0544]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0544 -[CVE-2003-0543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0543 -[CVE-2003-0078]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0078 -[CVE-2002-0659]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0659 -[CVE-2002-0657]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0657 -[CVE-2002-0656]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0656 -[CVE-2002-0655]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0655 [CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program +[CVE-2002-0655]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0655 +[CVE-2002-0656]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0656 +[CVE-2002-0657]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0657 +[CVE-2002-0659]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0659 +[CVE-2003-0078]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0078 +[CVE-2003-0543]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0543 +[CVE-2003-0544]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0544 +[CVE-2003-0545]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0545 +[CVE-2003-0851]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0851 +[CVE-2004-0079]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0079 +[CVE-2004-0112]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0112 +[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969 +[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937 +[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940 +[CVE-2006-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3738 +[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339 +[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343 +[CVE-2007-4995]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-4995 +[CVE-2007-5135]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-5135 +[CVE-2008-0891]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-0891 +[CVE-2008-1672]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1672 +[CVE-2008-1678]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1678 +[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077 +[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590 +[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591 +[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789 +[CVE-2009-1377]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1377 +[CVE-2009-1378]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1378 +[CVE-2009-1379]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1379 +[CVE-2009-1386]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1386 +[CVE-2009-3245]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3245 +[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555 +[CVE-2009-4355]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-4355 +[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433 +[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740 +[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633 +[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864 +[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180 +[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252 +[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014 +[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207 +[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210 +[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108 +[CVE-2011-4109]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4109 +[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576 +[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577 +[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619 +[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027 +[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050 +[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884 +[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110 +[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333 +[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686 +[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166 +[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169 +[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353 +[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450 +[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076 +[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160 +[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195 +[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221 +[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224 +[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470 +[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505 +[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506 +[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507 +[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508 +[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509 +[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510 +[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511 +[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512 +[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513 +[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566 +[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567 +[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568 +[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569 +[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570 +[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571 +[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572 +[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139 +[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275 +[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204 +[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205 +[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206 +[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207 +[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208 +[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209 +[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285 +[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286 +[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287 +[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288 +[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289 +[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290 +[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291 +[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293 +[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787 +[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788 +[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789 +[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790 +[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791 +[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792 +[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793 +[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193 +[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194 +[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195 +[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196 +[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197 +[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701 +[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702 +[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705 +[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797 +[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798 +[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799 +[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800 +[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105 +[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106 +[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107 +[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109 +[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176 +[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177 +[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178 +[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179 +[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180 +[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181 +[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182 +[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183 +[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302 +[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303 +[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304 +[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305 +[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306 +[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307 +[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308 +[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309 +[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052 +[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053 +[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054 +[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055 +[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730 +[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731 +[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732 +[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733 +[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735 +[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736 +[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737 +[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738 +[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732 +[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733 +[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734 +[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735 +[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737 +[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739 +[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407 +[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543 +[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547 +[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549 +[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551 +[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552 +[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559 +[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563 +[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967 +[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971 +[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097 +[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274 +[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996 +[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203 +[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304 +[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450 +[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215 +[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216 +[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217 +[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286 +[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401 +[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464 +[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465 +[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466 +[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255 +[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650 +[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975 +[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446 +[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817 +[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807 +[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363 +[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678 +[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129 +[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237 +[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727 +[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511 +[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603 +[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741 +[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535 +[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119 +[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143 +[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176 +[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575 +[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230 +[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231 +[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232 +[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187 +[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467 +[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468 +[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469 +[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199 +[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160 +[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418 +[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419 +[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420 +[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421 +[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673 +[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795 +[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796 +[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387 +[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388 +[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389 +[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390 +[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789 +[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790 [ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations +[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 diff -Nru openssl-3.5.5/Configurations/10-main.conf openssl-3.5.6/Configurations/10-main.conf --- openssl-3.5.5/Configurations/10-main.conf 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/Configurations/10-main.conf 2026-04-07 14:26:30.000000000 +0200 @@ -5,7 +5,8 @@ my $vc_win64a_info = {}; sub vc_win64a_info { unless (%$vc_win64a_info) { - if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { + # Minimum NASM version is 2.09 otherwise SHA3 might be miscompiled + if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+)\.([0-9]+)/ && ($1 > 2 || ($1 == 2 && $2 >= 9))) { $vc_win64a_info = { AS => "nasm", ASFLAGS => "-g", asflags => "-Ox -f win64 -DNEAR", diff -Nru openssl-3.5.5/Configurations/unix-Makefile.tmpl openssl-3.5.6/Configurations/unix-Makefile.tmpl --- openssl-3.5.5/Configurations/unix-Makefile.tmpl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/Configurations/unix-Makefile.tmpl 2026-04-07 14:26:30.000000000 +0200 @@ -72,6 +72,7 @@ CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -}) SRCDIR={- $config{sourcedir} -} BLDDIR={- $config{builddir} -} +RESULT_D=$(BLDDIR)/test-runs FIPSKEY={- $config{FIPSKEY} -} VERSION={- "$config{full_version}" -} @@ -642,7 +643,7 @@ -find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \; $(RM) core $(RM) tags TAGS doc-nits md-nits - $(RM) -r test/test-runs + $(RM) -r $(RESULT_D) $(RM) providers/fips*.new -find . -type l \! -name '.*' -exec $(RM) {} \; diff -Nru openssl-3.5.5/Configurations/windows-makefile.tmpl openssl-3.5.6/Configurations/windows-makefile.tmpl --- openssl-3.5.5/Configurations/windows-makefile.tmpl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/Configurations/windows-makefile.tmpl 2026-04-07 14:26:30.000000000 +0200 @@ -38,6 +38,7 @@ PLATFORM={- $config{target} -} SRCDIR={- $config{sourcedir} -} BLDDIR={- $config{builddir} -} +RESULT_D=$(BLDDIR)\test-runs FIPSKEY={- $config{FIPSKEY} -} VERSION={- "$config{full_version}" -} @@ -222,7 +223,7 @@ LIBDIR={- our $libdir = $config{libdir} || "lib"; file_name_is_absolute($libdir) ? "" : $libdir -} MODULESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath catpath); - our $modulesprefix = catdir($prefix,$libdir); + our $modulesprefix = file_name_is_absolute($libdir) ? $libdir : catdir($prefix,$libdir); our ($modulesprefix_dev, $modulesprefix_dir, $modulesprefix_file) = splitpath($modulesprefix, 1); @@ -484,7 +485,7 @@ -del /Q /S /F engines\*.lib engines\*.exp -del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp -del /Q /S /F test\*.exp - -rd /Q /S test\test-runs + -@if exist "$(RESULT_D)" rd /Q /S "$(RESULT_D)" distclean: clean -del /Q /F include\openssl\configuration.h diff -Nru openssl-3.5.5/CONTRIBUTING.md openssl-3.5.6/CONTRIBUTING.md --- openssl-3.5.5/CONTRIBUTING.md 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/CONTRIBUTING.md 2026-04-07 14:26:30.000000000 +0200 @@ -27,6 +27,18 @@ contributors should personally evaluate potential patches generated by automated tools. +Provide a clear description of the issue or feature being addressed, +including any relevant implementation details and, for performance +improvements, benchmark results. + +Pull requests and commits should be self-contained, enabling readers to +understand what changed and why without needing to reference related +issues or having prior knowledge. Commit messages should include all +relevant details to help future contributors follow the git history, +with clear explanations of what is changing and why. Long descriptions +are encouraged if they aid understanding. Commit message titles (their +first line) should be kept to 50-70 characters if possible. + To make it easier to review and accept your pull request, please follow these guidelines: diff -Nru openssl-3.5.5/crypto/aes/asm/aes-riscv32-zkn.pl openssl-3.5.6/crypto/aes/asm/aes-riscv32-zkn.pl --- openssl-3.5.5/crypto/aes/asm/aes-riscv32-zkn.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/aes/asm/aes-riscv32-zkn.pl 2026-04-07 14:26:30.000000000 +0200 @@ -2,7 +2,7 @@ # This file is dual-licensed, meaning that you can use it under your # choice of either of the following two licenses: # -# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You can obtain # a copy in the file LICENSE in the source distribution or at @@ -704,11 +704,6 @@ my ($ke128, $ke192, $ke256) = @_; my $ret = ''; $ret .= <<___; - bnez $UKEY,1f # if (!userKey || !key) return -1; - bnez $KEYP,1f - li a0,-1 - ret -1: # Determine number of rounds from key size in bits li $T0,128 bne $BITS,$T0,1f diff -Nru openssl-3.5.5/crypto/aes/asm/aes-riscv64.pl openssl-3.5.6/crypto/aes/asm/aes-riscv64.pl --- openssl-3.5.5/crypto/aes/asm/aes-riscv64.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/aes/asm/aes-riscv64.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -773,11 +773,13 @@ ___ $code .= save_regs(); $code .= <<___; - bnez $UKEY,1f # if (!userKey || !key) return -1; - bnez $KEYP,1f + beqz $UKEY,1f # if (!userKey || !key) return -1; + beqz $KEYP,1f + j 2f +1: li a0,-1 ret -1: +2: la $RCON,AES_rcon la $TBL,AES_Te0 li $T8,128 diff -Nru openssl-3.5.5/crypto/aes/asm/aes-riscv64-zkn.pl openssl-3.5.6/crypto/aes/asm/aes-riscv64-zkn.pl --- openssl-3.5.5/crypto/aes/asm/aes-riscv64-zkn.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/aes/asm/aes-riscv64-zkn.pl 2026-04-07 14:26:30.000000000 +0200 @@ -2,7 +2,7 @@ # This file is dual-licensed, meaning that you can use it under your # choice of either of the following two licenses: # -# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You can obtain # a copy in the file LICENSE in the source distribution or at @@ -392,11 +392,6 @@ my ($ke128, $ke192, $ke256) = @_; my $ret = ''; $ret .= <<___; - bnez $UKEY,1f # if (!userKey || !key) return -1; - bnez $KEYP,1f - li a0,-1 - ret -1: # Determine number of rounds from key size in bits li $T0,128 bne $BITS,$T0,1f diff -Nru openssl-3.5.5/crypto/aes/asm/aes-riscv64-zvkned.pl openssl-3.5.6/crypto/aes/asm/aes-riscv64-zvkned.pl --- openssl-3.5.5/crypto/aes/asm/aes-riscv64-zvkned.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/aes/asm/aes-riscv64-zvkned.pl 2026-04-07 14:26:30.000000000 +0200 @@ -2,7 +2,7 @@ # This file is dual-licensed, meaning that you can use it under your # choice of either of the following two licenses: # -# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You can obtain # a copy in the file LICENSE in the source distribution or at @@ -828,9 +828,6 @@ .globl rv64i_zvkned_set_encrypt_key .type rv64i_zvkned_set_encrypt_key,\@function rv64i_zvkned_set_encrypt_key: - beqz $UKEY, L_fail_m1 - beqz $KEYP, L_fail_m1 - # Get proper routine for key size li $T0, 256 beq $BITS, $T0, L_set_key_256 @@ -847,9 +844,6 @@ .globl rv64i_zvkned_set_decrypt_key .type rv64i_zvkned_set_decrypt_key,\@function rv64i_zvkned_set_decrypt_key: - beqz $UKEY, L_fail_m1 - beqz $KEYP, L_fail_m1 - # Get proper routine for key size li $T0, 256 beq $BITS, $T0, L_set_key_256 @@ -1356,11 +1350,6 @@ } $code .= <<___; -L_fail_m1: - li a0, -1 - ret -.size L_fail_m1,.-L_fail_m1 - L_fail_m2: li a0, -2 ret diff -Nru openssl-3.5.5/crypto/asn1/evp_asn1.c openssl-3.5.6/crypto/asn1/evp_asn1.c --- openssl-3.5.5/crypto/asn1/evp_asn1.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/asn1/evp_asn1.c 2026-04-07 14:26:30.000000000 +0200 @@ -95,7 +95,7 @@ ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING) } static_ASN1_SEQUENCE_END(asn1_int_oct) - DECLARE_ASN1_ITEM(asn1_int_oct) +DECLARE_ASN1_ITEM(asn1_int_oct) int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, int len) @@ -158,7 +158,7 @@ ASN1_EMBED(asn1_oct_int, num, INT32) } static_ASN1_SEQUENCE_END(asn1_oct_int) - DECLARE_ASN1_ITEM(asn1_oct_int) +DECLARE_ASN1_ITEM(asn1_oct_int) int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, unsigned char *data, int len) diff -Nru openssl-3.5.5/crypto/asn1/n_pkey.c openssl-3.5.6/crypto/asn1/n_pkey.c --- openssl-3.5.5/crypto/asn1/n_pkey.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/asn1/n_pkey.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -52,6 +52,6 @@ ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) } static_ASN1_SEQUENCE_END(NETSCAPE_PKEY) - DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY) DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_PKEY, NETSCAPE_PKEY) IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY) diff -Nru openssl-3.5.5/crypto/asn1/p5_scrypt.c openssl-3.5.6/crypto/asn1/p5_scrypt.c --- openssl-3.5.5/crypto/asn1/p5_scrypt.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/asn1/p5_scrypt.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,7 @@ uint64_t p) { X509_ALGOR *scheme = NULL, *ret = NULL; - int alg_nid; + int alg_nid, ivlen; size_t keylen = 0; EVP_CIPHER_CTX *ctx = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; @@ -83,10 +83,11 @@ } /* Create random IV */ - if (EVP_CIPHER_get_iv_length(cipher)) { + ivlen = EVP_CIPHER_get_iv_length(cipher); + if (ivlen > 0) { if (aiv) - memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher)); - else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0) + memcpy(iv, aiv, ivlen); + else if (RAND_bytes(iv, ivlen) <= 0) goto err; } diff -Nru openssl-3.5.5/crypto/bf/bf_cfb64.c openssl-3.5.6/crypto/bf/bf_cfb64.c --- openssl-3.5.5/crypto/bf/bf_cfb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bf/bf_cfb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ unsigned char *ivec, int *num, int encrypt) { register BF_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; BF_LONG ti[2]; unsigned char *iv, c, cc; diff -Nru openssl-3.5.5/crypto/bf/bf_ofb64.c openssl-3.5.6/crypto/bf/bf_ofb64.c --- openssl-3.5.5/crypto/bf/bf_ofb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bf/bf_ofb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ unsigned char *ivec, int *num) { register BF_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned char d[8]; register char *dp; diff -Nru openssl-3.5.5/crypto/bio/bss_dgram.c openssl-3.5.6/crypto/bio/bss_dgram.c --- openssl-3.5.5/crypto/bio/bss_dgram.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bio/bss_dgram.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -961,7 +961,7 @@ ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), "calling setsockopt()"); -#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER) +#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_PROBE) sockopt_val = num ? IPV6_PMTUDISC_PROBE : IPV6_PMTUDISC_DONT; if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, &sockopt_val, sizeof(sockopt_val))) diff -Nru openssl-3.5.5/crypto/bio/bss_file.c openssl-3.5.6/crypto/bio/bss_file.c --- openssl-3.5.5/crypto/bio/bss_file.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bio/bss_file.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -202,8 +202,19 @@ case BIO_CTRL_INFO: if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) ret = UP_ftell(b->ptr); - else + else { +#if defined(OPENSSL_SYS_WINDOWS) + /* + * On Windows, for non-seekable files (stdin), ftell() is undefined. + */ + if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK) + ret = -1; + else + ret = ftell(fp); +#else ret = ftell(fp); +#endif + } break; case BIO_C_SET_FILE_PTR: file_free(b); diff -Nru openssl-3.5.5/crypto/bn/asm/armv4-gf2m.pl openssl-3.5.6/crypto/bn/asm/armv4-gf2m.pl --- openssl-3.5.5/crypto/bn/asm/armv4-gf2m.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/asm/armv4-gf2m.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -37,7 +37,7 @@ # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # -# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf +# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf # $output is the last argument if it looks like a file (it has an extension) # $flavour is the first argument if it doesn't look like a file diff -Nru openssl-3.5.5/crypto/bn/asm/rsaz-2k-avxifma.pl openssl-3.5.6/crypto/bn/asm/rsaz-2k-avxifma.pl --- openssl-3.5.5/crypto/bn/asm/rsaz-2k-avxifma.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/asm/rsaz-2k-avxifma.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2024, Intel Corporation. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use @@ -362,6 +362,23 @@ .cfi_push %r14 push %r15 .cfi_push %r15 +___ +$code.=<<___ if ($win64); + push %rsi # save non-volatile registers + push %rdi + lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment) + vmovapd %xmm6, `16*0`(%rsp) + vmovapd %xmm7, `16*1`(%rsp) + vmovapd %xmm8, `16*2`(%rsp) + vmovapd %xmm9, `16*3`(%rsp) + vmovapd %xmm10, `16*4`(%rsp) + vmovapd %xmm11, `16*5`(%rsp) + vmovapd %xmm12, `16*6`(%rsp) + vmovapd %xmm13, `16*7`(%rsp) + vmovapd %xmm14, `16*8`(%rsp) + vmovapd %xmm15, `16*9`(%rsp) +___ +$code.=<<___; .Lossl_rsaz_amm52x20_x1_avxifma256_body: # Zeroing accumulators @@ -401,6 +418,23 @@ vmovdqu $R2_0, `4*32`($res) vzeroupper +___ +$code.=<<___ if ($win64); + vmovapd `16*0`(%rsp), %xmm6 + vmovapd `16*1`(%rsp), %xmm7 + vmovapd `16*2`(%rsp), %xmm8 + vmovapd `16*3`(%rsp), %xmm9 + vmovapd `16*4`(%rsp), %xmm10 + vmovapd `16*5`(%rsp), %xmm11 + vmovapd `16*6`(%rsp), %xmm12 + vmovapd `16*7`(%rsp), %xmm13 + vmovapd `16*8`(%rsp), %xmm14 + vmovapd `16*9`(%rsp), %xmm15 + lea 168(%rsp), %rsp + pop %rdi + pop %rsi +___ +$code.=<<___; mov 0(%rsp),%r15 .cfi_restore %r15 mov 8(%rsp),%r14 @@ -553,6 +587,23 @@ .cfi_push %r14 push %r15 .cfi_push %r15 +___ +$code.=<<___ if ($win64); + push %rsi # save non-volatile registers + push %rdi + lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment) + vmovapd %xmm6, `16*0`(%rsp) + vmovapd %xmm7, `16*1`(%rsp) + vmovapd %xmm8, `16*2`(%rsp) + vmovapd %xmm9, `16*3`(%rsp) + vmovapd %xmm10, `16*4`(%rsp) + vmovapd %xmm11, `16*5`(%rsp) + vmovapd %xmm12, `16*6`(%rsp) + vmovapd %xmm13, `16*7`(%rsp) + vmovapd %xmm14, `16*8`(%rsp) + vmovapd %xmm15, `16*9`(%rsp) +___ +$code.=<<___; .Lossl_rsaz_amm52x20_x2_avxifma256_body: # Zeroing accumulators @@ -604,6 +655,23 @@ vmovdqu $R2_1, `9*32`($res) vzeroupper +___ +$code.=<<___ if ($win64); + vmovapd `16*0`(%rsp), %xmm6 + vmovapd `16*1`(%rsp), %xmm7 + vmovapd `16*2`(%rsp), %xmm8 + vmovapd `16*3`(%rsp), %xmm9 + vmovapd `16*4`(%rsp), %xmm10 + vmovapd `16*5`(%rsp), %xmm11 + vmovapd `16*6`(%rsp), %xmm12 + vmovapd `16*7`(%rsp), %xmm13 + vmovapd `16*8`(%rsp), %xmm14 + vmovapd `16*9`(%rsp), %xmm15 + lea 168(%rsp), %rsp + pop %rdi + pop %rsi +___ +$code.=<<___; mov 0(%rsp),%r15 .cfi_restore %r15 mov 8(%rsp),%r14 @@ -663,6 +731,23 @@ ossl_extract_multiplier_2x20_win5_avx: .cfi_startproc endbranch +___ +$code.=<<___ if ($win64); + push %rsi # save non-volatile registers + push %rdi + lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment) + vmovapd %xmm6, `16*0`(%rsp) + vmovapd %xmm7, `16*1`(%rsp) + vmovapd %xmm8, `16*2`(%rsp) + vmovapd %xmm9, `16*3`(%rsp) + vmovapd %xmm10, `16*4`(%rsp) + vmovapd %xmm11, `16*5`(%rsp) + vmovapd %xmm12, `16*6`(%rsp) + vmovapd %xmm13, `16*7`(%rsp) + vmovapd %xmm14, `16*8`(%rsp) + vmovapd %xmm15, `16*9`(%rsp) +___ +$code.=<<___; vmovapd .Lones(%rip), $ones # broadcast ones vmovq $red_tbl_idx1, $tmp_xmm vpbroadcastq $tmp_xmm, $idx1 @@ -709,6 +794,24 @@ $code.="vmovdqu $t[$_], `${_}*32`($out) \n"; } $code.=<<___; + vzeroupper +___ +$code.=<<___ if ($win64); + vmovapd `16*0`(%rsp), %xmm6 + vmovapd `16*1`(%rsp), %xmm7 + vmovapd `16*2`(%rsp), %xmm8 + vmovapd `16*3`(%rsp), %xmm9 + vmovapd `16*4`(%rsp), %xmm10 + vmovapd `16*5`(%rsp), %xmm11 + vmovapd `16*6`(%rsp), %xmm12 + vmovapd `16*7`(%rsp), %xmm13 + vmovapd `16*8`(%rsp), %xmm14 + vmovapd `16*9`(%rsp), %xmm15 + lea 168(%rsp), %rsp + pop %rdi + pop %rsi +___ +$code.=<<___; ret .cfi_endproc .size ossl_extract_multiplier_2x20_win5_avx, .-ossl_extract_multiplier_2x20_win5_avx diff -Nru openssl-3.5.5/crypto/bn/asm/rsaz-3k-avxifma.pl openssl-3.5.6/crypto/bn/asm/rsaz-3k-avxifma.pl --- openssl-3.5.5/crypto/bn/asm/rsaz-3k-avxifma.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/asm/rsaz-3k-avxifma.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2024, Intel Corporation. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use @@ -87,8 +87,6 @@ my $mask52 = "%rax"; my $acc0_0 = "%r9"; my $acc0_0_low = "%r9d"; -my $acc0_1 = "%r15"; -my $acc0_1_low = "%r15d"; my $b_ptr = "%r11"; my $iter = "%ebx"; @@ -741,7 +739,7 @@ vmovdqu $R3_0, `6*32`($res) vmovdqu $R3_0h, `7*32`($res) - xorl $acc0_1_low, $acc0_1_low + xorl $acc0_0_low, $acc0_0_low lea 16($b_ptr), $b_ptr movq \$0xfffffffffffff, $mask52 # 52-bit mask @@ -857,6 +855,23 @@ ossl_extract_multiplier_2x30_win5_avx: .cfi_startproc endbranch +___ +$code.=<<___ if ($win64); + push %rsi # save non-volatile registers + push %rdi + lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment) + vmovapd %xmm6, `16*0`(%rsp) + vmovapd %xmm7, `16*1`(%rsp) + vmovapd %xmm8, `16*2`(%rsp) + vmovapd %xmm9, `16*3`(%rsp) + vmovapd %xmm10, `16*4`(%rsp) + vmovapd %xmm11, `16*5`(%rsp) + vmovapd %xmm12, `16*6`(%rsp) + vmovapd %xmm13, `16*7`(%rsp) + vmovapd %xmm14, `16*8`(%rsp) + vmovapd %xmm15, `16*9`(%rsp) +___ +$code.=<<___; vmovapd .Lones(%rip), $ones # broadcast ones vmovq $red_tbl_idx1, $tmp_xmm vpbroadcastq $tmp_xmm, $idx1 @@ -930,6 +945,24 @@ $code.="vmovdqu $t[$_], `${_}*32`($out) \n"; } +$code.=<<___; + vzeroupper +___ +$code.=<<___ if ($win64); + vmovapd `16*0`(%rsp), %xmm6 + vmovapd `16*1`(%rsp), %xmm7 + vmovapd `16*2`(%rsp), %xmm8 + vmovapd `16*3`(%rsp), %xmm9 + vmovapd `16*4`(%rsp), %xmm10 + vmovapd `16*5`(%rsp), %xmm11 + vmovapd `16*6`(%rsp), %xmm12 + vmovapd `16*7`(%rsp), %xmm13 + vmovapd `16*8`(%rsp), %xmm14 + vmovapd `16*9`(%rsp), %xmm15 + lea 168(%rsp), %rsp + pop %rdi + pop %rsi +___ $code.=<<___; diff -Nru openssl-3.5.5/crypto/bn/asm/rsaz-4k-avxifma.pl openssl-3.5.6/crypto/bn/asm/rsaz-4k-avxifma.pl --- openssl-3.5.5/crypto/bn/asm/rsaz-4k-avxifma.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/asm/rsaz-4k-avxifma.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2024, Intel Corporation. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use @@ -84,8 +84,6 @@ my $mask52 = "%rax"; my $acc0_0 = "%r9"; my $acc0_0_low = "%r9d"; -my $acc0_1 = "%r15"; -my $acc0_1_low = "%r15d"; my $b_ptr = "%r11"; my $iter = "%ebx"; @@ -834,7 +832,7 @@ vmovdqu $R4_0, `8*32`($res) vmovdqu $R4_0h, `9*32`($res) - xorl $acc0_1_low, $acc0_1_low + xorl $acc0_0_low, $acc0_0_low movq \$0xfffffffffffff, $mask52 @@ -975,6 +973,23 @@ ossl_extract_multiplier_2x40_win5_avx: .cfi_startproc endbranch +___ +$code.=<<___ if ($win64); + push %rsi # save non-volatile registers + push %rdi + lea -168(%rsp), %rsp # 16*10 + (8 bytes to get correct 16-byte SIMD alignment) + vmovapd %xmm6, `16*0`(%rsp) + vmovapd %xmm7, `16*1`(%rsp) + vmovapd %xmm8, `16*2`(%rsp) + vmovapd %xmm9, `16*3`(%rsp) + vmovapd %xmm10, `16*4`(%rsp) + vmovapd %xmm11, `16*5`(%rsp) + vmovapd %xmm12, `16*6`(%rsp) + vmovapd %xmm13, `16*7`(%rsp) + vmovapd %xmm14, `16*8`(%rsp) + vmovapd %xmm15, `16*9`(%rsp) +___ +$code.=<<___; vmovapd .Lones(%rip), $ones # broadcast ones vmovq $red_tbl_idx1, $tmp_xmm vpbroadcastq $tmp_xmm, $idx1 @@ -1002,6 +1017,24 @@ $code.="vmovdqu $t[$_], `(10+$_)*32`($out) \n"; } $code.=<<___; + vzeroupper +___ +$code.=<<___ if ($win64); + vmovapd `16*0`(%rsp), %xmm6 + vmovapd `16*1`(%rsp), %xmm7 + vmovapd `16*2`(%rsp), %xmm8 + vmovapd `16*3`(%rsp), %xmm9 + vmovapd `16*4`(%rsp), %xmm10 + vmovapd `16*5`(%rsp), %xmm11 + vmovapd `16*6`(%rsp), %xmm12 + vmovapd `16*7`(%rsp), %xmm13 + vmovapd `16*8`(%rsp), %xmm14 + vmovapd `16*9`(%rsp), %xmm15 + lea 168(%rsp), %rsp + pop %rdi + pop %rsi +___ +$code.=<<___; ret .cfi_endproc diff -Nru openssl-3.5.5/crypto/bn/asm/sparcv9-mont.pl openssl-3.5.6/crypto/bn/asm/sparcv9-mont.pl --- openssl-3.5.5/crypto/bn/asm/sparcv9-mont.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/asm/sparcv9-mont.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -394,11 +394,11 @@ mulx $car1,$mul1,$car1 mulx $npj,$mul1,$acc1 + add $tmp1,$car0,$car0 add $tmp0,$car1,$car1 and $car0,$mask,$acc0 ld [$np+8],$npj ! np[2] srlx $car1,32,$car1 - add $tmp1,$car1,$car1 srlx $car0,32,$car0 add $acc0,$car1,$car1 and $car0,1,$sbit diff -Nru openssl-3.5.5/crypto/bn/bn_dh.c openssl-3.5.6/crypto/bn/bn_dh.c --- openssl-3.5.5/crypto/bn/bn_dh.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/bn_dh.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,7 @@ #include "crypto/bn_dh.h" #if BN_BITS2 == 64 -#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo +#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo #else #define BN_DEF(lo, hi) lo, hi #endif @@ -1387,37 +1387,37 @@ }; make_dh_bn(dh1024_160_p) - make_dh_bn(dh1024_160_q) - make_dh_bn(dh1024_160_g) - make_dh_bn(dh2048_224_p) - make_dh_bn(dh2048_224_q) - make_dh_bn(dh2048_224_g) - make_dh_bn(dh2048_256_p) - make_dh_bn(dh2048_256_q) - make_dh_bn(dh2048_256_g) - - make_dh_bn(ffdhe2048_p) - make_dh_bn(ffdhe2048_q) - make_dh_bn(ffdhe3072_p) - make_dh_bn(ffdhe3072_q) - make_dh_bn(ffdhe4096_p) - make_dh_bn(ffdhe4096_q) - make_dh_bn(ffdhe6144_p) - make_dh_bn(ffdhe6144_q) - make_dh_bn(ffdhe8192_p) - make_dh_bn(ffdhe8192_q) +make_dh_bn(dh1024_160_q) +make_dh_bn(dh1024_160_g) +make_dh_bn(dh2048_224_p) +make_dh_bn(dh2048_224_q) +make_dh_bn(dh2048_224_g) +make_dh_bn(dh2048_256_p) +make_dh_bn(dh2048_256_q) +make_dh_bn(dh2048_256_g) + +make_dh_bn(ffdhe2048_p) +make_dh_bn(ffdhe2048_q) +make_dh_bn(ffdhe3072_p) +make_dh_bn(ffdhe3072_q) +make_dh_bn(ffdhe4096_p) +make_dh_bn(ffdhe4096_q) +make_dh_bn(ffdhe6144_p) +make_dh_bn(ffdhe6144_q) +make_dh_bn(ffdhe8192_p) +make_dh_bn(ffdhe8192_q) #ifndef FIPS_MODULE - make_dh_bn(modp_1536_p) - make_dh_bn(modp_1536_q) +make_dh_bn(modp_1536_p) +make_dh_bn(modp_1536_q) #endif - make_dh_bn(modp_2048_p) - make_dh_bn(modp_2048_q) - make_dh_bn(modp_3072_p) - make_dh_bn(modp_3072_q) - make_dh_bn(modp_4096_p) - make_dh_bn(modp_4096_q) - make_dh_bn(modp_6144_p) - make_dh_bn(modp_6144_q) - make_dh_bn(modp_8192_p) - make_dh_bn(modp_8192_q) +make_dh_bn(modp_2048_p) +make_dh_bn(modp_2048_q) +make_dh_bn(modp_3072_p) +make_dh_bn(modp_3072_q) +make_dh_bn(modp_4096_p) +make_dh_bn(modp_4096_q) +make_dh_bn(modp_6144_p) +make_dh_bn(modp_6144_q) +make_dh_bn(modp_8192_p) +make_dh_bn(modp_8192_q) diff -Nru openssl-3.5.5/crypto/bn/bn_exp.c openssl-3.5.6/crypto/bn/bn_exp.c --- openssl-3.5.5/crypto/bn/bn_exp.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/bn_exp.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -771,16 +771,16 @@ typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp, const BN_ULONG *np, const BN_ULONG *n0, const void *table, int power, int bits); - int bn_pwr5_mont_t4_8(BN_ULONG * tp, const BN_ULONG *np, + int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np, const BN_ULONG *n0, const void *table, int power, int bits); - int bn_pwr5_mont_t4_16(BN_ULONG * tp, const BN_ULONG *np, + int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np, const BN_ULONG *n0, const void *table, int power, int bits); - int bn_pwr5_mont_t4_24(BN_ULONG * tp, const BN_ULONG *np, + int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np, const BN_ULONG *n0, const void *table, int power, int bits); - int bn_pwr5_mont_t4_32(BN_ULONG * tp, const BN_ULONG *np, + int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np, const BN_ULONG *n0, const void *table, int power, int bits); static const bn_pwr5_mont_f pwr5_funcs[4] = { @@ -792,15 +792,15 @@ typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap, const void *bp, + int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap, + int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap, + int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap, + int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, const BN_ULONG *np, const BN_ULONG *n0); static const bn_mul_mont_f mul_funcs[4] = { @@ -809,20 +809,20 @@ }; bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1]; - void bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap, + void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); - void bn_mul_mont_t4(BN_ULONG * rp, const BN_ULONG *ap, + void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); - void bn_mul_mont_gather5_t4(BN_ULONG * rp, const BN_ULONG *ap, + void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap, const void *table, const BN_ULONG *np, const BN_ULONG *n0, int num, int power); void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num, void *table, size_t power); - void bn_gather5_t4(BN_ULONG * out, size_t num, + void bn_gather5_t4(BN_ULONG *out, size_t num, void *table, size_t power); - void bn_flip_t4(BN_ULONG * dst, BN_ULONG * src, size_t num); + void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num); BN_ULONG *np = mont->N.d, *n0 = mont->n0; int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less @@ -922,13 +922,13 @@ * Given those inputs, |bn_mul_mont| may not give reduced * output, but it will still produce "almost" reduced output. */ - void bn_mul_mont_gather5(BN_ULONG * rp, const BN_ULONG *ap, + void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, const void *table, const BN_ULONG *np, const BN_ULONG *n0, int num, int power); void bn_scatter5(const BN_ULONG *inp, size_t num, void *table, size_t power); - void bn_gather5(BN_ULONG * out, size_t num, void *table, size_t power); - void bn_power5(BN_ULONG * rp, const BN_ULONG *ap, + void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power); + void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, const void *table, const BN_ULONG *np, const BN_ULONG *n0, int num, int power); int bn_get_bits5(const BN_ULONG *ap, int off); diff -Nru openssl-3.5.5/crypto/bn/bn_local.h openssl-3.5.6/crypto/bn/bn_local.h --- openssl-3.5.5/crypto/bn/bn_local.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/bn_local.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -387,7 +387,7 @@ #elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) #if defined(__DECC) #include -#define BN_UMULT_HIGH(a, b) (BN_ULONG) asm("umulh %a0,%a1,%v0", (a), (b)) +#define BN_UMULT_HIGH(a, b) (BN_ULONG)asm("umulh %a0,%a1,%v0", (a), (b)) #elif defined(__GNUC__) && __GNUC__ >= 2 #define BN_UMULT_HIGH(a, b) ({ \ register BN_ULONG ret; \ diff -Nru openssl-3.5.5/crypto/bn/bn_mont.c openssl-3.5.6/crypto/bn/bn_mont.c --- openssl-3.5.5/crypto/bn/bn_mont.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/bn_mont.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,10 +8,9 @@ */ /* - * Details about Montgomery multiplication algorithms can be found at - * http://security.ece.orst.edu/publications.html, e.g. - * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and - * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf + * Details about Montgomery multiplication algorithms can be found in + * https://www.microsoft.com/en-us/research/wp-content/uploads/1996/01/j37acmon.pdf + * and https://cetinkayakoc.net/docs/r01.pdf */ #include "internal/cryptlib.h" diff -Nru openssl-3.5.5/crypto/bn/bn_ppc.c openssl-3.5.6/crypto/bn/bn_ppc.c --- openssl-3.5.5/crypto/bn/bn_ppc.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/bn_ppc.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,14 +15,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num) { - int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp, + int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul4x_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp, + int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul_mont_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap, + int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul_mont_300_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap, + int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); diff -Nru openssl-3.5.5/crypto/bn/bn_prime.c openssl-3.5.6/crypto/bn/bn_prime.c --- openssl-3.5.5/crypto/bn/bn_prime.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/bn_prime.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,7 @@ #define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x)) #if BN_BITS2 == 64 -#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo +#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo #else #define BN_DEF(lo, hi) lo, hi #endif diff -Nru openssl-3.5.5/crypto/bn/bn_rsa_fips186_4.c openssl-3.5.6/crypto/bn/bn_rsa_fips186_4.c --- openssl-3.5.5/crypto/bn/bn_rsa_fips186_4.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/bn_rsa_fips186_4.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -29,7 +29,7 @@ #include "internal/nelem.h" #if BN_BITS2 == 64 -#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo +#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo #else #define BN_DEF(lo, hi) lo, hi #endif diff -Nru openssl-3.5.5/crypto/bn/bn_sparc.c openssl-3.5.6/crypto/bn/bn_sparc.c --- openssl-3.5.5/crypto/bn/bn_sparc.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bn/bn_sparc.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -16,11 +16,11 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num) { - int bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp, + int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul_mont_fpu(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp, + int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp, + int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); if (!(num & 1) && num >= 6) { @@ -29,16 +29,16 @@ const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap, + int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap, + int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap, + int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap, + int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0); static const bn_mul_mont_f funcs[4] = { diff -Nru openssl-3.5.5/crypto/bsearch.c openssl-3.5.6/crypto/bsearch.c --- openssl-3.5.5/crypto/bsearch.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/bsearch.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ l = 0; h = num; while (l < h) { - i = (l + h) / 2; + i = l + (h - l) / 2; p = &(base_[i * size]); c = (*cmp)(key, p); if (c < 0) diff -Nru openssl-3.5.5/crypto/cast/c_cfb64.c openssl-3.5.6/crypto/cast/c_cfb64.c --- openssl-3.5.5/crypto/cast/c_cfb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cast/c_cfb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ unsigned char *ivec, int *num, int enc) { register CAST_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; CAST_LONG ti[2]; unsigned char *iv, c, cc; diff -Nru openssl-3.5.5/crypto/cast/c_ofb64.c openssl-3.5.6/crypto/cast/c_ofb64.c --- openssl-3.5.5/crypto/cast/c_ofb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cast/c_ofb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ unsigned char *ivec, int *num) { register CAST_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned char d[8]; register char *dp; diff -Nru openssl-3.5.5/crypto/cmp/cmp_client.c openssl-3.5.6/crypto/cmp/cmp_client.c --- openssl-3.5.5/crypto/cmp/cmp_client.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cmp/cmp_client.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -149,6 +149,7 @@ int time_left; OSSL_CMP_transfer_cb_t transfer_cb = ctx->transfer_cb; + ctx->status = OSSL_CMP_PKISTATUS_trans; #ifndef OPENSSL_NO_HTTP if (transfer_cb == NULL) transfer_cb = OSSL_CMP_MSG_http_perform; @@ -175,7 +176,7 @@ /* should print error queue since transfer_cb may call ERR_clear_error() */ OSSL_CMP_CTX_print_errors(ctx); - if (ctx->server != NULL) + if (ctx->server != NULL || ctx->transfer_cb != NULL) ossl_cmp_log1(INFO, ctx, "sending %s", req_type_str); *rep = (*transfer_cb)(ctx, req); @@ -189,6 +190,7 @@ return 0; } + ctx->status = OSSL_CMP_PKISTATUS_checking_response; bt = OSSL_CMP_MSG_get_bodytype(*rep); /* * The body type in the 'bt' variable is not yet verified. @@ -284,11 +286,15 @@ "received 'waiting' PKIStatus, starting to poll for response"); *rep = NULL; for (;;) { + int bak = ctx->status; + + ctx->status = OSSL_CMP_PKISTATUS_request; if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL) goto err; if (!send_receive_check(ctx, preq, &prep, OSSL_CMP_PKIBODY_POLLREP)) goto err; + ctx->status = bak; /* handle potential pollRep */ if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) { @@ -344,6 +350,7 @@ int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL)); if (time_left <= 0) { + ctx->status = OSSL_CMP_PKISTATUS_trans; ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT); goto err; } @@ -455,7 +462,9 @@ OSSL_CMP_MSG *certConf; OSSL_CMP_MSG *PKIconf = NULL; int res = 0; + int bak = ctx->status; + ctx->status = OSSL_CMP_PKISTATUS_request; /* OSSL_CMP_certConf_new() also checks if all necessary options are set */ certConf = ossl_cmp_certConf_new(ctx, certReqId, fail_info, txt); if (certConf == NULL) @@ -464,6 +473,9 @@ res = send_receive_also_delayed(ctx, certConf, &PKIconf, OSSL_CMP_PKIBODY_PKICONF); + if (res) + ctx->status = bak; + err: OSSL_CMP_MSG_free(certConf); OSSL_CMP_MSG_free(PKIconf); @@ -479,6 +491,7 @@ OSSL_CMP_MSG *PKIconf = NULL; int res = 0; + ctx->status = OSSL_CMP_PKISTATUS_request; /* not overwriting ctx->status on error exchange */ if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, txt)) == NULL) goto err; @@ -488,6 +501,7 @@ res = send_receive_also_delayed(ctx, error, &PKIconf, OSSL_CMP_PKIBODY_PKICONF); + ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client; err: OSSL_CMP_MSG_free(error); @@ -790,7 +804,7 @@ ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED, "rejecting newly enrolled cert with subject: %s; %s", subj, txt); - ctx->status = OSSL_CMP_PKISTATUS_rejection; + ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client; ret = 0; } OPENSSL_free(subj); @@ -812,7 +826,6 @@ if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL) return 0; - ctx->status = OSSL_CMP_PKISTATUS_trans; res = send_receive_check(ctx, req, p_rep, rep_type); OSSL_CMP_MSG_free(req); return res; @@ -918,7 +931,6 @@ if ((rr = ossl_cmp_rr_new(ctx)) == NULL) goto end; - ctx->status = OSSL_CMP_PKISTATUS_trans; if (!send_receive_also_delayed(ctx, rr, &rp, OSSL_CMP_PKIBODY_RP)) goto end; @@ -1038,7 +1050,6 @@ if ((genm = ossl_cmp_genm_new(ctx)) == NULL) goto err; - ctx->status = OSSL_CMP_PKISTATUS_trans; if (!send_receive_also_delayed(ctx, genm, &genp, OSSL_CMP_PKIBODY_GENP)) goto err; ctx->status = OSSL_CMP_PKISTATUS_accepted; diff -Nru openssl-3.5.5/crypto/cmp/cmp_ctx.c openssl-3.5.6/crypto/cmp/cmp_ctx.c --- openssl-3.5.5/crypto/cmp/cmp_ctx.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cmp/cmp_ctx.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -742,7 +742,7 @@ */ DEFINE_OSSL_set0(ossl_cmp_ctx, newCert, X509) - /* Get successfully validated server cert, if any, of current transaction */ + /* Get successfully validated sender cert, if any, of current transaction */ DEFINE_OSSL_CMP_CTX_get0(validatedSrvCert, X509) /* diff -Nru openssl-3.5.5/crypto/cmp/cmp_local.h openssl-3.5.6/crypto/cmp/cmp_local.h --- openssl-3.5.5/crypto/cmp/cmp_local.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cmp/cmp_local.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -66,7 +66,7 @@ int unprotectedErrors; int noCacheExtraCerts; X509 *srvCert; /* certificate used to identify the server */ - X509 *validatedSrvCert; /* caches any already validated server cert */ + X509 *validatedSrvCert; /* caches any already validated sender cert */ X509_NAME *expected_sender; /* expected sender in header of response */ X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */ STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */ diff -Nru openssl-3.5.5/crypto/cmp/cmp_vfy.c openssl-3.5.6/crypto/cmp/cmp_vfy.c --- openssl-3.5.5/crypto/cmp/cmp_vfy.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cmp/cmp_vfy.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2020 * Copyright Siemens AG 2015-2020 * @@ -363,13 +363,12 @@ return valid; } +/* checks protection of msg but not cert revocation nor cert chain */ static int check_msg_given_cert(const OSSL_CMP_CTX *ctx, X509 *cert, const OSSL_CMP_MSG *msg) { return cert_acceptable(ctx, "previously validated", "sender cert", - cert, NULL, NULL, msg) - && (check_cert_path(ctx, ctx->trusted, cert) - || check_cert_path_3gpp(ctx, msg, cert)); + cert, NULL, NULL, msg); } /*- @@ -479,22 +478,26 @@ (void)ERR_set_mark(); ctx->log_cb = NULL; /* temporarily disable logging */ - /* - * try first cached scrt, used successfully earlier in same transaction, - * for validating this and any further msgs where extraCerts may be left out - */ if (scrt != NULL) { + /*- + * try first using cached message sender cert (in 'scrt' variable), + * which was used successfully earlier in the same transaction + * (assuming that the certificate itself was not revoked meanwhile and + * is a good guess for use in validating also the current message) + */ if (check_msg_given_cert(ctx, scrt, msg)) { ctx->log_cb = backup_log_cb; (void)ERR_pop_to_mark(); return 1; } /* cached sender cert has shown to be no more successfully usable */ - (void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL); /* re-do the above check (just) for adding diagnostic information */ ossl_cmp_info(ctx, "trying to verify msg signature with previously validated cert"); + ctx->log_cb = backup_log_cb; (void)check_msg_given_cert(ctx, scrt, msg); + ctx->log_cb = NULL; + (void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL); /* this invalidates scrt */ } res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */) @@ -628,7 +631,7 @@ scrt = ctx->srvCert; if (scrt == NULL) { if (ctx->trusted == NULL && ctx->secretValue != NULL) { - ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection"); + ossl_cmp_info(ctx, "no trust store nor pinned sender cert available for verifying signature-based CMP message protection"); ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR); return 0; } @@ -642,7 +645,7 @@ /* use ctx->srvCert for signature check even if not acceptable */ if (verify_signature(ctx, msg, scrt)) { ossl_cmp_debug(ctx, - "successfully validated signature-based CMP message protection using pinned server cert"); + "successfully validated signature-based CMP message protection using pinned sender cert"); return ossl_cmp_ctx_set1_validatedSrvCert(ctx, scrt); } ossl_cmp_warn(ctx, "CMP message signature verification failed"); diff -Nru openssl-3.5.5/crypto/cms/cms_asn1.c openssl-3.5.6/crypto/cms/cms_asn1.c --- openssl-3.5.5/crypto/cms/cms_asn1.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cms/cms_asn1.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,7 @@ ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY) } static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) - ASN1_CHOICE(CMS_CertificateChoices) +ASN1_CHOICE(CMS_CertificateChoices) = { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) } ASN1_CHOICE_END(CMS_CertificateChoices) ASN1_CHOICE(CMS_SignerIdentifier) = { @@ -31,11 +31,11 @@ ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0) } static_ASN1_CHOICE_END(CMS_SignerIdentifier) - ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) +ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) } static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) - /* Minor tweak to operation: free up signer key, cert */ - static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +/* Minor tweak to operation: free up signer key, cert */ +static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { if (operation == ASN1_OP_FREE_POST) { CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; @@ -62,7 +62,7 @@ ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY) } static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat) - ASN1_CHOICE(CMS_RevocationInfoChoice) +ASN1_CHOICE(CMS_RevocationInfoChoice) = { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) } ASN1_CHOICE_END(CMS_RevocationInfoChoice) ASN1_NDEF_SEQUENCE(CMS_SignedData) = { @@ -80,7 +80,7 @@ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) } static_ASN1_SEQUENCE_END(CMS_OriginatorInfo) - static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval; @@ -118,7 +118,7 @@ ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) } static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) - static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval; if (operation == ASN1_OP_FREE_POST) { @@ -143,7 +143,7 @@ ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) } static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) - static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval; if (operation == ASN1_OP_NEW_POST) { @@ -173,7 +173,7 @@ ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute) } static_ASN1_SEQUENCE_END(CMS_KEKIdentifier) - ASN1_SEQUENCE(CMS_KEKRecipientInfo) +ASN1_SEQUENCE(CMS_KEKRecipientInfo) = { ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo) ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = { @@ -188,8 +188,8 @@ ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) } static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) - /* Free up RecipientInfo additional data */ - static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +/* Free up RecipientInfo additional data */ +static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { if (operation == ASN1_OP_FREE_PRE) { CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; @@ -262,7 +262,7 @@ ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3) } static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData) - ASN1_NDEF_SEQUENCE(CMS_CompressedData) +ASN1_NDEF_SEQUENCE(CMS_CompressedData) = { ASN1_EMBED(CMS_CompressedData, version, INT32), ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), @@ -348,7 +348,7 @@ ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) } static_ASN1_CHOICE_END(CMS_ReceiptsFrom) - ASN1_SEQUENCE(CMS_ReceiptRequest) +ASN1_SEQUENCE(CMS_ReceiptRequest) = { ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) } ASN1_SEQUENCE_END(CMS_ReceiptRequest) ASN1_SEQUENCE(CMS_Receipt) = { @@ -375,7 +375,7 @@ ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2), } static_ASN1_SEQUENCE_END(CMS_SharedInfo) - int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen) +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen) { union { CMS_SharedInfo *pecsi; diff -Nru openssl-3.5.5/crypto/cms/cms_dh.c openssl-3.5.6/crypto/cms/cms_dh.c --- openssl-3.5.5/crypto/cms/cms_dh.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cms/cms_dh.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -89,16 +89,21 @@ int keylen, plen; EVP_CIPHER *kekcipher = NULL; EVP_CIPHER_CTX *kekctx; + const ASN1_OBJECT *aoid; + const void *parameter = NULL; + int ptype = 0; char name[OSSL_MAX_NAME_SIZE]; if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) goto err; + X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg); + /* * For DH we only have one OID permissible. If ever any more get defined * we will need something cleverer. */ - if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) { + if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) { ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR); goto err; } @@ -107,11 +112,11 @@ || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0) goto err; - if (alg->parameter->type != V_ASN1_SEQUENCE) + if (ptype != V_ASN1_SEQUENCE) goto err; - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; + p = ASN1_STRING_get0_data(parameter); + plen = ASN1_STRING_length(parameter); kekalg = d2i_X509_ALGOR(NULL, &p, plen); if (kekalg == NULL) goto err; diff -Nru openssl-3.5.5/crypto/cms/cms_ec.c openssl-3.5.6/crypto/cms/cms_ec.c --- openssl-3.5.5/crypto/cms/cms_ec.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cms/cms_ec.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -166,21 +166,27 @@ int plen, keylen; EVP_CIPHER *kekcipher = NULL; EVP_CIPHER_CTX *kekctx; + const ASN1_OBJECT *aoid = NULL; + int ptype = 0; + const void *parameter = NULL; + char name[OSSL_MAX_NAME_SIZE]; if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) return 0; - if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) { + X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg); + + if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) { ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR); return 0; } - if (alg->parameter->type != V_ASN1_SEQUENCE) + if (ptype != V_ASN1_SEQUENCE) return 0; - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; + p = ASN1_STRING_get0_data(parameter); + plen = ASN1_STRING_length(parameter); kekalg = d2i_X509_ALGOR(NULL, &p, plen); if (kekalg == NULL) goto err; diff -Nru openssl-3.5.5/crypto/cms/cms_local.h openssl-3.5.6/crypto/cms/cms_local.h --- openssl-3.5.5/crypto/cms/cms_local.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cms/cms_local.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -35,8 +35,7 @@ typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; -typedef struct CMS_KeyAgreeRecipientIdentifier_st - CMS_KeyAgreeRecipientIdentifier; +typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier; typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; diff -Nru openssl-3.5.5/crypto/cms/cms_rsa.c openssl-3.5.6/crypto/cms/cms_rsa.c --- openssl-3.5.5/crypto/cms/cms_rsa.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cms/cms_rsa.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,10 +42,13 @@ X509_ALGOR *cmsalg; int nid; int rv = -1; - unsigned char *label = NULL; + const unsigned char *label = NULL; int labellen = 0; const EVP_MD *mgf1md = NULL, *md = NULL; RSA_OAEP_PARAMS *oaep; + const ASN1_OBJECT *aoid; + const void *parameter = NULL; + int ptype = 0; pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); if (pkctx == NULL) @@ -75,21 +78,19 @@ goto err; if (oaep->pSourceFunc != NULL) { - X509_ALGOR *plab = oaep->pSourceFunc; + X509_ALGOR_get0(&aoid, &ptype, ¶meter, oaep->pSourceFunc); - if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { + if (OBJ_obj2nid(aoid) != NID_pSpecified) { ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE); goto err; } - if (plab->parameter->type != V_ASN1_OCTET_STRING) { + if (ptype != V_ASN1_OCTET_STRING) { ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL); goto err; } - label = plab->parameter->value.octet_string->data; - /* Stop label being freed when OAEP parameters are freed */ - plab->parameter->value.octet_string->data = NULL; - labellen = plab->parameter->value.octet_string->length; + label = ASN1_STRING_get0_data(parameter); + labellen = ASN1_STRING_length(parameter); } if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) @@ -98,10 +99,16 @@ goto err; if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) goto err; - if (label != NULL - && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) { - OPENSSL_free(label); - goto err; + if (label != NULL) { + unsigned char *dup_label = OPENSSL_memdup(label, labellen); + + if (dup_label == NULL) + goto err; + + if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) { + OPENSSL_free(dup_label); + goto err; + } } /* Carry on */ rv = 1; diff -Nru openssl-3.5.5/crypto/cms/cms_smime.c openssl-3.5.6/crypto/cms/cms_smime.c --- openssl-3.5.5/crypto/cms/cms_smime.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/cms/cms_smime.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -474,8 +474,10 @@ } else { if (dcont && (tmpin == dcont)) do_free_upto(cmsbio, dcont); - else + else if (cmsbio != NULL) BIO_free_all(cmsbio); + else + BIO_free(tmpin); } if (out != tmpout) diff -Nru openssl-3.5.5/crypto/conf/conf_lib.c openssl-3.5.6/crypto/conf/conf_lib.c --- openssl-3.5.5/crypto/conf/conf_lib.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/conf/conf_lib.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -314,7 +314,7 @@ return NULL; } ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE, - "group=%s name=%s", group, name); + "group=%s name=%s", group != NULL ? group : "", name); return NULL; } diff -Nru openssl-3.5.5/crypto/conf/conf_mod.c openssl-3.5.6/crypto/conf/conf_mod.c --- openssl-3.5.5/crypto/conf/conf_mod.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/conf/conf_mod.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -395,7 +395,7 @@ { CONF_MODULE *tmod; int i, nchar; - char *p; + const char *p; STACK_OF(CONF_MODULE) *mods; p = strrchr(name, '.'); diff -Nru openssl-3.5.5/crypto/des/cfb64ede.c openssl-3.5.6/crypto/des/cfb64ede.c --- openssl-3.5.5/crypto/des/cfb64ede.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/des/cfb64ede.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,7 @@ { register DES_LONG v0, v1; register long l = length; - register int n = *num; + register int n = *num & 0x07; DES_LONG ti[2]; unsigned char *iv, c, cc; diff -Nru openssl-3.5.5/crypto/des/cfb64enc.c openssl-3.5.6/crypto/des/cfb64enc.c --- openssl-3.5.5/crypto/des/cfb64enc.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/des/cfb64enc.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ { register DES_LONG v0, v1; register long l = length; - register int n = *num; + register int n = *num & 0x07; DES_LONG ti[2]; unsigned char *iv, c, cc; diff -Nru openssl-3.5.5/crypto/des/ofb64ede.c openssl-3.5.6/crypto/des/ofb64ede.c --- openssl-3.5.5/crypto/des/ofb64ede.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/des/ofb64ede.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ DES_key_schedule *k3, DES_cblock *ivec, int *num) { register DES_LONG v0, v1; - register int n = *num; + register int n = *num & 0x07; register long l = length; DES_cblock d; register char *dp; diff -Nru openssl-3.5.5/crypto/des/ofb64enc.c openssl-3.5.6/crypto/des/ofb64enc.c --- openssl-3.5.5/crypto/des/ofb64enc.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/des/ofb64enc.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ DES_key_schedule *schedule, DES_cblock *ivec, int *num) { register DES_LONG v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; DES_cblock d; register unsigned char *dp; diff -Nru openssl-3.5.5/crypto/dh/dh_asn1.c openssl-3.5.6/crypto/dh/dh_asn1.c --- openssl-3.5.5/crypto/dh/dh_asn1.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/dh/dh_asn1.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -76,7 +76,7 @@ ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) } static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) - ASN1_SEQUENCE(DHxparams) +ASN1_SEQUENCE(DHxparams) = { ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM), @@ -85,8 +85,7 @@ ASN1_OPT(int_dhx942_dh, vparams, DHvparams), } static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) - int_dhx942_dh - * d2i_int_dhx(int_dhx942_dh * *a, const unsigned char **pp, long length); +int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, const unsigned char **pp, long length); int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp); IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(int_dhx942_dh, DHxparams, int_dhx) diff -Nru openssl-3.5.5/crypto/dh/dh_rfc5114.c openssl-3.5.6/crypto/dh/dh_rfc5114.c --- openssl-3.5.5/crypto/dh/dh_rfc5114.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/dh/dh_rfc5114.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,5 +43,5 @@ } make_dh(1024_160) - make_dh(2048_224) - make_dh(2048_256) +make_dh(2048_224) +make_dh(2048_256) diff -Nru openssl-3.5.5/crypto/dllmain.c openssl-3.5.6/crypto/dllmain.c --- openssl-3.5.5/crypto/dllmain.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/dllmain.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -35,7 +35,9 @@ case DLL_THREAD_ATTACH: break; case DLL_THREAD_DETACH: +#ifndef __CYGWIN__ OPENSSL_thread_stop(); +#endif break; case DLL_PROCESS_DETACH: break; diff -Nru openssl-3.5.5/crypto/dsa/dsa_asn1.c openssl-3.5.6/crypto/dsa/dsa_asn1.c --- openssl-3.5.5/crypto/dsa/dsa_asn1.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/dsa/dsa_asn1.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,7 @@ ASN1_SIMPLE(DSA, priv_key, CBIGNUM) } static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey) ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { ASN1_SIMPLE(DSA, params.p, BIGNUM), @@ -55,7 +55,7 @@ ASN1_SIMPLE(DSA, params.g, BIGNUM), } static_ASN1_SEQUENCE_END_cb(DSA, DSAparams) - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams) ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = { ASN1_SIMPLE(DSA, pub_key, BIGNUM), @@ -64,7 +64,7 @@ ASN1_SIMPLE(DSA, params.g, BIGNUM) } static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey) - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey) DSA *DSAparams_dup(const DSA *dsa) { diff -Nru openssl-3.5.5/crypto/ec/ec_asn1.c openssl-3.5.6/crypto/ec/ec_asn1.c --- openssl-3.5.5/crypto/ec/ec_asn1.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/ec/ec_asn1.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -105,7 +105,7 @@ ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32) } static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) - DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); @@ -122,7 +122,7 @@ ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) } static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) - DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) +DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); @@ -137,10 +137,10 @@ ASN1_ADB_OBJECT(X9_62_FIELDID) } static_ASN1_SEQUENCE_END(X9_62_FIELDID) - ASN1_SEQUENCE(X9_62_CURVE) +ASN1_SEQUENCE(X9_62_CURVE) = { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(X9_62_CURVE) - ASN1_SEQUENCE(ECPARAMETERS) +ASN1_SEQUENCE(ECPARAMETERS) = { ASN1_EMBED(ECPARAMETERS, version, INT32), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS) DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) @@ -163,7 +163,7 @@ ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) } static_ASN1_SEQUENCE_END(EC_PRIVATEKEY) - DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY) +DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY) DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY) IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY) diff -Nru openssl-3.5.5/crypto/ec/ec_check.c openssl-3.5.6/crypto/ec/ec_check.c --- openssl-3.5.5/crypto/ec/ec_check.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/ec/ec_check.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,7 +50,7 @@ * ECC domain parameter validation. * See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b. */ - return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0; + return EC_GROUP_check_named_curve(group, 1, ctx) > 0 ? 1 : 0; #else int ret = 0; const BIGNUM *order; diff -Nru openssl-3.5.5/crypto/ec/ec_lib.c openssl-3.5.6/crypto/ec/ec_lib.c --- openssl-3.5.5/crypto/ec/ec_lib.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/ec/ec_lib.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -175,6 +175,8 @@ dest->libctx = src->libctx; dest->curve_name = src->curve_name; + EC_pre_comp_free(dest); + /* Copy precomputed */ dest->pre_comp_type = src->pre_comp_type; switch (src->pre_comp_type) { diff -Nru openssl-3.5.5/crypto/err/err_all.c openssl-3.5.6/crypto/err/err_all.c --- openssl-3.5.5/crypto/err/err_all.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/err/err_all.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,7 @@ #include "crypto/cmperr.h" #include "crypto/cterr.h" #include "crypto/asyncerr.h" +#include "crypto/sm2err.h" #include "crypto/storeerr.h" #include "crypto/esserr.h" #include "internal/propertyerr.h" @@ -104,6 +105,9 @@ #endif || ossl_err_load_ESS_strings() == 0 || ossl_err_load_ASYNC_strings() == 0 +#ifndef OPENSSL_NO_SM2 + || ossl_err_load_SM2_strings() == 0 +#endif || ossl_err_load_OSSL_STORE_strings() == 0 || ossl_err_load_PROP_strings() == 0 || ossl_err_load_PROV_strings() == 0 diff -Nru openssl-3.5.5/crypto/err/openssl.txt openssl-3.5.6/crypto/err/openssl.txt --- openssl-3.5.5/crypto/err/openssl.txt 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/err/openssl.txt 2026-04-07 14:26:30.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -848,6 +848,7 @@ EVP_R_XTS_DUPLICATED_KEYS:192:xts duplicated keys HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN:108:asn1 len exceeds max resp len HTTP_R_CONNECT_FAILURE:100:connect failure +HTTP_R_CONTENT_TYPE_MISMATCH:131:content type mismatch HTTP_R_ERROR_PARSING_ASN1_LENGTH:109:error parsing asn1 length HTTP_R_ERROR_PARSING_CONTENT_LENGTH:119:error parsing content length HTTP_R_ERROR_PARSING_URL:101:error parsing url diff -Nru openssl-3.5.5/crypto/ess/ess_asn1.c openssl-3.5.6/crypto/ess/ess_asn1.c --- openssl-3.5.5/crypto/ess/ess_asn1.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/ess/ess_asn1.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,7 +21,7 @@ ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER) } static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL) - IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL) +IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) ASN1_SEQUENCE(ESS_CERT_ID) = { @@ -29,7 +29,7 @@ ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID) - IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID) +IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID) ASN1_SEQUENCE(ESS_SIGNING_CERT) = { @@ -46,7 +46,7 @@ ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2) - IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2) +IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2) IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { diff -Nru openssl-3.5.5/crypto/evp/digest.c openssl-3.5.6/crypto/evp/digest.c --- openssl-3.5.5/crypto/evp/digest.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/digest.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -872,8 +872,9 @@ if (pctx != NULL && (pctx->operation == EVP_PKEY_OP_VERIFYCTX || pctx->operation == EVP_PKEY_OP_SIGNCTX) - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature->gettable_ctx_md_params != NULL) + && pctx->op.sig.signature != NULL + && pctx->op.sig.signature->gettable_ctx_md_params != NULL + && pctx->op.sig.algctx != NULL) return pctx->op.sig.signature->gettable_ctx_md_params( pctx->op.sig.algctx); diff -Nru openssl-3.5.5/crypto/evp/e_aes.c openssl-3.5.6/crypto/evp/e_aes.c --- openssl-3.5.5/crypto/evp/e_aes.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/e_aes.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2403,14 +2403,14 @@ #endif -#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \ - BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) +#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -2641,10 +2641,10 @@ } BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) - BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) - BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) +BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) +BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) - static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) +static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, c); if (gctx == NULL) @@ -3189,12 +3189,12 @@ BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c); @@ -3378,9 +3378,9 @@ | EVP_CIPH_CUSTOM_COPY) BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) - static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, c); switch (type) { @@ -3654,12 +3654,12 @@ BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - typedef struct { +typedef struct { union { OSSL_UNION_ALIGN; AES_KEY ks; @@ -4146,8 +4146,8 @@ BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB, EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB, + EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) #endif /* OPENSSL_NO_OCB */ diff -Nru openssl-3.5.5/crypto/evp/e_aria.c openssl-3.5.6/crypto/evp/e_aria.c --- openssl-3.5.5/crypto/evp/e_aria.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/e_aria.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -194,13 +194,13 @@ } BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0) - BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0) - BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0) +BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0) +BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0) - /* Authenticated cipher modes (GCM/CCM) */ +/* Authenticated cipher modes (GCM/CCM) */ - /* increment counter (64-bit int) by 1 */ - static void ctr64_inc(unsigned char *counter) +/* increment counter (64-bit int) by 1 */ +static void ctr64_inc(unsigned char *counter) { int n = 8; unsigned char c; @@ -778,11 +778,11 @@ } BLOCK_CIPHER_aead(128, gcm, GCM) - BLOCK_CIPHER_aead(192, gcm, GCM) - BLOCK_CIPHER_aead(256, gcm, GCM) +BLOCK_CIPHER_aead(192, gcm, GCM) +BLOCK_CIPHER_aead(256, gcm, GCM) - BLOCK_CIPHER_aead(128, ccm, CCM) - BLOCK_CIPHER_aead(192, ccm, CCM) - BLOCK_CIPHER_aead(256, ccm, CCM) +BLOCK_CIPHER_aead(128, ccm, CCM) +BLOCK_CIPHER_aead(192, ccm, CCM) +BLOCK_CIPHER_aead(256, ccm, CCM) #endif diff -Nru openssl-3.5.5/crypto/evp/e_camellia.c openssl-3.5.6/crypto/evp/e_camellia.c --- openssl-3.5.5/crypto/evp/e_camellia.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/e_camellia.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -183,14 +183,14 @@ #endif -#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \ - BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) +#define BLOCK_CIPHER_generic_pack(nid, keylen, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags) \ + BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) /* The subkey for Camellia is generated. */ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -347,5 +347,5 @@ } BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) +BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) +BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) diff -Nru openssl-3.5.5/crypto/evp/e_des3.c openssl-3.5.6/crypto/evp/e_des3.c --- openssl-3.5.5/crypto/evp/e_des3.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/e_des3.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -210,20 +210,20 @@ #define des_ede3_ofb_cipher des_ede_ofb_cipher #define des_ede3_cbc_cipher des_ede_cbc_cipher #define des_ede3_ecb_cipher des_ede_ecb_cipher - BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) +BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) + +BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, + EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) + +static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; DES_EDE_KEY *dat = data(ctx); diff -Nru openssl-3.5.5/crypto/evp/e_des.c openssl-3.5.6/crypto/evp/e_des.c --- openssl-3.5.5/crypto/evp/e_des.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/e_des.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -197,16 +197,16 @@ EVP_CIPH_RAND_KEY, des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - - BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) +BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) + +BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) { DES_cblock *deskey = (DES_cblock *)key; EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); diff -Nru openssl-3.5.5/crypto/evp/e_idea.c openssl-3.5.6/crypto/evp/e_idea.c --- openssl-3.5.5/crypto/evp/e_idea.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/e_idea.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -54,8 +54,8 @@ 0, idea_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) +static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) { if (!enc) { if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE) diff -Nru openssl-3.5.5/crypto/evp/encode.c openssl-3.5.6/crypto/evp/encode.c --- openssl-3.5.5/crypto/evp/encode.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/encode.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -689,7 +689,7 @@ l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d))); if (eof == -1) - eof = (f[2] == '=') + (f[3] == '='); + eof = (c == '=') + (d == '='); switch (eof) { case 2: diff -Nru openssl-3.5.5/crypto/evp/e_sm4.c openssl-3.5.6/crypto/evp/e_sm4.c --- openssl-3.5.5/crypto/evp/e_sm4.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/e_sm4.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2017 Ribose Inc. All Rights Reserved. * Ported from Ribose contributions from Botan. * @@ -49,12 +49,12 @@ return &sm4_##mode; \ } -#define DEFINE_BLOCK_CIPHERS(nid, flags) \ - BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags) +#define DEFINE_BLOCK_CIPHERS(nid, flags) \ + BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags) static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) diff -Nru openssl-3.5.5/crypto/evp/evp_enc.c openssl-3.5.6/crypto/evp/evp_enc.c --- openssl-3.5.5/crypto/evp/evp_enc.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/evp_enc.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -979,6 +979,11 @@ size_t soutl, inl_ = (size_t)inl; int blocksize; + if (inl < 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); + return 0; + } + if (ossl_likely(outl != NULL)) { *outl = 0; } else { @@ -1128,6 +1133,11 @@ size_t soutl, inl_ = (size_t)inl; int blocksize; + if (inl < 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); + return 0; + } + if (ossl_likely(outl != NULL)) { *outl = 0; } else { diff -Nru openssl-3.5.5/crypto/evp/kem.c openssl-3.5.6/crypto/evp/kem.c --- openssl-3.5.5/crypto/evp/kem.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/evp/kem.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -181,7 +181,7 @@ if (provauthkey != NULL && kem->auth_decapsulate_init != NULL) { ret = kem->auth_decapsulate_init(ctx->op.encap.algctx, provkey, provauthkey, params); - } else if (provauthkey == NULL && kem->encapsulate_init != NULL) { + } else if (provauthkey == NULL && kem->decapsulate_init != NULL) { ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params); } else { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); diff -Nru openssl-3.5.5/crypto/hashtable/hashtable.c openssl-3.5.6/crypto/hashtable/hashtable.c --- openssl-3.5.5/crypto/hashtable/hashtable.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/hashtable/hashtable.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -82,9 +82,11 @@ #if defined(__GNUC__) || defined(__CLANG__) #define PREFETCH_NEIGHBORHOOD(x) __builtin_prefetch(x.entries) #define PREFETCH(x) __builtin_prefetch(x) +#define ALIGN __attribute__((aligned(8))) #else #define PREFETCH_NEIGHBORHOOD(x) #define PREFETCH(x) +#define ALIGN #endif /* @@ -112,7 +114,7 @@ struct ht_neighborhood_entry_st { uint64_t hash; struct ht_internal_value_st *value; -}; +} ALIGN; struct ht_neighborhood_st { struct ht_neighborhood_entry_st entries[NEIGHBORHOOD_LEN]; diff -Nru openssl-3.5.5/crypto/http/http_client.c openssl-3.5.6/crypto/http/http_client.c --- openssl-3.5.5/crypto/http/http_client.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/http/http_client.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2018-2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -551,6 +551,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) { int i, found_expected_ct = 0, found_keep_alive = 0; + int status_code = 0; int got_text = 1; long n; size_t resp_len = 0; @@ -751,8 +752,8 @@ /* First line in response header */ if (rctx->state == OHS_FIRSTLINE) { - i = parse_http_line1(buf, &found_keep_alive); - switch (i) { + status_code = parse_http_line1(buf, &found_keep_alive); + switch (status_code) { case HTTP_STATUS_CODE_OK: rctx->state = OHS_HEADERS; goto next_line; @@ -767,7 +768,7 @@ /* fall through */ default: /* must return content if status >= 400 */ - rctx->state = i < HTTP_STATUS_CODES_NONFATAL_ERROR + rctx->state = status_code < HTTP_STATUS_CODES_NONFATAL_ERROR ? OHS_HEADERS_ERROR : OHS_HEADERS; goto next_line; /* continue parsing, also on HTTP error */ @@ -797,6 +798,17 @@ } if (OPENSSL_strcasecmp(key, "Content-Type") == 0) { got_text = HAS_CASE_PREFIX(value, "text/"); + if (got_text + && rctx->state == OHS_HEADERS + && rctx->expect_asn1 + && (status_code >= HTTP_STATUS_CODES_NONFATAL_ERROR + || status_code == HTTP_STATUS_CODE_OK)) { + ERR_raise_data(ERR_LIB_HTTP, HTTP_R_CONTENT_TYPE_MISMATCH, + "expected ASN.1 content but got http code %d with Content-Type: %s", + status_code, value); + rctx->state = OHS_HEADERS_ERROR; + goto next_line; + } if (rctx->state == OHS_HEADERS && rctx->expected_ct != NULL) { const char *semicolon; @@ -1452,7 +1464,11 @@ } BIO_push(fbio, bio); - BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port); + /* Add square brackets around a naked IPv6 address */ + if (server[0] != '[' && strchr(server, ':') != NULL) + BIO_printf(fbio, "CONNECT [%s]:%s " HTTP_1_0 "\r\n", server, port); + else + BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port); /* * Workaround for broken proxies which would otherwise close diff -Nru openssl-3.5.5/crypto/http/http_err.c openssl-3.5.6/crypto/http/http_err.c --- openssl-3.5.5/crypto/http/http_err.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/http/http_err.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,6 +20,8 @@ { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN), "asn1 len exceeds max resp len" }, { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONNECT_FAILURE), "connect failure" }, + { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONTENT_TYPE_MISMATCH), + "content type mismatch" }, { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_ASN1_LENGTH), "error parsing asn1 length" }, { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_CONTENT_LENGTH), diff -Nru openssl-3.5.5/crypto/http/http_lib.c openssl-3.5.6/crypto/http/http_lib.c --- openssl-3.5.5/crypto/http/http_lib.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/http/http_lib.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -55,6 +55,7 @@ char **ppath, char **pquery, char **pfrag) { const char *p, *tmp; + const char *authority_end; const char *scheme, *scheme_end; const char *user, *user_end; const char *host, *host_end; @@ -92,7 +93,10 @@ /* parse optional "userinfo@" */ user = user_end = host = p; - host = strchr(p, '@'); + authority_end = strpbrk(p, "/?#"); + if (authority_end == NULL) + authority_end = p + strlen(p); + host = memchr(p, '@', authority_end - p); if (host != NULL) user_end = host++; else diff -Nru openssl-3.5.5/crypto/idea/i_cfb64.c openssl-3.5.6/crypto/idea/i_cfb64.c --- openssl-3.5.5/crypto/idea/i_cfb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/idea/i_cfb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,7 @@ *num = -1; return; } + n = n & 0x07; iv = (unsigned char *)ivec; if (encrypt) { diff -Nru openssl-3.5.5/crypto/idea/i_ofb64.c openssl-3.5.6/crypto/idea/i_ofb64.c --- openssl-3.5.5/crypto/idea/i_ofb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/idea/i_ofb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,6 +39,7 @@ *num = -1; return; } + n = n & 0x07; iv = (unsigned char *)ivec; n2l(iv, v0); diff -Nru openssl-3.5.5/crypto/init.c openssl-3.5.6/crypto/init.c --- openssl-3.5.5/crypto/init.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/init.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -275,27 +275,24 @@ } static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; -static int config_inited = 0; static const OPENSSL_INIT_SETTINGS *conf_settings = NULL; DEFINE_RUN_ONCE_STATIC(ossl_init_config) { int ret = ossl_config_int(NULL); - config_inited = 1; return ret; } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config) { int ret = ossl_config_int(conf_settings); - config_inited = 1; return ret; } DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config) { OSSL_TRACE(INIT, "ossl_no_config_int()\n"); ossl_no_config_int(); - config_inited = 1; + return 1; } diff -Nru openssl-3.5.5/crypto/initthread.c openssl-3.5.6/crypto/initthread.c --- openssl-3.5.5/crypto/initthread.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/initthread.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -200,16 +200,28 @@ } static CRYPTO_ONCE ossl_init_thread_runonce = CRYPTO_ONCE_STATIC_INIT; +/* MSVC linker can use other segment for uninitialized (zeroed) variables */ +#if defined(OPENSSL_SYS_WINDOWS) static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)-1; +#elif defined(OPENSSL_SYS_TANDEM) && (defined(_PUT_MODEL_) || defined(_KLT_MODEL_)) +static CRYPTO_THREAD_ID recursion_guard = { (void *)-1, (short)-1, (short)-1 }; +#else +static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)0; +#endif DEFINE_RUN_ONCE_STATIC(ossl_init_thread_once) { + /* CRYPTO_THREAD_init_local() can call ossl_init_threads() again */ recursion_guard = CRYPTO_THREAD_get_current_id(); if (!CRYPTO_THREAD_init_local(&destructor_key.value, init_thread_destructor)) return 0; +#if defined(OPENSSL_SYS_TANDEM) + memset(&recursion_guard, 0, sizeof(recursion_guard)); +#else recursion_guard = (CRYPTO_THREAD_ID)0; +#endif return 1; } diff -Nru openssl-3.5.5/crypto/modes/asm/aes-gcm-ppc.pl openssl-3.5.6/crypto/modes/asm/aes-gcm-ppc.pl --- openssl-3.5.5/crypto/modes/asm/aes-gcm-ppc.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/modes/asm/aes-gcm-ppc.pl 2026-04-07 14:26:30.000000000 +0200 @@ -409,7 +409,6 @@ ################################################################################ .align 4 aes_gcm_crypt_1x: -.localentry aes_gcm_crypt_1x,0 cmpdi 5, 16 bge __More_1x @@ -492,7 +491,6 @@ ################################################################################ .align 4 __Process_partial: -.localentry __Process_partial,0 # create partial mask vspltisb 16, -1 @@ -564,7 +562,6 @@ .global ppc_aes_gcm_encrypt .align 5 ppc_aes_gcm_encrypt: -.localentry ppc_aes_gcm_encrypt,0 SAVE_REGS LOAD_HASH_TABLE @@ -752,7 +749,6 @@ .global ppc_aes_gcm_decrypt .align 5 ppc_aes_gcm_decrypt: -.localentry ppc_aes_gcm_decrypt, 0 SAVE_REGS LOAD_HASH_TABLE @@ -1032,7 +1028,6 @@ .size ppc_aes_gcm_decrypt,.-ppc_aes_gcm_decrypt aes_gcm_out: -.localentry aes_gcm_out,0 mr 3, 11 # return count diff -Nru openssl-3.5.5/crypto/modes/asm/ghash-armv4.pl openssl-3.5.6/crypto/modes/asm/ghash-armv4.pl --- openssl-3.5.5/crypto/modes/asm/ghash-armv4.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/modes/asm/ghash-armv4.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2010-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -55,7 +55,7 @@ # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. # -# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf +# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf # ==================================================================== # Note about "528B" variant. In ARM case it makes lesser sense to diff -Nru openssl-3.5.5/crypto/modes/build.info openssl-3.5.6/crypto/modes/build.info --- openssl-3.5.5/crypto/modes/build.info 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/modes/build.info 2026-04-07 14:26:30.000000000 +0200 @@ -35,7 +35,7 @@ $MODESASM_ppc32=ghashp8-ppc.s $MODESDEF_ppc32= $MODESASM_ppc64=$MODESASM_ppc32 - IF[{- $target{sys_id} ne "AIX" && $target{sys_id} ne "MACOSX" -}] + IF[{- $target{perlasm_scheme} =~ /le$/ -}] $MODESASM_ppc64=$MODESASM_ppc32 aes-gcm-ppc.s ENDIF $MODESDEF_ppc64=$MODESDEF_ppc32 diff -Nru openssl-3.5.5/crypto/o_str.c openssl-3.5.6/crypto/o_str.c --- openssl-3.5.5/crypto/o_str.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/o_str.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -296,6 +296,11 @@ int has_sep = (sep != CH_ZERO); size_t i, len = has_sep ? buflen * 3 : 1 + buflen * 2; + if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) { + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES); + return 0; + } + if (len == 0) ++len; if (strlength != NULL) @@ -339,7 +344,13 @@ if (buflen == 0) return OPENSSL_zalloc(1); - tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2; + if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3) + || (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) { + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES); + return NULL; + } + + tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2; if ((tmp = OPENSSL_malloc(tmp_n)) == NULL) return NULL; diff -Nru openssl-3.5.5/crypto/param_build.c openssl-3.5.6/crypto/param_build.c --- openssl-3.5.5/crypto/param_build.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/param_build.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -121,12 +121,22 @@ int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key, unsigned int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -134,12 +144,22 @@ int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key, long int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key, unsigned long int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -147,12 +167,22 @@ int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key, int32_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key, uint32_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -160,12 +190,22 @@ int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key, int64_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key, uint64_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -173,6 +213,11 @@ int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key, size_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -180,6 +225,11 @@ int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key, time_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } @@ -187,6 +237,11 @@ int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key, double num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL); } @@ -196,6 +251,11 @@ int n, secure = 0; OSSL_PARAM_BLD_DEF *pd; + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ossl_assert(type == OSSL_PARAM_UNSIGNED_INTEGER || type == OSSL_PARAM_INTEGER)) return 0; @@ -233,6 +293,11 @@ int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, const BIGNUM *bn) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bn != NULL && BN_is_negative(bn)) return push_BN(bld, key, bn, BN_num_bytes(bn) + 1, OSSL_PARAM_INTEGER); @@ -243,6 +308,11 @@ int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, const BIGNUM *bn, size_t sz) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bn != NULL && BN_is_negative(bn)) return push_BN(bld, key, bn, BN_num_bytes(bn), OSSL_PARAM_INTEGER); @@ -255,6 +325,11 @@ OSSL_PARAM_BLD_DEF *pd; int secure; + if (bld == NULL || key == NULL || buf == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bsize == 0) bsize = strlen(buf); secure = CRYPTO_secure_allocated(buf); @@ -270,6 +345,11 @@ { OSSL_PARAM_BLD_DEF *pd; + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bsize == 0) bsize = strlen(buf); pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0); @@ -285,6 +365,11 @@ OSSL_PARAM_BLD_DEF *pd; int secure; + if (bld == NULL || key == NULL || buf == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + secure = CRYPTO_secure_allocated(buf); pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure); if (pd == NULL) @@ -298,6 +383,11 @@ { OSSL_PARAM_BLD_DEF *pd; + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0); if (pd == NULL) return 0; @@ -362,10 +452,18 @@ { OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL; OSSL_PARAM *params, *last; - const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); - const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params)); - const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks); - const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks; + int num; + size_t p_blks, total, ss; + + if (bld == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); + p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params)); + total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks); + ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks; if (ss > 0) { s = OPENSSL_secure_malloc(ss); diff -Nru openssl-3.5.5/crypto/perlasm/x86_64-xlate.pl openssl-3.5.6/crypto/perlasm/x86_64-xlate.pl --- openssl-3.5.5/crypto/perlasm/x86_64-xlate.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/perlasm/x86_64-xlate.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -663,8 +663,7 @@ ); # Following constants are defined in x86_64 ABI supplement, for - # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf, - # see section 3.7 "Stack Unwind Algorithm". + # example available at https://gitlab.com/x86-psABIs/x86-64-ABI. my %DW_reg_idx = ( "%rax"=>0, "%rdx"=>1, "%rcx"=>2, "%rbx"=>3, "%rsi"=>4, "%rdi"=>5, "%rbp"=>6, "%rsp"=>7, diff -Nru openssl-3.5.5/crypto/pkcs12/p12_mutl.c openssl-3.5.6/crypto/pkcs12/p12_mutl.c --- openssl-3.5.5/crypto/pkcs12/p12_mutl.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/pkcs12/p12_mutl.c 2026-04-07 14:26:30.000000000 +0200 @@ -519,6 +519,8 @@ X509_ALGOR_free(param->messageAuthScheme); param->keyDerivationFunc = alg; param->messageAuthScheme = hmac_alg; + alg = NULL; + hmac_alg = NULL; X509_SIG_getm(p12->mac->dinfo, &macalg, &macoct); if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), param, &macalg->parameter)) @@ -540,6 +542,8 @@ ret = 1; err: + X509_ALGOR_free(alg); + X509_ALGOR_free(hmac_alg); PBMAC1PARAM_free(param); OPENSSL_free(known_salt); return ret; diff -Nru openssl-3.5.5/crypto/pkcs12/p12_utl.c openssl-3.5.6/crypto/pkcs12/p12_utl.c --- openssl-3.5.5/crypto/pkcs12/p12_utl.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/pkcs12/p12_utl.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -175,7 +175,7 @@ utf32chr += 0x10000; } - return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr); + return UTF8_putc((unsigned char *)str, 4, utf32chr); } char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) diff -Nru openssl-3.5.5/crypto/pkcs7/pk7_doit.c openssl-3.5.6/crypto/pkcs7/pk7_doit.c --- openssl-3.5.5/crypto/pkcs7/pk7_doit.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/pkcs7/pk7_doit.c 2026-04-07 14:26:30.000000000 +0200 @@ -831,6 +831,10 @@ break; case NID_pkcs7_signed: si_sk = p7->d.sign->signer_info; + if (p7->d.sign->contents == NULL) { + ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); + goto err; + } os = PKCS7_get_octet_string(p7->d.sign->contents); /* If detached data then the content is excluded */ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { @@ -841,6 +845,10 @@ break; case NID_pkcs7_digest: + if (p7->d.digest->contents == NULL) { + ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); + goto err; + } os = PKCS7_get_octet_string(p7->d.digest->contents); /* If detached data then the content is excluded */ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { diff -Nru openssl-3.5.5/crypto/pkcs7/pk7_lib.c openssl-3.5.6/crypto/pkcs7/pk7_lib.c --- openssl-3.5.5/crypto/pkcs7/pk7_lib.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/pkcs7/pk7_lib.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -48,7 +48,8 @@ break; case PKCS7_OP_GET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { - if (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL) + if (p7->d.sign == NULL || p7->d.sign->contents == NULL + || p7->d.sign->contents->d.ptr == NULL) ret = 1; else ret = 0; @@ -742,6 +743,10 @@ break; case NID_pkcs7_signed: + if (p7->d.sign == NULL || p7->d.sign->contents == NULL) { + ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); + break; + } os = p7->d.sign->contents->d.data; break; diff -Nru openssl-3.5.5/crypto/punycode.c openssl-3.5.6/crypto/punycode.c --- openssl-3.5.5/crypto/punycode.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/punycode.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -268,7 +268,7 @@ return -1; while (1) { - char *tmpptr = strchr(inptr, '.'); + const char *tmpptr = strchr(inptr, '.'); size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr); if (!HAS_PREFIX(inptr, "xn--")) { diff -Nru openssl-3.5.5/crypto/rand/rand_egd.c openssl-3.5.6/crypto/rand/rand_egd.c --- openssl-3.5.5/crypto/rand/rand_egd.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/rand/rand_egd.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -108,10 +108,13 @@ { FILE *fp = NULL; struct sockaddr_un addr; - int mybuffer, ret = -1, i, numbytes, fd; + int mybuffer, ret = -1, i, numbytes, fd = -1; unsigned char tempbuf[255]; +#if defined(OPENSSL_SYS_TANDEM) + int hpns_connect_attempt = 0; +#endif - if (bytes > (int)sizeof(tempbuf)) + if (bytes <= 0 || bytes > (int)sizeof(tempbuf)) return -1; /* Make socket. */ @@ -126,9 +129,8 @@ #else fd = socket(AF_UNIX, SOCK_STREAM, 0); #endif - if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL) + if (fd == -1) return -1; - setbuf(fp, NULL); /* Try to connect */ for (;;) { @@ -171,6 +173,14 @@ } } + /* Create stream only after a successful connect to avoid stale FILE* on fd swap. */ + fp = fdopen(fd, "r+"); + if (fp == NULL) { + close(fd); + return -1; + } + setbuf(fp, NULL); + /* Make request, see how many bytes we can get back. */ tempbuf[0] = 1; tempbuf[1] = bytes; @@ -180,6 +190,9 @@ goto err; numbytes = tempbuf[0]; + if (numbytes <= 0 || numbytes > bytes || numbytes > (int)sizeof(tempbuf)) + goto err; + /* Which buffer are we using? */ mybuffer = buf == NULL; if (mybuffer) @@ -196,6 +209,8 @@ err: if (fp != NULL) fclose(fp); + else if (fd != -1) + close(fd); return ret; } diff -Nru openssl-3.5.5/crypto/rc2/rc2cfb64.c openssl-3.5.6/crypto/rc2/rc2cfb64.c --- openssl-3.5.5/crypto/rc2/rc2cfb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/rc2/rc2cfb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ int *num, int encrypt) { register unsigned long v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned long ti[2]; unsigned char *iv, c, cc; diff -Nru openssl-3.5.5/crypto/rc2/rc2ofb64.c openssl-3.5.6/crypto/rc2/rc2ofb64.c --- openssl-3.5.5/crypto/rc2/rc2ofb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/rc2/rc2ofb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ int *num) { register unsigned long v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned char d[8]; register char *dp; diff -Nru openssl-3.5.5/crypto/rc5/rc5cfb64.c openssl-3.5.6/crypto/rc5/rc5cfb64.c --- openssl-3.5.5/crypto/rc5/rc5cfb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/rc5/rc5cfb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ unsigned char *ivec, int *num, int encrypt) { register unsigned long v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned long ti[2]; unsigned char *iv, c, cc; diff -Nru openssl-3.5.5/crypto/rc5/rc5ofb64.c openssl-3.5.6/crypto/rc5/rc5ofb64.c --- openssl-3.5.5/crypto/rc5/rc5ofb64.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/rc5/rc5ofb64.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,7 +26,7 @@ unsigned char *ivec, int *num) { register unsigned long v0, v1, t; - register int n = *num; + register int n = *num & 0x07; register long l = length; unsigned char d[8]; register char *dp; diff -Nru openssl-3.5.5/crypto/riscvcap.c openssl-3.5.6/crypto/riscvcap.c --- openssl-3.5.5/crypto/riscvcap.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/riscvcap.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,9 +26,6 @@ extern size_t riscv_vlen_asm(void); -static void parse_env(const char *envstr); -static void strtoupper(char *str); - static size_t vlen = 0; #ifdef OSSL_RISCV_HWPROBE @@ -50,10 +47,15 @@ return 0; } -static void strtoupper(char *str) +static void strtoupper(const char *str, char *dst, size_t dstlen) { - for (char *x = str; *x; ++x) - *x = toupper((unsigned char)*x); + for (size_t i = 0; i < dstlen; i++) { + if (i == dstlen - 1 || str[i] == '\0') { + dst[i] = '\0'; + break; + } + dst[i] = toupper((unsigned char)str[i]); + } } /* parse_env() parses a RISC-V architecture string. An example of such a string @@ -68,15 +70,24 @@ char buf[BUFLEN]; /* Convert env str to all uppercase */ - OPENSSL_strlcpy(envstrupper, envstr, sizeof(envstrupper)); - strtoupper(envstrupper); + strtoupper(envstr, envstrupper, sizeof(envstrupper)); for (size_t i = 0; i < kRISCVNumCaps; ++i) { + size_t len = strlen(RISCV_capabilities[i].name); /* Prefix capability with underscore in preparation for search */ - BIO_snprintf(buf, BUFLEN, "_%s", RISCV_capabilities[i].name); - if (strstr(envstrupper, buf) != NULL) { - /* Match, set relevant bit in OPENSSL_riscvcap_P[] */ - OPENSSL_riscvcap_P[RISCV_capabilities[i].index] |= (1 << RISCV_capabilities[i].bit_offset); + /* + * Avoid using higher level library functions which may require + * library initialization (such as BIO_snprintf) as this may be called + * in a constructor before library initialization + */ + if (len < BUFLEN - 1) { + buf[0] = '_'; + memcpy(buf + 1, RISCV_capabilities[i].name, len); + buf[len + 1] = '\0'; + if (strstr(envstrupper, buf) != NULL) { + /* Match, set relevant bit in OPENSSL_riscvcap_P[] */ + OPENSSL_riscvcap_P[RISCV_capabilities[i].index] |= (1 << RISCV_capabilities[i].bit_offset); + } } } } diff -Nru openssl-3.5.5/crypto/rsa/rsa_backend.c openssl-3.5.6/crypto/rsa/rsa_backend.c --- openssl-3.5.5/crypto/rsa/rsa_backend.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/rsa/rsa_backend.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -246,6 +246,8 @@ BN_free(n); BN_free(e); BN_free(d); + BN_clear_free(p); + BN_clear_free(q); sk_BIGNUM_pop_free(factors, BN_clear_free); sk_BIGNUM_pop_free(exps, BN_clear_free); sk_BIGNUM_pop_free(coeffs, BN_clear_free); diff -Nru openssl-3.5.5/crypto/sha/asm/keccak1600-s390x.pl openssl-3.5.6/crypto/sha/asm/keccak1600-s390x.pl --- openssl-3.5.5/crypto/sha/asm/keccak1600-s390x.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/sha/asm/keccak1600-s390x.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -67,6 +67,7 @@ $code.=<<___; .text +.machine "z10" .type __KeccakF1600,\@function .align 32 diff -Nru openssl-3.5.5/crypto/slh_dsa/slh_dsa.c openssl-3.5.6/crypto/slh_dsa/slh_dsa.c --- openssl-3.5.5/crypto/slh_dsa/slh_dsa.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/slh_dsa/slh_dsa.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -119,11 +119,11 @@ /* Generate ht signature and append to the SLH-DSA signature */ && ossl_slh_ht_sign(hctx, pk_fors, sk_seed, pk_seed, tree_id, leaf_id, wpkt); - *sig_len = sig_len_expected; - ret = 1; err: if (!WPACKET_finish(wpkt)) ret = 0; + if (ret) + *sig_len = sig_len_expected; return ret; } @@ -232,6 +232,7 @@ const uint8_t *ctx, size_t ctx_len, int encode, uint8_t *tmp, size_t tmp_len, size_t *out_len) { + WPACKET pkt; uint8_t *encoded = NULL; size_t encoded_len; @@ -240,11 +241,14 @@ *out_len = msg_len; return (uint8_t *)msg; } + if (ctx_len > SLH_DSA_MAX_CONTEXT_STRING_LEN) return NULL; /* Pure encoding */ encoded_len = 1 + 1 + ctx_len + msg_len; + if (encoded_len < msg_len) /* Check for overflow */ + return NULL; *out_len = encoded_len; if (encoded_len <= tmp_len) { encoded = tmp; @@ -253,10 +257,17 @@ if (encoded == NULL) return NULL; } - encoded[0] = 0; - encoded[1] = (uint8_t)ctx_len; - memcpy(&encoded[2], ctx, ctx_len); - memcpy(&encoded[2 + ctx_len], msg, msg_len); + if (!WPACKET_init_static_len(&pkt, encoded, encoded_len, 0) + || !WPACKET_put_bytes_u8(&pkt, 0) + || !WPACKET_put_bytes_u8(&pkt, (uint8_t)ctx_len) + || !WPACKET_memcpy(&pkt, ctx, ctx_len) + || !WPACKET_memcpy(&pkt, msg, msg_len) + || !WPACKET_finish(&pkt)) { + if (encoded != tmp) + OPENSSL_free(encoded); + encoded = NULL; + WPACKET_cleanup(&pkt); + } return encoded; } diff -Nru openssl-3.5.5/crypto/sm4/asm/vpsm4_ex-armv8.pl openssl-3.5.6/crypto/sm4/asm/vpsm4_ex-armv8.pl --- openssl-3.5.5/crypto/sm4/asm/vpsm4_ex-armv8.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/sm4/asm/vpsm4_ex-armv8.pl 2026-04-07 14:26:30.000000000 +0200 @@ -476,12 +476,13 @@ $code.=<<___; adrp $xtmp2, .Lsbox_magic - ldr $MaskQ, [$xtmp2, #:lo12:.Lsbox_magic] - ldr $TAHMatQ, [$xtmp2, #:lo12:.Lsbox_magic+16] - ldr $TALMatQ, [$xtmp2, #:lo12:.Lsbox_magic+32] - ldr $ATAHMatQ, [$xtmp2, #:lo12:.Lsbox_magic+48] - ldr $ATALMatQ, [$xtmp2, #:lo12:.Lsbox_magic+64] - ldr $ANDMaskQ, [$xtmp2, #:lo12:.Lsbox_magic+80] + add $xtmp2, $xtmp2, #:lo12:.Lsbox_magic + ldr $MaskQ, [$xtmp2] + ldr $TAHMatQ, [$xtmp2, 16] + ldr $TALMatQ, [$xtmp2, 32] + ldr $ATAHMatQ, [$xtmp2, 48] + ldr $ATALMatQ, [$xtmp2, 64] + ldr $ANDMaskQ, [$xtmp2, 80] ___ } diff -Nru openssl-3.5.5/crypto/store/store_lib.c openssl-3.5.6/crypto/store/store_lib.c --- openssl-3.5.5/crypto/store/store_lib.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/store/store_lib.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -498,6 +498,10 @@ int res = 0; struct ossl_passphrase_data_st pwdata = { 0 }; + if (uri == NULL) { + ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } OPENSSL_strlcpy(scheme, uri, sizeof(scheme)); if ((p = strchr(scheme, ':')) != NULL) *p++ = '\0'; diff -Nru openssl-3.5.5/crypto/threads_none.c openssl-3.5.6/crypto/threads_none.c --- openssl-3.5.5/crypto/threads_none.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/threads_none.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -217,7 +217,7 @@ CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) { - return 0; + return 1; } int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) diff -Nru openssl-3.5.5/crypto/threads_pthread.c openssl-3.5.6/crypto/threads_pthread.c --- openssl-3.5.5/crypto/threads_pthread.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/threads_pthread.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -534,6 +534,9 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx) { struct rcu_lock_st *new; + pthread_mutex_t *mutexes[3] = { NULL }; + pthread_cond_t *conds[2] = { NULL }; + int i; /* * We need a minimum of 2 qp's @@ -550,19 +553,40 @@ return NULL; new->ctx = ctx; - pthread_mutex_init(&new->write_lock, NULL); - pthread_mutex_init(&new->prior_lock, NULL); - pthread_mutex_init(&new->alloc_lock, NULL); - pthread_cond_init(&new->prior_signal, NULL); - pthread_cond_init(&new->alloc_signal, NULL); - + i = 0; + mutexes[i] = pthread_mutex_init(&new->write_lock, NULL) == 0 ? &new->write_lock : NULL; + if (mutexes[i++] == NULL) + goto err; + mutexes[i] = pthread_mutex_init(&new->prior_lock, NULL) == 0 ? &new->prior_lock : NULL; + if (mutexes[i++] == NULL) + goto err; + mutexes[i] = pthread_mutex_init(&new->alloc_lock, NULL) == 0 ? &new->alloc_lock : NULL; + if (mutexes[i++] == NULL) + goto err; + conds[i - 3] = pthread_cond_init(&new->prior_signal, NULL) == 0 ? &new->prior_signal : NULL; + if (conds[i - 3] == NULL) + goto err; + i++; + conds[i - 3] = pthread_cond_init(&new->alloc_signal, NULL) == 0 ? &new->alloc_signal : NULL; + if (conds[i - 3] == NULL) + goto err; + i++; new->qp_group = allocate_new_qp_group(new, num_writers); - if (new->qp_group == NULL) { - OPENSSL_free(new); - new = NULL; - } + if (new->qp_group == NULL) + goto err; return new; + +err: + for (i = 0; i < 3; i++) + if (mutexes[i] != NULL) + pthread_mutex_destroy(mutexes[i]); + for (i = 0; i < 2; i++) + if (conds[i] != NULL) + pthread_cond_destroy(conds[i]); + OPENSSL_free(new->qp_group); + OPENSSL_free(new); + return NULL; } void ossl_rcu_lock_free(CRYPTO_RCU_LOCK *lock) @@ -576,6 +600,17 @@ ossl_synchronize_rcu(rlock); OPENSSL_free(rlock->qp_group); + /* + * Some targets (BSD) allocate heap when initializing + * a mutex or condition, to prevent leaks, those need + * to be destroyed here + */ + pthread_mutex_destroy(&rlock->write_lock); + pthread_mutex_destroy(&rlock->prior_lock); + pthread_mutex_destroy(&rlock->alloc_lock); + pthread_cond_destroy(&rlock->prior_signal); + pthread_cond_destroy(&rlock->alloc_signal); + /* There should only be a single qp left now */ OPENSSL_free(rlock); } diff -Nru openssl-3.5.5/crypto/threads_win.c openssl-3.5.6/crypto/threads_win.c --- openssl-3.5.5/crypto/threads_win.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/threads_win.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,7 +50,7 @@ * atomically updated */ struct rcu_qp { - volatile uint64_t users; + uint64_t users; }; struct thread_qp { diff -Nru openssl-3.5.5/crypto/ts/ts_asn1.c openssl-3.5.6/crypto/ts/ts_asn1.c --- openssl-3.5.5/crypto/ts/ts_asn1.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/ts/ts_asn1.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,7 +17,7 @@ ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING) } static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT) - IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT) +IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT) IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a) { @@ -51,7 +51,7 @@ ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0) } static_ASN1_SEQUENCE_END(TS_REQ) - IMPLEMENT_ASN1_FUNCTIONS(TS_REQ) +IMPLEMENT_ASN1_FUNCTIONS(TS_REQ) IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ) TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a) { @@ -80,7 +80,7 @@ ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1) } static_ASN1_SEQUENCE_END(TS_ACCURACY) - IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY) +IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY) IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY) ASN1_SEQUENCE(TS_TST_INFO) = { @@ -96,7 +96,7 @@ ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1) } static_ASN1_SEQUENCE_END(TS_TST_INFO) - IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO) +IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO) IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO) TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a) { @@ -127,7 +127,7 @@ ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(TS_STATUS_INFO) - IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO) +IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO) IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO) static int ts_resp_set_tst_info(TS_RESP *a) @@ -175,7 +175,7 @@ ASN1_OPT(TS_RESP, token, PKCS7), } static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP) - IMPLEMENT_ASN1_FUNCTIONS(TS_RESP) +IMPLEMENT_ASN1_FUNCTIONS(TS_RESP) IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP) diff -Nru openssl-3.5.5/crypto/x509/pcy_tree.c openssl-3.5.6/crypto/x509/pcy_tree.c --- openssl-3.5.5/crypto/x509/pcy_tree.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/pcy_tree.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2004-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -680,8 +680,10 @@ } else { *pexplicit_policy = 1; /* Tree empty and requireExplicit True: Error */ - if (init_ret & X509_PCY_TREE_EMPTY) + if (init_ret & X509_PCY_TREE_EMPTY) { + X509_policy_tree_free(tree); return X509_PCY_TREE_FAILURE; + } } ret = tree_evaluate(tree); @@ -707,13 +709,15 @@ if (!ret) goto error; - *ptree = tree; - if (init_ret & X509_PCY_TREE_EXPLICIT) { nodes = X509_policy_tree_get0_user_policies(tree); - if (sk_X509_POLICY_NODE_num(nodes) <= 0) + if (sk_X509_POLICY_NODE_num(nodes) <= 0) { + X509_policy_tree_free(tree); return X509_PCY_TREE_FAILURE; + } } + + *ptree = tree; return X509_PCY_TREE_VALID; error: diff -Nru openssl-3.5.5/crypto/x509/t_acert.c openssl-3.5.6/crypto/x509/t_acert.c --- openssl-3.5.5/crypto/x509/t_acert.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/t_acert.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -62,8 +62,10 @@ case V_ASN1_SEQUENCE: if (BIO_puts(bp, "\n") <= 0) goto err; - ASN1_parse_dump(bp, at->value.sequence->data, - at->value.sequence->length, i, 1); + if (ASN1_parse_dump(bp, at->value.sequence->data, + at->value.sequence->length, i, 1) + <= 0) + goto err; break; default: if (BIO_printf(bp, "unable to print attribute of type 0x%X\n", diff -Nru openssl-3.5.5/crypto/x509/v3_ac_tgt.c openssl-3.5.6/crypto/x509/v3_ac_tgt.c --- openssl-3.5.5/crypto/x509/v3_ac_tgt.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/v3_ac_tgt.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ ASN1_OPT(OSSL_ISSUER_SERIAL, issuerUID, ASN1_BIT_STRING), } static_ASN1_SEQUENCE_END(OSSL_ISSUER_SERIAL) - ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO) +ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO) = { ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, digestedObjectType, ASN1_ENUMERATED), ASN1_OPT(OSSL_OBJECT_DIGEST_INFO, otherObjectTypeID, ASN1_OBJECT), @@ -49,14 +49,14 @@ ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, objectDigest, ASN1_BIT_STRING), } static_ASN1_SEQUENCE_END(OSSL_OBJECT_DIGEST_INFO) - ASN1_SEQUENCE(OSSL_TARGET_CERT) +ASN1_SEQUENCE(OSSL_TARGET_CERT) = { ASN1_SIMPLE(OSSL_TARGET_CERT, targetCertificate, OSSL_ISSUER_SERIAL), ASN1_OPT(OSSL_TARGET_CERT, targetName, GENERAL_NAME), ASN1_OPT(OSSL_TARGET_CERT, certDigestInfo, OSSL_OBJECT_DIGEST_INFO), } static_ASN1_SEQUENCE_END(OSSL_TARGET_CERT) - ASN1_CHOICE(OSSL_TARGET) +ASN1_CHOICE(OSSL_TARGET) = { ASN1_EXP(OSSL_TARGET, choice.targetName, GENERAL_NAME, 0), ASN1_EXP(OSSL_TARGET, choice.targetGroup, GENERAL_NAME, 1), diff -Nru openssl-3.5.5/crypto/x509/v3_cpols.c openssl-3.5.6/crypto/x509/v3_cpols.c --- openssl-3.5.5/crypto/x509/v3_cpols.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/v3_cpols.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -256,7 +256,7 @@ static int displaytext_get_tag_len(const char *tagstr) { - char *colon = strchr(tagstr, ':'); + const char *colon = strchr(tagstr, ':'); return (colon == NULL) ? -1 : colon - tagstr; } diff -Nru openssl-3.5.5/crypto/x509/v3_prn.c openssl-3.5.6/crypto/x509/v3_prn.c --- openssl-3.5.5/crypto/x509/v3_prn.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/v3_prn.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -191,9 +191,9 @@ return 1; case X509V3_EXT_PARSE_UNKNOWN: - return ASN1_parse_dump(out, ext, extlen, indent, -1); + return ASN1_parse_dump(out, ext, extlen, indent, -1) > 0; case X509V3_EXT_DUMP_UNKNOWN: - return BIO_dump_indent(out, (const char *)ext, extlen, indent); + return BIO_dump_indent(out, (const char *)ext, extlen, indent) > 0; default: return 1; diff -Nru openssl-3.5.5/crypto/x509/v3_san.c openssl-3.5.6/crypto/x509/v3_san.c --- openssl-3.5.5/crypto/x509/v3_san.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/v3_san.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -630,7 +630,8 @@ static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) { - char *objtmp = NULL, *p; + char *objtmp = NULL; + const char *p; int objlen; if ((p = strchr(value, ';')) == NULL) diff -Nru openssl-3.5.5/crypto/x509/v3_timespec.c openssl-3.5.6/crypto/x509/v3_timespec.c --- openssl-3.5.5/crypto/x509/v3_timespec.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/v3_timespec.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -167,7 +167,7 @@ return 0; if (dt->minute && !ASN1_INTEGER_get_int64(&m, dt->minute)) return 0; - if (dt->minute && !ASN1_INTEGER_get_int64(&s, dt->second)) + if (dt->second && !ASN1_INTEGER_get_int64(&s, dt->second)) return 0; return BIO_printf(out, "%02lld:%02lld:%02lld", (long long int)h, (long long int)m, (long long int)s) diff -Nru openssl-3.5.5/crypto/x509/v3_utl.c openssl-3.5.6/crypto/x509/v3_utl.c --- openssl-3.5.5/crypto/x509/v3_utl.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/v3_utl.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1120,15 +1120,16 @@ ASN1_OCTET_STRING *ret = NULL; unsigned char ipout[32]; char *iptmp = NULL, *p; + const char *slash; int iplen1, iplen2; - p = strchr(ipasc, '/'); - if (p == NULL) + slash = strchr(ipasc, '/'); + if (slash == NULL) return NULL; iptmp = OPENSSL_strdup(ipasc); if (iptmp == NULL) return NULL; - p = iptmp + (p - ipasc); + p = iptmp + (slash - ipasc); *p++ = 0; iplen1 = ossl_a2i_ipadd(ipout, iptmp); diff -Nru openssl-3.5.5/crypto/x509/x509_vfy.c openssl-3.5.6/crypto/x509/x509_vfy.c --- openssl-3.5.5/crypto/x509/x509_vfy.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/x509_vfy.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1123,6 +1123,7 @@ goto done; } + ctx->current_crl = NULL; X509_CRL_free(crl); X509_CRL_free(dcrl); crl = NULL; @@ -1307,6 +1308,8 @@ if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) return 0; /* Delta CRL number must exceed full CRL number */ + if (delta->crl_number == NULL) + return 0; return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0; } @@ -3015,7 +3018,7 @@ break; } - OPENSSL_free(dane->mcert); + X509_free(dane->mcert); dane->mcert = cert; dane->mdpth = depth; dane->mtlsa = t; diff -Nru openssl-3.5.5/crypto/x509/x_pubkey.c openssl-3.5.6/crypto/x509/x_pubkey.c --- openssl-3.5.5/crypto/x509/x_pubkey.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/crypto/x509/x_pubkey.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,8 +65,8 @@ ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) - X509_PUBKEY - * ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx, const char *propq) +X509_PUBKEY +*ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx, const char *propq) { X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); diff -Nru openssl-3.5.5/debian/changelog openssl-3.5.6/debian/changelog --- openssl-3.5.5/debian/changelog 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/changelog 2026-05-04 20:39:11.000000000 +0200 @@ -1,3 +1,9 @@ +openssl (3.5.6-1~deb13u1) trixie; urgency=medium + + * Import 3.5.6 + + -- Sebastian Andrzej Siewior Mon, 04 May 2026 20:39:11 +0200 + openssl (3.5.5-1~deb13u2) trixie-security; urgency=medium * CVE-2026-2673 ("OpenSSL TLS 1.3 server may choose unexpected key agreement @@ -10,6 +16,7 @@ * CVE-2026-31789 ("Heap buffer overflow in hexadecimal conversion") * CVE-2026-31790 ("Incorrect failure handling in RSA KEM RSASVE encapsulation") + * CVE-2026-28388 ("NULL Pointer Dereference When Processing a Delta CRL") -- Sebastian Andrzej Siewior Fri, 03 Apr 2026 12:05:32 +0200 diff -Nru openssl-3.5.5/debian/patches/Added-test-for-CVE-2026-28388.patch openssl-3.5.6/debian/patches/Added-test-for-CVE-2026-28388.patch --- openssl-3.5.5/debian/patches/Added-test-for-CVE-2026-28388.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/Added-test-for-CVE-2026-28388.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,124 +0,0 @@ -From: Daniel Kubec -Date: Tue, 17 Mar 2026 11:14:56 +0100 -Subject: Added test for CVE-2026-28388 - ---- - test/certs/cve-2026-28388-ca.pem | 19 +++++++++++++++++++ - test/certs/cve-2026-28388-crls.pem | 22 ++++++++++++++++++++++ - test/certs/cve-2026-28388-leaf.pem | 19 +++++++++++++++++++ - test/recipes/25-test_verify.t | 14 +++++++++++++- - 4 files changed, 73 insertions(+), 1 deletion(-) - create mode 100644 test/certs/cve-2026-28388-ca.pem - create mode 100644 test/certs/cve-2026-28388-crls.pem - create mode 100644 test/certs/cve-2026-28388-leaf.pem - -diff --git a/test/certs/cve-2026-28388-ca.pem b/test/certs/cve-2026-28388-ca.pem -new file mode 100644 -index 000000000000..9e36d11c4b4b ---- /dev/null -+++ b/test/certs/cve-2026-28388-ca.pem -@@ -0,0 +1,19 @@ -+-----BEGIN CERTIFICATE----- -+MIIDFTCCAf2gAwIBAgIUOl5NN/jfsuLU9JSGLZAfRzviF+owDQYJKoZIhvcNAQEL -+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNjAzMTcwODE5NDdaFw0yNzAzMTcw -+ODE5NDdaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB -+DwAwggEKAoIBAQD0m4KETjF0c25spNWUiNChWP0GalDL0gVDFbtAoMVF/lvlZEcp -+hcg62ifHJRPntWyVAmH70DAI87cWzl/73QYGaOcMVcH5yEM31BoK83FvhsS3RTPO -+FSrNCHaZrrWuga+QkBmMcR6qX7GF5eb6ASMBsLuuDqbkCRbTJ2ryhYeWF+VFemBF -+pSHpcinSSLvswTVbZiCqmoy0WkK8eiyfLMZA17PgVLQpyPZ3rp5YG5vEZZoqFc/f -+1bCHjwQ7fNdLCEMqPvE/I0mg2skRClb1L1Vieud/jmjL8nVd9I12j1eUOcSKtCkW -+nj4BFa7TRz13sN3LZOFvV774ZaXRJ1GxoAlnAgMBAAGjYzBhMB0GA1UdDgQWBBSt -+UxfaVbV9QMmfwMoImdgi4MZHzTAfBgNVHSMEGDAWgBStUxfaVbV9QMmfwMoImdgi -+4MZHzTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B -+AQsFAAOCAQEA84w49n0pPJlqiD1/mn3pUZ66lBP0fFZiCuV/3YatBZcW+xcboW0Q -+xImYztjZo0i+sQLZOalI4GoBqD77Dv4Qas0QoJZIp0wM8DjE3YcudCr4cpUhT1XC -+ruHVHQA9bY5rW0GsfUBW6/3RbRpiK4SaFG3sUBbXPo0dC2EaLDjpLM7o2UljRrWu -+d/vg6ieKuAicexLxqQLdM4SxjyvBpCwHg/dnMxawSj4Xhks1BHJ0hTLKJGDgfVHh -+ex8+878u6Gf7fAOZa5idWUgTvdt5WHSW5x+Tm/P6LGG3HkM425ZU6BLTCHONoBud -+cOlfWTTuIyweX5TRL5HY3SuO1cpMBpjiAA== -+-----END CERTIFICATE----- -diff --git a/test/certs/cve-2026-28388-crls.pem b/test/certs/cve-2026-28388-crls.pem -new file mode 100644 -index 000000000000..46cbd7876dcd ---- /dev/null -+++ b/test/certs/cve-2026-28388-crls.pem -@@ -0,0 +1,22 @@ -+-----BEGIN X509 CRL----- -+MIIBizB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2 -+MDMxNzA4MTk0N1oXDTI2MDQxNjA4MTk0N1qgLzAtMB8GA1UdIwQYMBaAFK1TF9pV -+tX1AyZ/AygiZ2CLgxkfNMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBl -+3vVknchCNA/oW0ovtnrE+xQs8yAk3uElooQlw88moTcts2YAcKWl49lnNWZk/RbF -+Zs8m+MUuNb2W861siuvY3EwnSKVaJB2tKPfCRBP4xt+Q0g/Tn5CWxzpzHjQfLT6l -+pvWOwaO7aE6bthX7MQ9XBpnHSPxsbul+MhV5PER11BYZGVh5MH0XxfMI0jDHFh2M -+klTamgaao3TkVOI3OQPgzUx/q0Lz/YoCIH0pYGGP6KTGUX2x7UfD1tcIOcUp6tvO -+6hG3utMgJOpZJl9yMzhG+ZURjbz4MSbBM0FVIaWnBn2VzY1jHGky0nK83IZhiddf -+OohWoSH8tqwrNFZkblAH -+-----END X509 CRL----- -+-----BEGIN X509 CRL----- -+MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2 -+MDEwODEyMDAwMFoXDTI2MDIwODEyMDAwMFqgMjAwMB8GA1UdIwQYMBaAFK1TF9pV -+tX1AyZ/AygiZ2CLgxkfNMA0GA1UdGwEB/wQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB -+AQCyYxa5iVUFxBpdXgBGSMqkuxJqQzVni8nXK0DiXHfgbTud+HD5Qp/6PX2EQuwK -+SrT0yeNJBU1gxxMMsbdA0yVTPa7N2Ny39mjq/27yBXduiljo3Gs4NLEW9grJRnep -+WOD1cQe3Fea5HlEfUoQJF1WVekF6CnOSqESaDvTAzqpZd7pxU8cuduiRJPin93ki -+1nicQAU/G4Td190+JEAWD3/dJTg2LF6LKrmHiv2ZUTuNsVBfcbhFSoC6FpnjFUAI -+kF8EgJpuBEfqV6erIuT1GD+5p1QGNqdcNl7LO9erJaUFnssJBJtj84iXd7RZARNs -+njcibOSKC9YWgNmZUy0QV5D8 -+-----END X509 CRL----- -diff --git a/test/certs/cve-2026-28388-leaf.pem b/test/certs/cve-2026-28388-leaf.pem -new file mode 100644 -index 000000000000..02b22997cdd8 ---- /dev/null -+++ b/test/certs/cve-2026-28388-leaf.pem -@@ -0,0 +1,19 @@ -+-----BEGIN CERTIFICATE----- -+MIIDHTCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 -+IENBMB4XDTI2MDMxNzA4MTk0N1oXDTI3MDMxNzA4MTk0N1owFDESMBAGA1UEAwwJ -+VGVzdCBMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx7jpC6+ -+nRZ4ol6sShkpv04hGYtt7y+Ns4oIfdQTqo57DItFab8D8cH04zR8NND42MMnsPPn -+Ovh9gv2l1mj9ZfwgXI5PvaKc6CoXvXb0ttekdDUS1iw9g04BxIXTDANxsdSXrCDd -+Npyr1Pxdo3N2fiH6qN9/Lsh7yg0vJW/aJzdvhLcCTFcr89qmCsh17XfcTR0wZJXP -+QdlRib9EK8aa6aKOYmm44SBbuXXyWojhheUaqVuzDj6A0L9opmh/DVXa9bdIN/FX -+CKJB+d60Qxy5pKwpzDDxbCdG2vA1U2cPz8yAgelFG5AmXSHF7Id4G6GTCAY6PbTO -+Jy2Z4I6NY+mj5wIDAQABo3wwejAdBgNVHQ4EFgQUlf2YZ93MvS4kZm7fshosgp+J -+ImkwHwYDVR0jBBgwFoAUrVMX2lW1fUDJn8DKCJnYIuDGR80wCQYDVR0TBAIwADAt -+BgNVHS4EJjAkMCKgIKAehhxodHRwOi8vZXhhbXBsZS5jb20vZGVsdGEucGVtMA0G -+CSqGSIb3DQEBCwUAA4IBAQDoNAQGLS0Juf3i2fhuVQyWIFvNIMElLexeLnnd/y80 -+13nsP68ZGT2D3DoHQSz3SL7sNjLBc2CiUVftdaRQ4dNCz8sBY5BRTS5XEGbbTAFZ -+bQUReykuuTy83CGw/JYN6YT/OHcf4gEhUnWtRMCmIz3J/NMRVSRnpV2Ezjltm/Q+ -+emFS/QclRhkP6Vu+lwM/nV6uAN8T7Ba68Hym2MN0clozrpoKeqFouB7D0i+iCZMw -+zbac5as0hn7Fm+HGTbfTs2/fqUslvE6PmagepceP37pTSSVmYRmdpOD2cyCb30A+ -+nJFGQg7PcacGSL1re65W35XzdU8Si8OYD+PxjDaRbPcP -+-----END CERTIFICATE----- -diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t -index 673c3d5f1772..fcb343b9ee3a 100644 ---- a/test/recipes/25-test_verify.t -+++ b/test/recipes/25-test_verify.t -@@ -30,7 +30,7 @@ sub verify { - run(app([@args])); - } - --plan tests => 203; -+plan tests => 204; - - # Canonical success - ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), -@@ -594,6 +594,18 @@ ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"], - "-explicit_policy"), - "Bad certificate policy"); - -+# CVE-2026-28388 -+my $cve_28388_stderr = "cve-2026-28388.err"; -+run(app(["openssl", "verify", -+ "-attime", "1739527200", -+ "-CAfile", srctop_file(@certspath, "cve-2026-28388-ca.pem"), -+ "-crl_check", "-use_deltas", -+ "-CRLfile", srctop_file(@certspath, "cve-2026-28388-crls.pem"), -+ srctop_file(@certspath, "cve-2026-28388-leaf.pem")], -+ stderr => $cve_28388_stderr)); -+ok(grep(/CRL is not yet valid/, do { open my $fh, '<', $cve_28388_stderr; <$fh> }), -+ "CVE-2026-28388"); -+ - # CAstore option - my $rootcertname = "root-cert"; - my $rootcert = srctop_file(@certspath, "${rootcertname}.pem"); diff -Nru openssl-3.5.5/debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch openssl-3.5.6/debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch --- openssl-3.5.5/debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,44 +0,0 @@ -From: Neil Horman -Date: Sun, 29 Mar 2026 10:47:03 -0400 -Subject: Add test for CMS decryption with RSA keys - -Ensure we don't encounter a segfault when decrypting CMS messages with -malformed EnvelopedData when using RSA-OAEP. - -Co-authored-by: Tomas Mraz ---- - test/recipes/80-test_cms.t | 14 +++++++++++++- - 1 file changed, 13 insertions(+), 1 deletion(-) - -diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 90aeb2959707..bbf3925ba98b 100644 ---- a/test/recipes/80-test_cms.t -+++ b/test/recipes/80-test_cms.t -@@ -53,7 +53,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) - - $no_rc2 = 1 if disabled("legacy"); - --plan tests => 33; -+plan tests => 34; - - ok(run(test(["pkcs7_test"])), "test pkcs7"); - -@@ -1391,6 +1391,18 @@ with({ exit_checker => sub { return shift == 4; } }, - } - }); - -+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "rsa-malformed.der"); -+my $smrsacert = catfile($smdir, "smrsa3.pem"); -+my $smrsakey = catfile($smdir, "smrsa3-key.pem"); -+ -+# Test case for CVE-2026-28390 -+with({ exit_checker => sub { return shift == 4; } }, -+ sub { -+ ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, "-inform", -+ "DER", "-recip", $smrsacert, "-inkey", $smrsakey, "-out", "{output}.cms"])), -+ "Must not crash on malformed cms inputs with RSA key"); -+ }); -+ - # Test encrypt to three recipients, and decrypt using key-only; - # i.e. do not follow the recommended practice of providing the - # recipient cert in the decrypt op. diff -Nru openssl-3.5.5/debian/patches/Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch openssl-3.5.6/debian/patches/Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch --- openssl-3.5.5/debian/patches/Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,40 +0,0 @@ -From: Igor Ustinov -Date: Thu, 5 Mar 2026 15:47:34 +0100 -Subject: Avoid possible buffer overflow in buf2hex conversion - -Fixes CVE-2026-31789 ---- - crypto/o_str.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/crypto/o_str.c b/crypto/o_str.c -index 35540630be25..9b9e7751fdd9 100644 ---- a/crypto/o_str.c -+++ b/crypto/o_str.c -@@ -296,6 +296,11 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength, - int has_sep = (sep != CH_ZERO); - size_t i, len = has_sep ? buflen * 3 : 1 + buflen * 2; - -+ if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) { -+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES); -+ return 0; -+ } -+ - if (len == 0) - ++len; - if (strlength != NULL) -@@ -339,7 +344,13 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep) - if (buflen == 0) - return OPENSSL_zalloc(1); - -- tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2; -+ if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3) -+ || (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) { -+ ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES); -+ return NULL; -+ } -+ -+ tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2; - if ((tmp = OPENSSL_malloc(tmp_n)) == NULL) - return NULL; - diff -Nru openssl-3.5.5/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch openssl-3.5.6/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch --- openssl-3.5.5/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2026-05-04 20:39:11.000000000 +0200 @@ -23,10 +23,10 @@ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf -index cba57b41273f..7fa3eeae412f 100644 +index 692eccbfa1dc..225b1ea7032f 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf -@@ -693,7 +693,7 @@ my %targets = ( +@@ -694,7 +694,7 @@ my %targets = ( shared_target => "linux-shared", shared_cflag => "-fPIC", shared_ldflag => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" }, diff -Nru openssl-3.5.5/debian/patches/dane_match_cert-should-X509_free-on-mcert-instead.patch openssl-3.5.6/debian/patches/dane_match_cert-should-X509_free-on-mcert-instead.patch --- openssl-3.5.5/debian/patches/dane_match_cert-should-X509_free-on-mcert-instead.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/dane_match_cert-should-X509_free-on-mcert-instead.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,32 +0,0 @@ -From: Alexandr Nedvedicky -Date: Tue, 3 Mar 2026 13:23:46 +0100 -Subject: dane_match_cert() should X509_free() on ->mcert instead of - OPENSSL_free() - -Fixes: 170b735820ac "DANE support for X509_verify_cert()" - -Reviewed-by: Eugene Syromiatnikov -Reviewed-by: Tomas Mraz -Reviewed-by: Paul Dale -Reviewed-by: Neil Horman -MergeDate: Thu Mar 5 12:37:17 2026 -(Merged from https://github.com/openssl/openssl/pull/30250) - -(cherry picked from commit 8b5cd6a682f0f6e7b8bf55137137c567d1899c4a) ---- - crypto/x509/x509_vfy.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 20c012def2f3..ca3ffc420473 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -3015,7 +3015,7 @@ static int dane_match_cert(X509_STORE_CTX *ctx, X509 *cert, int depth) - break; - } - -- OPENSSL_free(dane->mcert); -+ X509_free(dane->mcert); - dane->mcert = cert; - dane->mdpth = depth; - dane->mtlsa = t; diff -Nru openssl-3.5.5/debian/patches/Fix-group-tuple-handling-in-DEFAULT-expansion.patch openssl-3.5.6/debian/patches/Fix-group-tuple-handling-in-DEFAULT-expansion.patch --- openssl-3.5.5/debian/patches/Fix-group-tuple-handling-in-DEFAULT-expansion.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/Fix-group-tuple-handling-in-DEFAULT-expansion.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,469 +0,0 @@ -From: Viktor Dukhovni -Date: Tue, 17 Feb 2026 18:37:06 +1100 -Subject: Fix group tuple handling in DEFAULT expansion - -Also fine-tune docs and add tests. - -Fixes: #30109 -Fixes: CVE-2026-2673 - -Reviewed-by: Matt Caswell -Reviewed-by: Paul Dale -Reviewed-by: Tomas Mraz -MergeDate: Fri Mar 13 12:44:06 2026 -(Merged from https://github.com/openssl/openssl/pull/30110) ---- - CHANGES.md | 10 ++++ - NEWS.md | 1 + - doc/man3/SSL_CTX_set1_curves.pod | 123 +++++++++++++++++++++++++++------------ - ssl/t1_lib.c | 92 +++++++++++++++++------------ - test/tls13groupselection_test.c | 37 ++++++++++-- - 5 files changed, 183 insertions(+), 80 deletions(-) - -diff --git a/CHANGES.md b/CHANGES.md -index 1a65b72b2965..da430a6c6efb 100644 ---- a/CHANGES.md -+++ b/CHANGES.md -@@ -28,6 +28,15 @@ OpenSSL Releases - OpenSSL 3.5 - ----------- - -+ * Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword -+ is used in the server-side configuration of the key-agreement group list. -+ This could result in accepting a less preferred than intended client -+ keyshare. -+ -+ ([CVE-2026-2673]) -+ -+ *Viktor Dukhovni* -+ - ### Changes between 3.5.4 and 3.5.5 [27 Jan 2026] - - * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. -@@ -21607,6 +21616,7 @@ ndif - - - -+[CVE-2026-2673]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-2673 - [CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796 - [CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795 - [CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421 -diff --git a/NEWS.md b/NEWS.md -index f4ec14718d71..85e298ac8cb0 100644 ---- a/NEWS.md -+++ b/NEWS.md -@@ -1988,6 +1988,7 @@ OpenSSL 0.9.x - * Support for various new platforms - - -+[CVE-2026-2673]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-2673 - [CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796 - [CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795 - [CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421 -diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod -index 017eefd3176a..472d3858315a 100755 ---- a/doc/man3/SSL_CTX_set1_curves.pod -+++ b/doc/man3/SSL_CTX_set1_curves.pod -@@ -40,13 +40,13 @@ SSL_get1_curves, SSL_get_shared_curve, SSL_CTX_get0_implemented_groups - - For all of the functions below that set the supported groups there must be at - least one group in the list. A number of these functions identify groups via a --unique integer NID value. However, support for some groups may be added by --external providers. In this case there will be no NID assigned for the group. -+unique integer B value. However, support for some groups may be added by -+external providers. In this case there will be no B assigned for the group. - When setting such groups applications should use the "list" form of these - functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list()). - - SSL_CTX_set1_groups() sets the supported groups for B to B --groups in the array B. The array consist of all NIDs of supported groups. -+groups in the array B. The array consist of all B of supported groups. - The supported groups for B include: - B, - B, -@@ -73,20 +73,27 @@ B is set, the order of the elements in the - array determines the selected group. Otherwise, the order is ignored and the - client's order determines the selection. - --For a TLS 1.3 server, the groups determine the selected group, but --selection is more complex. A TLS 1.3 client sends both a group list as well as a --predicted subset of groups. Choosing a group outside the predicted subset incurs --an extra roundtrip. However, in some situations, the most preferred group may --not be predicted. OpenSSL considers all supported groups in I to be comparable --in security and prioritizes avoiding roundtrips above either client or server --preference order. If an application uses an external provider to extend OpenSSL --with, e.g., a post-quantum algorithm, this behavior may allow a network attacker --to downgrade connections to a weaker algorithm. It is therefore recommended --to use SSL_CTX_set1_groups_list() with the ability to specify group tuples. -+For a TLS 1.3 server, the groups determine the selected group, but selection is -+more complex. -+A TLS 1.3 client sends both a group list and predicted keyshares for a subset -+of groups. -+A server choosing a group outside the client's predicted subset incurs an extra -+roundtrip. -+However, in some situations, the most preferred group may not be predicted. -+ -+When groups are specified via SSL_CTX_set1_groups() as a list of B -+values, OpenSSL considers all supported groups in I to be comparable in -+security and prioritises avoiding roundtrips above either client or server -+preference order. -+If an application uses an external provider to extend OpenSSL with, e.g., a -+post-quantum algorithm, this behavior may allow a network attacker to downgrade -+connections to a weaker algorithm. -+It is therefore recommended to use SSL_CTX_set1_groups_list() instead, making -+it possible to specify group tuples as described below. - - SSL_CTX_set1_groups_list() sets the supported groups for B to - string I. In contrast to SSL_CTX_set1_groups(), the names of the --groups, rather than their NIDs, are used. -+groups, rather than their B, are used. - - The commands below list the available groups for TLS 1.2 and TLS 1.3, - respectively: -@@ -102,30 +109,72 @@ The preferred group names are those defined by - L. - - The I can be used to define several group tuples of comparable security --levels, and can specify which key shares should be sent by a client. --The specified list elements can optionally be ignored, if not implemented -+levels, and can specify which predicted key shares should be sent by a client. -+Group tuples are used by OpenSSL TLS servers to decide whether to request a -+stronger keyshare than those predicted by sending a Hello Retry Request -+(B) even if some of the predicted groups are supported. -+OpenSSL clients ignore tuple boundaries, and pay attenion only to the overall -+order of I elements and which groups are selected as predicted keyshares -+as described below. -+ -+The specified list elements can optionally be ignored if not implemented - (listing unknown groups otherwise results in error). --It is also possible to specify the built-in default set of groups, and to explicitly --remove a group from that list. -- --In its simplest form, the string I is just a colon separated list --of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". The first --group listed will also be used for the B sent by a client in a --TLSv1.3 B. For servers note the discussion above. The list should --be in order of preference with the most preferred group first. -- --Group tuples of comparable security are defined by separating them from each --other by a tuple separator C. Keyshares to be sent by a client are specified --by prepending a C<*> to the group name, while any C<*> will be ignored by a --server. The following string I for example defines three tuples when --used on the server-side, and triggers the generation of three key shares --when used on the client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048. -- --If a group name is preceded with the C character, it will be ignored if an --implementation is missing. If a group name is preceded with the C<-> character, it --will be removed from the list of groups if present (including not sending a --key share for this group), ignored otherwise. The pseudo group name --C can be used to select the OpenSSL built-in default list of groups. -+It is also possible to specify the built-in default set of groups, and to -+explicitly remove a group from that list. -+ -+In its simplest legacy form, the string I is just a colon separated list -+of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". -+The first group listed will in this case be used as the sole predicted -+B sent by a client in a TLSv1.3 B. -+The list should be in order of preference with the most preferred group first. -+ -+A more expressive syntax supports definition of group tuples of comparable -+security by separating them from each other with C characters. -+ -+The predicted keyshares to be sent by clients can be explicitly specified by -+adding a C<*> prefix to the associated group name. -+These C<*> prefixes are ignored by servers. -+ -+If a group name is prefixed with the C character, it will be ignored if an -+implementation is missing. -+Otherwise, listing an unknown group name will cause a failure to parse the -+I. -+Note that whether a group is known or not may depend on the OpenSSL version, -+how OpenSSL was compiled and/or which providers are loaded. -+Make sure you have the correct spelling of the group name and when in doubt -+prefix it with a C to handle configurations in which it might nevertheless -+be unknown. -+ -+If a group name is prefixed with the C<-> character, it will be removed from -+the list of groups specified up to that point. -+It can be added again if specified later. -+Removal of groups that have not been included earlier in the list is silently -+ignored. -+ -+The pseudo group name C can be used to select the OpenSSL built-in -+default list of groups. -+Prepending one or more groups to C using only C<:> separators prepends those -+groups to the built-in default list's first tuple. -+Additional tuples can be prepended by use of the C separator. -+Appending a set of groups to C using only C<:> separators appends those -+groups to the built-in default list's last tuple. -+Additional tuples can be appended by use of the C separator. -+ -+The B list selects B as one of the predicted keyshares. -+In rare cases this can lead to failures or timeouts because the resulting -+larger TLS Client Hello message may no longer fit in a single TCP segment and -+firewall software may erroneously disrupt the TLS handshake. -+If this is an issue or concern, prepending C without a C<*> -+prefix leads to its occurrence in the default list to be ignored as a duplicate, -+and along with that also the keyshare prediction. -+The group will then only be selected by servers that specifically expect it, -+after a Hello Retry Request (HRR). -+Servers that specifically prefer B, are much less likely to be -+found behind problematic firewalls. -+ -+The following string I for example defines three tuples when used on the -+server-side, and triggers the generation of three key shares when used on the -+client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048. - - For a TLS 1.3 client, all the groups in the string I are added to the - supported groups extension of a C, in the order in which they are listed, -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index cd471a636db1..4e83e40995f3 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -211,7 +211,7 @@ static const uint16_t suiteb_curves[] = { - - /* Group list string of the built-in pseudo group DEFAULT_SUITE_B */ - #define SUITE_B_GROUP_NAME "DEFAULT_SUITE_B" --#define SUITE_B_GROUP_LIST "secp256r1:secp384r1", -+#define SUITE_B_GROUP_LIST "?secp256r1:?secp384r1", - - struct provider_ctx_data_st { - SSL_CTX *ctx; -@@ -1244,8 +1244,8 @@ typedef struct { - size_t ksidcnt; /* Number of key shares */ - uint16_t *ksid_arr; /* The IDs of the key share groups (flat list) */ - /* Variable to keep state between execution of callback or helper functions */ -- size_t tuple_mode; /* Keeps track whether tuple_cb called from 'the top' or from gid_cb */ -- int ignore_unknown_default; /* Flag such that unknown groups for DEFAULT[_XYZ] are ignored */ -+ int inner; /* Are we expanding a DEFAULT list */ -+ int first; /* First tuple of possibly nested expansion? */ - } gid_cb_st; - - /* Forward declaration of tuple callback function */ -@@ -1320,16 +1320,16 @@ static int gid_cb(const char *elem, int len, void *arg) - for (i = 0; i < OSSL_NELEM(default_group_strings); i++) { - if ((size_t)len == (strlen(default_group_strings[i].list_name)) - && OPENSSL_strncasecmp(default_group_strings[i].list_name, elem, len) == 0) { -+ int saved_first; -+ - /* - * We're asked to insert an entire list of groups from a - * DEFAULT[_XYZ] 'pseudo group' which we do by - * recursively calling this function (indirectly via - * CONF_parse_list and tuple_cb); essentially, we treat a DEFAULT - * group string like a tuple which is appended to the current tuple -- * rather then starting a new tuple. Variable tuple_mode is the flag which -- * controls append tuple vs start new tuple. -+ * rather then starting a new tuple. - */ -- - if (ignore_unknown || remove_group) - return -1; /* removal or ignore not allowed here -> syntax error */ - -@@ -1350,15 +1350,17 @@ static int gid_cb(const char *elem, int len, void *arg) - default_group_strings[i].group_string, - strlen(default_group_strings[i].group_string)); - restored_default_group_string[strlen(default_group_strings[i].group_string) + restored_prefix_index] = '\0'; -- /* We execute the recursive call */ -- garg->ignore_unknown_default = 1; /* We ignore unknown groups for DEFAULT_XYZ */ -- /* we enforce group mode (= append tuple) for DEFAULT_XYZ group lists */ -- garg->tuple_mode = 0; -- /* We use the tuple_cb callback to process the pseudo group tuple */ -+ /* -+ * Append first tuple of result to current tuple, and don't -+ * terminate the last tuple until we return to a top-level -+ * tuple_cb. -+ */ -+ saved_first = garg->first; -+ garg->inner = garg->first = 1; - retval = CONF_parse_list(restored_default_group_string, - TUPLE_DELIMITER_CHARACTER, 1, tuple_cb, garg); -- garg->tuple_mode = 1; /* next call to tuple_cb will again start new tuple */ -- garg->ignore_unknown_default = 0; /* reset to original value */ -+ garg->inner = 0; -+ garg->first = saved_first; - /* We don't need the \0-terminated string anymore */ - OPENSSL_free(restored_default_group_string); - -@@ -1378,9 +1380,6 @@ static int gid_cb(const char *elem, int len, void *arg) - if (len == 0) - return -1; /* Seems we have prefxes without a group name -> syntax error */ - -- if (garg->ignore_unknown_default == 1) /* Always ignore unknown groups for DEFAULT[_XYZ] */ -- ignore_unknown = 1; -- - /* Memory management in case more groups are present compared to initial allocation */ - if (garg->gidcnt == garg->gidmax) { - uint16_t *tmp = OPENSSL_realloc(garg->gid_arr, -@@ -1514,7 +1513,7 @@ static int gid_cb(const char *elem, int len, void *arg) - /* and update the book keeping for the number of groups in current tuple */ - garg->tuplcnt_arr[garg->tplcnt]++; - -- /* We memorize if needed that we want to add a key share for the current group */ -+ /* We want to add a key share for the current group */ - if (add_keyshare) - garg->ksid_arr[garg->ksidcnt++] = gid; - } -@@ -1523,6 +1522,39 @@ static int gid_cb(const char *elem, int len, void *arg) - return retval; - } - -+static int grow_tuples(gid_cb_st *garg) -+{ -+ static size_t max_tplcnt = (~(size_t)0) / sizeof(size_t); -+ -+ /* This uses OPENSSL_realloc_array() in newer releases */ -+ if (garg->tplcnt == garg->tplmax) { -+ size_t newcnt = garg->tplmax + GROUPLIST_INCREMENT; -+ size_t newsz = newcnt * sizeof(size_t); -+ size_t *tmp; -+ -+ if (newsz > max_tplcnt -+ || (tmp = OPENSSL_realloc(garg->tuplcnt_arr, newsz)) == NULL) -+ return 0; -+ -+ garg->tplmax = newcnt; -+ garg->tuplcnt_arr = tmp; -+ } -+ return 1; -+} -+ -+static int close_tuple(gid_cb_st *garg) -+{ -+ size_t gidcnt = garg->tuplcnt_arr[garg->tplcnt]; -+ -+ if (gidcnt == 0) -+ return 1; -+ if (!grow_tuples(garg)) -+ return 0; -+ -+ garg->tuplcnt_arr[++garg->tplcnt] = 0; -+ return 1; -+} -+ - /* Extract and process a tuple of groups */ - static int tuple_cb(const char *tuple, int len, void *arg) - { -@@ -1536,16 +1568,9 @@ static int tuple_cb(const char *tuple, int len, void *arg) - return 0; - } - -- /* Memory management for tuples */ -- if (garg->tplcnt == garg->tplmax) { -- size_t *tmp = OPENSSL_realloc(garg->tuplcnt_arr, -- (garg->tplmax + GROUPLIST_INCREMENT) * sizeof(*garg->tuplcnt_arr)); -- -- if (tmp == NULL) -- return 0; -- garg->tplmax += GROUPLIST_INCREMENT; -- garg->tuplcnt_arr = tmp; -- } -+ if (garg->inner && !garg->first && !close_tuple(garg)) -+ return 0; -+ garg->first = 0; - - /* Convert to \0-terminated string */ - restored_tuple_string = OPENSSL_malloc((len + 1 /* \0 */) * sizeof(char)); -@@ -1560,15 +1585,8 @@ static int tuple_cb(const char *tuple, int len, void *arg) - /* We don't need the \o-terminated string anymore */ - OPENSSL_free(restored_tuple_string); - -- if (garg->tuplcnt_arr[garg->tplcnt] > 0) { /* Some valid groups are present in current tuple... */ -- if (garg->tuple_mode) { -- /* We 'close' the tuple */ -- garg->tplcnt++; -- garg->tuplcnt_arr[garg->tplcnt] = 0; /* Next tuple is initialized to be empty */ -- garg->tuple_mode = 1; /* next call will start a tuple (unless overridden in gid_cb) */ -- } -- } -- -+ if (!garg->inner && !close_tuple(garg)) -+ return 0; - return retval; - } - -@@ -1599,8 +1617,6 @@ int tls1_set_groups_list(SSL_CTX *ctx, - } - - memset(&gcb, 0, sizeof(gcb)); -- gcb.tuple_mode = 1; /* We prepare to collect the first tuple */ -- gcb.ignore_unknown_default = 0; - gcb.gidmax = GROUPLIST_INCREMENT; - gcb.tplmax = GROUPLIST_INCREMENT; - gcb.ksidmax = GROUPLIST_INCREMENT; -diff --git a/test/tls13groupselection_test.c b/test/tls13groupselection_test.c -index 8340a9fd2b3b..bcae5e715944 100644 ---- a/test/tls13groupselection_test.c -+++ b/test/tls13groupselection_test.c -@@ -40,6 +40,12 @@ typedef enum SERVER_RESPONSE { - SH = 2 - } SERVER_RESPONSE; - -+static const char *response_desc[] = { -+ "HRR", -+ "INIT", -+ "SH", -+}; -+ - static char *cert = NULL; - static char *privkey = NULL; - -@@ -307,7 +313,23 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] = { - { "*brainpoolP256r1:X25519", /* test 43 */ - "X25519", - SERVER_PREFERENCE, -- NEGOTIATION_FAILURE, INIT } -+ NEGOTIATION_FAILURE, INIT }, -+ -+ /* DEFAULT retains tuple structure */ -+ { "*X25519:secp256r1", -+ "secp256r1:DEFAULT", /* test 44 */ -+ SERVER_PREFERENCE, -+ "secp256r1", HRR }, -+#ifndef OPENSSL_NO_DH -+ { "*ffdhe2048:secp256r1", -+ "DEFAULT:ffdhe4096", /* test 45 */ -+ CLIENT_PREFERENCE, -+ "secp256r1", HRR }, -+ { "x25519:ffdhe2048:*ffdhe4096", -+ "DEFAULT:ffdhe4096", /* test 46 */ -+ SERVER_PREFERENCE, -+ "x25519", HRR }, -+#endif - }; - - static void server_response_check_cb(int write_p, int version, -@@ -318,10 +340,12 @@ static void server_response_check_cb(int write_p, int version, - enum SERVER_RESPONSE *server_response = (enum SERVER_RESPONSE *)arg; - /* Prepare check for HRR */ - const uint8_t *incoming_random = (uint8_t *)buf + 6; -- const uint8_t magic_HRR_random[32] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, -+ const uint8_t magic_HRR_random[32] = { -+ 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, - 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, - 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, -- 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C }; -+ 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C -+ }; - - /* Did a server hello arrive? */ - if (write_p == 0 && /* Incoming data... */ -@@ -450,13 +474,16 @@ static int test_groupnegotiation(const struct tls13groupselection_test_st *curre - group_name_client = SSL_group_to_name(clientssl, negotiated_group_client); - if (!TEST_int_eq(negotiated_group_client, negotiated_group_server)) - goto end; -- if (!TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response)) -+ if (!TEST_str_eq(response_desc[current_test_vector->expected_server_response], -+ response_desc[server_response])) - goto end; - if (TEST_str_eq(group_name_client, current_test_vector->expected_group)) - ok = 1; - } else { - TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)); -- if (test_type == TEST_NEGOTIATION_FAILURE && !TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response)) -+ if (test_type == TEST_NEGOTIATION_FAILURE -+ && !TEST_str_eq(response_desc[current_test_vector->expected_server_response], -+ response_desc[server_response])) - goto end; - ok = 1; - } diff -Nru openssl-3.5.5/debian/patches/Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch openssl-3.5.6/debian/patches/Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch --- openssl-3.5.5/debian/patches/Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,23 +0,0 @@ -From: Daniel Kubec -Date: Tue, 17 Mar 2026 11:11:22 +0100 -Subject: Fix NULL Dereference When Delta CRL Lacks CRL Number Extension - -Fixes CVE-2026-28388 -Fixes https://github.com/openssl/srt/issues/77 ---- - crypto/x509/x509_vfy.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index ca3ffc420473..e71d71e9caa6 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -1307,6 +1307,8 @@ static int check_delta_base(X509_CRL *delta, X509_CRL *base) - if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) - return 0; - /* Delta CRL number must exceed full CRL number */ -+ if (delta->crl_number == NULL) -+ return 0; - return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0; - } - diff -Nru openssl-3.5.5/debian/patches/Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch openssl-3.5.6/debian/patches/Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch --- openssl-3.5.5/debian/patches/Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,100 +0,0 @@ -From: Neil Horman -Date: Mon, 16 Mar 2026 13:49:07 -0400 -Subject: Fix NULL deref in [ec]dh_cms_set_shared_info - -Multiple independent reports indicated a SIGSEGV was possible in CMS -processing when a crafted CMS EnvelopedData message using A Key -Agreement Recipient Info field. If the -KeyEncryptionAlgorithmIdentifier omits the optional parameter field, the -referenced functions above will attempt to dereference the -alg->parameter data prior to checking if the parameter field is NULL. - -Confirmed to resolve the issues using the reproducers provided in the -security reports. - -Co-authored-by: Tomas Mraz - -Fixes CVE-2026-28389 ---- - crypto/cms/cms_dh.c | 13 +++++++++---- - crypto/cms/cms_ec.c | 14 ++++++++++---- - 2 files changed, 19 insertions(+), 8 deletions(-) - -diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c -index ab3453d1c7c1..424729523697 100644 ---- a/crypto/cms/cms_dh.c -+++ b/crypto/cms/cms_dh.c -@@ -89,16 +89,21 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) - int keylen, plen; - EVP_CIPHER *kekcipher = NULL; - EVP_CIPHER_CTX *kekctx; -+ const ASN1_OBJECT *aoid; -+ const void *parameter = NULL; -+ int ptype = 0; - char name[OSSL_MAX_NAME_SIZE]; - - if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) - goto err; - -+ X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg); -+ - /* - * For DH we only have one OID permissible. If ever any more get defined - * we will need something cleverer. - */ -- if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) { -+ if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) { - ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR); - goto err; - } -@@ -107,11 +112,11 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) - || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0) - goto err; - -- if (alg->parameter->type != V_ASN1_SEQUENCE) -+ if (ptype != V_ASN1_SEQUENCE) - goto err; - -- p = alg->parameter->value.sequence->data; -- plen = alg->parameter->value.sequence->length; -+ p = ASN1_STRING_get0_data(parameter); -+ plen = ASN1_STRING_length(parameter); - kekalg = d2i_X509_ALGOR(NULL, &p, plen); - if (kekalg == NULL) - goto err; -diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c -index ff8adad61668..e60d0a786ec5 100644 ---- a/crypto/cms/cms_ec.c -+++ b/crypto/cms/cms_ec.c -@@ -166,21 +166,27 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) - int plen, keylen; - EVP_CIPHER *kekcipher = NULL; - EVP_CIPHER_CTX *kekctx; -+ const ASN1_OBJECT *aoid = NULL; -+ int ptype = 0; -+ const void *parameter = NULL; -+ - char name[OSSL_MAX_NAME_SIZE]; - - if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) - return 0; - -- if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) { -+ X509_ALGOR_get0(&aoid, &ptype, ¶meter, alg); -+ -+ if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) { - ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR); - return 0; - } - -- if (alg->parameter->type != V_ASN1_SEQUENCE) -+ if (ptype != V_ASN1_SEQUENCE) - return 0; - -- p = alg->parameter->value.sequence->data; -- plen = alg->parameter->value.sequence->length; -+ p = ASN1_STRING_get0_data(parameter); -+ plen = ASN1_STRING_length(parameter); - kekalg = d2i_X509_ALGOR(NULL, &p, plen); - if (kekalg == NULL) - goto err; diff -Nru openssl-3.5.5/debian/patches/Fix-NULL-deref-in-rsa_cms_decrypt.patch openssl-3.5.6/debian/patches/Fix-NULL-deref-in-rsa_cms_decrypt.patch --- openssl-3.5.5/debian/patches/Fix-NULL-deref-in-rsa_cms_decrypt.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/Fix-NULL-deref-in-rsa_cms_decrypt.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,82 +0,0 @@ -From: Neil Horman -Date: Wed, 1 Apr 2026 10:56:44 +0200 -Subject: Fix NULL deref in rsa_cms_decrypt - -Very simmilar to CVE-2026-28389, ensure that if we are missing -parameters in RSA-OAEP SourceFunc in CMS KeyTransportRecipientInfo, -we don't segfault when decrypting. - -Co-authored-by: Tomas Mraz - -Fixes CVE-2026-28390 ---- - crypto/cms/cms_rsa.c | 31 +++++++++++++++++++------------ - 1 file changed, 19 insertions(+), 12 deletions(-) - -diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c -index 6b65842cc14e..34c739a9825a 100644 ---- a/crypto/cms/cms_rsa.c -+++ b/crypto/cms/cms_rsa.c -@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) - X509_ALGOR *cmsalg; - int nid; - int rv = -1; -- unsigned char *label = NULL; -+ const unsigned char *label = NULL; - int labellen = 0; - const EVP_MD *mgf1md = NULL, *md = NULL; - RSA_OAEP_PARAMS *oaep; -+ const ASN1_OBJECT *aoid; -+ const void *parameter = NULL; -+ int ptype = 0; - - pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (pkctx == NULL) -@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) - goto err; - - if (oaep->pSourceFunc != NULL) { -- X509_ALGOR *plab = oaep->pSourceFunc; -+ X509_ALGOR_get0(&aoid, &ptype, ¶meter, oaep->pSourceFunc); - -- if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { -+ if (OBJ_obj2nid(aoid) != NID_pSpecified) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE); - goto err; - } -- if (plab->parameter->type != V_ASN1_OCTET_STRING) { -+ if (ptype != V_ASN1_OCTET_STRING) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL); - goto err; - } - -- label = plab->parameter->value.octet_string->data; -- /* Stop label being freed when OAEP parameters are freed */ -- plab->parameter->value.octet_string->data = NULL; -- labellen = plab->parameter->value.octet_string->length; -+ label = ASN1_STRING_get0_data(parameter); -+ labellen = ASN1_STRING_length(parameter); - } - - if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) -@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) - goto err; - if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) - goto err; -- if (label != NULL -- && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) { -- OPENSSL_free(label); -- goto err; -+ if (label != NULL) { -+ unsigned char *dup_label = OPENSSL_memdup(label, labellen); -+ -+ if (dup_label == NULL) -+ goto err; -+ -+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) { -+ OPENSSL_free(dup_label); -+ goto err; -+ } - } - /* Carry on */ - rv = 1; diff -Nru openssl-3.5.5/debian/patches/man-section.patch openssl-3.5.6/debian/patches/man-section.patch --- openssl-3.5.5/debian/patches/man-section.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/man-section.patch 2026-05-04 20:39:11.000000000 +0200 @@ -7,10 +7,10 @@ 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 78be4a319964..59e78839a563 100644 +index 5bf397eba021..8e12268c0777 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl -@@ -358,7 +358,8 @@ HTMLDIR=$(DOCDIR)/html +@@ -359,7 +359,8 @@ HTMLDIR=$(DOCDIR)/html # MANSUFFIX is for the benefit of anyone who may want to have a suffix # appended after the manpage file section number. "ssl" is popular, # resulting in files such as config.5ssl rather than config.5. @@ -20,7 +20,7 @@ HTMLSUFFIX=html # For "optional" echo messages, to get "real" silence -@@ -1584,7 +1585,7 @@ EOF +@@ -1585,7 +1586,7 @@ EOF my $pod = $gen0; return <<"EOF"; $args{src}: $pod diff -Nru openssl-3.5.5/debian/patches/rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch openssl-3.5.6/debian/patches/rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch --- openssl-3.5.5/debian/patches/rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,108 +0,0 @@ -From: Nikola Pajkovsky -Date: Mon, 23 Mar 2026 08:41:20 +0100 -Subject: rsa_kem: test RSA_public_encrypt() result in RSASVE - -RSA_public_encrypt() returns the number of bytes written on success and --1 on failure. - -Add regression coverage in evp_extra_test using invalid RSA pubkey -which triggers -1 in RSA_public_encrypt() using encapsulation. - -Fixes: https://github.com/openssl/srt/issues/95 -Signed-off-by: Nikola Pajkovsky ---- - test/evp_extra_test.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 67 insertions(+) - -diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c -index f55d17258d1f..d45f497f032a 100644 ---- a/test/evp_extra_test.c -+++ b/test/evp_extra_test.c -@@ -929,6 +929,32 @@ static EVP_PKEY *load_example_ec_key(void) - #endif - - #ifndef OPENSSL_NO_DEPRECATED_3_0 -+ -+static EVP_PKEY *make_bad_rsa_pubkey(void) -+{ -+ RSA *rsa = NULL; -+ BIGNUM *n = NULL, *e = NULL; -+ EVP_PKEY *pkey = NULL; -+ -+ /* Deliberately invalid public key: n = 17, e = 17 */ -+ if (!TEST_ptr(pkey = EVP_PKEY_new()) -+ || !TEST_ptr(rsa = RSA_new()) -+ || !TEST_ptr(n = BN_new()) -+ || !TEST_ptr(e = BN_new()) -+ || !TEST_true(BN_set_word(n, 17)) -+ || !TEST_true(BN_set_word(e, 17)) -+ || !TEST_true(RSA_set0_key(rsa, n, e, NULL)) -+ || !EVP_PKEY_assign_RSA(pkey, rsa)) -+ goto err; -+ -+ return pkey; -+err: -+ BN_free(n); -+ BN_free(e); -+ RSA_free(rsa); -+ return NULL; -+} -+ - #ifndef OPENSSL_NO_DH - static EVP_PKEY *load_example_dh_key(void) - { -@@ -5898,6 +5924,46 @@ static int test_custom_ciph_meth(void) - return testresult; - } - -+static int test_rsasve_kem_with_invalid_pub_key(void) -+{ -+ RSA *rsa = NULL; -+ EVP_PKEY *pkey = NULL; -+ EVP_PKEY_CTX *ctx = NULL; -+ unsigned char *ct = NULL; -+ unsigned char *secret = NULL; -+ size_t ctlen = 0, secretlen = 0; -+ int testresult = 0; -+ -+ if (nullprov != NULL) { -+ testresult = TEST_skip("Test does not support a non-default library context"); -+ goto err; -+ } -+ -+ if (!TEST_ptr(pkey = make_bad_rsa_pubkey())) -+ goto err; -+ -+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL)) -+ || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1) -+ || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1) -+ || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1) -+ || !TEST_ptr(ct = OPENSSL_malloc(ctlen)) -+ || !TEST_ptr(secret = OPENSSL_malloc(secretlen))) -+ goto err; -+ -+ if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0)) -+ goto err; -+ -+ testresult = 1; -+ -+err: -+ OPENSSL_free(secret); -+ OPENSSL_free(ct); -+ EVP_PKEY_CTX_free(ctx); -+ RSA_free(rsa); -+ EVP_PKEY_free(pkey); -+ return testresult; -+} -+ - #ifndef OPENSSL_NO_DYNAMIC_ENGINE - /* Test we can create a signature keys with an associated ENGINE */ - static int test_signatures_with_engine(int tst) -@@ -6854,6 +6920,7 @@ int setup_tests(void) - ADD_TEST(test_evp_md_cipher_meth); - ADD_TEST(test_custom_md_meth); - ADD_TEST(test_custom_ciph_meth); -+ ADD_TEST(test_rsasve_kem_with_invalid_pub_key); - - #ifndef OPENSSL_NO_DYNAMIC_ENGINE - /* Tests only support the default libctx */ diff -Nru openssl-3.5.5/debian/patches/rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch openssl-3.5.6/debian/patches/rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch --- openssl-3.5.5/debian/patches/rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,56 +0,0 @@ -From: Nikola Pajkovsky -Date: Thu, 19 Mar 2026 12:16:08 +0100 -Subject: rsa_kem: validate RSA_public_encrypt() result in RSASVE - -RSA_public_encrypt() returns the number of bytes written on success and --1 on failure. With the existing `if (ret)` check, a provider-side RSA KEM -encapsulation can incorrectly succeed when the underlying RSA public -encrypt operation fails. In that case the code reports success, returns -lengths as if encapsulation completed normally, and leaves the freshly -generated secret available instead of discarding it. - -Tighten the success condition so RSASVE only succeeds when -RSA_public_encrypt() returns a positive value equal to the modulus-sized -output expected for RSA_NO_PADDING. Any other return value is treated as -failure, and the generated secret is cleansed before returning. - -Fixes CVE: CVE-2026-31790 -Fixes: https://github.com/openssl/srt/issues/95 -Signed-off-by: Nikola Pajkovsky ---- - providers/implementations/kem/rsa_kem.c | 20 +++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c -index f7bf368a0dfc..74dfafddd9e0 100644 ---- a/providers/implementations/kem/rsa_kem.c -+++ b/providers/implementations/kem/rsa_kem.c -@@ -316,17 +316,19 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, - return 0; - - /* Step(3): out = RSAEP((n,e), z) */ -- ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING); -- if (ret) { -- ret = 1; -- if (outlen != NULL) -- *outlen = nlen; -- if (secretlen != NULL) -- *secretlen = nlen; -- } else { -+ ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa, -+ RSA_NO_PADDING); -+ if (ret <= 0 || ret != (int)nlen) { - OPENSSL_cleanse(secret, nlen); -+ return 0; - } -- return ret; -+ -+ if (outlen != NULL) -+ *outlen = nlen; -+ if (secretlen != NULL) -+ *secretlen = nlen; -+ -+ return 1; - } - - /** diff -Nru openssl-3.5.5/debian/patches/series openssl-3.5.6/debian/patches/series --- openssl-3.5.5/debian/patches/series 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/series 2026-05-04 20:39:11.000000000 +0200 @@ -5,14 +5,3 @@ c_rehash-compat.patch Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch conf-Serialize-allocation-free-of-ssl_names.patch -Fix-group-tuple-handling-in-DEFAULT-expansion.patch -dane_match_cert-should-X509_free-on-mcert-instead.patch -Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch -Added-test-for-CVE-2026-28388.patch -Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch -Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch -Fix-NULL-deref-in-rsa_cms_decrypt.patch -Add-test-for-CMS-decryption-with-RSA-keys.patch -Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch -rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch -rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch diff -Nru openssl-3.5.5/debian/patches/Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch openssl-3.5.6/debian/patches/Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch --- openssl-3.5.5/debian/patches/Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch 2026-04-03 12:05:32.000000000 +0200 +++ openssl-3.5.6/debian/patches/Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,157 +0,0 @@ -From: Neil Horman -Date: Tue, 31 Mar 2026 14:38:03 -0400 -Subject: Test for DH/ECDH CMS KARI processing NULL pointer dereference - -Test to ensure that, if we attempt to decrypt a CMS message with a -missing parameter field of KeyEncryptionAlgorithmIdentifier -we fail, rather than segfault. - -Co-authored-by: Tomas Mraz ---- - test/recipes/80-test_cms.t | 33 ++++++++++++++++++++++++++++- - test/recipes/80-test_cms_data/dh-cert.pem | 31 +++++++++++++++++++++++++++ - test/recipes/80-test_cms_data/dh-key.pem | 15 +++++++++++++ - test/recipes/80-test_cms_data/ecdh-cert.pem | 10 +++++++++ - test/recipes/80-test_cms_data/ecdh-key.pem | 5 +++++ - 5 files changed, 93 insertions(+), 1 deletion(-) - create mode 100644 test/recipes/80-test_cms_data/dh-cert.pem - create mode 100644 test/recipes/80-test_cms_data/dh-key.pem - create mode 100644 test/recipes/80-test_cms_data/ecdh-cert.pem - create mode 100644 test/recipes/80-test_cms_data/ecdh-key.pem - -diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t -index 279a498475c8..90aeb2959707 100644 ---- a/test/recipes/80-test_cms.t -+++ b/test/recipes/80-test_cms.t -@@ -53,7 +53,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) - - $no_rc2 = 1 if disabled("legacy"); - --plan tests => 31; -+plan tests => 33; - - ok(run(test(["pkcs7_test"])), "test pkcs7"); - -@@ -1360,6 +1360,37 @@ with({ exit_checker => sub { return shift == 3; } }, - "Check for failure when cipher does not have an assigned OID (issue#22225)"); - }); - -+# Test cases for CVE-2026-28389 -+my $smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "dh-malformed.der"); -+my $smdhcert = srctop_file("test", "recipes", "80-test_cms_data", "dh-cert.pem"); -+my $smdhkey = srctop_file("test", "recipes", "80-test_cms_data", "dh-key.pem"); -+ -+with({ exit_checker => sub { return shift == 4; } }, -+ sub { -+ SKIP: { -+ skip "DH is not supported in this build", 1 if $no_dh; -+ -+ ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, -+ "-inform", "DER", "-recip", $smdhcert, "-inkey", $smdhkey])), -+ "Must not crash on malformed cms inputs with dh key"); -+ } -+ }); -+ -+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-malformed.der"); -+my $smecdhcert = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-cert.pem"); -+my $smecdhkey = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-key.pem"); -+ -+with({ exit_checker => sub { return shift == 4; } }, -+ sub { -+ SKIP: { -+ skip "EC is not supported in this build", 1 if $no_ec; -+ -+ ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, -+ "-inform", "DER", "-recip", $smecdhcert, "-inkey", $smecdhkey])), -+ "Must not crash on malformed cms inputs with ecdh key"); -+ } -+ }); -+ - # Test encrypt to three recipients, and decrypt using key-only; - # i.e. do not follow the recommended practice of providing the - # recipient cert in the decrypt op. -diff --git a/test/recipes/80-test_cms_data/dh-cert.pem b/test/recipes/80-test_cms_data/dh-cert.pem -new file mode 100644 -index 000000000000..f5fb90b9009b ---- /dev/null -+++ b/test/recipes/80-test_cms_data/dh-cert.pem -@@ -0,0 +1,31 @@ -+-----BEGIN CERTIFICATE----- -+MIIFSjCCBDKgAwIBAgIUAV5WB+HkJTxtCmGX88OYfIRfEu8wDQYJKoZIhvcNAQEL -+BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGcm9vdENBMB4XDTI2 -+MDMzMTA4NDUwOVoXDTI2MDQwMTA4NDUwOVowDjEMMAoGA1UEAwwDcG9jMIIDJzCC -+AhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xWICc9PPHYucWD -+zi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e1dX9ZWEkM/Uf -+XwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFYoTat5zUwrMpP -+SDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt52NyuxkLB6fI -+7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47G0xvrXM7tfy8 -+LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgECAoIBAH////// -+////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7nEk2ffL6X8bGx -+hjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mvP6vkmswnhjhw -+c0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl2WRx/dy1bVuw -+a/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJmlBoXsMi5f050 -+wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUTYNl3/UQ1oRww -+lC5L//////////8DggEGAAKCAQEA8IGxSTAsrdMqlK3rFejocWZ0fmXhLzlhnARX -+l3RL+jHyiFoCyCPRLmGBMaL9HqfcVp7E98IvFBxEjtDVc2tcbUJrbv922QaNYqQl -+IwuUhdBHDpg0aSbDTV0Vvbny0hDuD7T7VTUO5D7XJammA2hlbpcfO8xuWFmRjdBJ -+ctA+MaUbWL21ZzsF8A5rz58mVRHchrAez5ksNb8xaLd0lZqtbiBDntA52XnSp1bO -+M2CPlKcb4qMMxVop2DGakChcxu7BUzob22HpRQl+k5K4Tq+kkToHKMR6obpl9Leu -+lzJdR8cH9WqF6TE2YFYkpvzE7V7/Rp4uC6UqOGr62oS4thwLtqNTMFEwHwYDVR0j -+BBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0wDwYDVR0TAQH/BAUwAwEB/zAdBgNV -+HQ4EFgQUIpXhOwY+ufefb4dBhx3niO/ntO0wDQYJKoZIhvcNAQELBQADggEBABWo -+cJfSVwpnYmDHi9U0r0yickvRyFLiOK1vruoKfbkxfYk9J9OwLr4n4S5P5bGXXOSW -+AAVXnvYKs6Xn07sg+1X1Sti/1wd/OLOvjaz1ebRqP5MiZRbKIlRHkv2maJEmcdyp -+JGR4gHGnu/0I5Zp4DOi+xv1R3vGIkkcl/WIncrJflMJcCRMM4YdMV838kFU2esGm -+eB8pTv7acyYsGeSTIk+AYEtS84w3ZQ2sOuGAep0hp9saV/LKiRzNUG0yX2LWP8EO -+VMqGSXJqg1TYgAa7lcidtXfQgm+xdTeZzJRbl8Ti3d5YbgXW2vt4vhwkXtPGy5Y3 -+NGpnrpeWX4rk4kQmx/I= -+-----END CERTIFICATE----- -diff --git a/test/recipes/80-test_cms_data/dh-key.pem b/test/recipes/80-test_cms_data/dh-key.pem -new file mode 100644 -index 000000000000..16010785214e ---- /dev/null -+++ b/test/recipes/80-test_cms_data/dh-key.pem -@@ -0,0 +1,15 @@ -+-----BEGIN PRIVATE KEY----- -+MIICQAIBADCCAhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xW -+ICc9PPHYucWDzi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e -+1dX9ZWEkM/UfXwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFY -+oTat5zUwrMpPSDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt -+52NyuxkLB6fI7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47 -+G0xvrXM7tfy8LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgEC -+AoIBAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7n -+Ek2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mv -+P6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl -+2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJm -+lBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUT -+YNl3/UQ1oRwwlC5L//////////8EHgIcJmHQRSrQ2wQnNyMZhx9Xdkf8hro/xi1r -+xDHoWg== -+-----END PRIVATE KEY----- -diff --git a/test/recipes/80-test_cms_data/ecdh-cert.pem b/test/recipes/80-test_cms_data/ecdh-cert.pem -new file mode 100644 -index 000000000000..3a0ab6624ca2 ---- /dev/null -+++ b/test/recipes/80-test_cms_data/ecdh-cert.pem -@@ -0,0 +1,10 @@ -+-----BEGIN CERTIFICATE----- -+MIIBcTCCARegAwIBAgIUFyBfipahA11TzFxBhYY2WfTejGswCgYIKoZIzj0EAwIw -+DjEMMAoGA1UEAwwDcG9jMB4XDTI2MDMzMTA3MzQyOVoXDTI2MDQwMTA3MzQyOVow -+DjEMMAoGA1UEAwwDcG9jMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6iA2FR7s -+OgRtpf8cRXDSLSSB5nSzQt2/hzueZTiQXUT1Knto2U5zRqUoioZ/FKsazdhQVQQC -+EN0/WYGND+XwmaNTMFEwHwYDVR0jBBgwFoAU+AH0MqgJJ4WYRK+BmEDebmjREYcw -+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+AH0MqgJJ4WYRK+BmEDebmjREYcw -+CgYIKoZIzj0EAwIDSAAwRQIhAPTS8MWoylN+jfLgRfr75WkJqNFlsrfxCDvMtWV+ -+NT2yAiBaY72EVG36EP2gGFEhkBaXb0vLx0r7umDgejEwBWQ9mQ== -+-----END CERTIFICATE----- -diff --git a/test/recipes/80-test_cms_data/ecdh-key.pem b/test/recipes/80-test_cms_data/ecdh-key.pem -new file mode 100644 -index 000000000000..ef9488b3c516 ---- /dev/null -+++ b/test/recipes/80-test_cms_data/ecdh-key.pem -@@ -0,0 +1,5 @@ -+-----BEGIN PRIVATE KEY----- -+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgeDjy2W+FHVPt1Kg1 -+unwzzD9yBC+NtbH/UaZ9PY4wZP6hRANCAATqIDYVHuw6BG2l/xxFcNItJIHmdLNC -+3b+HO55lOJBdRPUqe2jZTnNGpSiKhn8UqxrN2FBVBAIQ3T9ZgY0P5fCZ -+-----END PRIVATE KEY----- diff -Nru openssl-3.5.5/doc/build.info openssl-3.5.6/doc/build.info --- openssl-3.5.5/doc/build.info 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/build.info 2026-04-07 14:26:30.000000000 +0200 @@ -2903,6 +2903,10 @@ GENERATE[html/man3/UI_new.html]=man3/UI_new.pod DEPEND[man/man3/UI_new.3]=man3/UI_new.pod GENERATE[man/man3/UI_new.3]=man3/UI_new.pod +DEPEND[html/man3/X509V3_EXT_print.html]=man3/X509V3_EXT_print.pod +GENERATE[html/man3/X509V3_EXT_print.html]=man3/X509V3_EXT_print.pod +DEPEND[man/man3/X509V3_EXT_print.3]=man3/X509V3_EXT_print.pod +GENERATE[man/man3/X509V3_EXT_print.3]=man3/X509V3_EXT_print.pod DEPEND[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod GENERATE[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod DEPEND[man/man3/X509V3_get_d2i.3]=man3/X509V3_get_d2i.pod @@ -3787,6 +3791,7 @@ html/man3/UI_UTIL_read_pw.html \ html/man3/UI_create_method.html \ html/man3/UI_new.html \ +html/man3/X509V3_EXT_print.html \ html/man3/X509V3_get_d2i.html \ html/man3/X509V3_set_ctx.html \ html/man3/X509_ACERT_add1_attr.html \ @@ -4463,6 +4468,7 @@ man/man3/UI_UTIL_read_pw.3 \ man/man3/UI_create_method.3 \ man/man3/UI_new.3 \ +man/man3/X509V3_EXT_print.3 \ man/man3/X509V3_get_d2i.3 \ man/man3/X509V3_set_ctx.3 \ man/man3/X509_ACERT_add1_attr.3 \ diff -Nru openssl-3.5.5/doc/internal/man3/ossl_cmp_msg_check_update.pod openssl-3.5.6/doc/internal/man3/ossl_cmp_msg_check_update.pod --- openssl-3.5.5/doc/internal/man3/ossl_cmp_msg_check_update.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/internal/man3/ossl_cmp_msg_check_update.pod 2026-04-07 14:26:30.000000000 +0200 @@ -51,6 +51,7 @@ The callback should return 1 on acceptance, 0 on rejection, or -1 on error. It should not put an error on the error stack since this could be misleading. +Unless the B is set in the B, ossl_cmp_msg_check_update() adds all extraCerts contained in the to the list of untrusted certificates in B such that they are already usable for OSSL_CMP_validate_msg(), which is called internally, and for future use. @@ -58,7 +59,7 @@ peer does not need to send them again (at least not in the same transaction). Note that it does not help validating the message before storing the extraCerts because they are not part of the protected portion of the message anyway. -For efficiency, the extraCerts are prepended to the list so they get used first. +For efficiency, the extraCerts being cached are prepended to the list so they get used first. If all checks pass then ossl_cmp_msg_check_update() records in B the senderNonce of the received message as the new recipNonce @@ -85,7 +86,7 @@ =head1 COPYRIGHT -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod openssl-3.5.6/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod --- openssl-3.5.5/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod 2026-04-07 14:26:30.000000000 +0200 @@ -80,7 +80,7 @@ has a four byte element count which is followed by that many elements. It returns zero on overflow. - OSSL_SAFE_MATH_UNSIGNED(sizet, size_t, SIZE_MAX) + OSSL_SAFE_MATH_UNSIGNED(sizet, size_t) size_t compute_record_size(uint32_t n) { @@ -99,7 +99,7 @@ =head1 COPYRIGHT -Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/internal/man7/deprecation.pod openssl-3.5.6/doc/internal/man7/deprecation.pod --- openssl-3.5.5/doc/internal/man7/deprecation.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/internal/man7/deprecation.pod 2026-04-07 14:26:30.000000000 +0200 @@ -2,6 +2,8 @@ =head1 NAME +OPENSSL_NO_DEPRECATED_3_5, OSSL_DEPRECATEDIN_3_5, +OPENSSL_NO_DEPRECATED_3_4, OSSL_DEPRECATEDIN_3_4, OPENSSL_NO_DEPRECATED_3_1, OSSL_DEPRECATEDIN_3_1, OPENSSL_NO_DEPRECATED_3_0, OSSL_DEPRECATEDIN_3_0, OPENSSL_NO_DEPRECATED_1_1_1, OSSL_DEPRECATEDIN_1_1_1, @@ -131,7 +133,7 @@ =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man1/CA.pl.pod openssl-3.5.6/doc/man1/CA.pl.pod --- openssl-3.5.5/doc/man1/CA.pl.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man1/CA.pl.pod 2026-04-07 14:26:30.000000000 +0200 @@ -106,7 +106,7 @@ list box), otherwise the name "My Certificate" is used. Delegates work to L. -=item B<-sign>, B<-signcert>, B<-xsign> +=item B<-sign>, B<-xsign> Calls the L command to sign a certificate request. It expects the request to be in the file F. The new certificate is written to the @@ -191,7 +191,7 @@ =head1 COPYRIGHT -Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man1/openssl-ciphers.pod.in openssl-3.5.6/doc/man1/openssl-ciphers.pod.in --- openssl-3.5.5/doc/man1/openssl-ciphers.pod.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man1/openssl-ciphers.pod.in 2026-04-07 14:26:30.000000000 +0200 @@ -120,16 +120,16 @@ The actual cipher string can take several different forms. -It can consist of a single cipher suite such as B. +It can consist of a single cipher suite such as B. It can represent a list of cipher suites containing a certain algorithm, or -cipher suites of a certain type. For example B represents all ciphers -suites using the digest algorithm SHA1 and B represents all SSL v3 -algorithms. +cipher suites of a certain type. For example B represents all cipher +suites using the digest algorithm SHA256 and B represents all +cipher suites introduced in TLS v.1.2. Lists of cipher suites can be combined in a single cipher string using the B<+> character. This is used as a logical B operation. For example -B represents all cipher suites containing the SHA1 B the DES +B represents all cipher suites using the SHA256 B the AES algorithms. Each cipher string can be optionally preceded by the characters B, @@ -160,7 +160,7 @@ The cipher list can be prefixed with the B keyword, which enables the default cipher list as defined below. Unlike cipher strings, this prefix may not be combined with other strings using B<+> character. -For example, B is not valid. +For example, B is not valid. The content of the default list is determined at compile time and normally corresponds to B. @@ -173,11 +173,12 @@ =item B -The ciphers included in B, but not enabled by default. Currently -this includes all RC4 and anonymous ciphers. Note that this rule does -not cover B, which is not included by B (use B if -necessary). Note that RC4 based cipher suites are not built into OpenSSL by -default (see the enable-weak-ssl-ciphers option to Configure). +The cipher suites included in B, but not enabled by default. The default +cipher suite list provides strong security and reasonable interoperability. +A cipher suite can be not included in the default list for different reasons: +because it is weak, or not "mature" enough, or not widely used, etc. +Note that this rule does not cover B, which is not included by B +(use B if necessary). =item B @@ -205,6 +206,10 @@ encryption algorithms but excluding export cipher suites. All these cipher suites have been removed as of OpenSSL 1.1.0. +=item B + +Cipher suites permitted in FIPS mode. + =item B, B The "NULL" ciphers that is those offering no encryption. Because these offer no @@ -227,14 +232,8 @@ =item B, B, B -Cipher suites using RSA key exchange or authentication. B is an alias for -B. - -=item B, B, B - -Cipher suites using static DH key agreement and DH certificates signed by CAs -with RSA and DSS keys or either respectively. -All these cipher suites have been removed in OpenSSL 1.1.0. +Cipher suites using RSA key exchange, RSA authentication, or both of them +respectively. =item B, B, B @@ -267,12 +266,6 @@ Cipher suites using DSS authentication, i.e. the certificates carry DSS keys. -=item B - -Cipher suites effectively using DH authentication, i.e. the certificates carry -DH keys. -All these cipher suites have been removed in OpenSSL 1.1.0. - =item B, B Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA @@ -280,8 +273,7 @@ =item B, B, B -Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or -SSL v3.0 respectively. +Lists cipher suites introduced in TLS v1.2, TLS v1.0 or SSL v3.0 respectively. Note: there are no cipher suites specific to TLS v1.1. Since this is only the minimum version, if, for example, TLSv1.0 is negotiated then both TLSv1.0 and SSLv3.0 cipher suites are available. @@ -305,10 +297,13 @@ cipher suites using both 16 and 8 octet Integrity Check Value (ICV) while B only references 8 octet ICV. -=item B, B, B +=item B, B + +Cipher suites using 128 bit ARIA or 256 bit ARIA respectively. + +=item B, B -Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit -ARIA. +Cipher suites using either 128 or 256 bit ARIA. =item B, B, B @@ -358,24 +353,46 @@ =item B -Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication +Cipher suites using GOST R 34.10 (either 2001 or 2012) for authentication (needs an engine supporting GOST algorithms). =item B -Cipher suites using GOST R 34.10-2001 authentication. +Cipher suites that can be uses with GOST R 34.10-2001 keys for authentication. + +=item B + +Cipher suites that can be used with GOST R 34.10-2012 keys for authentication. =item B -Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357. +Cipher suites using VKO 34.10 key exchange and key wrap specified in the +RFC 4357 or RFC 7836. + +=item B + +Cipher suites using VKO 34.10 key exchange specified in the RFC 7836 and +KExp15 key export specified in the RFC 9189. =item B Cipher suites, using HMAC based on GOST R 34.11-94. +=item B + +Cipher suites, using HMAC based on GOST R 34.11-2012 256 bits. + =item B -Cipher suites using GOST 28147-89 MAC B HMAC. +Cipher suites using GOST 28147-89 MAC B HMAC with S-boxes A. + +=item B + +Cipher suites using GOST 28147-89 MAC B HMAC with S-boxes Z. + +=item B + +Cipher suites using any GOST cipher (GOST 28147-89, Magma or Kuznyechik). =item B @@ -390,6 +407,14 @@ Cipher suites using PSK authentication (currently all PSK modes apart from RSA_PSK). +=item B, B + +Cipher suites using SRP key exchange. + +=item B + +Cipher suites using SRP authentication. + =item B, B, B Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) @@ -424,310 +449,398 @@ authentication used, e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. -=head2 SSL v3.0 cipher suites - - SSL_RSA_WITH_NULL_MD5 NULL-MD5 - SSL_RSA_WITH_NULL_SHA NULL-SHA - SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 - SSL_RSA_WITH_RC4_128_SHA RC4-SHA - SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - - SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA - SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA - - SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA - - SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. - SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. - SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. - -=head2 TLS v1.0 cipher suites - - TLS_RSA_WITH_NULL_MD5 NULL-MD5 - TLS_RSA_WITH_NULL_SHA NULL-SHA - TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 - TLS_RSA_WITH_RC4_128_SHA RC4-SHA - TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA - TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA +=head2 AES cipher suites for TLS v1.2 - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA + TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256 + TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA + TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256 + TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256 + TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA + TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384 + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256 + TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA + TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 + TLS_DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA + TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + TLS_DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256 + TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA + TLS_DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8 + TLS_DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA + TLS_DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8 + TLS_DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384 + TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA + TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH-AES128-CCM8 + TLS_ECDH_anon_WITH_AES_128_CCM AECDH-AES128-CCM + TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA + TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH-AES256-CCM8 + TLS_ECDH_anon_WITH_AES_256_CCM AECDH-AES256-CCM + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256 + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8 + TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA + TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE-RSA-AES128-CCM8 + TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE-RSA-AES128-CCM + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA + TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE-RSA-AES256-CCM8 + TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE-RSA-AES256-CCM + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384 + TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 + TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA + TLS_PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 + TLS_PSK_WITH_AES_128_CCM PSK-AES128-CCM + TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 + TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA + TLS_PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 + TLS_PSK_WITH_AES_256_CCM PSK-AES256-CCM + TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 + TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256 + TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA + TLS_RSA_WITH_AES_128_CCM_8 AES128-CCM8 + TLS_RSA_WITH_AES_128_CCM AES128-CCM + TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256 + TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256 + TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA + TLS_RSA_WITH_AES_256_CCM_8 AES256-CCM8 + TLS_RSA_WITH_AES_256_CCM AES256-CCM + TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384 + +=head2 Camellia cipher suites for TLS v1.2 + + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 ADH-CAMELLIA128-SHA256 + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA + TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256 ADH-CAMELLIA128-GCM-SHA256 + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 ADH-CAMELLIA256-SHA256 + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA + TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384 ADH-CAMELLIA256-GCM-SHA384 + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 DHE-DSS-CAMELLIA128-SHA256 + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA + TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 DHE-DSS-CAMELLIA128-GCM-SHA256 + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 DHE-DSS-CAMELLIA256-SHA256 + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA + TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 DHE-DSS-CAMELLIA256-GCM-SHA384 + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 DHE-RSA-CAMELLIA128-SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA + TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 DHE-RSA-CAMELLIA128-GCM-SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 DHE-RSA-CAMELLIA256-SHA256 + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA + TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 DHE-RSA-CAMELLIA256-GCM-SHA384 + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256 + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256 + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 CAMELLIA128-SHA256 + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA + TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 CAMELLIA128-GCM-SHA256 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 CAMELLIA256-SHA256 + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA + TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 CAMELLIA256-GCM-SHA384 + +=head2 SEED cipher suites for TLS v1.2 + + TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA + TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA + TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA + TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA - TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 - TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA - -=head2 AES cipher suites from RFC3268, extending TLS v1.0 - - TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA - TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA - - TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA - TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA - TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA - TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA - - TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA - TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA - TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA - TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA - - TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA - TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA - -=head2 Camellia cipher suites from RFC4132, extending TLS v1.0 - - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA - - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH-DSS-CAMELLIA128-SHA - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH-DSS-CAMELLIA256-SHA - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH-RSA-CAMELLIA128-SHA - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH-RSA-CAMELLIA256-SHA - - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA - - TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA - TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA - -=head2 SEED cipher suites from RFC4162, extending TLS v1.0 - - TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA - - TLS_DH_DSS_WITH_SEED_CBC_SHA DH-DSS-SEED-SHA - TLS_DH_RSA_WITH_SEED_CBC_SHA DH-RSA-SEED-SHA - - TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA - TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA - - TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA - -=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0 +=head2 GOST cipher suites for TLS v1.2 Note: these ciphers require an engine which including GOST cryptographic algorithms, such as the B engine, which isn't part of the OpenSSL distribution. - TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89 - TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89 - TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94 - TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94 - -=head2 GOST cipher suites, extending TLS v1.2 - -Note: these ciphers require an engine which including GOST cryptographic -algorithms, such as the B engine, which isn't part of the OpenSSL -distribution. - - TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012-GOST8912-GOST8912 - TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012-NULL-GOST12 - -Note: GOST2012-GOST8912-GOST8912 is an alias for two ciphers ID -old LEGACY-GOST2012-GOST8912-GOST8912 and new IANA-GOST2012-GOST8912-GOST8912 - - -=head2 Additional Export 1024 and other cipher suites - -Note: these ciphers can also be used in SSL v3. - - TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA - -=head2 Elliptic curve cipher suites - - TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA - TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA - - TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA - - TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA - TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA - TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA - TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA - TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA - -=head2 TLS v1.2 cipher suites - - TLS_RSA_WITH_NULL_SHA256 NULL-SHA256 - - TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256 - TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256 - TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256 - TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384 - - TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH-RSA-AES128-SHA256 - TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH-RSA-AES256-SHA256 - TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH-RSA-AES128-GCM-SHA256 - TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH-RSA-AES256-GCM-SHA384 - - TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH-DSS-AES128-SHA256 - TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH-DSS-AES256-SHA256 - TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH-DSS-AES128-GCM-SHA256 - TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH-DSS-AES256-GCM-SHA384 - - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256 - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256 - TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384 - - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256 - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256 - TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256 - TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384 - - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 - - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 - - TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256 - TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256 - TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256 - TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384 - - RSA_WITH_AES_128_CCM AES128-CCM - RSA_WITH_AES_256_CCM AES256-CCM - DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM - DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM - RSA_WITH_AES_128_CCM_8 AES128-CCM8 - RSA_WITH_AES_256_CCM_8 AES256-CCM8 - DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8 - DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8 - ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM - ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM - ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 - ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89 + TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94 + IANA-GOST2012-GOST8912-GOST8912 + LEGACY-GOST2012-GOST8912-GOST8912 + GOST2012-NULL-GOST12 + GOST2012-KUZNYECHIK-KUZNYECHIKOMAC + GOST2012-MAGMA-MAGMAOMAC =head2 ARIA cipher suites from RFC6209, extending TLS v1.2 Note: the CBC modes mentioned in this RFC are not supported. - TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256 - TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384 - TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256 - TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384 - TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256 - TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384 - TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 - TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 - TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ARIA128-GCM-SHA256 - TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ARIA256-GCM-SHA384 - TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 - TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 - TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 - TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 - TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 - TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 - -=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2 - - TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 - TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 - TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 - TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 + TLS_DH_anon_WITH_ARIA_128_CBC_SHA256 ADH-ARIA128-CBC-SHA256 + TLS_DH_anon_WITH_ARIA_128_GCM_SHA256 ADH-ARIA128-GCM-SHA256 + TLS_DH_anon_WITH_ARIA_256_CBC_SHA384 ADH-ARIA256-CBC-SHA384 + TLS_DH_anon_WITH_ARIA_256_GCM_SHA384 ADH-ARIA256-GCM-SHA384 + TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256 + TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384 + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE-PSK-ARIA128-CBC-SHA256 + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE-PSK-ARIA256-CBC-SHA384 + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 + TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 DHE-RSA-ARIA128-CBC-SHA256 + TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256 + TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 DHE-RSA-ARIA256-CBC-SHA384 + TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE-ECDSA-ARIA128-CBC-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE-ECDSA-ARIA256-CBC-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE-RSA-ARIA128-CBC-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-RSA-ARIA128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE-RSA-ARIA256-CBC-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-RSA-ARIA256-GCM-SHA384 + TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK-ARIA128-CBC-SHA256 + TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 + TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 + TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA-PSK-ARIA128-CBC-SHA256 + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 + TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA-PSK-ARIA256-CBC-SHA384 + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 + TLS_RSA_WITH_ARIA_128_CBC_SHA256 ARIA128-CBC-SHA256 + TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256 + TLS_RSA_WITH_ARIA_256_CBC_SHA384 ARIA256-CBC-SHA384 + TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384 -=head2 Pre-shared keying (PSK) cipher suites +=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2 - PSK_WITH_NULL_SHA PSK-NULL-SHA - DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA - RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA - - PSK_WITH_RC4_128_SHA PSK-RC4-SHA - PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA - PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA - PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA - - DHE_PSK_WITH_RC4_128_SHA DHE-PSK-RC4-SHA - DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE-PSK-3DES-EDE-CBC-SHA - DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA - DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA - - RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA - RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA - RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA - RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA - - PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 - PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 - DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 - DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 - RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 - RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 - - PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 - PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 - PSK_WITH_NULL_SHA256 PSK-NULL-SHA256 - PSK_WITH_NULL_SHA384 PSK-NULL-SHA384 - DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 - DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 - DHE_PSK_WITH_NULL_SHA256 DHE-PSK-NULL-SHA256 - DHE_PSK_WITH_NULL_SHA384 DHE-PSK-NULL-SHA384 - RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 - RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 - RSA_PSK_WITH_NULL_SHA256 RSA-PSK-NULL-SHA256 - RSA_PSK_WITH_NULL_SHA384 RSA-PSK-NULL-SHA384 - PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 - PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 - - ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA - ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-3DES-EDE-CBC-SHA - ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA - ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA - ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 - ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 - ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA - ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256 - ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384 - - PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256 - PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384 - - DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256 - DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384 - - RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256 - RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384 - - ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 - ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 - - PSK_WITH_AES_128_CCM PSK-AES128-CCM - PSK_WITH_AES_256_CCM PSK-AES256-CCM - DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM - DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM - PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 - PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 - DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 - DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + +=head2 Elliptic curve cipher suites for TLS v.1.2 + + TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA + TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA + TLS_ECDH_anon_WITH_AES_128_CCM_8 AECDH-AES128-CCM8 + TLS_ECDH_anon_WITH_AES_128_CCM AECDH-AES128-CCM + TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA + TLS_ECDH_anon_WITH_AES_256_CCM_8 AECDH-AES256-CCM8 + TLS_ECDH_anon_WITH_AES_256_CCM AECDH-AES256-CCM + TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH-ECDSA-DES-CBC3-SHA + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256 + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA + TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384 + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA + TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384 + TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-ECDSA-CAMELLIA128-SHA256 + TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-ECDSA-CAMELLIA256-SHA384 + TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH-ECDSA-RC4-SHA + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH-RSA-DES-CBC3-SHA + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256 + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384 + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384 + TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256 + TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384 + TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH-RSA-RC4-SHA + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA + TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + TLS_ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 ECDHE-ECDSA-ARIA128-CBC-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 ECDHE-ECDSA-ARIA256-CBC-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA + TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 ECDHE-ECDSA-SM4-CCM-SM3 + TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 ECDHE-ECDSA-SM4-GCM-SM3 + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA + TLS_ECDHE_RSA_WITH_AES_128_CCM_8 ECDHE-RSA-AES128-CCM8 + TLS_ECDHE_RSA_WITH_AES_128_CCM ECDHE-RSA-AES128-CCM + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA + TLS_ECDHE_RSA_WITH_AES_256_CCM_8 ECDHE-RSA-AES256-CCM8 + TLS_ECDHE_RSA_WITH_AES_256_CCM ECDHE-RSA-AES256-CCM + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 ECDHE-RSA-ARIA128-CBC-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-RSA-ARIA128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 ECDHE-RSA-ARIA256-CBC-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-RSA-ARIA256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 + TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA + TLS_ECDHE_RSA_WITH_SM4_CCM_SM3 ECDHE-RSA-SM4-CCM-SM3 + TLS_ECDHE_RSA_WITH_SM4_GCM_SM3 ECDHE-RSA-SM4-GCM-SM3 + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-DES-CBC3-SHA + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8 + TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA + TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE-PSK-SM4-CCM-SM3 + TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE-PSK-SM4-GCM-SM3 -=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2 +=head2 Pre-shared keying (PSK) cipher suites - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 - TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305 - TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 - TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 - TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 - TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 + TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA + TLS_DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 + TLS_DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM + TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 + TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA + TLS_DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + TLS_DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM + TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 + TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 DHE-PSK-ARIA128-CBC-SHA256 + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 + TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 DHE-PSK-ARIA256-CBC-SHA384 + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 + TLS_DHE_PSK_WITH_SM4_CCM_SM3 DHE-PSK-SM4-CCM-SM3 + TLS_DHE_PSK_WITH_SM4_GCM_SM3 DHE-PSK-SM4-GCM-SM3 + TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-DES-CBC3-SHA + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 ECDHE-PSK-AES128-CCM8 + TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 ECDHE-PSK-AES128-CCM + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 ECDHE-PSK-AES128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 ECDHE-PSK-AES256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 ECDHE-PSK-ARIA128-CBC-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256 ECDHE-PSK-ARIA128-GCM-SHA256 + TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 ECDHE-PSK-ARIA256-CBC-SHA384 + TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384 ECDHE-PSK-ARIA256-GCM-SHA384 + TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA + TLS_ECDHE_PSK_WITH_SM4_CCM_SM3 ECDHE-PSK-SM4-CCM-SM3 + TLS_ECDHE_PSK_WITH_SM4_GCM_SM3 ECDHE-PSK-SM4-GCM-SM3 + TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 + TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA + TLS_PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 + TLS_PSK_WITH_AES_128_CCM PSK-AES128-CCM + TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 + TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA + TLS_PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 + TLS_PSK_WITH_AES_256_CCM PSK-AES256-CCM + TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + TLS_PSK_WITH_ARIA_128_CBC_SHA256 PSK-ARIA128-CBC-SHA256 + TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 + TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 + TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA + TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 + TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA + TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 + TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 RSA-PSK-ARIA128-CBC-SHA256 + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 + TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 RSA-PSK-ARIA256-CBC-SHA384 + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 + TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_SM4_CCM_SM3 RSA-PSK-SM4-CCM-SM3 + TLS_RSA_PSK_WITH_SM4_GCM_SM3 RSA-PSK-SM4-GCM-SM3 + +=head2 Other TLS v1.2 cipher suites + + TLS_RSA_WITH_NULL_MD5 NULL-MD5 + TLS_RSA_WITH_NULL_SHA NULL-SHA + TLS_RSA_WITH_NULL_SHA256 NULL-SHA256 + TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 + TLS_RSA_WITH_RC4_128_SHA RC4-SHA + TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA + TLS_RSA_WITH_SM4_CCM_SM3 SM4-CCM-SM3 + TLS_RSA_WITH_SM4_GCM_SM3 SM4-GCM-SM3 + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA + TLS_DHE_RSA_WITH_SM4_CCM_SM3 DHE-RSA-SM4-CCM-SM3 + TLS_DHE_RSA_WITH_SM4_GCM_SM3 DHE-RSA-SM4-GCM-SM3 + TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 + TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA =head2 TLS v1.3 cipher suites @@ -746,12 +859,12 @@ and thus are disabled by default. These ciphers are only available at security level 0. -=head2 Older names used by OpenSSL +=head2 "EDH-" aliases to "DHE-" names for backward compatibility The following names are accepted by older releases: - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA) - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA) + EDH-RSA-DES-CBC3-SHA - alias of DHE-RSA-DES-CBC3-SHA + EDH-DSS-DES-CBC3-SHA - alias of DHE-DSS-DES-CBC3-SHA =head1 NOTES @@ -774,13 +887,9 @@ openssl ciphers -v 'ALL:!aNULL' -Include only 3DES ciphers and then place RSA ciphers last: - - openssl ciphers -v '3DES:+RSA' - -Include all RC4 ciphers but leave out those without authentication: +Include only AES ciphers and then place RSA ciphers last: - openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' + openssl ciphers -v 'AES:+RSA' Include all ciphers with RSA authentication but leave out ciphers without encryption. @@ -814,7 +923,7 @@ =head1 COPYRIGHT -Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man1/openssl-cmp.pod.in openssl-3.5.6/doc/man1/openssl-cmp.pod.in --- openssl-3.5.5/doc/man1/openssl-cmp.pod.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man1/openssl-cmp.pod.in 2026-04-07 14:26:30.000000000 +0200 @@ -718,9 +718,15 @@ =item B<-no_cache_extracerts> Do not cache certificates in the extraCerts field of CMP messages received. -By default, they are kept as they may be helful for validating further messages. +By default, they are kept as they may be helpful for validating further messages. This option applies to both CMP clients and the mock server. +In any case, after successfully validating an incoming message, its protection +certificate (if any) is cached for reuse with validation of subsequent messages. +This is done not only for efficiency but also +to eliminate the need for the sender to include its certificate and related chain +in the extraCerts field of subsequent messages of the same transaction. + =item B<-srvcertout> I The file where to save the successfully validated certificate, if any, @@ -1533,7 +1539,7 @@ =head1 COPYRIGHT -Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man1/openssl-cms.pod.in openssl-3.5.6/doc/man1/openssl-cms.pod.in --- openssl-3.5.5/doc/man1/openssl-cms.pod.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man1/openssl-cms.pod.in 2026-04-07 14:26:30.000000000 +0200 @@ -881,7 +881,7 @@ Print CMS signed binary data in human-readable form: -openssl cms -in signed.cms -binary -inform DER -cmsout -print + openssl cms -in signed.cms -binary -inform DER -cmsout -print =head1 BUGS diff -Nru openssl-3.5.5/doc/man1/openssl-format-options.pod openssl-3.5.6/doc/man1/openssl-format-options.pod --- openssl-3.5.5/doc/man1/openssl-format-options.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man1/openssl-format-options.pod 2026-04-07 14:26:30.000000000 +0200 @@ -75,7 +75,7 @@ A DER-encoded file containing a PKCS#12 object. It might be necessary to provide a decryption password to retrieve -the private key. +the private key or certificate. =item B @@ -135,7 +135,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man1/openssl-pkeyutl.pod.in openssl-3.5.6/doc/man1/openssl-pkeyutl.pod.in --- openssl-3.5.5/doc/man1/openssl-pkeyutl.pod.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man1/openssl-pkeyutl.pod.in 2026-04-07 14:26:30.000000000 +0200 @@ -207,7 +207,7 @@ Encapsulation is supported with a number of public key algorithms, currently: L, L, -L, +L, and L. The ECX and EC algorithms use the @@ -693,7 +693,7 @@ =head1 COPYRIGHT -Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man1/openssl-verification-options.pod openssl-3.5.6/doc/man1/openssl-verification-options.pod --- openssl-3.5.5/doc/man1/openssl-verification-options.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man1/openssl-verification-options.pod 2026-04-07 14:26:30.000000000 +0200 @@ -142,6 +142,12 @@ The lookup first searches for issuer certificates in the trust store. If it does not find a match there it consults the list of untrusted ("intermediate" CA) certificates, if provided. +If one issuer certificate was found in the trust store, the list of +untrusted certificates will not be consulted anymore to find further +issuer certificates. Therefore, either only the root certificate or an +uninterrupted chain to the root certificate must be provided in the trust +store for a successful verification, if B +is not enabled. =head2 Certification Path Validation @@ -732,7 +738,7 @@ =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man1/openssl-verify.pod.in openssl-3.5.6/doc/man1/openssl-verify.pod.in --- openssl-3.5.5/doc/man1/openssl-verify.pod.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man1/openssl-verify.pod.in 2026-04-07 14:26:30.000000000 +0200 @@ -104,6 +104,11 @@ =back +Note that the first parameter that does not begin with a B<-> ends the list +of options and starts the list of certificates. If you place any options +after a certificate filename, they will be interpreted not as options +but as certificates. + =head1 DIAGNOSTICS When a verify operation fails the output messages can be somewhat cryptic. The @@ -140,7 +145,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/ADMISSIONS.pod openssl-3.5.6/doc/man3/ADMISSIONS.pod --- openssl-3.5.5/doc/man3/ADMISSIONS.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/ADMISSIONS.pod 2026-04-07 14:26:30.000000000 +0200 @@ -98,7 +98,7 @@ The B, B, B, and B types are opaque structures representing the analogous types defined in the Common PKI Specification published -by L. +by L. Knowledge of those structures and their semantics is assumed. The conventional routines to convert between DER and the local format @@ -169,7 +169,7 @@ =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/BIO_get_data.pod openssl-3.5.6/doc/man3/BIO_get_data.pod --- openssl-3.5.5/doc/man3/BIO_get_data.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/BIO_get_data.pod 2026-04-07 14:26:30.000000000 +0200 @@ -18,7 +18,7 @@ =head1 DESCRIPTION -These functions are mainly useful when implementing a custom BIO. +These functions can be used when implementing a custom BIO. The BIO_set_data() function associates the custom data pointed to by B with the BIO. This data can subsequently be retrieved via a call to BIO_get_data(). @@ -36,6 +36,13 @@ this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource is also closed when the BIO is freed. +=head1 WARNINGS + +Do not use BIO_set_data(), BIO_get_data(), BIO_set_init(), BIO_get_init(), outside +the implementation of a custom BIO. +Calling BIO_set_data() on an existing BIO implementation with data that it does +not expect will lead to unexpected results. + =head1 RETURN VALUES BIO_get_data() returns a pointer to the implementation specific custom data @@ -55,7 +62,7 @@ =head1 COPYRIGHT -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/BIO_push.pod openssl-3.5.6/doc/man3/BIO_push.pod --- openssl-3.5.5/doc/man3/BIO_push.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/BIO_push.pod 2026-04-07 14:26:30.000000000 +0200 @@ -20,7 +20,7 @@ to I (unless I is NULL). It then makes a control call on I and returns I. -BIO_pop() removes the BIO I from any chain is is part of. +BIO_pop() removes the BIO I from any chain it is part of. If I is NULL the function does nothing and returns NULL. Otherwise it makes a control call on I and returns the next BIO in the chain, or NULL if there is no next BIO. @@ -88,7 +88,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/BIO_read.pod openssl-3.5.6/doc/man3/BIO_read.pod --- openssl-3.5.5/doc/man3/BIO_read.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/BIO_read.pod 2026-04-07 14:26:30.000000000 +0200 @@ -52,7 +52,9 @@ BIO_write() attempts to write I bytes from I to BIO I. -BIO_puts() attempts to write a NUL-terminated string I to BIO I. +BIO_puts() attempts to write a NUL-terminated string I to BIO I, +without the terminating NUL byte and without appending '\n' +(so, similar to fputs(3), and not puts(3)). =head1 RETURN VALUES @@ -119,7 +121,7 @@ =head1 COPYRIGHT -Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/EVP_EncryptInit.pod openssl-3.5.6/doc/man3/EVP_EncryptInit.pod --- openssl-3.5.5/doc/man3/EVP_EncryptInit.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/EVP_EncryptInit.pod 2026-04-07 14:26:30.000000000 +0200 @@ -1453,6 +1453,9 @@ EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. +EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() and +EVP_CIPHER_CTX_set_params() return 1 for success and 0 for failure. + =head1 CIPHER LISTING All algorithms have a fixed key length unless otherwise stated. @@ -1477,7 +1480,12 @@ To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output parameter I set to NULL. In this case, on success, the parameter -I is set to the number of bytes authenticated. +I is set to the number of AAD bytes processed in that call +(that is, the value of I), and does not include any plaintext +or ciphertext bytes processed by other calls. + +If no AAD is used, this call can be omitted. See the mode-specific notes +below for any exceptions. When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal() indicates whether the operation was successful. If it does not indicate success, diff -Nru openssl-3.5.5/doc/man3/OPENSSL_malloc.pod openssl-3.5.6/doc/man3/OPENSSL_malloc.pod --- openssl-3.5.5/doc/man3/OPENSSL_malloc.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/OPENSSL_malloc.pod 2026-04-07 14:26:30.000000000 +0200 @@ -117,8 +117,8 @@ OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used when the buffer at B holds sensitive information. The old buffer is filled with zero's by calling OPENSSL_cleanse() -before ultimately calling OPENSSL_free(). If the argument to OPENSSL_free() is -NULL, nothing is done. +before ultimately calling OPENSSL_free(). If the argument to +OPENSSL_clear_free() is NULL, nothing is done. OPENSSL_cleanse() fills B of size B with a string of 0's. It is useful in cases when it is needed to ensure that memory (that contains @@ -258,7 +258,7 @@ =head1 COPYRIGHT -Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/OSSL_CMP_CTX_new.pod openssl-3.5.6/doc/man3/OSSL_CMP_CTX_new.pod --- openssl-3.5.5/doc/man3/OSSL_CMP_CTX_new.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/OSSL_CMP_CTX_new.pod 2026-04-07 14:26:30.000000000 +0200 @@ -356,6 +356,12 @@ Do not cache certificates received in the extraCerts CMP message field. Otherwise they are stored to potentially help validate further messages. +In any case, after successfully validating an incoming message, its protection +certificate (if any) is cached for reuse with validation of subsequent messages. +This is done not only for efficiency but also +to eliminate the need for the sender to include its certificate and related chain +in the extraCerts field of subsequent messages of the same transaction. + =back OSSL_CMP_CTX_get_option() reads the current value of the given option @@ -877,14 +883,15 @@ OSSL_CMP_CTX_get0_libctx(), OSSL_CMP_CTX_get0_propq(), and OSSL_CMP_CTX_get0_validatedSrvCert() were added in OpenSSL 3.2. -OSSL_CMP_CTX_get0_geninfo_ITAVs() was added in OpenSSL 3.3. +OSSL_CMP_CTX_get0_geninfo_ITAVs() and +the B option were added in OpenSSL 3.3. Support for central key generation, requested via B, was added in OpenSSL 3.5. =head1 COPYRIGHT -Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/OSSL_HPKE_CTX_new.pod openssl-3.5.6/doc/man3/OSSL_HPKE_CTX_new.pod --- openssl-3.5.5/doc/man3/OSSL_HPKE_CTX_new.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/OSSL_HPKE_CTX_new.pod 2026-04-07 14:26:30.000000000 +0200 @@ -451,12 +451,12 @@ OSSL_HPKE_str2suite() maps input I strings to an B object. The input I should be a comma-separated string with a KEM, -KDF and AEAD name in that order, for example "x25519,hkdf-sha256,aes128gcm". +KDF and AEAD name in that order, for example "x25519,hkdf-sha256,aes-128-gcm". This can be used by command line tools that accept string form names for HPKE codepoints. Valid (case-insensitive) names are: "p-256", "p-384", "p-521", "x25519" and "x448" for KEM, "hkdf-sha256", "hkdf-sha384" and "hkdf-sha512" for KDF, and -"aes-gcm-128", "aes-gcm-256", "chacha20-poly1305" and "exporter" for AEAD. +"aes-128-gcm", "aes-256-gcm", "chacha20-poly1305" and "exporter" for AEAD. String variants of the numbers listed in L can also be used. @@ -566,7 +566,7 @@ =head1 COPYRIGHT -Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/PKCS5_PBE_keyivgen.pod openssl-3.5.6/doc/man3/PKCS5_PBE_keyivgen.pod --- openssl-3.5.5/doc/man3/PKCS5_PBE_keyivgen.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/PKCS5_PBE_keyivgen.pod 2026-04-07 14:26:30.000000000 +0200 @@ -110,6 +110,13 @@ I is the message digest function used in the derivation. +I is the initialization vector (IV) to use for the encryption algorithm. +If I is NULL, then a random IV will be generated. + +I is the numeric identifier (NID) for the pseudo-random function to +use with PBKDF2. If I is not specified (for example, I is set to 0), +a default PRF is used, which is currently set to SHA-256 (NID_hmacWithSHA256). + Functions ending in _ex() take optional parameters I and I which are used to select appropriate algorithm implementations. @@ -118,7 +125,9 @@ PKCS5_pbe_set(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set(), PKCS5_pbe2_set_iv(), PKCS5_pbe2_set_iv_ex() and PKCS5_pbe2_set_scrypt() generate an B object which represents an AlgorithmIdentifier containing the algorithm OID and -associated parameters for the PBE algorithm. +associated parameters for the PBE algorithm. These functions encode the +key derivation parameters (such as salt and iteration count) and the +encryption parameters (such as the IV) into the ASN.1 structure. PKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() generate an B object which represents an AlgorithmIdentifier containing the algorithm OID and @@ -177,7 +186,7 @@ =head1 COPYRIGHT -Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/RSA_set_method.pod openssl-3.5.6/doc/man3/RSA_set_method.pod --- openssl-3.5.5/doc/man3/RSA_set_method.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/RSA_set_method.pod 2026-04-07 14:26:30.000000000 +0200 @@ -148,13 +148,7 @@ RSA_set_default_method() returns no value. -RSA_set_method() returns a pointer to the old RSA_METHOD implementation -that was replaced. However, this return value should probably be ignored -because if it was supplied by an ENGINE, the pointer could be invalidated -at any time if the ENGINE is unloaded (in fact it could be unloaded as a -result of the RSA_set_method() function releasing its handle to the -ENGINE). For this reason, the return type may be replaced with a B -declaration in a future release. +RSA_set_method() returns 1 for success. It always succeeds. RSA_new_method() returns NULL and sets an error code that can be obtained by L if the allocation fails. Otherwise @@ -185,7 +179,7 @@ =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/SSL_CONF_cmd.pod openssl-3.5.6/doc/man3/SSL_CONF_cmd.pod --- openssl-3.5.5/doc/man3/SSL_CONF_cmd.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/SSL_CONF_cmd.pod 2026-04-07 14:26:30.000000000 +0200 @@ -176,16 +176,14 @@ $ openssl list -tls1_2 -tls-groups $ openssl list -tls1_3 -tls-groups -The recommended groups (in order of decreasing performance) for TLS 1.3 are presently: +The recommended groups for TLS 1.3 are presently documented in the default +TLS group list in the OpenSSL code base. Starting with OpenSSL 3.5, the +hybrid algorithm B is first in this default list. +It mitigates against threats from future quantum computers while +still providing state-of-the-art classical key exchange protection. -B, -B, -B, -and -B. - -The stronger security margins of the last two, come at a significant -performance penalty. +Further details regarding post-quantum algorithm considerations are documented +in the HISTORY section below. An enriched alternative syntax, that enables clients to send multiple keyshares and allows servers to prioritise some groups over others, is described in @@ -884,7 +882,7 @@ =head1 COPYRIGHT -Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/SSL_CTX_set1_curves.pod openssl-3.5.6/doc/man3/SSL_CTX_set1_curves.pod --- openssl-3.5.5/doc/man3/SSL_CTX_set1_curves.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/SSL_CTX_set1_curves.pod 2026-04-07 14:26:30.000000000 +0200 @@ -40,13 +40,13 @@ For all of the functions below that set the supported groups there must be at least one group in the list. A number of these functions identify groups via a -unique integer NID value. However, support for some groups may be added by -external providers. In this case there will be no NID assigned for the group. +unique integer B value. However, support for some groups may be added by +external providers. In this case there will be no B assigned for the group. When setting such groups applications should use the "list" form of these functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list()). SSL_CTX_set1_groups() sets the supported groups for B to B -groups in the array B. The array consist of all NIDs of supported groups. +groups in the array B. The array consist of all B of supported groups. The supported groups for B include: B, B, @@ -73,20 +73,27 @@ array determines the selected group. Otherwise, the order is ignored and the client's order determines the selection. -For a TLS 1.3 server, the groups determine the selected group, but -selection is more complex. A TLS 1.3 client sends both a group list as well as a -predicted subset of groups. Choosing a group outside the predicted subset incurs -an extra roundtrip. However, in some situations, the most preferred group may -not be predicted. OpenSSL considers all supported groups in I to be comparable -in security and prioritizes avoiding roundtrips above either client or server -preference order. If an application uses an external provider to extend OpenSSL -with, e.g., a post-quantum algorithm, this behavior may allow a network attacker -to downgrade connections to a weaker algorithm. It is therefore recommended -to use SSL_CTX_set1_groups_list() with the ability to specify group tuples. +For a TLS 1.3 server, the groups determine the selected group, but selection is +more complex. +A TLS 1.3 client sends both a group list and predicted keyshares for a subset +of groups. +A server choosing a group outside the client's predicted subset incurs an extra +roundtrip. +However, in some situations, the most preferred group may not be predicted. + +When groups are specified via SSL_CTX_set1_groups() as a list of B +values, OpenSSL considers all supported groups in I to be comparable in +security and prioritises avoiding roundtrips above either client or server +preference order. +If an application uses an external provider to extend OpenSSL with, e.g., a +post-quantum algorithm, this behavior may allow a network attacker to downgrade +connections to a weaker algorithm. +It is therefore recommended to use SSL_CTX_set1_groups_list() instead, making +it possible to specify group tuples as described below. SSL_CTX_set1_groups_list() sets the supported groups for B to string I. In contrast to SSL_CTX_set1_groups(), the names of the -groups, rather than their NIDs, are used. +groups, rather than their B, are used. The commands below list the available groups for TLS 1.2 and TLS 1.3, respectively: @@ -102,30 +109,72 @@ L. The I can be used to define several group tuples of comparable security -levels, and can specify which key shares should be sent by a client. -The specified list elements can optionally be ignored, if not implemented +levels, and can specify which predicted key shares should be sent by a client. +Group tuples are used by OpenSSL TLS servers to decide whether to request a +stronger keyshare than those predicted by sending a Hello Retry Request +(B) even if some of the predicted groups are supported. +OpenSSL clients ignore tuple boundaries, and pay attenion only to the overall +order of I elements and which groups are selected as predicted keyshares +as described below. + +The specified list elements can optionally be ignored if not implemented (listing unknown groups otherwise results in error). -It is also possible to specify the built-in default set of groups, and to explicitly -remove a group from that list. +It is also possible to specify the built-in default set of groups, and to +explicitly remove a group from that list. -In its simplest form, the string I is just a colon separated list -of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". The first -group listed will also be used for the B sent by a client in a -TLSv1.3 B. For servers note the discussion above. The list should -be in order of preference with the most preferred group first. - -Group tuples of comparable security are defined by separating them from each -other by a tuple separator C. Keyshares to be sent by a client are specified -by prepending a C<*> to the group name, while any C<*> will be ignored by a -server. The following string I for example defines three tuples when -used on the server-side, and triggers the generation of three key shares -when used on the client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048. - -If a group name is preceded with the C character, it will be ignored if an -implementation is missing. If a group name is preceded with the C<-> character, it -will be removed from the list of groups if present (including not sending a -key share for this group), ignored otherwise. The pseudo group name -C can be used to select the OpenSSL built-in default list of groups. +In its simplest legacy form, the string I is just a colon separated list +of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". +The first group listed will in this case be used as the sole predicted +B sent by a client in a TLSv1.3 B. +The list should be in order of preference with the most preferred group first. + +A more expressive syntax supports definition of group tuples of comparable +security by separating them from each other with C characters. + +The predicted keyshares to be sent by clients can be explicitly specified by +adding a C<*> prefix to the associated group name. +These C<*> prefixes are ignored by servers. + +If a group name is prefixed with the C character, it will be ignored if an +implementation is missing. +Otherwise, listing an unknown group name will cause a failure to parse the +I. +Note that whether a group is known or not may depend on the OpenSSL version, +how OpenSSL was compiled and/or which providers are loaded. +Make sure you have the correct spelling of the group name and when in doubt +prefix it with a C to handle configurations in which it might nevertheless +be unknown. + +If a group name is prefixed with the C<-> character, it will be removed from +the list of groups specified up to that point. +It can be added again if specified later. +Removal of groups that have not been included earlier in the list is silently +ignored. + +The pseudo group name C can be used to select the OpenSSL built-in +default list of groups. +Prepending one or more groups to C using only C<:> separators prepends those +groups to the built-in default list's first tuple. +Additional tuples can be prepended by use of the C separator. +Appending a set of groups to C using only C<:> separators appends those +groups to the built-in default list's last tuple. +Additional tuples can be appended by use of the C separator. + +The B list selects B as one of the predicted keyshares. +In rare cases this can lead to failures or timeouts because the resulting +larger TLS Client Hello message may no longer fit in a single TCP segment and +firewall software may erroneously disrupt the TLS handshake. +If this is an issue or concern, prepending C without a C<*> +prefix leads to its occurrence in the default list to be ignored as a duplicate, +and along with that also the keyshare prediction. +The group will then only be selected by servers that specifically expect it, +after a Hello Retry Request (HRR). +Servers that specifically prefer B, are much less likely to be +found behind problematic firewalls. + +The following string I for example defines three tuples when used on the +server-side, and triggers the generation of three key shares when used on the +client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048. For a TLS 1.3 client, all the groups in the string I are added to the supported groups extension of a C, in the order in which they are listed, @@ -351,7 +400,7 @@ =head1 COPYRIGHT -Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/SSL_CTX_set_psk_client_callback.pod openssl-3.5.6/doc/man3/SSL_CTX_set_psk_client_callback.pod --- openssl-3.5.5/doc/man3/SSL_CTX_set_psk_client_callback.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/SSL_CTX_set_psk_client_callback.pod 2026-04-07 14:26:30.000000000 +0200 @@ -93,6 +93,14 @@ Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it should not be freed by the application. +Note that as described above, the callback may be called a second time during a +handshake. Since ownership of the SSL_SESSION is transferred to OpenSSL on each +call, if the callback wishes to return the same SSL_SESSION pointer on a +subsequent invocation, it must first call L to increment +the reference count. Failure to do so will result in a use-after-free error. +Alternatively, the callback may return a different SSL_SESSION object on each +call (e.g., by calling L). + It is also possible for the callback to succeed but not supply a PSK. In this case no PSK will be sent to the server but the handshake will continue. To do this the callback should return successfully and ensure that B<*sess> is @@ -169,7 +177,7 @@ =head1 COPYRIGHT -Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/SSL_get_ciphers.pod openssl-3.5.6/doc/man3/SSL_get_ciphers.pod --- openssl-3.5.5/doc/man3/SSL_get_ciphers.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/SSL_get_ciphers.pod 2026-04-07 14:26:30.000000000 +0200 @@ -75,6 +75,8 @@ available shared ciphersuites whether or not they are enabled. This is a server side function only and must only be called after the completion of the initial handshake. +The function sets an empty string when B fails the handshake due to the +absence of shared ciphers. =head1 NOTES @@ -107,7 +109,7 @@ =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/X509_NAME_print_ex.pod openssl-3.5.6/doc/man3/X509_NAME_print_ex.pod --- openssl-3.5.5/doc/man3/X509_NAME_print_ex.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man3/X509_NAME_print_ex.pod 2026-04-07 14:26:30.000000000 +0200 @@ -32,9 +32,8 @@ Otherwise, at most I bytes will be written, including the ending '\0', and I is returned. -X509_NAME_print() prints out I to I indenting each line by I -characters. Multiple lines are used if the output (including indent) exceeds -80 characters. +X509_NAME_print() prints out I to I on a single line. +The I parameter is ignored and retained only for API compatibility. =head1 NOTES @@ -122,7 +121,7 @@ =head1 COPYRIGHT -Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man3/X509V3_EXT_print.pod openssl-3.5.6/doc/man3/X509V3_EXT_print.pod --- openssl-3.5.5/doc/man3/X509V3_EXT_print.pod 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.5.6/doc/man3/X509V3_EXT_print.pod 2026-04-07 14:26:30.000000000 +0200 @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +X509V3_EXT_print, X509V3_EXT_print_fp - pretty print X509 certificate extensions + +=head1 SYNOPSIS + + #include + + int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); + int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); + +=head1 DESCRIPTION + +X509V3_EXT_print() and X509V3_EXT_print_fp() parse and print the extension +info from I to I or I with indentation set via I. +I determines the behaviour if an extension could not be parsed and can be +one of: +B (equivalent to 0): an unknown or unparsable extension +stops the parsing and the function returns a failure. +B: an unknown or unparsable extension is handled by +printing it through the B function, and the function returns +success. +B: an unknown or unparsable extension is handled by +printing it through the B function, and the function returns +success, +B: an unknown or unparsable extension is handled by +printing either "" or "", and the function returns +success. + +=head1 RETURN VALUES + +X509V3_EXT_print() and X509V3_EXT_print_fp() return 1 for success and 0 for +failure. + +=head1 SEE ALSO + +L, +L, + +=head1 COPYRIGHT + +Copyright 2026 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-DSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-DSA.pod --- openssl-3.5.5/doc/man7/EVP_SIGNATURE-DSA.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-DSA.pod 2026-04-07 14:26:30.000000000 +0200 @@ -3,7 +3,7 @@ =head1 NAME EVP_SIGNATURE-DSA -- The B DSA signature implementation +- The EVP_PKEY B signature implementation =head1 DESCRIPTION @@ -116,7 +116,7 @@ =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-ECDSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-ECDSA.pod --- openssl-3.5.5/doc/man7/EVP_SIGNATURE-ECDSA.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-ECDSA.pod 2026-04-07 14:26:30.000000000 +0200 @@ -2,7 +2,7 @@ =head1 NAME -EVP_SIGNATURE-ECDSA - The EVP_PKEY ECDSA signature implementation. +EVP_SIGNATURE-ECDSA - The EVP_PKEY B signature implementation =head1 DESCRIPTION @@ -104,7 +104,7 @@ =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-ED25519.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-ED25519.pod --- openssl-3.5.5/doc/man7/EVP_SIGNATURE-ED25519.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-ED25519.pod 2026-04-07 14:26:30.000000000 +0200 @@ -6,7 +6,7 @@ EVP_SIGNATURE-ED448, Ed25519, Ed448 -- EVP_PKEY Ed25519 and Ed448 support +- The EVP_PKEY B and B signature implementations =head1 DESCRIPTION @@ -175,7 +175,7 @@ =head1 COPYRIGHT -Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-HMAC.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-HMAC.pod --- openssl-3.5.5/doc/man7/EVP_SIGNATURE-HMAC.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-HMAC.pod 2026-04-07 14:26:30.000000000 +0200 @@ -4,7 +4,7 @@ EVP_SIGNATURE-HMAC, EVP_SIGNATURE-Siphash, EVP_SIGNATURE-Poly1305, EVP_SIGNATURE-CMAC -- The legacy B MAC signature implementations +- The legacy EVP_PKEY B signature implementations =head1 DESCRIPTION @@ -39,7 +39,7 @@ =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-ML-DSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-ML-DSA.pod --- openssl-3.5.5/doc/man7/EVP_SIGNATURE-ML-DSA.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-ML-DSA.pod 2026-04-07 14:26:30.000000000 +0200 @@ -3,8 +3,8 @@ =head1 NAME EVP_SIGNATURE-ML-DSA, -EVP_SIGNATURE-ML-DSA-44, EVP_SIGNATURE-ML-DSA-65, EVP_SIGNATURE-ML-DSA-87, -- EVP_SIGNATURE ML-DSA support +EVP_SIGNATURE-ML-DSA-44, EVP_SIGNATURE-ML-DSA-65, EVP_SIGNATURE-ML-DSA-87 +- The EVP_PKEY B signature implementations =head1 DESCRIPTION @@ -131,7 +131,7 @@ =head1 COPYRIGHT -Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-RSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-RSA.pod --- openssl-3.5.5/doc/man7/EVP_SIGNATURE-RSA.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-RSA.pod 2026-04-07 14:26:30.000000000 +0200 @@ -3,7 +3,7 @@ =head1 NAME EVP_SIGNATURE-RSA -- The EVP_PKEY RSA signature implementation +- The EVP_PKEY B signature implementation =head1 DESCRIPTION @@ -192,7 +192,7 @@ =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-SLH-DSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-SLH-DSA.pod --- openssl-3.5.5/doc/man7/EVP_SIGNATURE-SLH-DSA.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-SLH-DSA.pod 2026-04-07 14:26:30.000000000 +0200 @@ -9,7 +9,7 @@ EVP_SIGNATURE-SLH-DSA-SHAKE-128s, EVP_SIGNATURE-SLH-DSA-SHAKE-128f, EVP_SIGNATURE-SLH-DSA-SHAKE-192s, EVP_SIGNATURE-SLH-DSA-SHAKE-192f, EVP_SIGNATURE-SLH-DSA-SHAKE-256s, EVP_SIGNATURE-SLH-DSA-SHAKE-256f -- EVP_PKEY SLH-DSA support +- The EVP_PKEY B signature implementations =head1 DESCRIPTION @@ -126,7 +126,7 @@ =head1 COPYRIGHT -Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/openssl-env.pod openssl-3.5.6/doc/man7/openssl-env.pod --- openssl-3.5.5/doc/man7/openssl-env.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/openssl-env.pod 2026-04-07 14:26:30.000000000 +0200 @@ -64,6 +64,13 @@ The value of this environment variable is a comma-separated list of names, with the following available: +=item B + +This environment variable is used to flag the fact that unit tests are being run +(i.e. `make test`). It is used to detect when the OpenSSL should behave in a special +manner during unit tests (i.e. when unit tests are being run on fuzzing builds). It should +generally not be set by users. + =over 4 =item B @@ -205,7 +212,7 @@ =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/ossl-guide-tls-introduction.pod openssl-3.5.6/doc/man7/ossl-guide-tls-introduction.pod --- openssl-3.5.5/doc/man7/ossl-guide-tls-introduction.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/ossl-guide-tls-introduction.pod 2026-04-07 14:26:30.000000000 +0200 @@ -165,7 +165,7 @@ then save it as "/usr/local/ssl/cert.pem". You can also use environment variables to override the default location that -OpenSSL will look for its trusted certificate store. Set the B +OpenSSL will look for its trusted certificate store. Set the B environment variable to give the directory where OpenSSL should looks for its certificates or the B environment variable to give the name of a single file containing all of the certificates. See L for @@ -311,7 +311,7 @@ =head1 COPYRIGHT -Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/property.pod openssl-3.5.6/doc/man7/property.pod --- openssl-3.5.5/doc/man7/property.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/property.pod 2026-04-07 14:26:30.000000000 +0200 @@ -142,6 +142,38 @@ disallow any implementations with "fips=yes" rather than not caring about the setting. +=head1 PREDEFINED NAMES + +=for comment This list should correspond to the array 'predefined_names' in crypto/property/property_parse.c + +Currently known predefined names are: + +=over 4 + +=item C + +The conventional property value is the provider's name. This may be different from the name returned by L. + +It is a convention among OpenSSL provider implementations to define a property with this name. It is not mandatory to do this. + +=item C + +The conventional property value is the provider's version. + +OpenSSL provider implementations do not define a property with this name. + +=item C + +The conventional property value is boolean (C<"yes"> or C<"no">), indication whether the implementation conforms to FIPS standards or not. + +It is a convention among OpenSSL provider implementations to define a property with this name where applicable. It is not mandatory to do this, but is strongly recommended. + +=item C, C, C + +Properties with these names are used by encoders (see L) and decoders (see L). + +=back + =head1 SYNTAX The lexical syntax in EBNF is given by: @@ -167,7 +199,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/doc/man7/provider-base.pod openssl-3.5.6/doc/man7/provider-base.pod --- openssl-3.5.5/doc/man7/provider-base.pod 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/doc/man7/provider-base.pod 2026-04-07 14:26:30.000000000 +0200 @@ -141,7 +141,8 @@ static ossl_inline OSSL_NAME_core_gettable_params_fn OSSL_FUNC_core_gettable_params(const OSSL_DISPATCH *opf); -L arrays are indexed by numbers that are provided as +L array entries contain a I field that +identifies the function. The I numbers are provided as macros in L, as follows: For I (the L array passed from F to the @@ -1016,7 +1017,7 @@ =head1 COPYRIGHT -Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/exporters/cmake/OpenSSLConfig.cmake.in openssl-3.5.6/exporters/cmake/OpenSSLConfig.cmake.in --- openssl-3.5.5/exporters/cmake/OpenSSLConfig.cmake.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/exporters/cmake/OpenSSLConfig.cmake.in 2026-04-07 14:26:30.000000000 +0200 @@ -1,4 +1,5 @@ # Generated by OpenSSL +# {- $OpenSSL::safe::installdata::COMMENT // "" -} {- use lib catdir($config{sourcedir}, 'Configurations'); use platform; diff -Nru openssl-3.5.5/exporters/cmake/OpenSSLConfigVersion.cmake.in openssl-3.5.6/exporters/cmake/OpenSSLConfigVersion.cmake.in --- openssl-3.5.5/exporters/cmake/OpenSSLConfigVersion.cmake.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/exporters/cmake/OpenSSLConfigVersion.cmake.in 2026-04-07 14:26:30.000000000 +0200 @@ -1,4 +1,5 @@ # Generated by OpenSSL +# {- $OpenSSL::safe::installdata::COMMENT // "" -} set(PACKAGE_VERSION {- $config{version} -}) diff -Nru openssl-3.5.5/exporters/pkg-config/libcrypto.pc.in openssl-3.5.6/exporters/pkg-config/libcrypto.pc.in --- openssl-3.5.5/exporters/pkg-config/libcrypto.pc.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/exporters/pkg-config/libcrypto.pc.in 2026-04-07 14:26:30.000000000 +0200 @@ -1,3 +1,4 @@ +# {- $OpenSSL::safe::installdata::COMMENT // "" -} prefix={- $OpenSSL::safe::installdata::PREFIX[0] -} exec_prefix=${prefix} libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) { diff -Nru openssl-3.5.5/exporters/pkg-config/libssl.pc.in openssl-3.5.6/exporters/pkg-config/libssl.pc.in --- openssl-3.5.5/exporters/pkg-config/libssl.pc.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/exporters/pkg-config/libssl.pc.in 2026-04-07 14:26:30.000000000 +0200 @@ -1,3 +1,4 @@ +# {- $OpenSSL::safe::installdata::COMMENT // "" -} prefix={- $OpenSSL::safe::installdata::PREFIX[0] -} exec_prefix=${prefix} libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) { diff -Nru openssl-3.5.5/exporters/pkg-config/openssl.pc.in openssl-3.5.6/exporters/pkg-config/openssl.pc.in --- openssl-3.5.5/exporters/pkg-config/openssl.pc.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/exporters/pkg-config/openssl.pc.in 2026-04-07 14:26:30.000000000 +0200 @@ -1,3 +1,4 @@ +# {- $OpenSSL::safe::installdata::COMMENT // "" -} prefix={- $OpenSSL::safe::installdata::PREFIX[0] -} exec_prefix=${prefix} libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) { diff -Nru openssl-3.5.5/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm --- openssl-3.5.5/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm 2026-04-07 14:26:30.000000000 +0200 @@ -122,8 +122,8 @@ =head1 SOURCE -The development version is on github at L -and may be cloned from L +The development version is on github at L +and may be cloned from L =head1 BUGS diff -Nru openssl-3.5.5/external/perl/Text-Template-1.56/lib/Text/Template.pm openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template.pm --- openssl-3.5.5/external/perl/Text-Template-1.56/lib/Text/Template.pm 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template.pm 2026-04-07 14:26:30.000000000 +0200 @@ -2337,8 +2337,8 @@ =head1 SOURCE -The development version is on github at L -and may be cloned from L +The development version is on github at L +and may be cloned from L =head1 BUGS diff -Nru openssl-3.5.5/include/crypto/aes_platform.h openssl-3.5.6/include/crypto/aes_platform.h --- openssl-3.5.5/include/crypto/aes_platform.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/crypto/aes_platform.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,7 +77,9 @@ #define HWAES_xts_decrypt aes_p8_xts_decrypt #endif /* OPENSSL_SYS_MACOSX */ #if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX) +#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ #define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300) +#endif #define AES_GCM_ENC_BYTES 128 #define AES_GCM_DEC_BYTES 128 size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, diff -Nru openssl-3.5.5/include/crypto/evp.h openssl-3.5.6/include/crypto/evp.h --- openssl-3.5.5/include/crypto/evp.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/crypto/evp.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -488,17 +488,17 @@ BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) -#define BLOCK_CIPHER_defs(cname, kstruct, \ - nid, block_size, key_len, iv_len, cbits, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ - flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ - flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ - BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ - init_key, cleanup, set_asn1, get_asn1, ctrl) +#define BLOCK_CIPHER_defs(cname, kstruct, \ + nid, block_size, key_len, iv_len, cbits, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ + flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ + BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ + init_key, cleanup, set_asn1, get_asn1, ctrl) /*- #define BLOCK_CIPHER_defs(cname, kstruct, \ diff -Nru openssl-3.5.5/include/crypto/httperr.h openssl-3.5.6/include/crypto/httperr.h --- openssl-3.5.5/include/crypto/httperr.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/crypto/httperr.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.5.5/include/crypto/sparc_arch.h openssl-3.5.6/include/crypto/sparc_arch.h --- openssl-3.5.5/include/crypto/sparc_arch.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/crypto/sparc_arch.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,10 +79,14 @@ #if defined(__arch64__) +/* clang-format off */ #define SPARC_LOAD_ADDRESS(SYM, reg) \ - setx SYM, % o7, reg; + setx SYM, %o7, reg; +/* clang-format on */ #define LDPTR ldx -#define SIZE_T_CC % xcc +/* clang-format off */ +#define SIZE_T_CC %xcc +/* clang-format on */ #define STACK_FRAME 192 #define STACK_BIAS 2047 #define STACK_7thARG (STACK_BIAS + 176) @@ -92,7 +96,9 @@ #define SPARC_LOAD_ADDRESS(SYM, reg) \ set SYM, reg; #define LDPTR ld -#define SIZE_T_CC % icc +/* clang-format off */ +#define SIZE_T_CC %icc +/* clang-format on */ #define STACK_FRAME 112 #define STACK_BIAS 0 #define STACK_7thARG 92 diff -Nru openssl-3.5.5/include/crypto/sparse_array.h openssl-3.5.6/include/crypto/sparse_array.h --- openssl-3.5.5/include/crypto/sparse_array.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/crypto/sparse_array.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -62,7 +62,7 @@ } \ static ossl_unused ossl_inline int \ ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) * sa, \ - ossl_uintmax_t n, ctype * val) \ + ossl_uintmax_t n, ctype *val) \ { \ return ossl_sa_set((OPENSSL_SA *)sa, n, (void *)val); \ } \ diff -Nru openssl-3.5.5/include/internal/time.h openssl-3.5.6/include/internal/time.h --- openssl-3.5.5/include/internal/time.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/internal/time.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -54,9 +54,8 @@ OSSL_SAFE_MATH_UNSIGNED(time, uint64_t) /* Convert a tick count into a time */ -static ossl_unused ossl_inline - OSSL_TIME - ossl_ticks2time(uint64_t ticks) +static ossl_unused ossl_inline OSSL_TIME +ossl_ticks2time(uint64_t ticks) { OSSL_TIME r; @@ -65,9 +64,8 @@ } /* Convert a time to a tick count */ -static ossl_unused ossl_inline - uint64_t - ossl_time2ticks(OSSL_TIME t) +static ossl_unused ossl_inline uint64_t +ossl_time2ticks(OSSL_TIME t) { return t.t; } @@ -76,16 +74,14 @@ OSSL_TIME ossl_time_now(void); /* The beginning and end of the time range */ -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_zero(void) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_zero(void) { return ossl_ticks2time(0); } -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_infinite(void) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_infinite(void) { return ossl_ticks2time(~(uint64_t)0); } @@ -114,9 +110,8 @@ } /* Convert timeval to time */ -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_from_timeval(struct timeval tv) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_from_timeval(struct timeval tv) { OSSL_TIME t; @@ -137,9 +132,8 @@ } /* Convert time_t to OSSL_TIME */ -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_from_time_t(time_t t) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_from_time_t(time_t t) { OSSL_TIME ot; @@ -170,9 +164,8 @@ return ossl_time_compare(t, ossl_time_infinite()) == 0; } -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_add(OSSL_TIME a, OSSL_TIME b) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_add(OSSL_TIME a, OSSL_TIME b) { OSSL_TIME r; int err = 0; @@ -181,9 +174,8 @@ return err ? ossl_time_infinite() : r; } -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_subtract(OSSL_TIME a, OSSL_TIME b) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_subtract(OSSL_TIME a, OSSL_TIME b) { OSSL_TIME r; int err = 0; @@ -193,17 +185,15 @@ } /* Returns |a - b|. */ -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_abs_difference(OSSL_TIME a, OSSL_TIME b) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_abs_difference(OSSL_TIME a, OSSL_TIME b) { return a.t > b.t ? ossl_time_subtract(a, b) : ossl_time_subtract(b, a); } -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_multiply(OSSL_TIME a, uint64_t b) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_multiply(OSSL_TIME a, uint64_t b) { OSSL_TIME r; int err = 0; @@ -212,9 +202,8 @@ return err ? ossl_time_infinite() : r; } -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_divide(OSSL_TIME a, uint64_t b) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_divide(OSSL_TIME a, uint64_t b) { OSSL_TIME r; int err = 0; @@ -223,9 +212,8 @@ return err ? ossl_time_zero() : r; } -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_muldiv(OSSL_TIME a, uint64_t b, uint64_t c) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_muldiv(OSSL_TIME a, uint64_t b, uint64_t c) { OSSL_TIME r; int err = 0; @@ -235,17 +223,15 @@ } /* Return higher of the two given time values. */ -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_max(OSSL_TIME a, OSSL_TIME b) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_max(OSSL_TIME a, OSSL_TIME b) { return a.t > b.t ? a : b; } /* Return the lower of the two given time values. */ -static ossl_unused ossl_inline - OSSL_TIME - ossl_time_min(OSSL_TIME a, OSSL_TIME b) +static ossl_unused ossl_inline OSSL_TIME +ossl_time_min(OSSL_TIME a, OSSL_TIME b) { return a.t < b.t ? a : b; } diff -Nru openssl-3.5.5/include/openssl/cmp.h.in openssl-3.5.6/include/openssl/cmp.h.in --- openssl-3.5.5/include/openssl/cmp.h.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/openssl/cmp.h.in 2026-04-07 14:26:30.000000000 +0200 @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -197,6 +197,8 @@ * -- CertReqMsg * } */ +#define OSSL_CMP_PKISTATUS_rejected_by_client -5 +#define OSSL_CMP_PKISTATUS_checking_response -4 #define OSSL_CMP_PKISTATUS_request -3 #define OSSL_CMP_PKISTATUS_trans -2 #define OSSL_CMP_PKISTATUS_unspecified -1 diff -Nru openssl-3.5.5/include/openssl/core_dispatch.h openssl-3.5.6/include/openssl/core_dispatch.h --- openssl-3.5.5/include/openssl/core_dispatch.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/openssl/core_dispatch.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -162,16 +162,16 @@ OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, const char *mode)) OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_membuf, (const void *buf, int len)) -OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO * bio, void *data, size_t data_len, size_t *bytes_read)) -OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO * bio, const void *data, size_t data_len, size_t *written)) -OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO * bio, char *buf, int size)) -OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO * bio, const char *str)) -OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO * bio)) -OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO * bio)) -OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO * bio, const char *format, va_list args)) +OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read)) +OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, size_t data_len, size_t *written)) +OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO *bio, char *buf, int size)) +OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO *bio, const char *str)) +OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO *bio)) +OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio)) +OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, va_list args)) OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf, (char *buf, size_t n, const char *fmt, va_list args)) -OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO * bio, int cmd, long num, void *ptr)) +OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, int cmd, long num, void *ptr)) /* New seeding functions prototypes with the 101-104 series */ #define OSSL_FUNC_CLEANUP_USER_ENTROPY 96 @@ -180,9 +180,9 @@ #define OSSL_FUNC_GET_USER_NONCE 99 #define OSSL_FUNC_INDICATOR_CB 95 -OSSL_CORE_MAKE_FUNC(void, indicator_cb, (OPENSSL_CORE_CTX * ctx, OSSL_INDICATOR_CALLBACK **cb)) +OSSL_CORE_MAKE_FUNC(void, indicator_cb, (OPENSSL_CORE_CTX *ctx, OSSL_INDICATOR_CALLBACK **cb)) #define OSSL_FUNC_SELF_TEST_CB 100 -OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX * ctx, OSSL_CALLBACK **cb, void **cbarg)) +OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg)) /* Functions to get seed material from the operating system */ #define OSSL_FUNC_GET_ENTROPY 101 @@ -257,26 +257,26 @@ /* Libssl related functions */ #define OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND 2001 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_crypto_send, - (SSL * s, const unsigned char *buf, size_t buf_len, + (SSL *s, const unsigned char *buf, size_t buf_len, size_t *consumed, void *arg)) #define OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD 2002 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_crypto_recv_rcd, - (SSL * s, const unsigned char **buf, size_t *bytes_read, + (SSL *s, const unsigned char **buf, size_t *bytes_read, void *arg)) #define OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RELEASE_RCD 2003 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_crypto_release_rcd, - (SSL * s, size_t bytes_read, void *arg)) + (SSL *s, size_t bytes_read, void *arg)) #define OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET 2004 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_yield_secret, - (SSL * s, uint32_t prot_level, int direction, + (SSL *s, uint32_t prot_level, int direction, const unsigned char *secret, size_t secret_len, void *arg)) #define OSSL_FUNC_SSL_QUIC_TLS_GOT_TRANSPORT_PARAMS 2005 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_got_transport_params, - (SSL * s, const unsigned char *params, size_t params_len, + (SSL *s, const unsigned char *params, size_t params_len, void *arg)) #define OSSL_FUNC_SSL_QUIC_TLS_ALERT 2006 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_alert, - (SSL * s, unsigned char alert_code, void *arg)) + (SSL *s, unsigned char alert_code, void *arg)) /* Operations */ diff -Nru openssl-3.5.5/include/openssl/httperr.h openssl-3.5.6/include/openssl/httperr.h --- openssl-3.5.5/include/openssl/httperr.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/openssl/httperr.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,7 @@ */ #define HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN 108 #define HTTP_R_CONNECT_FAILURE 100 +#define HTTP_R_CONTENT_TYPE_MISMATCH 131 #define HTTP_R_ERROR_PARSING_ASN1_LENGTH 109 #define HTTP_R_ERROR_PARSING_CONTENT_LENGTH 119 #define HTTP_R_ERROR_PARSING_URL 101 diff -Nru openssl-3.5.5/include/openssl/macros.h openssl-3.5.6/include/openssl/macros.h --- openssl-3.5.5/include/openssl/macros.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/openssl/macros.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -168,6 +168,7 @@ * 'no-deprecated'. */ +#undef OPENSSL_NO_DEPRECATED_3_5 #undef OPENSSL_NO_DEPRECATED_3_4 #undef OPENSSL_NO_DEPRECATED_3_1 #undef OPENSSL_NO_DEPRECATED_3_0 diff -Nru openssl-3.5.5/include/openssl/rsa.h openssl-3.5.6/include/openssl/rsa.h --- openssl-3.5.5/include/openssl/rsa.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/openssl/rsa.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -334,13 +334,13 @@ DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) DECLARE_ASN1_DUP_FUNCTION(RSA_PSS_PARAMS) -typedef struct rsa_oaep_params_st { +struct rsa_oaep_params_st { X509_ALGOR *hashFunc; X509_ALGOR *maskGenFunc; X509_ALGOR *pSourceFunc; /* Decoded hash algorithm from maskGenFunc */ X509_ALGOR *maskHash; -} RSA_OAEP_PARAMS; +}; DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) diff -Nru openssl-3.5.5/include/openssl/types.h openssl-3.5.6/include/openssl/types.h --- openssl-3.5.5/include/openssl/types.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/include/openssl/types.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -155,7 +155,9 @@ typedef struct rsa_st RSA; typedef struct rsa_meth_st RSA_METHOD; #endif + typedef struct rsa_pss_params_st RSA_PSS_PARAMS; +typedef struct rsa_oaep_params_st RSA_OAEP_PARAMS; #ifndef OPENSSL_NO_DEPRECATED_3_0 typedef struct ec_key_st EC_KEY; diff -Nru openssl-3.5.5/NEWS.md openssl-3.5.6/NEWS.md --- openssl-3.5.5/NEWS.md 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/NEWS.md 2026-04-07 14:26:30.000000000 +0200 @@ -23,6 +23,36 @@ OpenSSL 3.5 ----------- +### Major changes between OpenSSL 3.5.5 and OpenSSL 3.5.6 [7 Apr 2026] + +OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this +release is Medium. + +This release incorporates the following bug fixes and mitigations: + + * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation. + ([CVE-2026-31790]) + + * Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword + is used in the server-side configuration of the key-agreement group list. + ([CVE-2026-2673]) + + * Fixed potential use-after-free in DANE client code. + ([CVE-2026-28387]) + + * Fixed NULL pointer dereference when processing a delta CRL. + ([CVE-2026-28388]) + + * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo. + ([CVE-2026-28389]) + + * Fixed possible NULL dereference when processing CMS + KeyTransportRecipientInfo. + ([CVE-2026-28390]) + + * Fixed heap buffer overflow in hexadecimal conversion. + ([CVE-2026-31789]) + ### Major changes between OpenSSL 3.5.4 and OpenSSL 3.5.5 [27 Jan 2026] OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this @@ -758,7 +788,7 @@ ### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020] - * Fixed an overflow bug in the x64_64 Montgomery squaring procedure + * Fixed an overflow bug in the x86_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli ([CVE-2019-1551]) ### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019] @@ -1988,201 +2018,208 @@ * Support for various new platforms -[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796 -[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795 -[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421 -[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420 -[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419 -[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418 -[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160 -[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199 -[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469 -[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468 -[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467 -[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187 -[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232 -[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231 -[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230 -[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575 -[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176 -[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143 -[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119 -[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535 -[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741 -[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603 -[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511 -[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 -[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 -[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 -[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 -[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 -[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 -[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 -[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 -[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975 -[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650 -[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255 -[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466 -[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465 -[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464 -[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 -[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 -[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 -[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 -[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 -[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 -[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 -[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 -[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 -[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 -[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097 -[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 -[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967 -[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563 -[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559 -[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552 -[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551 -[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549 -[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547 -[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543 -[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407 -[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739 -[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737 -[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735 -[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734 -[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733 -[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732 -[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738 -[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737 -[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736 -[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735 -[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733 -[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732 -[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731 -[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730 -[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055 -[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054 -[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053 -[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052 -[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309 -[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308 -[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307 -[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306 -[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305 -[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304 -[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303 -[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302 -[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183 -[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182 -[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181 -[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180 -[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179 -[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178 -[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177 -[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176 -[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109 -[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107 -[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106 -[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105 -[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800 -[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799 -[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798 -[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797 -[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705 -[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702 -[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701 -[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197 -[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196 -[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195 -[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194 -[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193 -[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793 -[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792 -[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791 -[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790 -[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789 -[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788 -[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787 -[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293 -[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291 -[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290 -[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289 -[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288 -[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287 -[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286 -[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285 -[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209 -[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208 -[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207 -[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206 -[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205 -[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204 -[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275 -[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139 -[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572 -[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571 -[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570 -[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569 -[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568 -[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567 -[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566 -[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513 -[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512 -[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511 -[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510 -[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509 -[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508 -[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507 -[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506 -[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505 -[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470 -[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224 -[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221 -[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198 -[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195 -[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160 -[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076 -[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450 -[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449 -[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353 -[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169 -[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166 -[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686 -[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333 -[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110 -[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884 -[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050 -[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027 -[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619 -[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577 -[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576 -[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108 -[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210 -[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207 -[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014 -[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298 -[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252 -[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180 -[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864 -[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939 -[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633 -[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740 -[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433 -[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555 -[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789 -[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591 -[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590 -[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077 -[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343 -[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339 -[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737 -[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940 -[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937 -[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969 -[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html [CHANGES.md]: ./CHANGES.md -[README-QUIC.md]: ./README-QUIC.md -[issue tracker]: https://github.com/openssl/openssl/issues [CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program +[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969 +[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937 +[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940 +[CVE-2006-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3737 +[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339 +[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343 +[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077 +[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590 +[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591 +[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789 +[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555 +[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433 +[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740 +[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633 +[CVE-2010-2939]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-2939 +[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864 +[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180 +[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252 +[CVE-2010-5298]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-5298 +[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014 +[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207 +[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210 +[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108 +[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576 +[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577 +[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619 +[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027 +[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050 +[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884 +[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110 +[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333 +[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686 +[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166 +[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169 +[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353 +[CVE-2013-6449]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6449 +[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450 +[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076 +[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160 +[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195 +[CVE-2014-0198]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0198 +[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221 +[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224 +[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470 +[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505 +[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506 +[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507 +[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508 +[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509 +[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510 +[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511 +[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512 +[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513 +[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566 +[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567 +[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568 +[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569 +[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570 +[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571 +[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572 +[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139 +[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275 +[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204 +[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205 +[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206 +[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207 +[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208 +[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209 +[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285 +[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286 +[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287 +[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288 +[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289 +[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290 +[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291 +[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293 +[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787 +[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788 +[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789 +[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790 +[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791 +[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792 +[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793 +[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193 +[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194 +[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195 +[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196 +[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197 +[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701 +[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702 +[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705 +[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797 +[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798 +[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799 +[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800 +[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105 +[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106 +[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107 +[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109 +[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176 +[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177 +[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178 +[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179 +[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180 +[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181 +[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182 +[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183 +[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302 +[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303 +[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304 +[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305 +[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306 +[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307 +[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308 +[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309 +[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052 +[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053 +[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054 +[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055 +[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730 +[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731 +[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732 +[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733 +[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735 +[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736 +[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737 +[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738 +[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732 +[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733 +[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734 +[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735 +[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737 +[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739 +[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407 +[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543 +[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547 +[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549 +[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551 +[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552 +[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559 +[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563 +[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967 +[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971 +[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097 +[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274 +[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996 +[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203 +[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304 +[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450 +[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215 +[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216 +[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217 +[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286 +[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401 +[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464 +[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465 +[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466 +[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255 +[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650 +[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975 +[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446 +[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817 +[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807 +[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363 +[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678 +[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129 +[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237 +[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727 +[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511 +[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603 +[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741 +[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535 +[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119 +[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143 +[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176 +[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575 +[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230 +[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231 +[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232 +[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187 +[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467 +[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468 +[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469 +[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199 +[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160 +[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418 +[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419 +[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420 +[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421 +[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673 +[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795 +[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796 +[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387 +[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388 +[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389 +[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390 +[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789 +[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790 [ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations +[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html +[README-QUIC.md]: ./README-QUIC.md +[issue tracker]: https://github.com/openssl/openssl/issues [jitterentropy-library]: https://github.com/smuellerDD/jitterentropy-library diff -Nru openssl-3.5.5/providers/fips/self_test.c openssl-3.5.6/providers/fips/self_test.c --- openssl-3.5.5/providers/fips/self_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/fips/self_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -101,7 +101,9 @@ init(); break; case DLL_PROCESS_DETACH: +#ifndef __CYGWIN__ cleanup(); +#endif break; default: break; diff -Nru openssl-3.5.5/providers/fips/self_test_kats.c openssl-3.5.6/providers/fips/self_test_kats.c --- openssl-3.5.5/providers/fips/self_test_kats.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/fips/self_test_kats.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1025,6 +1025,8 @@ EVP_RAND *rand; unsigned int strength = 256; EVP_RAND_CTX *parent_rand = NULL; + int reseed_time_interval = 0; + unsigned int reseed_requests = 0; OSSL_PARAM drbg_params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; @@ -1071,7 +1073,12 @@ EVP_RAND_CTX_free(parent_rand); parent_rand = NULL; - if (!EVP_RAND_instantiate(kat_rand, strength, 0, persstr, persstr_len, NULL)) + /* Disable time/request based reseeding to make selftests deterministic */ + drbg_params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, + &reseed_time_interval); + drbg_params[1] = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, + &reseed_requests); + if (!EVP_RAND_instantiate(kat_rand, strength, 0, persstr, persstr_len, drbg_params)) goto err; /* When we set the new private generator this one is freed, so upref it */ diff -Nru openssl-3.5.5/providers/fips.checksum openssl-3.5.6/providers/fips.checksum --- openssl-3.5.5/providers/fips.checksum 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/fips.checksum 2026-04-07 14:26:30.000000000 +0200 @@ -1 +1 @@ -7fb222f49c7b3a423c4bb2f62da17eae3e209cb3e9b9a9a3db624bcdfba3151a providers/fips-sources.checksums +541f8f3eafccc78db022af2226f0d6501b43a3d96e2e23fd7dffb29a80d218b8 providers/fips-sources.checksums diff -Nru openssl-3.5.5/providers/fips-sources.checksums openssl-3.5.6/providers/fips-sources.checksums --- openssl-3.5.5/providers/fips-sources.checksums 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/fips-sources.checksums 2026-04-07 14:26:30.000000000 +0200 @@ -10,12 +10,12 @@ 88b6f8396cd9d86004743d5c3b0f72b7b8c3d5a2b00b0bbb761ba91ae5a7cdc8 crypto/aes/asm/aes-mips.pl 7ff9c96ef3d591d45d776fa4b244601ea0d9328e289aeab1e1b92436ce7d02ad crypto/aes/asm/aes-parisc.pl f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b crypto/aes/asm/aes-ppc.pl -538ce0e80698d773c9419a9ca8892d61bc5b3cd1b071c5fc5f315d7f5573e96d crypto/aes/asm/aes-riscv32-zkn.pl -b5cdd6858b1eff7d17b29b78ac8c4a7642c0a74710f8b50821a6265328845aaf crypto/aes/asm/aes-riscv64-zkn.pl +f8cc2144b6cc9998d2c55ef446e451a31edde01eae624cb23de02b6b25b82420 crypto/aes/asm/aes-riscv32-zkn.pl +fe42d33e668beeadd43aa7e67cbe82d3ce3b92c3223c1cc0a34d5cac5b5d501d crypto/aes/asm/aes-riscv64-zkn.pl e1f3805332eb811d9d0c9377b67fe0681063364f1af84d8598f7daa30da65b4d crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl ecd9bdfaf25cdd3d8ec0c50cb4306d98374da1c6056e27e0cf31a057dc5ee150 crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl -d372152dac004b96a89f8531256bd05597ca0b614b444bb02aee93238dcf83ab crypto/aes/asm/aes-riscv64-zvkned.pl -f0388e17ba4268ed0b562da60e0780072180a824a379b79fafb60e25b8da3b52 crypto/aes/asm/aes-riscv64.pl +972e037dc955511eff7a371462af483e23dba86afeef25031abe1005eee635f3 crypto/aes/asm/aes-riscv64-zvkned.pl +f1d8b7a3da1ec053d38be4fc776fef1e4fba328bfa2bfd928c2a2cd3b14f08ff crypto/aes/asm/aes-riscv64.pl 290ae2a09826d24e83763415a021e328d41a163f41cff8c9e3b882e973677f33 crypto/aes/asm/aes-s390x.pl ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1 crypto/aes/asm/aes-sparcv9.pl 391497550eaca253f64b2aba7ba2e53c6bae7dff01583bc6bfc12e930bb7e217 crypto/aes/asm/aes-x86_64.pl @@ -59,11 +59,11 @@ 0b3350f56d423a4df918a08e90c7c66227c4449a9f9c44096eacc254ebc65f9f crypto/bn/asm/ppc64-mont-fixed.pl a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f crypto/bn/asm/ppc64-mont.pl b3aad31ab658eceaa9c5e734e19f39c33991f4839ab55b0cec8018020b1a305e crypto/bn/asm/rsaz-2k-avx512.pl -760cc579b8b464991177a337487bb32e22317cb47f69927232da76171c973954 crypto/bn/asm/rsaz-2k-avxifma.pl +03f6cc678f377c5cd953e8da135c5d76dc1cd011565118c99e25bff91e7271df crypto/bn/asm/rsaz-2k-avxifma.pl e914311420ae4486ab6000cc6ab424f04d8a042bda40ab8f288348dc9f0eb595 crypto/bn/asm/rsaz-3k-avx512.pl -b8424d830f41a038f3c98d8664c6cf7d2d3e1748cdce260db41fa3c74f1d88d9 crypto/bn/asm/rsaz-3k-avxifma.pl +95b11e0b04c38bde06d152dfde5ab970dab27cccdfeac998e1bc293e01520474 crypto/bn/asm/rsaz-3k-avxifma.pl e13bd2df8c591052ddf16a839072f43353841f9f35e0ac95f836511838dbc771 crypto/bn/asm/rsaz-4k-avx512.pl -afcf51a732c80eadae1650e22e4af34904112a8b95467087a16d9d2394934730 crypto/bn/asm/rsaz-4k-avxifma.pl +cf92b66c4032703b7ce03ff6aa36887d14e31a8861e7aa21c46a466ea4802851 crypto/bn/asm/rsaz-4k-avxifma.pl 6e47bf041e51d8086c4933c2a5da3ce6d1b136592984754461d59aa81e4995a6 crypto/bn/asm/rsaz-avx2.pl b42f6cf0fbf9eae58343df9629e7a9e5b8814195ea0c9882d7b143a0841cc018 crypto/bn/asm/rsaz-x86_64.pl 30fedf48dfc5fec1c2044b6c226dd9fc42a92522cc589797a23a79d452bdd2cf crypto/bn/asm/s390x-gf2m.pl @@ -73,7 +73,7 @@ ca21a9ccbc54e19fb7c2e6cdf286ce7cb08b0fba960c777c6edce5c57ccc2101 crypto/bn/asm/sparcv8.S fbc93c8dbbecefe66086f58fe9719ed87b13b2cdc61454a10e841228296fecef crypto/bn/asm/sparcv8plus.S 127832c1e3d298aad805236776488f5f8836b6a0fdbce3f6b42678163df3909f crypto/bn/asm/sparcv9-gf2m.pl -1622f04a8918724ac0e8804baf285fdafa0eeaaecc36c7facd459d0ff13a8cac crypto/bn/asm/sparcv9-mont.pl +0ad54f0cdf6a52ee0b0aab03800cb2b6beb39b138378b93e151cfd6b1aa2f2d6 crypto/bn/asm/sparcv9-mont.pl b69083f78b4b4f7097de4462d16649532fb82c453a82cdd9cc1393122661d6e2 crypto/bn/asm/sparcv9a-mont.pl d404375a21d33396824a3da212d6646d4f3150dd141ee4b4a250aefae3482efb crypto/bn/asm/via-mont.pl d24f3e97239c8eed5efc721521b025b7256c15e67a54ea6b5c4cf8f7cd0f89ea crypto/bn/asm/vis3-mont.pl @@ -89,26 +89,26 @@ d3b5f02a17ba1c71261f6dad0d4785846567c8a03368d41fc1a6ee7c45aaff78 crypto/bn/bn_const.c eee3d2710144b0e860c57e84f5adc6b2bf64fc27cbd202a8ca2630aefed3b84c crypto/bn/bn_conv.c 282f06fbdeb991d90337787c6407020e940b6d5e187a06866f1a7787c10a0c1b crypto/bn/bn_ctx.c -d84752b5835e9072cb93de0241f1f701933c61283a27679c1ba34e2bbd1bbf76 crypto/bn/bn_dh.c +b1b1c5fb8a45fde5755dfd5da62b68100b94f8c492c950719c108c384ea7f3c4 crypto/bn/bn_dh.c 4824f271f0ddc487b5991fbd92f7f7695aeeac234e076078f37da027999cdd88 crypto/bn/bn_div.c -306a4a4b671f299da0201719862a3ab4f76cd4a13d4d0baa214478603e5cf15d crypto/bn/bn_exp.c +d36b2be05469f144f52173616e413a7bdd836607fccf94cf543cc7f5a343b962 crypto/bn/bn_exp.c ce5219203bf869561297978d6d416357a441864cd801865503dfd455c481960c crypto/bn/bn_exp2.c 18ac3f6fe64225f72243689199839ea2ce2aa61d80b084bc4cd9efe1c7cc9d89 crypto/bn/bn_gcd.c b643fdcd91ad7dfcfa97a0bb235221b024b8a77faa7890f0bcb9681ea2c64c49 crypto/bn/bn_gf2m.c 73ee247467879d4ec984c9900dfe7761233c5b889b8762be37c7e8fdd6d1d210 crypto/bn/bn_intern.c ff147e5e032cc7c772b73a91fc6e24d8d9516e642d29354445d1f82d64b1d924 crypto/bn/bn_kron.c df9aebbdcca87fc5715dde430687fb516d8de0dac70c8910409fb73d6dd2305b crypto/bn/bn_lib.c -830e1932da4e8b409250a9dca0275b853a8d12bd6575649148aee5331180bbcd crypto/bn/bn_local.h +cd7bade0f2e223fe34f6e2f8cc87098ac8f0af96ec62ada5e67f6a2344d48ef0 crypto/bn/bn_local.h 364600145964d5154224fdda2c94ca6fdab2907837a385550b242350be7a1197 crypto/bn/bn_mod.c 39a8fe0bb625b4c11b74998ce6fd99b7655228aaa7d7ad3076f61741937ae14d crypto/bn/bn_mont.c c2a5230efbda6844b7b2eb10447b054496ae5029130d332536de6c3b12dc58a3 crypto/bn/bn_mpi.c 488dde761d25fb2eabd8acbea5b3b83520db7733480fab6499f60b8bf680b1ed crypto/bn/bn_mul.c e80177361897632ac9f013415dee8f6d2d942a8b51a4daf84fc7ba51d9d75270 crypto/bn/bn_nist.c -c7e1d12f14b20e0e34870060459581afcdd58d80097248de5187b9e72bbd7cf0 crypto/bn/bn_prime.c +0aa8a381dc6ed47746ec90aa739aff1eece4474d92abdd3f9036e7dcb72ee891 crypto/bn/bn_prime.c c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h af5af7057643ee8d35e3a2d5f7b55e37647db46700f2818edc295d727450d521 crypto/bn/bn_rand.c b5cc902624b3af2149c9ea91f9d18bea56302144e87dfe49105ec6789b73764b crypto/bn/bn_recp.c -4ff6338c3d30ed029b3e4fe509e08d9abf2e84b61c14bf466f642f097a8b7036 crypto/bn/bn_rsa_fips186_4.c +c4ef2dd742bcd76c40df08a3108a3cf2854d53e93ebf59bf549c3ebc3b0e47cc crypto/bn/bn_rsa_fips186_4.c 6889866bca4673bccb8adf870859a867757ccd3c8ad4652675615afff710add3 crypto/bn/bn_shift.c 97559e9e071a06b8cffa37b7df27af638de84c51d5da190a879752f39e2b6368 crypto/bn/bn_sqr.c c748baddfec6734bb50facbadf151a1f22f8a885c677acfb08b4f814e96f0d52 crypto/bn/bn_sqrt.c @@ -116,7 +116,7 @@ 2f048ca8e8ddc5e2b8b82775197f79334381dd90bab417b2855bfeee07b99db8 crypto/bn/rsaz_exp.c b89075a1c43de2e27a29db217c11c1fb4ec04f4270d0106c0679dd44f98eee58 crypto/bn/rsaz_exp.h 3c934b8abf163b95caf236647153d42d8d48f10f2f5f8b21c013362b1cb8aa8b crypto/bn/rsaz_exp_x2.c -21ddcc6948e81597c9b9e9823311cd1c315708819e85f29d5ff80dc72e14e562 crypto/bsearch.c +f6c72754667c90e3466243f9d21ce6a799db8e58c8b78b2707129dcc540adc3c crypto/bsearch.c 82117f6a7cfc31fc86ecd9629bd3bf614126b8e8b2c23717a03ff5c1db7c3c5c crypto/buffer/buffer.c 5f43844b5d8665de9ab895f93599150a327d73ec2674bbf7d7c512d30163022d crypto/c64xpluscpuid.pl 205f0be0317343b17003f261b427008aad1b31aacc6979c4557fc837e9548b92 crypto/cmac/cmac.c @@ -182,12 +182,12 @@ 5d3567b3b6d3922fd82641acff29ed12b1028e83eb0c175132ce7f3470b9db6c crypto/ec/ec2_smpl.c a1f22814f501780591da20de5e724895438094824fce440fd026850c46ad8149 crypto/ec/ec_asn1.c dfbccf591879eecbd9ed75da1fbe6c7b1672d07648fd43b37755dfe248253bb2 crypto/ec/ec_backend.c -7f19cebad4a94db291464b0d93006a87d15ccec93b94f725052a1037107a96be crypto/ec/ec_check.c +3a3c4f4767513b4fbbabdea2918d7c7d105eb573334a7fd893b866989463c4d2 crypto/ec/ec_check.c f3991bfc65a7371b84afd0cc328e3cbd4736edf7267e4b731dd82677bfab047a crypto/ec/ec_curve.c 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c add58bcaf43a28e66b3a6ec1f70ed9b0b4a4a0d40230e903a26a1ff1129649e0 crypto/ec/ec_key.c 35515133fb3c33c5736a9f744e835b9fc0775193357ab2492f11d0f63503c65e crypto/ec/ec_kmeth.c -ad6f566595be1d72ef97be7322949092c4530da57793ef5b722025738882410d crypto/ec/ec_lib.c +652a1544120bf0fecde46a8e18cc28fffcb7cd864be2e2b84c99d571ba320e64 crypto/ec/ec_lib.c 0d113ac5dbdb420ba3d1c060f4fa3300fc0a81b571a919c2b176022fdca89878 crypto/ec/ec_local.h b545e4539ef2483982f35ee05866060478722e329cfbc4990293b46ccfe5c93c crypto/ec/ec_mult.c c2a81f5f56d304038183ba6b02fdcba8767833f61773ec483e73b330b67ae59b crypto/ec/ec_oct.c @@ -206,9 +206,9 @@ 8e50fd1e60ad1ac824e704375096e41f4ae535e533a3334d78c481e34d9d0fb8 crypto/ec/ecx_key.c 3ba8412897cbf17881fbf23cec27a487b2c587348e1f859ec44e47f366877249 crypto/evp/asymcipher.c 1f64d4752074f954af4f290788e4332e3874ba3282bd03d3e1d1f5ce4b0888bc crypto/evp/dh_support.c -da3140dbda8a35cfe4a0748892a3e381e3988a94ddb945c2371922bb3010d96d crypto/evp/digest.c +0e9e206dd4b179ad09e1475949ce9ddb5bce0e0d66072477d94b7788c57e70d9 crypto/evp/digest.c 4ffc3fc5ee5f0dcadf1516f1cc29338f0f4d85c59881c06d5a777cf4e47a6d5f crypto/evp/ec_support.c -6f8a9bb4d8da878aab6bf5f4bef286a0045fee1b140a1f9151c830d03778f879 crypto/evp/evp_enc.c +8bf5ddf1c8e352a9f9241c7275d3a8cbbd633fc0f93f609158d15aee7af5a9d0 crypto/evp/evp_enc.c 8683c25d4bcb598375a04d4682399c9eef095225b49498afe819e5193e9cc117 crypto/evp/evp_fetch.c 75855fc64e44e5bbfb728d85014c65e8b0668faee26f0901aaa729c16679dee8 crypto/evp/evp_lib.c e997e921669076c51e230ccb2e36b1c6755fe408c61b1177d2aa67529cab15f3 crypto/evp/evp_local.h @@ -217,7 +217,7 @@ 8f4194bcc2e0de69236925aa7515bc31f36ed113dcd3cee5d71167ac770cdfdd crypto/evp/exchange.c 294284ad040fe4b74845f91b1903c961c757e1ef3fcc2ffa35f43f37f1655e64 crypto/evp/kdf_lib.c 532f0ff4ab32068f160016f39cd520fadfbd09b81b3b3b562bf543acafb38889 crypto/evp/kdf_meth.c -6669cf0969c6fcd4e3b240aad6335d159a8169aab891f1388822fe96c6ce0629 crypto/evp/kem.c +4e60c9e37106b9c28d646f7234d857e8520da953ed7d319531467d334b77a72e crypto/evp/kem.c 84cebe10a50c88d0db12a90ad751eae43c7ba2954bc9f42f0c1490d66eac5bb8 crypto/evp/keymgmt_lib.c 80a5e310a3c3f551ca8e1992793ffbddc525274f90dbf4f36217b57acbc8bd94 crypto/evp/keymgmt_meth.c 15654f58c113d6eb7100caacd00ceae68113edfd6a921f6af1bea4040fa58f5d crypto/evp/mac_lib.c @@ -238,7 +238,7 @@ bb208ef3a2c7ebdc518bd38f2f07a17cff356040f1c5d68eea13bd9275897a52 crypto/ffc/ffc_params_generate.c e9a500ddbe96cb5b302fd2db74fac0924a6ac45732df5ee1c09e82b19d06ccfd crypto/ffc/ffc_params_validate.c f172c8c2112ee82716a7bc3a3e05d5cc26188c66b9d768ac1ff906845063d2cc crypto/hashtable/hashfunc.c -16090065da6b94199e997c930d465c613633bf322e89e3e674993ec5a785580e crypto/hashtable/hashtable.c +653d1f67e01ce0e9dca48cf513df9e8864a0985ce9bfb094fc3f09d591e6f062 crypto/hashtable/hashtable.c 7a9af0b14f1463b36de0689bc434a318adcb7990bb23862bf1d2a0adf510583a crypto/hmac/hmac.c 907dd44e0bf873eebefcb4d82975b72ecec9e0f3c348c79314450fdaa78d4073 crypto/hmac/hmac_local.h 0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e crypto/ia64cpuid.S @@ -267,7 +267,7 @@ 36e24eae5d38cc9666ae40e4e8a2dc12328e1159fea68447cb19dab174d25adf crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl 33357356cd739d4ae89d52f0804b6900e4b94d8829323819c6f64c8908e978df crypto/modes/asm/aes-gcm-armv8_64.pl a91995f81b384b175ecf252690030bb068d6af64bfcdab2fe753484b2d07a184 crypto/modes/asm/aes-gcm-avx512.pl -038e4ac89aa7d1962058f2170efce9024804473a62ae90102c3989555a7858cc crypto/modes/asm/aes-gcm-ppc.pl +8fab6574aa99ee635d564dbe68b014562b61af37fa4f151210690837cdae6707 crypto/modes/asm/aes-gcm-ppc.pl dd0de5ca8913a941cfff781a42fba43227e133976a24d0fddebf63909f7e010a crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl 9dcd3be86cda832ebe0394f5a859a761f4b711f2010fb606457f754722c5fb84 crypto/modes/asm/aesni-gcm-x86_64.pl c2e874a8deb418b5d8c935b2e256370566a5150e040c9fa008cdb5b463c26904 crypto/modes/asm/ghash-alpha.pl @@ -293,9 +293,9 @@ 02e7659d8776f5885ebbc25b930ddec046262f92c9e8fa7e093f2a6a8d973a3b crypto/modes/wrap128.c 0a10e0cae6f4ac164afe97a64df09c8412145c8a25f387ff3a53ff7495572cbc crypto/modes/xts128.c 9a34ad9ae361f689b0b98c454092e89567d0bfc969c08a14c8001e60976920b2 crypto/modes/xts128gb.c -3f2c172dccf93227fc4b24f9960e1c0b01e987e1335dd9ab0e3c2d577195fed4 crypto/o_str.c +515e110e01867d6527bec758a264473b62cb7edff213816e2197faf6e96ec048 crypto/o_str.c 44594139dab6ada1f34f9c6887c97e258c1204b833a6c20f58097f17d0f1645e crypto/packet.c -05563d44cb345e7859093296f95a3ea5139fcc316e98fcb86c6748ee49363a84 crypto/param_build.c +a108cacd961b0e5a95d279c737926afa4636d8b89a2a912593b01916ea3ce43d crypto/param_build.c cae7bd4973d36edbdc3bdd8d2c8d157f2c4fcfae00fdf821b67aebb789bc8aa6 crypto/param_build_set.c d362864eab6707ba2f4efd65c91dd90d669721f2d8fdebc875fd1d2957154396 crypto/params.c c0e0ba07ca5d4acfe450e4ae53a10ed254097ed2f537f01a4a43a9f5b5cab501 crypto/params_dup.c @@ -317,9 +317,9 @@ dce7413b4c4e588c9a099c6fd7c6c9a397e034f259a2027d4ea8bdfe149164fa crypto/rcu_internal.h 0c1d3e0e857e9e4f84752a8ef0b619d8af0d81427b52facbd0174e685dac9a47 crypto/riscv32cpuid.pl 231263dffc16987f5288592ebf4c0738902d5146bfc16bcd8a157e044cb697da crypto/riscv64cpuid.pl -fff6a76f42f3caeff8244fffb379240e43570bc6caf25e4721471bc208b2be81 crypto/riscvcap.c +32e427d3d75f7b2d37e2765e2d2c111d45ca5871200be98e8943219dc475e458 crypto/riscvcap.c f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c -aadf059519d33f41b859216246d215330a0c73d18153df580927fdfa6ef51b8f crypto/rsa/rsa_backend.c +b1584c4a1a5f83a1fd43d854ce72bb11735aa34945f2b2f983228f36f27fdad2 crypto/rsa/rsa_backend.c 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e crypto/rsa/rsa_chk.c e762c599b17d5c89f4b1c9eb7d0ca1f04a95d815c86a3e72c30b231ce57fb199 crypto/rsa/rsa_crpt.c e666568eadfd01ff3e435364dee2575fca7ff3e6855b2c258fa1e4d04239d933 crypto/rsa/rsa_gen.c @@ -347,7 +347,7 @@ 33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034 crypto/sha/asm/keccak1600-c64x.pl 09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a crypto/sha/asm/keccak1600-mmx.pl 6689c3adaa270bd88026ca686ce76b8aaa83a7cadf3954d84d3cf89c044cc958 crypto/sha/asm/keccak1600-ppc64.pl -fea3ce181c7a33bc673e3a4607e0f737a3a3e5958a3826596fb911b1297e2ca4 crypto/sha/asm/keccak1600-s390x.pl +79dec13ccbee4a6758a22d92bfd5694565416219e48b6894dfb63c6b0029ae28 crypto/sha/asm/keccak1600-s390x.pl 3fb93b9440f5c3008b5c876a8106acc5f8d38f1afedd79381f0befec7dd7d72b crypto/sha/asm/keccak1600-x86_64.pl 831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d crypto/sha/asm/keccak1600p8-ppc.pl 75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007 crypto/sha/asm/sha1-586.pl @@ -391,7 +391,7 @@ 61ab6d7d7da9e65120ec59cfa9f5ede785502ae371696c3e4e04e039743ca111 crypto/sha/sha_local.h dfd99e02830973ab349409ac6ba0ee901ba7736216030965bd7e5a54356abd7c crypto/slh_dsa/slh_adrs.c c9b270de1259d9fa71a4d352786357bcf1dd3d22075edab84501e2f8e550b271 crypto/slh_dsa/slh_adrs.h -2aa41787214996542778a42eaf1bc754809f7d4d31185ac77424a3c686d6759c crypto/slh_dsa/slh_dsa.c +95d42ca839ff34a050a7006734a06c157ad259512c1a10b978e9f899efe69f12 crypto/slh_dsa/slh_dsa.c ab7b580b1cba302c5675918b457794a3b3d00aac42297312d9447bc6f6a40b09 crypto/slh_dsa/slh_dsa_hash_ctx.c 6a68c788eee184862cf90676324750fd4f17ca666b628ebc69b3b510d19ba819 crypto/slh_dsa/slh_dsa_key.c 4c7981f7db69025f52495c549fb3b3a76be62b9e13072c3f3b7f1dedeaf8cc91 crypto/slh_dsa/slh_dsa_key.h @@ -415,13 +415,13 @@ f06b08138d73b834471abc4a3ba43b2be838f7196c937c3e933694d6cd69f74d crypto/thread/arch/thread_win.c 55953eb5a84d03e8d915ee867ddf8ec8be8c5eb444ea0b21b12a040a57e2c2c1 crypto/thread/internal.c 2e5955d706b96c487e4875ffbe208fac15bdca06b33cee916d5343978c14efa1 crypto/threads_lib.c -0585d64ace8f607cde3ae8aba27eb203e2fd648d3226c7b87fc49350b1f53d36 crypto/threads_none.c -a8815d82ccf819040446fccc42984ee515341d7df14c896bee48d61aea55d2f4 crypto/threads_pthread.c -794e50fd64df6c4da259bd951117291aebb0859c8a47d657a2524e67df3a850b crypto/threads_win.c +ca77056d184232d6fcfe39328ab0b887a4fc939913209717fca65898ebbd45c0 crypto/threads_none.c +021afe4321ff954f3f4dd1b1d07a5e3e7778f7bccfaede08fab193d5752d9740 crypto/threads_pthread.c +1915c5e3de649873745479df5cc365c38cf56ecb2fa21be6a053055f97013dce crypto/threads_win.c 93f8fe09f96492a6be6772ddbf0cc37912fc2a90acb7faea378da1735fe20f6f crypto/time.c 88c5f9f4d2611223d283ebd2ae10ae5ecbb9972d00f747d93fcb74b62641e3f9 crypto/x86_64cpuid.pl 085d9fe93adf232f1ff838be9235046c2c2abe2daeb0e6342921d8f2e955dc18 crypto/x86cpuid.pl -0f089e0c6ab4091eebc1d3d54dbd18603fa4f90238fc6512610c3ec3469536ba include/crypto/aes_platform.h +6486afb23846d3c11c3a655e7e6cae24f8cdaf5dd4d6a887b5a04c53f52895b0 include/crypto/aes_platform.h 8b68c7b69b8da6e729789dbd99d45c341458786e2bc0e2c6c6a341e6792d6b10 include/crypto/asn1.h 9acd69adc80fbf9fa88fed4bcc7b3c0ba87e2add98d7ba311d8b092a2d5a0d2c include/crypto/asn1_dsa.h 21084935a7f88a5926a087832afe8bc6705b1a7813fe226eb4c0df12c753d3a4 include/crypto/bn.h @@ -449,7 +449,7 @@ 3f28391ed526d791a578e76a40961592e15ae2bf62b81d5924525e1f21684659 include/crypto/security_bits.h 70b36014254ca6cbe4126573ea6a71069cc278a6ceaa36412343f19b204c4c13 include/crypto/sha.h 127ede705ecfa8ec504e57cdee1210c5d7a9044121ff05d1dcf72955958346ed include/crypto/slh_dsa.h -8d50d439dd064b66fe349787228435d7a5ba4bc46917a1287c8d876f7faf37db include/crypto/sparse_array.h +df915f569207111cdb011e85ee0f40bcd169ac0a413cc858ccee0b5001cefbb5 include/crypto/sparse_array.h eb1f4f50bafdd357aa15b54f60f5ecde10876253038f00bf518fbf60840addc1 include/crypto/types.h fd5e610fe38804f5de05931706b8efc717663a892f74aa6aee30301ff5e31a25 include/internal/bio.h d32565e2b426131dc2415e60a97c94570ca982d29ddd97d2e23d6b9f73b1d81c include/internal/common.h @@ -490,7 +490,7 @@ fb5bdada32614d7214569dc111b8bbc43592886799f0536b844a64a2541727cb include/internal/thread.h a8fa7ddc1e54ca296bda9ee05a7a39bb7e803eb0567cc75a9b949b80cada7552 include/internal/thread_arch.h 1cc86957e734ce34acd949b9e9e9d588a6c82afb68a09c787fb69f5e4cb20b1a include/internal/thread_once.h -d9f5e7c10f41913a25f1ef89bedef6070ed3b8bb3c6ae2fe9f7d8993082d86f4 include/internal/time.h +07af0c702bf779720f6849dcc54b59235a5ac87513c77d6123aa334d71f5a7b3 include/internal/time.h 2a4f456b95ae6c60a1bd7be966400f7aa12f791ece6f2d31a22acae6fd77c623 include/internal/tlsgroups.h 79db205cd380711f09748b4ab020442050acaa0a8a940e2be38c4916e23dd1ff include/internal/to_hex.h 47c827eb0766d6aa82cec54648fc57b33a3dfec8539cab7bce161cf73455abaa include/internal/tsan_assist.h @@ -511,7 +511,7 @@ 4e195b6f7a734756e21c4269cc245b292e1a563aaec5644402929d0eac423c41 include/openssl/configuration.h.in f76830b31c947d86c2e6a302ab8df6b83076f8d29120bce9a58195551eb48e1a include/openssl/conftypes.h a013fca5cc6b5cc26eb1c76eaeba31e99408e88fe89c343a44cc0b22f8e63eab include/openssl/core.h -06eff5fb11c68f0fd4b70b0162517647afeefeff345e2541f7f2d820c97a8d95 include/openssl/core_dispatch.h +8486d6f6818911651b0f3ba02366a362b0d4d988f014089a4f3a3f6ecca7926c include/openssl/core_dispatch.h b47e5195bcf209e120858a2c671eaf0589fbd1baf1c5f69237ab94651772808a include/openssl/core_names.h.in e623d4e8d36d7e0f0825fe5cb48e1176be19c0bedc5053fce488aa48602f351c include/openssl/crypto.h.in 128ef415305b704d51461ab98c688c69fde868acb5f5f74c92b2d0517823e71a include/openssl/cryptoerr.h @@ -539,7 +539,7 @@ 1dc0dce58de44226fc0afb51073c39933fb65dfd3a0131c4eff17bcb93018665 include/openssl/indicator.h 36b0013002d44397aa41b021ec13433230221aa9722ce5fc31648f08d27ac448 include/openssl/kdf.h f4a6b9adcd0158222878f5c55e3b40c620361d328bc624ce22d4937c0c054fbf include/openssl/lhash.h.in -e7753bdc658187d6ac5fb51902c79bff929f3ad416fd907c02cd34568a30864c include/openssl/macros.h +3a6bbc7833212d862484513a0f1ec895450c8377290a644c17061051fecd162c include/openssl/macros.h 0da95b5743f5c12ba1a30c1ef84f9fe57ccd5816febb1b5fd3a4f573ec885cd8 include/openssl/ml_kem.h 06f0d4621c344401f280a4e69e48ba987a0600b7f52ee16b25c4620277b081f9 include/openssl/modes.h 6d40e3edc18bac56826b2beb9439e7e43a680867a0a9ae1d3f75e07dc72b024d include/openssl/obj_mac.h @@ -556,7 +556,7 @@ d0fffeeaf8a20f6c86e8a6bfaeb1eab7c00188b1844c109ead4232c8dfb3705b include/openssl/provider.h c467dcada2506c820e2dcb002dff9d797aaf9527c8778871d79d79a93bc673e7 include/openssl/rand.h 23d76dfea708747bdc2ffac41e25b156a22d2d0cb744323a3b9859c54bfbb98a include/openssl/randerr.h -c477f6a040cbd444318469a9f5899d368b4e42680ab7337f6859549bc55cf2af include/openssl/rsa.h +06dd86ec673693fc7c47a8b8489a72b648a56a667469064fbbfc91bcf20ad650 include/openssl/rsa.h 6f79765285a8244f6c1858b86db8e390e4bc6c7905a7e4576973316612f7b015 include/openssl/rsaerr.h 546e4277a9897ed5c01b9ab30168e82f4acf9a6a20da430ebf7dd698d5f888fc include/openssl/safestack.h.in 695683de2485c3b83d9116877f5d5ca3eb84a3bbb599f6bb02c9e595e7102b41 include/openssl/self_test.h @@ -565,7 +565,7 @@ d381d0b4113f0fa18b3e421eae303fc84daf84eacb1236cb6e9976409a2d33a9 include/openssl/symhacks.h fc527427bafa6862d9e3847c961dd6cbbcccc39d25762c65ad3b99fae9599e2e include/openssl/thread.h a481e8762c694b3dac0e74aac8626fe60fa94962a14914f1f6969ea1214c40b1 include/openssl/trace.h -1e0253d1f5487b8e92c39f8c3a15ee3030625c4d9735f9cdbbcc9974c213e925 include/openssl/types.h +9e04a3e9ca5352adffbdd75a5ea5237e8ff96a8c0a842368cc3a29de006b2ee7 include/openssl/types.h 62e0cddeedfc217ac02bf37f3669ccea8d0822a88a74a8ec82b844a85b2700aa include/openssl/x509.h.in 869959c3d557d2ace84f38b7a8d0f23b3b0854de7f952f46310e828af04554dd include/openssl/x509_vfy.h.in 5dbee881fe4e1f08a773e8bd34eeda7639be7c474a3d4d6e7c8d779e19c7eb2a include/openssl/x509err.h @@ -616,10 +616,10 @@ ef204adc49776214dbb299265bc4f2c40b48848cbea4c25b8029f2b46a5c9797 providers/fips/include/fips_indicator_params.inc f2581d7b4e105f2bb6d30908f3c2d9959313be08cec6dbeb49030c125a7676d3 providers/fips/include/fips_selftest_params.inc 7b80823bb5613e17e8576789ec77712d89c81e7beb6ce50b58037e925e465abd providers/fips/include/fipscommon.h -44a6e7b590de3d8a7711ac373348e4c9bc7a24dd57759897f2cb5db2cd8bba62 providers/fips/self_test.c +c00c429b0e022db3ef9b08b3400627a1f268fb071e84d0538fb68c060da6a3db providers/fips/self_test.c 5c2c6c2f69e2eb01b88fa35630f27948e00dd2c2fd351735c74f34ccb2005cbe providers/fips/self_test.h df83c901ad13675fbbb4708b6087feba6099870ad3dd0e8d09cfdb6798419770 providers/fips/self_test_data.inc -bc58582893d748a0a61662cf9363ad73c91f35f2956dbcafc8d1ed37039b15d3 providers/fips/self_test_kats.c +aab0bbdaa8e70f6cf9c3871d62b1efc6029cbe386c5d6318d7bc730da0fa8f19 providers/fips/self_test_kats.c d942921caa433ae9e62959b0ad1caad277b50d005ffc439c6d0e7b0886dba882 providers/implementations/asymciphers/rsa_enc.c c2f1b12c64fc369dfc3b9bc9e76a76de7280e6429adaee55d332eb1971ad1879 providers/implementations/ciphers/cipher_aes.c 6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6 providers/implementations/ciphers/cipher_aes.h @@ -639,7 +639,7 @@ 60c4f604cf9b5457be48f31cc24ca21729660381081b2dbf99f362a013a09684 providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc e2886780637db72b12c9bc488d81647ed55a7f5c850efd4bdbf88ef7127e1913 providers/implementations/ciphers/cipher_aes_hw.c 89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68 providers/implementations/ciphers/cipher_aes_hw_aesni.inc -e691fd1ee71c40bc76b01bbe2a6f027496a210a2e49e20908b87033552fc8c52 providers/implementations/ciphers/cipher_aes_ocb.c +d95dde2258887edca985237a0623855b49dd9e93d21407e9fcfe33497513be4c providers/implementations/ciphers/cipher_aes_ocb.c 88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f providers/implementations/ciphers/cipher_aes_ocb.h 6c3a89771719b36d6917d23464be5441836378393731af96ba165fd788df1a41 providers/implementations/ciphers/cipher_aes_ocb_hw.c c7aac28a9dca1ad46e5bce4de93e07dffec1f89fab82394c3ff7cf1bda8b483f providers/implementations/ciphers/cipher_aes_wrp.c @@ -653,7 +653,7 @@ 9cfdcc860a03b6e7ced8cc21bcbbc1c070c89aefab04b07f213c7a3db1895553 providers/implementations/ciphers/cipher_tdes.h 00b931090e26ce9a62ee4ea125586f439a9906db5d7b914ffc67d293a57c7c00 providers/implementations/ciphers/cipher_tdes_common.c cca34f1c7baf3a98964f7ce19a59e06d1eaf2ada121a0d4a438f4078a072b325 providers/implementations/ciphers/cipher_tdes_hw.c -5739bf4391b40a6715e25a03f42701e938b160e1189c33e72b21f57d4991586e providers/implementations/ciphers/ciphercommon.c +d2f418806c7ed45f118683bc13329573804592684e522efced0fd0921f4548fd providers/implementations/ciphers/ciphercommon.c ab9a2edb23aa61cf31da6addd8674a6028f93399eceeeee35a56ee770338fd6c providers/implementations/ciphers/ciphercommon_block.c 6b6090c233ddf29d819f2559361aeeae03505de7626a127628d5f0f6d3bce295 providers/implementations/ciphers/ciphercommon_ccm.c 6632a555d5bcd5af67d0355ce46c2906bb3a0dcdf1651595b29189c40a5ca675 providers/implementations/ciphers/ciphercommon_ccm_hw.c @@ -670,8 +670,8 @@ b1115636f53bf70f417b183cafeb6d38e230d11d8de731e6896ba60cc850d931 providers/implementations/exchange/kdf_exch.c 1644609260b996c1a46610d02474f991e1ee4bdff5d8175e759c49a92f2b5107 providers/implementations/include/prov/ciphercommon.h f1dd49b30604d9b8e948c135329a270a4d3e04857f7f9159a3e84f46a024d59d providers/implementations/include/prov/ciphercommon_aead.h -3226fc5162aff5b2e992b24944c49bc28855a47bbf69a789bc73ccabd886e9c0 providers/implementations/include/prov/ciphercommon_ccm.h -45885a39d0f9e30a8032c6020970389104c69b909d9699fd1c79335184fb17fa providers/implementations/include/prov/ciphercommon_gcm.h +af38be5b3d16c3ced0028bc9b3fbe957a6a817e23967bacc7df65566ba107edb providers/implementations/include/prov/ciphercommon_ccm.h +35d1c063e840c9cd5114c5e57b007a19868982a82d8e40a99b2935c9f1f5e05e providers/implementations/include/prov/ciphercommon_gcm.h 35596c97faf324823d19a01e1b5674c7a15f1a6e7ff1ef1c7d46400c2a68f63b providers/implementations/include/prov/digestcommon.h 1baf1c06b20a0eb8ec271452544922d67c1cc168dbe9853b259191de4bd99918 providers/implementations/include/prov/ecx.h b0d1f6fc3c9220fe6d4656e487bad8df16b6f840054018b95b2752ea9aef822d providers/implementations/include/prov/hmac_drbg.h @@ -694,7 +694,7 @@ 39207243a84beb670cb0e64b6d0fe7bfc6a3dd84000617b647a3ecf52a1da3c2 providers/implementations/kdfs/x942kdf.c 748af266d06006da10524f3a621c65b8c3eeddf8b1ccd06ecdc6b689564d220c providers/implementations/kem/ml_kem_kem.c 35549cec7031452bb5b46aa8a86028abc7a3a2b39f9f6564fa4bd402451bc647 providers/implementations/kem/mlx_kem.c -c764555b9dc9b273c280514a5d2d44156f82f3e99155a77c627f2c773209bcd7 providers/implementations/kem/rsa_kem.c +e89b894af920504160abfc11860b89b505d116d978162a02213f72500180903b providers/implementations/kem/rsa_kem.c aa13d72bc69a374db72b6d44e2f2c2ddd5f7bddbe16b950e3c4666d876c63735 providers/implementations/keymgmt/dh_kmgmt.c c0446d1b2101ddd977063516b87d23f424cdca33473f293db4c3974b674169b0 providers/implementations/keymgmt/dsa_kmgmt.c 2b98ba2124a86eae2adc7b88bfa26e47b548e9628b99180cc2cd841eed5ed8da providers/implementations/keymgmt/ec_kmgmt.c @@ -703,7 +703,7 @@ daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d providers/implementations/keymgmt/kdf_legacy_kmgmt.c 69b509e9c7fe9692622d1059917c3adb991c0047e11bc116f0a393a3a0539445 providers/implementations/keymgmt/mac_legacy_kmgmt.c 3c63e65bd1a6a2e853828205c015a50c38a82f2fee9bf6787dce6dab7331bb91 providers/implementations/keymgmt/ml_dsa_kmgmt.c -716e75fe56847f0c4c7bf7d86d78040ca575cdf1dcf63c1a93d351f0e836477f providers/implementations/keymgmt/ml_kem_kmgmt.c +30db36c6fe6b4449179488da1761e219d0c772a8fb8e74c8411d1e0f57e4aed2 providers/implementations/keymgmt/ml_kem_kmgmt.c 01d75c1eba93ed23f98130d6c308550d0ab2e44c5651101628861bc0238623d0 providers/implementations/keymgmt/mlx_kmgmt.c cd4b8129eaccbd77f9b6c725d3cb57b71109c4649115ec786b6495100afaddf2 providers/implementations/keymgmt/rsa_kmgmt.c d640cff1c46911b69866eb83f48beba42a1741bb1d3f1db6e7201077a57761fc providers/implementations/keymgmt/slh_dsa_kmgmt.c @@ -714,12 +714,12 @@ 0ebc5a48655a697231918644397308e64914c32421e9b8ee7afd7779b6a2fdb8 providers/implementations/rands/drbg.c d9e41abc1780bb253bdca6c58cc32af7d0a774e52c91fc5d64577f71defc52c2 providers/implementations/rands/drbg_ctr.c cf98646defb0b385d6ce4bedcd51559c9a03424491f4576ea7eb41e3db8a18b3 providers/implementations/rands/drbg_hash.c -45993825b1224097f6b9ea12643c09a09dc66beecfdfb3dd337d468931ab0f25 providers/implementations/rands/drbg_hmac.c +57561d4bd3a79e6a250310a989958409437dfa68b2818d5f0dbb8a5e7ef04bb7 providers/implementations/rands/drbg_hmac.c 841617c81d6d5eae5ea59064e8b45947d436d3e53b49283329d17016866d8f34 providers/implementations/rands/drbg_local.h 355bd437dde9ecd1da89f42691147f2b5cf9a012ff5f55062bf83b6bead1e181 providers/implementations/rands/fips_crng_test.c 4913fec58a2648fcec0e5a94dba9decab0505a6d725bed6eb861ce854db81df8 providers/implementations/rands/test_rng.c -74e60389dc5ab0a69701af0181b6a915fc87ce9a0874cc949f7e9e85ae4642e7 providers/implementations/signature/dsa_sig.c -ca090b1987debf6a30f17551b0be613f7a2e6ce0d07b0d6924e0f759a970af4d providers/implementations/signature/ecdsa_sig.c +c6c709dfd8b1be036e2a5232d3b21dc25f0150f2aae24cc7db6b09cd790a04ee providers/implementations/signature/dsa_sig.c +d10d611713a6d9aa5cdbe636f1ba90404043431fd1df01fc1a1ce8499bf96ad0 providers/implementations/signature/ecdsa_sig.c a837f69cb1aa5d0327372e26a63a8492b6ffb1156325f66e880c202011d07cbe providers/implementations/signature/eddsa_sig.c e0e67e402ff19b0d2eb5228d7ebd70b9477c12595ac34d6f201373d7c8a516f4 providers/implementations/signature/mac_legacy_sig.c 51251a1ca4c0b6faea059de5d5268167fe47565163317177d09db39978134f78 providers/implementations/signature/ml_dsa_sig.c diff -Nru openssl-3.5.5/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc openssl-3.5.6/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc --- openssl-3.5.5/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,8 +44,8 @@ static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len, const void *key, unsigned char ivec[16], u64 *Xi, int encrypt) { - int s = 0; - int ndone = 0; + size_t s = 0; + size_t ndone = 0; int ctr_reset = 0; u64 blocks_unused; u64 nb = len / 16; @@ -119,7 +119,7 @@ size_t res = (16 - ctx->gcm.mres) % 16; if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res)) - return -1; + return 0; bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res, ctx->gcm.key, diff -Nru openssl-3.5.5/providers/implementations/ciphers/cipher_aes_ocb.c openssl-3.5.6/providers/implementations/ciphers/cipher_aes_ocb.c --- openssl-3.5.5/providers/implementations/ciphers/cipher_aes_ocb.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/ciphers/cipher_aes_ocb.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,7 +27,7 @@ #define OCB_MIN_IV_LEN 1 #define OCB_MAX_IV_LEN 15 -PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX * ctx, const unsigned char *in, unsigned char *out, size_t nextblock)); +PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx, const unsigned char *in, unsigned char *out, size_t nextblock)); /* forward declarations */ static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit; static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit; diff -Nru openssl-3.5.5/providers/implementations/ciphers/ciphercommon.c openssl-3.5.6/providers/implementations/ciphers/ciphercommon.c --- openssl-3.5.5/providers/implementations/ciphers/ciphercommon.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/ciphers/ciphercommon.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -691,6 +691,10 @@ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } + if (ctx->blocksize > 0 && num >= (unsigned int)ctx->blocksize) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } ctx->num = num; } return 1; diff -Nru openssl-3.5.5/providers/implementations/include/prov/ciphercommon_ccm.h openssl-3.5.6/providers/implementations/include/prov/ciphercommon_ccm.h --- openssl-3.5.5/providers/implementations/include/prov/ciphercommon_ccm.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/include/prov/ciphercommon_ccm.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -48,13 +48,13 @@ const PROV_CCM_HW *hw; /* hardware specific methods */ } PROV_CCM_CTX; -PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX * ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len)); -PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX * ctx, const unsigned char *key, size_t keylen)); -PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX * dat, const unsigned char *iv, size_t ivlen, size_t mlen)); -PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX * ctx, const unsigned char *aad, size_t aadlen)); -PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX * ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen)); -PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX * ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen)); -PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX * ctx, unsigned char *tag, size_t taglen)); +PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len)); +PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, const unsigned char *key, size_t keylen)); +PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, const unsigned char *iv, size_t ivlen, size_t mlen)); +PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, const unsigned char *aad, size_t aadlen)); +PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen)); +PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen)); +PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, unsigned char *tag, size_t taglen)); /* * CCM Mode internal method table used to handle hardware specific differences, diff -Nru openssl-3.5.5/providers/implementations/include/prov/ciphercommon_gcm.h openssl-3.5.6/providers/implementations/include/prov/ciphercommon_gcm.h --- openssl-3.5.5/providers/implementations/include/prov/ciphercommon_gcm.h 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/include/prov/ciphercommon_gcm.h 2026-04-07 14:26:30.000000000 +0200 @@ -1,6 +1,6 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -81,12 +81,12 @@ ctr128_f ctr; } PROV_GCM_CTX; -PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX * ctx, const unsigned char *key, size_t keylen)); -PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX * dat, const unsigned char *iv, size_t ivlen)); -PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX * ctx, const unsigned char *aad, size_t aadlen)); -PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX * ctx, const unsigned char *in, size_t len, unsigned char *out)); -PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX * ctx, unsigned char *tag)); -PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX * ctx, unsigned char *aad, size_t aad_len, const unsigned char *in, size_t in_len, unsigned char *out, unsigned char *tag, size_t taglen)); +PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key, size_t keylen)); +PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv, size_t ivlen)); +PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx, const unsigned char *aad, size_t aadlen)); +PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx, const unsigned char *in, size_t len, unsigned char *out)); +PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag)); +PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, const unsigned char *in, size_t in_len, unsigned char *out, unsigned char *tag, size_t taglen)); struct prov_gcm_hw_st { OSSL_GCM_setkey_fn setkey; OSSL_GCM_setiv_fn setiv; diff -Nru openssl-3.5.5/providers/implementations/kdfs/pkcs12kdf.c openssl-3.5.6/providers/implementations/kdfs/pkcs12kdf.c --- openssl-3.5.5/providers/implementations/kdfs/pkcs12kdf.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/kdfs/pkcs12kdf.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -266,6 +266,15 @@ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_ITER)) != NULL) if (!OSSL_PARAM_get_uint64(p, &ctx->iter)) return 0; +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* + * If we're running the fuzzer, limit iteration count to + * 100 so we don't time out running the derivation for + * a really long time + */ + if (getenv("OPENSSL_RUNNING_UNIT_TESTS") == NULL && p != NULL && ctx->iter > 100) + ctx->iter = 100; +#endif return 1; } diff -Nru openssl-3.5.5/providers/implementations/kem/rsa_kem.c openssl-3.5.6/providers/implementations/kem/rsa_kem.c --- openssl-3.5.5/providers/implementations/kem/rsa_kem.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/kem/rsa_kem.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -316,17 +316,19 @@ return 0; /* Step(3): out = RSAEP((n,e), z) */ - ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING); - if (ret) { - ret = 1; - if (outlen != NULL) - *outlen = nlen; - if (secretlen != NULL) - *secretlen = nlen; - } else { + ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa, + RSA_NO_PADDING); + if (ret <= 0 || ret != (int)nlen) { OPENSSL_cleanse(secret, nlen); + return 0; } - return ret; + + if (outlen != NULL) + *outlen = nlen; + if (secretlen != NULL) + *secretlen = nlen; + + return 1; } /** diff -Nru openssl-3.5.5/providers/implementations/keymgmt/ml_kem_kmgmt.c openssl-3.5.6/providers/implementations/keymgmt/ml_kem_kmgmt.c --- openssl-3.5.5/providers/implementations/keymgmt/ml_kem_kmgmt.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/keymgmt/ml_kem_kmgmt.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -799,7 +799,7 @@ return; if (gctx->seed != NULL) - OPENSSL_cleanse(gctx->seed, ML_KEM_RANDOM_BYTES); + OPENSSL_cleanse(gctx->seed, ML_KEM_SEED_BYTES); OPENSSL_free(gctx->propq); OPENSSL_free(gctx); } diff -Nru openssl-3.5.5/providers/implementations/rands/drbg_hmac.c openssl-3.5.6/providers/implementations/rands/drbg_hmac.c --- openssl-3.5.5/providers/implementations/rands/drbg_hmac.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/rands/drbg_hmac.c 2026-04-07 14:26:30.000000000 +0200 @@ -437,7 +437,7 @@ p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST); if (p) { - if (OSSL_PARAM_get_utf8_string_ptr(p, &digest_name)) { + if (!OSSL_PARAM_get_utf8_string_ptr(p, &digest_name)) { ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR); goto done; } @@ -458,7 +458,7 @@ if (p == NULL) { hmac_name = "HMAC"; } else { - if (OSSL_PARAM_get_utf8_string_ptr(p, &hmac_name)) { + if (!OSSL_PARAM_get_utf8_string_ptr(p, &hmac_name)) { ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR); goto done; } diff -Nru openssl-3.5.5/providers/implementations/signature/dsa_sig.c openssl-3.5.6/providers/implementations/signature/dsa_sig.c --- openssl-3.5.5/providers/implementations/signature/dsa_sig.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/signature/dsa_sig.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -634,13 +634,14 @@ if (!ossl_prov_is_running()) return NULL; - dstctx = OPENSSL_zalloc(sizeof(*srcctx)); - if (dstctx == NULL) + if ((dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL) return NULL; - *dstctx = *srcctx; dstctx->dsa = NULL; dstctx->propq = NULL; + dstctx->md = NULL; + dstctx->mdctx = NULL; + dstctx->sig = NULL; if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa)) goto err; @@ -650,18 +651,15 @@ goto err; dstctx->md = srcctx->md; - if (srcctx->mdctx != NULL) { - dstctx->mdctx = EVP_MD_CTX_new(); - if (dstctx->mdctx == NULL - || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) - goto err; - } - - if (srcctx->propq != NULL) { - dstctx->propq = OPENSSL_strdup(srcctx->propq); - if (dstctx->propq == NULL) - goto err; - } + if (srcctx->mdctx != NULL + && (dstctx->mdctx = EVP_MD_CTX_dup(srcctx->mdctx)) == NULL) + goto err; + if (srcctx->propq != NULL + && ((dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL)) + goto err; + if (srcctx->sig != NULL + && ((dstctx->sig = OPENSSL_memdup(srcctx->sig, srcctx->siglen)) == NULL)) + goto err; return dstctx; err: @@ -972,6 +970,12 @@ if (!OSSL_PARAM_get_octet_string(p, (void **)&pdsactx->sig, 0, &pdsactx->siglen)) return 0; + /* The signature must not be empty */ + if (pdsactx->siglen == 0) { + OPENSSL_free(pdsactx->sig); + pdsactx->sig = NULL; + return 0; + } } } return 1; diff -Nru openssl-3.5.5/providers/implementations/signature/ecdsa_sig.c openssl-3.5.6/providers/implementations/signature/ecdsa_sig.c --- openssl-3.5.5/providers/implementations/signature/ecdsa_sig.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/signature/ecdsa_sig.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -630,40 +630,37 @@ PROV_ECDSA_CTX *srcctx = (PROV_ECDSA_CTX *)vctx; PROV_ECDSA_CTX *dstctx; - if (!ossl_prov_is_running()) - return NULL; - - dstctx = OPENSSL_zalloc(sizeof(*srcctx)); - if (dstctx == NULL) + /* Test KATS should not need to be supported */ + if (!ossl_prov_is_running() + || srcctx->kinv != NULL + || srcctx->r != NULL + || (dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL) return NULL; - *dstctx = *srcctx; dstctx->ec = NULL; dstctx->propq = NULL; + dstctx->md = NULL; + dstctx->mdctx = NULL; + dstctx->sig = NULL; if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec)) goto err; - /* Test KATS should not need to be supported */ - if (srcctx->kinv != NULL || srcctx->r != NULL) - goto err; dstctx->ec = srcctx->ec; if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) goto err; dstctx->md = srcctx->md; - if (srcctx->mdctx != NULL) { - dstctx->mdctx = EVP_MD_CTX_new(); - if (dstctx->mdctx == NULL - || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) - goto err; - } - - if (srcctx->propq != NULL) { - dstctx->propq = OPENSSL_strdup(srcctx->propq); - if (dstctx->propq == NULL) - goto err; - } + if (srcctx->mdctx != NULL + && ((dstctx->mdctx = EVP_MD_CTX_new()) == NULL + || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))) + goto err; + if (srcctx->propq != NULL + && (dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL) + goto err; + if (srcctx->sig != NULL + && (dstctx->sig = OPENSSL_memdup(srcctx->sig, srcctx->siglen)) == NULL) + goto err; return dstctx; err: @@ -990,6 +987,12 @@ if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sig, 0, &ctx->siglen)) return 0; + /* The signature must not be empty */ + if (ctx->siglen == 0) { + OPENSSL_free(ctx->sig); + ctx->sig = NULL; + return 0; + } } } return 1; diff -Nru openssl-3.5.5/providers/implementations/signature/sm2_sig.c openssl-3.5.6/providers/implementations/signature/sm2_sig.c --- openssl-3.5.5/providers/implementations/signature/sm2_sig.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/signature/sm2_sig.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -214,6 +214,12 @@ int ret = 0; unsigned char *aid = NULL; + /* + * Each EVP_Digest{Sign,Verify}Init_ex(3) starts with fresh content, that + * needs to recompute the "Z" digest. + */ + ctx->flag_compute_z_digest = 1; + if (!sm2sig_signature_init(vpsm2ctx, ec, params) || !sm2sig_set_mdname(ctx, mdname)) return ret; @@ -247,8 +253,6 @@ if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params)) goto error; - ctx->flag_compute_z_digest = 1; - ret = 1; error: diff -Nru openssl-3.5.5/providers/implementations/storemgmt/file_store.c openssl-3.5.6/providers/implementations/storemgmt/file_store.c --- openssl-3.5.5/providers/implementations/storemgmt/file_store.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/storemgmt/file_store.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -104,6 +104,8 @@ /* Expected object type. May be unspecified */ int expected_type; + /* Fatal error occurred. We should indicate EOF. */ + int fatal_error; }; static void free_file_ctx(struct file_ctx_st *ctx) @@ -559,8 +561,10 @@ /* Setup the decoders (one time shot per session */ - if (!file_setup_decoders(ctx)) + if (!file_setup_decoders(ctx)) { + ctx->fatal_error = 1; return 0; + } /* Setup for this object */ @@ -758,6 +762,9 @@ { struct file_ctx_st *ctx = loaderctx; + if (ctx->fatal_error) + return 1; + switch (ctx->type) { case IS_DIR: return ctx->_.dir.end_reached; diff -Nru openssl-3.5.5/providers/implementations/storemgmt/winstore_store.c openssl-3.5.6/providers/implementations/storemgmt/winstore_store.c --- openssl-3.5.5/providers/implementations/storemgmt/winstore_store.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/providers/implementations/storemgmt/winstore_store.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -272,8 +272,10 @@ const unsigned char *der_ = der; size_t der_len_ = der_len; - if (setup_decoder(ctx) == 0) + if (setup_decoder(ctx) == 0) { + ctx->state = STATE_EOF; return 0; + } data.object_cb = object_cb; data.object_cbarg = object_cbarg; diff -Nru openssl-3.5.5/ssl/quic/quic_impl.c openssl-3.5.6/ssl/quic/quic_impl.c --- openssl-3.5.5/ssl/quic/quic_impl.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/quic/quic_impl.c 2026-04-07 14:26:30.000000000 +0200 @@ -4504,6 +4504,10 @@ * to grab reference for qc. */ qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls); + if (qc->ch == NULL) { + QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL); + goto err; + } ossl_quic_channel_set_msg_callback(qc->ch, ql->obj.ssl.ctx->msg_callback, &qc->obj.ssl); ossl_quic_channel_set_msg_callback_arg(qc->ch, ql->obj.ssl.ctx->msg_callback_arg); @@ -4600,9 +4604,10 @@ int ret; QCTX ctx; SSL *conn_ssl = NULL; + SSL *conn_ssl_tmp = NULL; SSL_CONNECTION *conn = NULL; QUIC_CHANNEL *new_ch = NULL; - QUIC_CONNECTION *qc; + QUIC_CONNECTION *qc = NULL; int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0); if (!expect_quic_listener(ssl, &ctx)) @@ -4651,28 +4656,38 @@ * bound to new_ch. If channel constructor fails to create any item here * it just fails to create channel. */ - if (!ossl_assert((conn_ssl = ossl_quic_channel_get0_tls(new_ch)) != NULL) - || !ossl_assert((conn = SSL_CONNECTION_FROM_SSL(conn_ssl)) != NULL) - || !ossl_assert((conn_ssl = SSL_CONNECTION_GET_USER_SSL(conn)) != NULL)) + if (!ossl_assert((conn_ssl_tmp = ossl_quic_channel_get0_tls(new_ch)) != NULL) + || !ossl_assert((conn = SSL_CONNECTION_FROM_SSL(conn_ssl_tmp)) != NULL) + || !ossl_assert((conn_ssl_tmp = SSL_CONNECTION_GET_USER_SSL(conn)) != NULL)) goto out; - qc = (QUIC_CONNECTION *)conn_ssl; - qc->pending = 0; - if (!SSL_up_ref(&ctx.ql->obj.ssl)) { - /* - * You might expect ossl_quic_channel_free() to be called here. Be - * assured it happens, The process goes as follows: - * - The SSL_free() here is being handled by ossl_quic_free(). - * - The very last step of ossl_quic_free() is call to qc_cleanup() - * where channel gets freed. - */ - SSL_free(conn_ssl); + qc = (QUIC_CONNECTION *)conn_ssl_tmp; + if (SSL_up_ref(&ctx.ql->obj.ssl)) { + qc->listener = ctx.ql; + conn_ssl = conn_ssl_tmp; + conn_ssl_tmp = NULL; + qc->pending = 0; } - qc->listener = ctx.ql; out: qctx_unlock(&ctx); + /* + * You might expect ossl_quic_channel_free() to be called here. Be + * assured it happens, The process goes as follows: + * - The SSL_free() here is being handled by ossl_quic_free(). + * - The very last step of ossl_quic_free() is call to qc_cleanup() + * where channel gets freed. + * NOTE: We defer this SSL_free until after the call to qctx_unlock above + * to avoid the deadlock that would occur when ossl_quic_free attempts to + * re-acquire this mutex. We also do the gymnastics with conn_ssl and + * conn_ssl_tmp above so that we only actually do the free on the SSL + * object if the up-ref above fails, in such a way that we don't unbalance + * the listener refcount (i.e. if the up-ref fails above, we don't set the + * listener pointer so that we don't then drop the ref-count erroneously + * during the free operation. + */ + SSL_free(conn_ssl_tmp); return conn_ssl; } diff -Nru openssl-3.5.5/ssl/quic/quic_lcidm.c openssl-3.5.6/ssl/quic/quic_lcidm.c --- openssl-3.5.5/ssl/quic/quic_lcidm.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/quic/quic_lcidm.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -74,15 +74,21 @@ 0, }; unsigned long hashval = 0; + unsigned char digest[SIPHASH_MIN_DIGEST_SIZE]; - if (!SipHash_set_hash_size(&siphash, sizeof(unsigned long))) + /* Use a supported SipHash digest size (8 or 16); 8 is sufficient here. */ + if (!SipHash_set_hash_size(&siphash, SIPHASH_MIN_DIGEST_SIZE)) goto out; if (!SipHash_Init(&siphash, (uint8_t *)lcid_obj->hash_key, 0, 0)) goto out; SipHash_Update(&siphash, lcid_obj->cid.id, lcid_obj->cid.id_len); - if (!SipHash_Final(&siphash, (unsigned char *)&hashval, - sizeof(unsigned long))) + if (!SipHash_Final(&siphash, digest, SIPHASH_MIN_DIGEST_SIZE)) goto out; + + /* + * Truncate the 64-bit SipHash digest into an unsigned long. + */ + memcpy(&hashval, digest, sizeof(hashval) < sizeof(digest) ? sizeof(hashval) : sizeof(digest)); out: return hashval; } diff -Nru openssl-3.5.5/ssl/quic/quic_reactor.c openssl-3.5.6/ssl/quic/quic_reactor.c --- openssl-3.5.5/ssl/quic/quic_reactor.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/quic/quic_reactor.c 2026-04-07 14:26:30.000000000 +0200 @@ -76,6 +76,12 @@ } #if defined(OPENSSL_SYS_WINDOWS) + +/* Work around for MinGW builds. */ +#if defined(__MINGW32__) && !defined(SIO_UDP_NETRESET) +#define SIO_UDP_NETRESET _WSAIOW(IOC_VENDOR, 15) +#endif + /* * On Windows recvfrom() may return WSAECONNRESET when destination port * used in preceding call to sendto() is no longer reachable. The reset diff -Nru openssl-3.5.5/ssl/quic/quic_rx_depack.c openssl-3.5.6/ssl/quic/quic_rx_depack.c --- openssl-3.5.5/ssl/quic/quic_rx_depack.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/quic/quic_rx_depack.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1316,6 +1316,7 @@ OSSL_QUIC_ERR_PROTOCOL_VIOLATION, frame_type, "NEW_CONN_ID valid only in 0/1-RTT"); + return 0; } if (!depack_do_frame_new_conn_id(pkt, ch, ackm_data)) return 0; diff -Nru openssl-3.5.5/ssl/quic/quic_srtm.c openssl-3.5.6/ssl/quic/quic_srtm.c --- openssl-3.5.5/ssl/quic/quic_srtm.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/quic/quic_srtm.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -168,6 +168,11 @@ lh_SRTM_ITEM_free(srtm->items_rev); if (srtm->items_fwd != NULL) { + /* + * We don't need to call lh_SRTM_ITEM_set_down_load(..., 0) + * here because srtm_free_each() callback for _doall() does + * not call to lh_SRTIM_ITEM_delete(). + */ lh_SRTM_ITEM_doall(srtm->items_fwd, srtm_free_each); lh_SRTM_ITEM_free(srtm->items_fwd); } diff -Nru openssl-3.5.5/ssl/quic/quic_stream_map.c openssl-3.5.6/ssl/quic/quic_stream_map.c --- openssl-3.5.5/ssl/quic/quic_stream_map.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/quic/quic_stream_map.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -122,6 +122,7 @@ void ossl_quic_stream_map_cleanup(QUIC_STREAM_MAP *qsm) { + lh_QUIC_STREAM_set_down_load(qsm->map, 0); ossl_quic_stream_map_visit(qsm, release_each, qsm); lh_QUIC_STREAM_free(qsm->map); diff -Nru openssl-3.5.5/ssl/quic/uint_set.c openssl-3.5.6/ssl/quic/uint_set.c --- openssl-3.5.5/ssl/quic/uint_set.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/quic/uint_set.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -303,6 +303,8 @@ * handled by the above cases. */ y = create_set_item(end + 1, z->range.end); + if (y == NULL) + return 0; ossl_list_uint_set_insert_after(s, z, y); z->range.end = start - 1; break; diff -Nru openssl-3.5.5/ssl/record/methods/tls_common.c openssl-3.5.6/ssl/record/methods/tls_common.c --- openssl-3.5.5/ssl/record/methods/tls_common.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/record/methods/tls_common.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -620,6 +620,11 @@ thisrr->length = sslv2len & 0x7fff; + if (!rl->funcs->validate_record_header(rl, thisrr)) { + /* RLAYERfatal already called */ + return OSSL_RECORD_RETURN_FATAL; + } + if (thisrr->length > TLS_BUFFER_get_len(rbuf) - SSL2_RT_HEADER_LENGTH) { RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, @@ -656,6 +661,11 @@ if (rl->msg_callback != NULL) rl->msg_callback(0, version, SSL3_RT_HEADER, p, 5, rl->cbarg); + if (!rl->funcs->validate_record_header(rl, thisrr)) { + /* RLAYERfatal already called */ + return OSSL_RECORD_RETURN_FATAL; + } + if (thisrr->length > TLS_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) { RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW, SSL_R_PACKET_LENGTH_TOO_LONG); @@ -663,11 +673,6 @@ } } - if (!rl->funcs->validate_record_header(rl, thisrr)) { - /* RLAYERfatal already called */ - return OSSL_RECORD_RETURN_FATAL; - } - /* now rl->rstate == SSL_ST_READ_BODY */ } diff -Nru openssl-3.5.5/ssl/s3_lib.c openssl-3.5.6/ssl/s3_lib.c --- openssl-3.5.5/ssl/s3_lib.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/s3_lib.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -4322,7 +4322,7 @@ switch (cmd) { #if !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_DH_CB: - sc->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp; + sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; ret = 1; break; #endif @@ -4593,7 +4593,7 @@ switch (cmd) { #if !defined(OPENSSL_NO_DEPRECATED_3_0) case SSL_CTRL_SET_TMP_DH_CB: { - ctx->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp; + ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; } break; #endif case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: diff -Nru openssl-3.5.5/ssl/ssl_asn1.c openssl-3.5.6/ssl/ssl_asn1.c --- openssl-3.5.5/ssl/ssl_asn1.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/ssl_asn1.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -81,7 +81,7 @@ ASN1_EXP_OPT(SSL_SESSION_ASN1, peer_rpk, ASN1_OCTET_STRING, 20) } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1) /* Utility functions for i2d_SSL_SESSION */ diff -Nru openssl-3.5.5/ssl/ssl_lib.c openssl-3.5.6/ssl/ssl_lib.c --- openssl-3.5.5/ssl/ssl_lib.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/ssl_lib.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -3412,22 +3412,21 @@ int i; const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); - if (sc == NULL) + if (size < 2 || buf == NULL) return NULL; - if (!sc->server - || sc->peer_ciphers == NULL - || size < 2) + buf[0] = '\0'; + + if (sc == NULL || !sc->server) return NULL; p = buf; clntsk = sc->peer_ciphers; srvrsk = SSL_get_ciphers(s); - if (clntsk == NULL || srvrsk == NULL) - return NULL; - if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0) - return NULL; + if (clntsk == NULL || sk_SSL_CIPHER_num(clntsk) == 0 + || srvrsk == NULL || sk_SSL_CIPHER_num(srvrsk) == 0) + return buf; for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) { int n; @@ -3447,10 +3446,9 @@ } /* No overlap */ - if (p == buf) - return NULL; + if (p != buf) + p[-1] = '\0'; - p[-1] = '\0'; return buf; } diff -Nru openssl-3.5.5/ssl/ssl_sess.c openssl-3.5.6/ssl/ssl_sess.c --- openssl-3.5.5/ssl/ssl_sess.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/ssl_sess.c 2026-04-07 14:26:30.000000000 +0200 @@ -790,9 +790,9 @@ ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full); } } - } - SSL_SESSION_list_add(ctx, c); + SSL_SESSION_list_add(ctx, c); + } if (s != NULL) { /* diff -Nru openssl-3.5.5/ssl/statem/statem_dtls.c openssl-3.5.6/ssl/statem/statem_dtls.c --- openssl-3.5.5/ssl/statem/statem_dtls.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/statem/statem_dtls.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1177,7 +1177,11 @@ return 0; } - pqueue_insert(s->d1->sent_messages, item); + if (pqueue_insert(s->d1->sent_messages, item) == NULL) { + dtls1_hm_fragment_free(frag); + pitem_free(item); + return 0; + } return 1; } diff -Nru openssl-3.5.5/ssl/t1_lib.c openssl-3.5.6/ssl/t1_lib.c --- openssl-3.5.5/ssl/t1_lib.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/ssl/t1_lib.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -211,7 +211,7 @@ /* Group list string of the built-in pseudo group DEFAULT_SUITE_B */ #define SUITE_B_GROUP_NAME "DEFAULT_SUITE_B" -#define SUITE_B_GROUP_LIST "secp256r1:secp384r1", +#define SUITE_B_GROUP_LIST "?secp256r1:?secp384r1", struct provider_ctx_data_st { SSL_CTX *ctx; @@ -1244,8 +1244,8 @@ size_t ksidcnt; /* Number of key shares */ uint16_t *ksid_arr; /* The IDs of the key share groups (flat list) */ /* Variable to keep state between execution of callback or helper functions */ - size_t tuple_mode; /* Keeps track whether tuple_cb called from 'the top' or from gid_cb */ - int ignore_unknown_default; /* Flag such that unknown groups for DEFAULT[_XYZ] are ignored */ + int inner; /* Are we expanding a DEFAULT list */ + int first; /* First tuple of possibly nested expansion? */ } gid_cb_st; /* Forward declaration of tuple callback function */ @@ -1264,7 +1264,7 @@ int found_group = 0; char etmp[GROUP_NAME_BUFFER_LENGTH]; int retval = 1; /* We assume success */ - char *current_prefix; + const char *current_prefix; int ignore_unknown = 0; int add_keyshare = 0; int remove_group = 0; @@ -1320,16 +1320,16 @@ for (i = 0; i < OSSL_NELEM(default_group_strings); i++) { if ((size_t)len == (strlen(default_group_strings[i].list_name)) && OPENSSL_strncasecmp(default_group_strings[i].list_name, elem, len) == 0) { + int saved_first; + /* * We're asked to insert an entire list of groups from a * DEFAULT[_XYZ] 'pseudo group' which we do by * recursively calling this function (indirectly via * CONF_parse_list and tuple_cb); essentially, we treat a DEFAULT * group string like a tuple which is appended to the current tuple - * rather then starting a new tuple. Variable tuple_mode is the flag which - * controls append tuple vs start new tuple. + * rather then starting a new tuple. */ - if (ignore_unknown || remove_group) return -1; /* removal or ignore not allowed here -> syntax error */ @@ -1350,15 +1350,17 @@ default_group_strings[i].group_string, strlen(default_group_strings[i].group_string)); restored_default_group_string[strlen(default_group_strings[i].group_string) + restored_prefix_index] = '\0'; - /* We execute the recursive call */ - garg->ignore_unknown_default = 1; /* We ignore unknown groups for DEFAULT_XYZ */ - /* we enforce group mode (= append tuple) for DEFAULT_XYZ group lists */ - garg->tuple_mode = 0; - /* We use the tuple_cb callback to process the pseudo group tuple */ + /* + * Append first tuple of result to current tuple, and don't + * terminate the last tuple until we return to a top-level + * tuple_cb. + */ + saved_first = garg->first; + garg->inner = garg->first = 1; retval = CONF_parse_list(restored_default_group_string, TUPLE_DELIMITER_CHARACTER, 1, tuple_cb, garg); - garg->tuple_mode = 1; /* next call to tuple_cb will again start new tuple */ - garg->ignore_unknown_default = 0; /* reset to original value */ + garg->inner = 0; + garg->first = saved_first; /* We don't need the \0-terminated string anymore */ OPENSSL_free(restored_default_group_string); @@ -1378,9 +1380,6 @@ if (len == 0) return -1; /* Seems we have prefxes without a group name -> syntax error */ - if (garg->ignore_unknown_default == 1) /* Always ignore unknown groups for DEFAULT[_XYZ] */ - ignore_unknown = 1; - /* Memory management in case more groups are present compared to initial allocation */ if (garg->gidcnt == garg->gidmax) { uint16_t *tmp = OPENSSL_realloc(garg->gid_arr, @@ -1514,7 +1513,7 @@ /* and update the book keeping for the number of groups in current tuple */ garg->tuplcnt_arr[garg->tplcnt]++; - /* We memorize if needed that we want to add a key share for the current group */ + /* We want to add a key share for the current group */ if (add_keyshare) garg->ksid_arr[garg->ksidcnt++] = gid; } @@ -1523,6 +1522,39 @@ return retval; } +static int grow_tuples(gid_cb_st *garg) +{ + static size_t max_tplcnt = (~(size_t)0) / sizeof(size_t); + + /* This uses OPENSSL_realloc_array() in newer releases */ + if (garg->tplcnt == garg->tplmax) { + size_t newcnt = garg->tplmax + GROUPLIST_INCREMENT; + size_t newsz = newcnt * sizeof(size_t); + size_t *tmp; + + if (newsz > max_tplcnt + || (tmp = OPENSSL_realloc(garg->tuplcnt_arr, newsz)) == NULL) + return 0; + + garg->tplmax = newcnt; + garg->tuplcnt_arr = tmp; + } + return 1; +} + +static int close_tuple(gid_cb_st *garg) +{ + size_t gidcnt = garg->tuplcnt_arr[garg->tplcnt]; + + if (gidcnt == 0) + return 1; + if (!grow_tuples(garg)) + return 0; + + garg->tuplcnt_arr[++garg->tplcnt] = 0; + return 1; +} + /* Extract and process a tuple of groups */ static int tuple_cb(const char *tuple, int len, void *arg) { @@ -1536,16 +1568,9 @@ return 0; } - /* Memory management for tuples */ - if (garg->tplcnt == garg->tplmax) { - size_t *tmp = OPENSSL_realloc(garg->tuplcnt_arr, - (garg->tplmax + GROUPLIST_INCREMENT) * sizeof(*garg->tuplcnt_arr)); - - if (tmp == NULL) - return 0; - garg->tplmax += GROUPLIST_INCREMENT; - garg->tuplcnt_arr = tmp; - } + if (garg->inner && !garg->first && !close_tuple(garg)) + return 0; + garg->first = 0; /* Convert to \0-terminated string */ restored_tuple_string = OPENSSL_malloc((len + 1 /* \0 */) * sizeof(char)); @@ -1560,15 +1585,8 @@ /* We don't need the \o-terminated string anymore */ OPENSSL_free(restored_tuple_string); - if (garg->tuplcnt_arr[garg->tplcnt] > 0) { /* Some valid groups are present in current tuple... */ - if (garg->tuple_mode) { - /* We 'close' the tuple */ - garg->tplcnt++; - garg->tuplcnt_arr[garg->tplcnt] = 0; /* Next tuple is initialized to be empty */ - garg->tuple_mode = 1; /* next call will start a tuple (unless overridden in gid_cb) */ - } - } - + if (!garg->inner && !close_tuple(garg)) + return 0; return retval; } @@ -1599,8 +1617,6 @@ } memset(&gcb, 0, sizeof(gcb)); - gcb.tuple_mode = 1; /* We prepare to collect the first tuple */ - gcb.ignore_unknown_default = 0; gcb.gidmax = GROUPLIST_INCREMENT; gcb.tplmax = GROUPLIST_INCREMENT; gcb.ksidmax = GROUPLIST_INCREMENT; diff -Nru openssl-3.5.5/test/asn1_decode_test.c openssl-3.5.6/test/asn1_decode_test.c --- openssl-3.5.5/test/asn1_decode_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/asn1_decode_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -41,7 +41,7 @@ ASN1_EMBED(ASN1_LONG_DATA, test_long, LONG), } static_ASN1_SEQUENCE_END(ASN1_LONG_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA) static int test_long(void) @@ -67,7 +67,7 @@ ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32), } static_ASN1_SEQUENCE_END(ASN1_INT32_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA) static int test_int32(void) @@ -92,7 +92,7 @@ ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32), } static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA) static int test_uint32(void) @@ -117,7 +117,7 @@ ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64), } static_ASN1_SEQUENCE_END(ASN1_INT64_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA) static int test_int64(void) @@ -142,7 +142,7 @@ ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64), } static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA) static int test_uint64(void) @@ -243,7 +243,7 @@ ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12) } static_ASN1_SEQUENCE_END(INVALIDTEMPLATE) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE) /* Empty sequence for invalid template test */ diff -Nru openssl-3.5.5/test/asn1_encode_test.c openssl-3.5.6/test/asn1_encode_test.c --- openssl-3.5.5/test/asn1_encode_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/asn1_encode_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -198,7 +198,7 @@ ASN1_EXP_OPT(ASN1_LONG_DATA, test_zlong, ZLONG, 0) } static_ASN1_SEQUENCE_END(ASN1_LONG_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA) static ASN1_LONG_DATA long_expected_32bit[] = { @@ -292,7 +292,7 @@ ASN1_EXP_OPT_EMBED(ASN1_INT32_DATA, test_zint32, ZINT32, 0) } static_ASN1_SEQUENCE_END(ASN1_INT32_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA) static ASN1_INT32_DATA int32_expected[] = { @@ -340,7 +340,7 @@ ASN1_EXP_OPT_EMBED(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0) } static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA) static ASN1_UINT32_DATA uint32_expected[] = { @@ -388,7 +388,7 @@ ASN1_EXP_OPT_EMBED(ASN1_INT64_DATA, test_zint64, ZINT64, 0) } static_ASN1_SEQUENCE_END(ASN1_INT64_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA) static ASN1_INT64_DATA int64_expected[] = { @@ -437,7 +437,7 @@ ASN1_EXP_OPT_EMBED(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0) } static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA) static ASN1_UINT64_DATA uint64_expected[] = { @@ -873,7 +873,7 @@ ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12) } static_ASN1_SEQUENCE_END(INVALIDTEMPLATE) - IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE) +IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE) IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE) static int test_invalid_template(void) diff -Nru openssl-3.5.5/test/asn1_internal_test.c openssl-3.5.6/test/asn1_internal_test.c --- openssl-3.5.5/test/asn1_internal_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/asn1_internal_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,6 +20,7 @@ #include #include +#include #include #include "testutil.h" #include "internal/nelem.h" @@ -290,6 +291,22 @@ return 1; } +static int test_ossl_uni2utf8(void) +{ + const unsigned char in[] = { 0x21, 0x92 }; /* unicode right arrow */ + int inlen = 2; + char *out = NULL; + int ok = 0; + + /* reproducer for CVE-2025-69419 */ + out = OPENSSL_uni2utf8(in, inlen); + if (TEST_str_eq(out, "\xe2\x86\x92")) + ok = 1; + + OPENSSL_free(out); + return ok; +} + int setup_tests(void) { ADD_TEST(test_tbl_standard); @@ -300,5 +317,6 @@ ADD_TEST(test_obj_create); ADD_TEST(test_obj_nid_undef); ADD_TEST(test_mbstring_ncopy); + ADD_TEST(test_ossl_uni2utf8); return 1; } diff -Nru openssl-3.5.5/test/bntest.c openssl-3.5.6/test/bntest.c --- openssl-3.5.5/test/bntest.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/bntest.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1664,6 +1664,52 @@ return st; } +static int file_modsqr(STANZA *s) +{ + BIGNUM *a = NULL, *m = NULL, *mod_sqr = NULL, *ret = NULL; + int st = 0; + + if (!TEST_ptr(a = getBN(s, "A")) + || !TEST_ptr(m = getBN(s, "M")) + || !TEST_ptr(mod_sqr = getBN(s, "ModSqr")) + || !TEST_ptr(ret = BN_new())) + goto err; + + if (!TEST_true(BN_mod_sqr(ret, a, m, ctx)) + || !equalBN("A^2 (mod M)", mod_sqr, ret)) + goto err; + + if (BN_is_odd(m)) { + /* Reduce |a| and test the Montgomery version. */ + BN_MONT_CTX *mont = BN_MONT_CTX_new(); + BIGNUM *a_tmp = BN_new(); + + if (mont == NULL || a_tmp == NULL + || !TEST_true(BN_MONT_CTX_set(mont, m, ctx)) + || !TEST_true(BN_nnmod(a_tmp, a, m, ctx)) + || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx)) + || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, a_tmp, + mont, ctx)) + || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx)) + || !equalBN("A^2 (mod M) (mont)", mod_sqr, ret)) + st = 0; + else + st = 1; + BN_MONT_CTX_free(mont); + BN_free(a_tmp); + if (st == 0) + goto err; + } + + st = 1; +err: + BN_free(a); + BN_free(m); + BN_free(mod_sqr); + BN_free(ret); + return st; +} + static int file_modexp(STANZA *s) { BIGNUM *a = NULL, *e = NULL, *m = NULL, *mod_exp = NULL, *ret = NULL; @@ -3274,6 +3320,7 @@ { "Product", file_product }, { "Quotient", file_quotient }, { "ModMul", file_modmul }, + { "ModSqr", file_modsqr }, { "ModExp", file_modexp }, { "Exp", file_exp }, { "ModSqrt", file_modsqrt }, diff -Nru openssl-3.5.5/test/certs/cve-2026-28388-ca.pem openssl-3.5.6/test/certs/cve-2026-28388-ca.pem --- openssl-3.5.5/test/certs/cve-2026-28388-ca.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.5.6/test/certs/cve-2026-28388-ca.pem 2026-04-07 14:26:30.000000000 +0200 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFTCCAf2gAwIBAgIUOl5NN/jfsuLU9JSGLZAfRzviF+owDQYJKoZIhvcNAQEL +BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNjAzMTcwODE5NDdaFw0yNzAzMTcw +ODE5NDdaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQD0m4KETjF0c25spNWUiNChWP0GalDL0gVDFbtAoMVF/lvlZEcp +hcg62ifHJRPntWyVAmH70DAI87cWzl/73QYGaOcMVcH5yEM31BoK83FvhsS3RTPO +FSrNCHaZrrWuga+QkBmMcR6qX7GF5eb6ASMBsLuuDqbkCRbTJ2ryhYeWF+VFemBF +pSHpcinSSLvswTVbZiCqmoy0WkK8eiyfLMZA17PgVLQpyPZ3rp5YG5vEZZoqFc/f +1bCHjwQ7fNdLCEMqPvE/I0mg2skRClb1L1Vieud/jmjL8nVd9I12j1eUOcSKtCkW +nj4BFa7TRz13sN3LZOFvV774ZaXRJ1GxoAlnAgMBAAGjYzBhMB0GA1UdDgQWBBSt +UxfaVbV9QMmfwMoImdgi4MZHzTAfBgNVHSMEGDAWgBStUxfaVbV9QMmfwMoImdgi +4MZHzTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B +AQsFAAOCAQEA84w49n0pPJlqiD1/mn3pUZ66lBP0fFZiCuV/3YatBZcW+xcboW0Q +xImYztjZo0i+sQLZOalI4GoBqD77Dv4Qas0QoJZIp0wM8DjE3YcudCr4cpUhT1XC +ruHVHQA9bY5rW0GsfUBW6/3RbRpiK4SaFG3sUBbXPo0dC2EaLDjpLM7o2UljRrWu +d/vg6ieKuAicexLxqQLdM4SxjyvBpCwHg/dnMxawSj4Xhks1BHJ0hTLKJGDgfVHh +ex8+878u6Gf7fAOZa5idWUgTvdt5WHSW5x+Tm/P6LGG3HkM425ZU6BLTCHONoBud +cOlfWTTuIyweX5TRL5HY3SuO1cpMBpjiAA== +-----END CERTIFICATE----- diff -Nru openssl-3.5.5/test/certs/cve-2026-28388-crls.pem openssl-3.5.6/test/certs/cve-2026-28388-crls.pem --- openssl-3.5.5/test/certs/cve-2026-28388-crls.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.5.6/test/certs/cve-2026-28388-crls.pem 2026-04-07 14:26:30.000000000 +0200 @@ -0,0 +1,22 @@ +-----BEGIN X509 CRL----- +MIIBizB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2 +MDMxNzA4MTk0N1oXDTI2MDQxNjA4MTk0N1qgLzAtMB8GA1UdIwQYMBaAFK1TF9pV +tX1AyZ/AygiZ2CLgxkfNMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBl +3vVknchCNA/oW0ovtnrE+xQs8yAk3uElooQlw88moTcts2YAcKWl49lnNWZk/RbF +Zs8m+MUuNb2W861siuvY3EwnSKVaJB2tKPfCRBP4xt+Q0g/Tn5CWxzpzHjQfLT6l +pvWOwaO7aE6bthX7MQ9XBpnHSPxsbul+MhV5PER11BYZGVh5MH0XxfMI0jDHFh2M +klTamgaao3TkVOI3OQPgzUx/q0Lz/YoCIH0pYGGP6KTGUX2x7UfD1tcIOcUp6tvO +6hG3utMgJOpZJl9yMzhG+ZURjbz4MSbBM0FVIaWnBn2VzY1jHGky0nK83IZhiddf +OohWoSH8tqwrNFZkblAH +-----END X509 CRL----- +-----BEGIN X509 CRL----- +MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2 +MDEwODEyMDAwMFoXDTI2MDIwODEyMDAwMFqgMjAwMB8GA1UdIwQYMBaAFK1TF9pV +tX1AyZ/AygiZ2CLgxkfNMA0GA1UdGwEB/wQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB +AQCyYxa5iVUFxBpdXgBGSMqkuxJqQzVni8nXK0DiXHfgbTud+HD5Qp/6PX2EQuwK +SrT0yeNJBU1gxxMMsbdA0yVTPa7N2Ny39mjq/27yBXduiljo3Gs4NLEW9grJRnep +WOD1cQe3Fea5HlEfUoQJF1WVekF6CnOSqESaDvTAzqpZd7pxU8cuduiRJPin93ki +1nicQAU/G4Td190+JEAWD3/dJTg2LF6LKrmHiv2ZUTuNsVBfcbhFSoC6FpnjFUAI +kF8EgJpuBEfqV6erIuT1GD+5p1QGNqdcNl7LO9erJaUFnssJBJtj84iXd7RZARNs +njcibOSKC9YWgNmZUy0QV5D8 +-----END X509 CRL----- diff -Nru openssl-3.5.5/test/certs/cve-2026-28388-leaf.pem openssl-3.5.6/test/certs/cve-2026-28388-leaf.pem --- openssl-3.5.5/test/certs/cve-2026-28388-leaf.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.5.6/test/certs/cve-2026-28388-leaf.pem 2026-04-07 14:26:30.000000000 +0200 @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHTCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0 +IENBMB4XDTI2MDMxNzA4MTk0N1oXDTI3MDMxNzA4MTk0N1owFDESMBAGA1UEAwwJ +VGVzdCBMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx7jpC6+ +nRZ4ol6sShkpv04hGYtt7y+Ns4oIfdQTqo57DItFab8D8cH04zR8NND42MMnsPPn +Ovh9gv2l1mj9ZfwgXI5PvaKc6CoXvXb0ttekdDUS1iw9g04BxIXTDANxsdSXrCDd +Npyr1Pxdo3N2fiH6qN9/Lsh7yg0vJW/aJzdvhLcCTFcr89qmCsh17XfcTR0wZJXP +QdlRib9EK8aa6aKOYmm44SBbuXXyWojhheUaqVuzDj6A0L9opmh/DVXa9bdIN/FX +CKJB+d60Qxy5pKwpzDDxbCdG2vA1U2cPz8yAgelFG5AmXSHF7Id4G6GTCAY6PbTO +Jy2Z4I6NY+mj5wIDAQABo3wwejAdBgNVHQ4EFgQUlf2YZ93MvS4kZm7fshosgp+J +ImkwHwYDVR0jBBgwFoAUrVMX2lW1fUDJn8DKCJnYIuDGR80wCQYDVR0TBAIwADAt +BgNVHS4EJjAkMCKgIKAehhxodHRwOi8vZXhhbXBsZS5jb20vZGVsdGEucGVtMA0G +CSqGSIb3DQEBCwUAA4IBAQDoNAQGLS0Juf3i2fhuVQyWIFvNIMElLexeLnnd/y80 +13nsP68ZGT2D3DoHQSz3SL7sNjLBc2CiUVftdaRQ4dNCz8sBY5BRTS5XEGbbTAFZ +bQUReykuuTy83CGw/JYN6YT/OHcf4gEhUnWtRMCmIz3J/NMRVSRnpV2Ezjltm/Q+ +emFS/QclRhkP6Vu+lwM/nV6uAN8T7Ba68Hym2MN0clozrpoKeqFouB7D0i+iCZMw +zbac5as0hn7Fm+HGTbfTs2/fqUslvE6PmagepceP37pTSSVmYRmdpOD2cyCb30A+ +nJFGQg7PcacGSL1re65W35XzdU8Si8OYD+PxjDaRbPcP +-----END CERTIFICATE----- diff -Nru openssl-3.5.5/test/certs/ext-timeSpecification-periodic-no-second.pem openssl-3.5.6/test/certs/ext-timeSpecification-periodic-no-second.pem --- openssl-3.5.5/test/certs/ext-timeSpecification-periodic-no-second.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.5.6/test/certs/ext-timeSpecification-periodic-no-second.pem 2026-04-07 14:26:30.000000000 +0200 @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICLzCCAhmgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI +aSBtb20wIhgPMjAyMjEyMjExNDQ5NDJaGA8yMDIyMTIyMTE0NDk0MlowETEPMA0G +A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL +m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH +3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe +1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX +rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU ++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3 +nrAVMQHB4fReQPH0pQIDAQABo4GMMIGJMIGGBgNVHSsEfzB9MXUwUaAlMSMwIaAM +MAqgAwIBBaEDAgEroREwD6ADAgEMoQMCASKiAwIBOKEIMQYCAQECAQKiCDEGAgED +AgEEowgxBgIBBQIBBqQKMQgCAgfmAgIH5zAgoQgxBgIBAwIBBKMIMQYCAQcCAQik +CjEIAgIH5wICB+gBAf8CAfswDQYJKoZIhvcNAQEFBQADAQA= +-----END CERTIFICATE----- diff -Nru openssl-3.5.5/test/certs/mkcert.sh openssl-3.5.6/test/certs/mkcert.sh --- openssl-3.5.5/test/certs/mkcert.sh 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/certs/mkcert.sh 2026-04-07 14:26:30.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/bash # -# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2016 Viktor Dukhovni . # All rights reserved. # @@ -257,7 +257,7 @@ local cakey=$1; shift local ca=$1; shift - exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ + exts=$(printf "%s\n%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \ "subjectKeyIdentifier = hash" \ "authorityKeyIdentifier = keyid, issuer" \ "basicConstraints = CA:false" \ diff -Nru openssl-3.5.5/test/cmp_client_test.c openssl-3.5.6/test/cmp_client_test.c --- openssl-3.5.5/test/cmp_client_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/cmp_client_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -35,7 +35,7 @@ static X509 *server_cert = NULL; static EVP_PKEY *client_key = NULL; static X509 *client_cert = NULL; -static unsigned char ref[CMP_TEST_REFVALUE_LENGTH]; +static unsigned char ref[CMP_TEST_REFVALUE_LENGTH]; /* not actually used */ /* * For these unit tests, the client abandons message protection, and for @@ -51,6 +51,30 @@ OPENSSL_free(fixture); } +static int set_simple_trust(OSSL_CMP_CTX *ctx, X509 *trusted) +{ + X509_STORE *ts = X509_STORE_new(); + X509_VERIFY_PARAM *vpm; + + /* + * not simply using OSSL_CMP_CTX_set1_srvCert() (to pin the server cert) + * in order to make sure that validated server cert gets cached, + * which is needed for the negative test case test_exec_KUR_bad_pkiConf_protection + */ + if (ts == NULL || !X509_STORE_add_cert(ts, trusted)) + goto err; + + vpm = X509_STORE_get0_param(ts); + if (!X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME | X509_V_FLAG_PARTIAL_CHAIN) + || !OSSL_CMP_CTX_set0_trusted(ctx, ts)) + goto err; + + return 1; +err: + X509_STORE_free(ts); + return 0; +} + static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name) { CMP_SES_TEST_FIXTURE *fixture; @@ -70,15 +94,15 @@ goto err; if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new(libctx, NULL)) || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out) - || !OSSL_CMP_CTX_set_transfer_cb(ctx, OSSL_CMP_CTX_server_perform) + /* using default verbosity: OSSL_CMP_LOG_INFO */ + || !OSSL_CMP_CTX_set_transfer_cb(ctx, ossl_cmp_mock_server_perform) || !OSSL_CMP_CTX_set_transfer_cb_arg(ctx, fixture->srv_ctx) || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1) - || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1) || !OSSL_CMP_CTX_set1_oldCert(ctx, client_cert) || !OSSL_CMP_CTX_set1_pkey(ctx, client_key) /* client_key is by default used also for newPkey */ - || !OSSL_CMP_CTX_set1_srvCert(ctx, server_cert) - || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref))) + || !set_simple_trust(ctx, server_cert) + || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref))) /* not actually needed */ goto err; fixture->req_type = -1; return fixture; @@ -128,9 +152,7 @@ int status = OSSL_CMP_CTX_get_status(ctx); OSSL_CMP_CTX_print_errors(ctx); - if (!TEST_int_eq(status, fixture->expected) - && !(fixture->expected == OSSL_CMP_PKISTATUS_waiting - && TEST_int_eq(status, OSSL_CMP_PKISTATUS_trans))) + if (!TEST_int_eq(status, fixture->expected)) return 0; if (fixture->expected != OSSL_CMP_PKISTATUS_accepted) return TEST_ptr_null(res); @@ -234,9 +256,9 @@ static int test_exec_IR_ses_poll_total_timeout(void) { - return !test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter + 1, + return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter + 1, 3 /* pollCount */, checkAfter + 6, - OSSL_CMP_PKISTATUS_waiting); + OSSL_CMP_PKISTATUS_trans); } static int test_exec_CR_ses(int implicit_confirm, int granted, int reject) @@ -266,7 +288,9 @@ && test_exec_CR_ses(1, 1 /* granted */, 0); } -static int test_exec_KUR_ses(int transfer_error, int pubkey, int raverified) +/* the KUR transactions include certConf/pkiConf */ +static int test_exec_KUR_ses(int transfer_error, int server_use_bad_protection, + int pubkey, int raverified) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_PKIBODY_KUR; @@ -274,6 +298,8 @@ if (transfer_error) OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL); + (void)ossl_cmp_mock_srv_set_useBadProtection(fixture->srv_ctx, server_use_bad_protection); + if (pubkey) { EVP_PKEY *key = raverified /* wrong key */ ? server_key : client_key; @@ -286,7 +312,8 @@ if (pubkey || raverified) OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_POPO_METHOD, OSSL_CRMF_POPO_RAVERIFIED); - fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : raverified ? OSSL_CMP_PKISTATUS_rejection + fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : raverified ? (pubkey ? OSSL_CMP_PKISTATUS_rejected_by_client : OSSL_CMP_PKISTATUS_rejection) + : server_use_bad_protection != -1 ? OSSL_CMP_PKISTATUS_checking_response : OSSL_CMP_PKISTATUS_accepted; EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; @@ -294,18 +321,23 @@ static int test_exec_KUR_ses_ok(void) { - return test_exec_KUR_ses(0, 0, 0); + return test_exec_KUR_ses(0, -1, 0, 0); } static int test_exec_KUR_ses_transfer_error(void) { - return test_exec_KUR_ses(1, 0, 0); + return test_exec_KUR_ses(1, -1, 0, 0); +} + +static int test_exec_KUR_bad_pkiConf_protection(void) +{ + return test_exec_KUR_ses(0, -1 /* disabled: OSSL_CMP_PKIBODY_PKICONF */, 0, 0); } static int test_exec_KUR_ses_wrong_popo(void) { #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* cf ossl_cmp_verify_popo() */ - return test_exec_KUR_ses(0, 0, 1); + return test_exec_KUR_ses(0, -1, 0, 1); #else return 1; #endif @@ -313,12 +345,12 @@ static int test_exec_KUR_ses_pub(void) { - return test_exec_KUR_ses(0, 1, 0); + return test_exec_KUR_ses(0, -1, 1, 0); } static int test_exec_KUR_ses_wrong_pub(void) { - return test_exec_KUR_ses(0, 1, 1); + return test_exec_KUR_ses(0, -1, 1, 1); } static int test_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, @@ -340,7 +372,7 @@ SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_PKIBODY_P10CR; - fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection + fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejected_by_client : OSSL_CMP_PKISTATUS_accepted; ctx = fixture->cmp_ctx; if (!TEST_ptr(csr = load_csr_der(pkcs10_f, libctx)) @@ -436,7 +468,7 @@ { return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter + 1, 3 /* pollCount */, checkAfter + 2, - OSSL_CMP_PKISTATUS_waiting); + OSSL_CMP_PKISTATUS_trans); } static int test_exec_GENM_ses(int transfer_error, int total_timeout, int expect) @@ -546,7 +578,7 @@ || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx)) || !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx)) || !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx)) - || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { + || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { /* not actually used */ cleanup_tests(); return 0; } @@ -562,6 +594,7 @@ ADD_TEST(test_exec_IR_ses_poll_total_timeout); ADD_TEST(test_exec_KUR_ses_ok); ADD_TEST(test_exec_KUR_ses_transfer_error); + ADD_TEST(test_exec_KUR_bad_pkiConf_protection); ADD_TEST(test_exec_KUR_ses_wrong_popo); ADD_TEST(test_exec_KUR_ses_pub); ADD_TEST(test_exec_KUR_ses_wrong_pub); diff -Nru openssl-3.5.5/test/evp_extra_test.c openssl-3.5.6/test/evp_extra_test.c --- openssl-3.5.5/test/evp_extra_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/evp_extra_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -929,6 +929,32 @@ #endif #ifndef OPENSSL_NO_DEPRECATED_3_0 + +static EVP_PKEY *make_bad_rsa_pubkey(void) +{ + RSA *rsa = NULL; + BIGNUM *n = NULL, *e = NULL; + EVP_PKEY *pkey = NULL; + + /* Deliberately invalid public key: n = 17, e = 17 */ + if (!TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_ptr(rsa = RSA_new()) + || !TEST_ptr(n = BN_new()) + || !TEST_ptr(e = BN_new()) + || !TEST_true(BN_set_word(n, 17)) + || !TEST_true(BN_set_word(e, 17)) + || !TEST_true(RSA_set0_key(rsa, n, e, NULL)) + || !EVP_PKEY_assign_RSA(pkey, rsa)) + goto err; + + return pkey; +err: + BN_free(n); + BN_free(e); + RSA_free(rsa); + return NULL; +} + #ifndef OPENSSL_NO_DH static EVP_PKEY *load_example_dh_key(void) { @@ -5898,6 +5924,46 @@ return testresult; } +static int test_rsasve_kem_with_invalid_pub_key(void) +{ + RSA *rsa = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + unsigned char *ct = NULL; + unsigned char *secret = NULL; + size_t ctlen = 0, secretlen = 0; + int testresult = 0; + + if (nullprov != NULL) { + testresult = TEST_skip("Test does not support a non-default library context"); + goto err; + } + + if (!TEST_ptr(pkey = make_bad_rsa_pubkey())) + goto err; + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL)) + || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1) + || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1) + || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1) + || !TEST_ptr(ct = OPENSSL_malloc(ctlen)) + || !TEST_ptr(secret = OPENSSL_malloc(secretlen))) + goto err; + + if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0)) + goto err; + + testresult = 1; + +err: + OPENSSL_free(secret); + OPENSSL_free(ct); + EVP_PKEY_CTX_free(ctx); + RSA_free(rsa); + EVP_PKEY_free(pkey); + return testresult; +} + #ifndef OPENSSL_NO_DYNAMIC_ENGINE /* Test we can create a signature keys with an associated ENGINE */ static int test_signatures_with_engine(int tst) @@ -6481,6 +6547,45 @@ return ret; } +static int test_evp_cipher_negative_length(void) +{ + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *cipher = NULL; + unsigned char key[16] = { 0 }; + unsigned char iv[16] = { 0 }; + unsigned char buffer[32] = { 0 }; + int outl = 0; + int ret = 0; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto end; + + if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-128-CBC", testpropq))) + goto end; + + /* Initialize encryption context */ + if (!TEST_int_eq(EVP_EncryptInit_ex2(ctx, cipher, key, iv, NULL), 1)) + goto end; + + /* Test EVP_EncryptUpdate with negative length - should fail */ + if (!TEST_int_eq(EVP_EncryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0)) + goto end; + + /* Reinitialize for decryption */ + if (!TEST_int_eq(EVP_DecryptInit_ex2(ctx, cipher, key, iv, NULL), 1)) + goto end; + + /* Test EVP_DecryptUpdate with negative length - should fail */ + if (!TEST_int_eq(EVP_DecryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0)) + goto end; + + ret = 1; +end: + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + static int test_evp_cipher_pipeline(void) { OSSL_PROVIDER *fake_pipeline = NULL; @@ -6854,6 +6959,7 @@ ADD_TEST(test_evp_md_cipher_meth); ADD_TEST(test_custom_md_meth); ADD_TEST(test_custom_ciph_meth); + ADD_TEST(test_rsasve_kem_with_invalid_pub_key); #ifndef OPENSSL_NO_DYNAMIC_ENGINE /* Tests only support the default libctx */ @@ -6883,6 +6989,8 @@ ADD_TEST(test_invalid_ctx_for_digest); + ADD_TEST(test_evp_cipher_negative_length); + ADD_TEST(test_evp_cipher_pipeline); return 1; diff -Nru openssl-3.5.5/test/evp_test.c openssl-3.5.6/test/evp_test.c --- openssl-3.5.5/test/evp_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/evp_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2607,7 +2607,7 @@ static int pkey_add_control(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls, const char *value) { - char *p; + const char *p; if (controls == NULL) return 0; diff -Nru openssl-3.5.5/test/fake_rsaprov.c openssl-3.5.6/test/fake_rsaprov.c --- openssl-3.5.5/test/fake_rsaprov.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/fake_rsaprov.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -776,8 +776,7 @@ ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) - static X509_PUBKEY - * fake_rsa_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx) +static X509_PUBKEY *fake_rsa_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx) { X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); diff -Nru openssl-3.5.5/test/http_test.c openssl-3.5.6/test/http_test.c --- openssl-3.5.5/test/http_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/http_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * Copyright Siemens AG 2020 * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -331,6 +331,18 @@ return res; } +static int test_http_url_host_ok(const char *url, const char *exp_host) +{ + char *host; + int res; + + res = TEST_true(OSSL_HTTP_parse_url(url, NULL, NULL, &host, NULL, NULL, + NULL, NULL, NULL)) + && TEST_str_eq(host, exp_host); + OPENSSL_free(host); + return res; +} + static int test_http_url_dns(void) { return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path"); @@ -358,6 +370,13 @@ return test_http_url_ok("user:pass@host/p?q#fr", 0, "host", "80", "/p"); } +static int test_http_url_at_sign_outside_authority(void) +{ + return test_http_url_host_ok("http://host/p@attacker.test", "host") + && test_http_url_host_ok("http://host/p?q=@attacker.test", "host") + && test_http_url_host_ok("http://host/p?q#fr@attacker.test", "host"); +} + static int test_http_url_ipv4(void) { return test_http_url_ok("https://1.2.3.4/p/q", 1, "1.2.3.4", "443", "/p/q"); @@ -576,6 +595,7 @@ ADD_TEST(test_http_url_timestamp); ADD_TEST(test_http_url_path_query); ADD_TEST(test_http_url_userinfo_query_fragment); + ADD_TEST(test_http_url_at_sign_outside_authority); ADD_TEST(test_http_url_ipv4); ADD_TEST(test_http_url_ipv6); ADD_TEST(test_http_url_invalid_prefix); diff -Nru openssl-3.5.5/test/ossl_store_test.c openssl-3.5.6/test/ossl_store_test.c --- openssl-3.5.5/test/ossl_store_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/ossl_store_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -249,6 +249,12 @@ return ret; } +static int test_store_delete_null_uri(void) +{ + /* Passing NULL uri must return 0, not crash */ + return TEST_int_eq(OSSL_STORE_delete(NULL, NULL, NULL, NULL, NULL, NULL), 0); +} + const OPTIONS *test_get_options(void) { static const OPTIONS test_options[] = { @@ -303,6 +309,7 @@ ADD_TEST(test_store_open_winstore); #endif ADD_TEST(test_store_search_by_key_fingerprint_fail); + ADD_TEST(test_store_delete_null_uri); ADD_ALL_TESTS(test_store_get_params, 3); if (sm2file != NULL) ADD_TEST(test_store_attach_unregistered_scheme); diff -Nru openssl-3.5.5/test/pkcs12_api_test.c openssl-3.5.6/test/pkcs12_api_test.c --- openssl-3.5.5/test/pkcs12_api_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/pkcs12_api_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -253,6 +253,35 @@ return options; } +static int test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen(void) +{ + int ret = 0; + unsigned char salt[8] = { 0 }; + EVP_PKEY *key = NULL; + X509 *cert = NULL; + STACK_OF(X509) *ca = NULL; + PKCS12 *p12 = NULL; + + if (!TEST_ptr(p12 = PKCS12_load(in_file))) + return 0; + if (!TEST_true(PKCS12_parse(p12, in_pass, &key, &cert, &ca))) + goto err; + PKCS12_free(p12); + + if (!TEST_ptr(p12 = PKCS12_create_ex2("pass", NULL, key, cert, ca, + NID_undef, NID_undef, 0, -1, 0, + testctx, NULL, NULL, NULL))) + goto err; + ret = TEST_false(PKCS12_set_pbmac1_pbkdf2(p12, "pass", -1, + salt, -1, 0, NULL, NULL)); +err: + PKCS12_free(p12); + EVP_PKEY_free(key); + X509_free(cert); + OSSL_STACK_OF_X509_free(ca); + return ret; +} + int setup_tests(void) { OPTION_CHOICE o; @@ -292,6 +321,7 @@ ADD_TEST(test_null_args); ADD_TEST(pkcs12_parse_test); ADD_ALL_TESTS(pkcs12_create_ex2_test, 3); + ADD_TEST(test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen); return 1; } diff -Nru openssl-3.5.5/test/quicapitest.c openssl-3.5.6/test/quicapitest.c --- openssl-3.5.5/test/quicapitest.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/quicapitest.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2869,8 +2869,8 @@ serverssl = SSL_accept_connection(qlistener, 0); /* Call SSL_accept() and SSL_connect() until we are connected */ - if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE, 0, 0))) + if (!TEST_ptr(serverssl) + || !TEST_true(create_bare_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE, 0, 0))) goto err; testresult = 1; @@ -2923,8 +2923,8 @@ serverssl = SSL_accept_connection(qlistener, 0); /* Call SSL_accept() and SSL_connect() until we are connected */ - if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE, 0, 0))) + if (!TEST_ptr(serverssl) + || !TEST_true(create_bare_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE, 0, 0))) goto err; testresult = 1; diff -Nru openssl-3.5.5/test/README-external.md openssl-3.5.6/test/README-external.md --- openssl-3.5.5/test/README-external.md 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/README-external.md 2026-04-07 14:26:30.000000000 +0200 @@ -39,7 +39,7 @@ You will need a git checkout of krb5 at the top level: - $ git clone https://github.com/krb5/krb5 + $ git submodule update --init krb5's master has to pass this same CI, but a known-good version is krb5-1.15.1-final if you want to be sure. diff -Nru openssl-3.5.5/test/recipes/10-test_bn_data/bnmod.txt openssl-3.5.6/test/recipes/10-test_bn_data/bnmod.txt --- openssl-3.5.5/test/recipes/10-test_bn_data/bnmod.txt 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/recipes/10-test_bn_data/bnmod.txt 2026-04-07 14:26:30.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2010,6 +2010,14 @@ B = 8bdfa8fe5ef3b2ad02bc63c4d M = 84daecf412b8c50ad6dfdb546c3eb783dcc6f32003eda914bb +# These test vectors satisfy A ^ 2 = ModSqr (mod M) and 0 <= ModSqr < M. + +Title = ModSqr tests + +# Regression test for https://github.com/openssl/openssl/issues/15587 +ModSqr = 166794ed50cb31b6e6a319f7474416c266d5c3f3115ea2a7ed9638367d1f955f66a7179ee3ce5ee5e04e63c46781f1192beac3abb26ff238f5ed2f5505ae06003ff +A = 1407833bd4c893195cc32f56a507f15140be687a1994febe0bdbe793125f010a3c1c814737b10ab690498b7990ce4e625ad2f32cbf42626cb9649da38a5c9c76a99 +M = 1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff # These test vectors satisfy A ^ E = ModExp (mod M) and 0 <= ModExp < M. diff -Nru openssl-3.5.5/test/recipes/25-test_verify.t openssl-3.5.6/test/recipes/25-test_verify.t --- openssl-3.5.5/test/recipes/25-test_verify.t 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/recipes/25-test_verify.t 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,7 @@ run(app([@args])); } -plan tests => 203; +plan tests => 204; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -594,6 +594,18 @@ "-explicit_policy"), "Bad certificate policy"); +# CVE-2026-28388 +my $cve_28388_stderr = "cve-2026-28388.err"; +run(app(["openssl", "verify", + "-attime", "1739527200", + "-CAfile", srctop_file(@certspath, "cve-2026-28388-ca.pem"), + "-crl_check", "-use_deltas", + "-CRLfile", srctop_file(@certspath, "cve-2026-28388-crls.pem"), + srctop_file(@certspath, "cve-2026-28388-leaf.pem")], + stderr => $cve_28388_stderr)); +ok(grep(/CRL is not yet valid/, do { open my $fh, '<', $cve_28388_stderr; <$fh> }), + "CVE-2026-28388"); + # CAstore option my $rootcertname = "root-cert"; my $rootcert = srctop_file(@certspath, "${rootcertname}.pem"); diff -Nru openssl-3.5.5/test/recipes/25-test_x509.t openssl-3.5.6/test/recipes/25-test_x509.t --- openssl-3.5.5/test/recipes/25-test_x509.t 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/recipes/25-test_x509.t 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ setup("test_x509"); -plan tests => 138; +plan tests => 139; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -413,6 +413,12 @@ "Years: 2023, 2024", 1, 'X.509 Time Specification (Periodic)'); +my $time_spec_per_no_second_cert = + srctop_file(@certs, "ext-timeSpecification-periodic-no-second.pem"); +cert_contains($time_spec_per_no_second_cert, + "05:43:00 - 12:34:56", + 1, 'X.509 Time Specification (Periodic, no second)'); + my $attr_map_cert = srctop_file(@certs, "ext-attributeMappings.pem"); cert_contains($attr_map_cert, "commonName == localityName", diff -Nru openssl-3.5.5/test/recipes/61-test_bio_readbuffer.t openssl-3.5.6/test/recipes/61-test_bio_readbuffer.t --- openssl-3.5.5/test/recipes/61-test_bio_readbuffer.t 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/recipes/61-test_bio_readbuffer.t 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ my $pemfile = srctop_file("test", "certs", "leaf.pem"); my $derfile = 'readbuffer_leaf.der'; -plan tests => 3; +plan tests => 4; ok(run(app([ 'openssl', 'x509', '-inform', 'PEM', '-in', $pemfile, '-outform', 'DER', '-out', $derfile])), @@ -27,3 +27,7 @@ ok(run(test(["bio_readbuffer_test", $pemfile])), "Running bio_readbuffer_test $pemfile"); + +ok(run(app([ 'openssl', 'x509', '-inform', 'DER', '-outform', 'PEM', + '-noout' ], stdin => $derfile)), + "Test stdin read buffer in openssl app"); diff -Nru openssl-3.5.5/test/recipes/80-test_cmp_http_data/test_commands.csv openssl-3.5.6/test/recipes/80-test_cmp_http_data/test_commands.csv --- openssl-3.5.5/test/recipes/80-test_cmp_http_data/test_commands.csv 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/recipes/80-test_cmp_http_data/test_commands.csv 2026-04-07 14:26:30.000000000 +0200 @@ -147,6 +147,7 @@ 0,using popo 1 with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,1, -newkeyout,_RESULT_DIR/newkeyout.pem 1, using popo -1 redundantly with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout2.pem 1, using popo -1 alternatively to -centralkeygen, -section,, -cmd,cr,, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout3.pem, -newkeypass,pass:12345, -certout,_RESULT_DIR/test.cert3.pem -1, using centrally generated key (and cert) , -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345 +1, using centrally generated key (and cert) with existing chain, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, issuing.crt +1, using centrally generated key (and cert) without giving chain (requires sender cert caching), -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, "" 0, using centrally generated key with wrong password, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:wrong 0, using popo -1 (instead of -centralkeygen) without -newkeyout, -section,, -cmd,cr,, -popo,-1,,BLANK,,BLANK,,BLANK,,BLANK diff -Nru openssl-3.5.5/test/recipes/80-test_cms_data/dh-cert.pem openssl-3.5.6/test/recipes/80-test_cms_data/dh-cert.pem --- openssl-3.5.5/test/recipes/80-test_cms_data/dh-cert.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.5.6/test/recipes/80-test_cms_data/dh-cert.pem 2026-04-07 14:26:30.000000000 +0200 @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFSjCCBDKgAwIBAgIUAV5WB+HkJTxtCmGX88OYfIRfEu8wDQYJKoZIhvcNAQEL +BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGcm9vdENBMB4XDTI2 +MDMzMTA4NDUwOVoXDTI2MDQwMTA4NDUwOVowDjEMMAoGA1UEAwwDcG9jMIIDJzCC +AhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xWICc9PPHYucWD +zi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e1dX9ZWEkM/Uf +XwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFYoTat5zUwrMpP +SDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt52NyuxkLB6fI +7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47G0xvrXM7tfy8 +LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgECAoIBAH////// +////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7nEk2ffL6X8bGx +hjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mvP6vkmswnhjhw +c0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl2WRx/dy1bVuw +a/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJmlBoXsMi5f050 +wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUTYNl3/UQ1oRww +lC5L//////////8DggEGAAKCAQEA8IGxSTAsrdMqlK3rFejocWZ0fmXhLzlhnARX +l3RL+jHyiFoCyCPRLmGBMaL9HqfcVp7E98IvFBxEjtDVc2tcbUJrbv922QaNYqQl +IwuUhdBHDpg0aSbDTV0Vvbny0hDuD7T7VTUO5D7XJammA2hlbpcfO8xuWFmRjdBJ +ctA+MaUbWL21ZzsF8A5rz58mVRHchrAez5ksNb8xaLd0lZqtbiBDntA52XnSp1bO +M2CPlKcb4qMMxVop2DGakChcxu7BUzob22HpRQl+k5K4Tq+kkToHKMR6obpl9Leu +lzJdR8cH9WqF6TE2YFYkpvzE7V7/Rp4uC6UqOGr62oS4thwLtqNTMFEwHwYDVR0j +BBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0wDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUIpXhOwY+ufefb4dBhx3niO/ntO0wDQYJKoZIhvcNAQELBQADggEBABWo +cJfSVwpnYmDHi9U0r0yickvRyFLiOK1vruoKfbkxfYk9J9OwLr4n4S5P5bGXXOSW +AAVXnvYKs6Xn07sg+1X1Sti/1wd/OLOvjaz1ebRqP5MiZRbKIlRHkv2maJEmcdyp +JGR4gHGnu/0I5Zp4DOi+xv1R3vGIkkcl/WIncrJflMJcCRMM4YdMV838kFU2esGm +eB8pTv7acyYsGeSTIk+AYEtS84w3ZQ2sOuGAep0hp9saV/LKiRzNUG0yX2LWP8EO +VMqGSXJqg1TYgAa7lcidtXfQgm+xdTeZzJRbl8Ti3d5YbgXW2vt4vhwkXtPGy5Y3 +NGpnrpeWX4rk4kQmx/I= +-----END CERTIFICATE----- diff -Nru openssl-3.5.5/test/recipes/80-test_cms_data/dh-key.pem openssl-3.5.6/test/recipes/80-test_cms_data/dh-key.pem --- openssl-3.5.5/test/recipes/80-test_cms_data/dh-key.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.5.6/test/recipes/80-test_cms_data/dh-key.pem 2026-04-07 14:26:30.000000000 +0200 @@ -0,0 +1,15 @@ +-----BEGIN PRIVATE KEY----- +MIICQAIBADCCAhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xW +ICc9PPHYucWDzi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e +1dX9ZWEkM/UfXwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFY +oTat5zUwrMpPSDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt +52NyuxkLB6fI7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47 +G0xvrXM7tfy8LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgEC +AoIBAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7n +Ek2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mv +P6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl +2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJm +lBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUT +YNl3/UQ1oRwwlC5L//////////8EHgIcJmHQRSrQ2wQnNyMZhx9Xdkf8hro/xi1r +xDHoWg== +-----END PRIVATE KEY----- Binary files /home/bigeasy/tmp/s1ZRxdctkB/openssl-3.5.5/test/recipes/80-test_cms_data/dh-malformed.der and /home/bigeasy/tmp/8BdJnZRTGq/openssl-3.5.6/test/recipes/80-test_cms_data/dh-malformed.der differ diff -Nru openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-cert.pem openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-cert.pem --- openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-cert.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-cert.pem 2026-04-07 14:26:30.000000000 +0200 @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBcTCCARegAwIBAgIUFyBfipahA11TzFxBhYY2WfTejGswCgYIKoZIzj0EAwIw +DjEMMAoGA1UEAwwDcG9jMB4XDTI2MDMzMTA3MzQyOVoXDTI2MDQwMTA3MzQyOVow +DjEMMAoGA1UEAwwDcG9jMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6iA2FR7s +OgRtpf8cRXDSLSSB5nSzQt2/hzueZTiQXUT1Knto2U5zRqUoioZ/FKsazdhQVQQC +EN0/WYGND+XwmaNTMFEwHwYDVR0jBBgwFoAU+AH0MqgJJ4WYRK+BmEDebmjREYcw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+AH0MqgJJ4WYRK+BmEDebmjREYcw +CgYIKoZIzj0EAwIDSAAwRQIhAPTS8MWoylN+jfLgRfr75WkJqNFlsrfxCDvMtWV+ +NT2yAiBaY72EVG36EP2gGFEhkBaXb0vLx0r7umDgejEwBWQ9mQ== +-----END CERTIFICATE----- diff -Nru openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-key.pem openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-key.pem --- openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-key.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-key.pem 2026-04-07 14:26:30.000000000 +0200 @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgeDjy2W+FHVPt1Kg1 +unwzzD9yBC+NtbH/UaZ9PY4wZP6hRANCAATqIDYVHuw6BG2l/xxFcNItJIHmdLNC +3b+HO55lOJBdRPUqe2jZTnNGpSiKhn8UqxrN2FBVBAIQ3T9ZgY0P5fCZ +-----END PRIVATE KEY----- Binary files /home/bigeasy/tmp/s1ZRxdctkB/openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-malformed.der and /home/bigeasy/tmp/8BdJnZRTGq/openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-malformed.der differ Binary files /home/bigeasy/tmp/s1ZRxdctkB/openssl-3.5.5/test/recipes/80-test_cms_data/rsa-malformed.der and /home/bigeasy/tmp/8BdJnZRTGq/openssl-3.5.6/test/recipes/80-test_cms_data/rsa-malformed.der differ diff -Nru openssl-3.5.5/test/recipes/80-test_cms.t openssl-3.5.6/test/recipes/80-test_cms.t --- openssl-3.5.5/test/recipes/80-test_cms.t 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/recipes/80-test_cms.t 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -53,7 +53,7 @@ $no_rc2 = 1 if disabled("legacy"); -plan tests => 31; +plan tests => 34; ok(run(test(["pkcs7_test"])), "test pkcs7"); @@ -1360,6 +1360,49 @@ "Check for failure when cipher does not have an assigned OID (issue#22225)"); }); +# Test cases for CVE-2026-28389 +my $smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "dh-malformed.der"); +my $smdhcert = srctop_file("test", "recipes", "80-test_cms_data", "dh-cert.pem"); +my $smdhkey = srctop_file("test", "recipes", "80-test_cms_data", "dh-key.pem"); + +with({ exit_checker => sub { return shift == 4; } }, + sub { + SKIP: { + skip "DH is not supported in this build", 1 if $no_dh; + + ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, + "-inform", "DER", "-recip", $smdhcert, "-inkey", $smdhkey])), + "Must not crash on malformed cms inputs with dh key"); + } + }); + +$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-malformed.der"); +my $smecdhcert = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-cert.pem"); +my $smecdhkey = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-key.pem"); + +with({ exit_checker => sub { return shift == 4; } }, + sub { + SKIP: { + skip "EC is not supported in this build", 1 if $no_ec; + + ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, + "-inform", "DER", "-recip", $smecdhcert, "-inkey", $smecdhkey])), + "Must not crash on malformed cms inputs with ecdh key"); + } + }); + +$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "rsa-malformed.der"); +my $smrsacert = catfile($smdir, "smrsa3.pem"); +my $smrsakey = catfile($smdir, "smrsa3-key.pem"); + +# Test case for CVE-2026-28390 +with({ exit_checker => sub { my $ret = shift; return $ret == 4 || $ret == 0; } }, + sub { + ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, "-inform", + "DER", "-recip", $smrsacert, "-inkey", $smrsakey, "-out", "{output}.cms"])), + "Must not crash on malformed cms inputs with RSA key"); + }); + # Test encrypt to three recipients, and decrypt using key-only; # i.e. do not follow the recommended practice of providing the # recipient cert in the decrypt op. diff -Nru openssl-3.5.5/test/recipes/80-test_ocsp.t openssl-3.5.6/test/recipes/80-test_ocsp.t --- openssl-3.5.5/test/recipes/80-test_ocsp.t 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/recipes/80-test_ocsp.t 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -37,22 +37,24 @@ } my $expected_exit = shift; my $nochecks = shift; + my $opt_untrusted = shift // "-verify_other"; my $outputfile = basename($inputfile, '.ors') . '.dat'; run(app(["openssl", "base64", "-d", "-in", catfile($ocspdir,$inputfile), "-out", $outputfile])); + my @certopt = ($opt_untrusted, catfile($ocspdir, $untrusted)); with({ exit_checker => sub { return shift == $expected_exit; } }, sub { ok(run(app(["openssl", "ocsp", "-respin", $outputfile, "-partial_chain", @check_time, "-CAfile", catfile($ocspdir, $CAfile), - "-verify_other", catfile($ocspdir, $untrusted), + @certopt, "-no-CApath", "-no-CAstore", $nochecks ? "-no_cert_checks" : ()])), $title); }); } -plan tests => 12; +plan tests => 13; subtest "=== VALID OCSP RESPONSES ===" => sub { plan tests => 7; @@ -230,6 +232,14 @@ "running ocspapitest"); }; +subtest "=== UNTRUSTED ISSUER HINTS ===" => sub { + plan tests => 1; + + test_ocsp("NON-DELEGATED; invalid issuer via -issuer", + "ND1.ors", "ND1_Cross_Root.pem", + "ISIC_ND1_Issuer_ICA.pem", 1, 0, "-issuer"); +}; + subtest "=== OCSP handling of identical input and output files ===" => sub { plan tests => 5; diff -Nru openssl-3.5.5/test/sslapitest.c openssl-3.5.6/test/sslapitest.c --- openssl-3.5.5/test/sslapitest.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/sslapitest.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8343,6 +8343,13 @@ NULL, "AES128-SHA", "AES128-SHA" }, + { TLS1_2_VERSION, + "AES256-SHA", + NULL, + "AES128-SHA", + NULL, + "", + "" }, #endif /* * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be @@ -8367,6 +8374,13 @@ "TLS_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384" }, + { TLS1_3_VERSION, + "AES128-SHA", + "TLS_AES_128_GCM_SHA256", + "AES256-SHA", + "TLS_AES_256_GCM_SHA384", + "", + "" }, #endif }; @@ -8377,6 +8391,9 @@ int testresult = 0; char buf[1024]; OSSL_LIB_CTX *tmplibctx = OSSL_LIB_CTX_new(); + const char *expbuf = is_fips ? shared_ciphers_data[tst].fipsshared + : shared_ciphers_data[tst].shared; + int handshakeok = strcmp(expbuf, "") != 0; if (!TEST_ptr(tmplibctx)) goto end; @@ -8417,18 +8434,22 @@ shared_ciphers_data[tst].srvrtls13ciphers)))) goto end; - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, + NULL))) goto end; + if (handshakeok) { + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + } else { + if (!TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + } + if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf))) - || !TEST_int_eq(strcmp(buf, - is_fips - ? shared_ciphers_data[tst].fipsshared - : shared_ciphers_data[tst].shared), - 0)) { + || !TEST_int_eq(strcmp(buf, expbuf), 0)) { TEST_info("Shared ciphers are: %s\n", buf); goto end; } @@ -9714,6 +9735,7 @@ SSL *serverssl = NULL, *clientssl = NULL; int testresult = 0; SSL_SESSION *sess = NULL; + int references; #ifdef OSSL_NO_USABLE_TLS1_3 /* If no TLSv1.3 available then do nothing in this case */ @@ -9787,6 +9809,15 @@ get_sess_val = SSL_get_session(serverssl); if (!TEST_ptr(get_sess_val)) goto end; + /* + * Normally the session is also stored in the cache, thus we have more than + * one reference, but due to an out-of-memory error it can happen that this + * is the only reference, and in that case the SSL_free(serverssl) below + * would free the get_sess_val, causing a use-after-free error. + */ + if (!TEST_true(CRYPTO_GET_REF(&get_sess_val->references, &references)) + || !TEST_int_ge(references, 2)) + goto end; sess = SSL_get1_session(clientssl); if (!TEST_ptr(sess)) goto end; @@ -13507,6 +13538,52 @@ #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ } +/* + * Test that if we attempt to send HTTP to a TLS server that we get the expected + * failure reason code. + */ +static int test_http_verbs(int idx) +{ + SSL_CTX *sctx = NULL; + SSL *serverssl = NULL; + int testresult = 0; + const char *verbs[] = { "GET", "POST", "HEAD" }; + const char *http_trailer = " / HTTP/1.0\r\n\r\n"; + BIO *b = BIO_new(BIO_s_mem()); + + if (!TEST_true((unsigned int)idx < OSSL_NELEM(verbs))) + goto end; + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + NULL, 0, 0, &sctx, NULL, cert, privkey))) + goto end; + + serverssl = SSL_new(sctx); + if (!TEST_ptr(serverssl)) + goto end; + + if (!TEST_int_gt(BIO_write(b, verbs[idx], (int)strlen(verbs[idx])), 0)) + goto end; + if (!TEST_int_gt(BIO_write(b, http_trailer, (int)strlen(http_trailer)), 0)) + goto end; + SSL_set_bio(serverssl, b, b); + b = NULL; + + ERR_clear_error(); + if (!TEST_int_le(SSL_accept(serverssl), 0)) + goto end; + if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_HTTP_REQUEST)) + goto end; + + testresult = 1; +end: + SSL_free(serverssl); + SSL_CTX_free(sctx); + BIO_free(b); + + return testresult; +} + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") int setup_tests(void) @@ -13840,6 +13917,7 @@ ADD_TEST(test_ssl_trace); #endif ADD_ALL_TESTS(test_ssl_set_groups_unsupported_keyshare, 2); + ADD_ALL_TESTS(test_http_verbs, 3); return 1; err: diff -Nru openssl-3.5.5/test/tls13groupselection_test.c openssl-3.5.6/test/tls13groupselection_test.c --- openssl-3.5.5/test/tls13groupselection_test.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/tls13groupselection_test.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -40,6 +40,12 @@ SH = 2 } SERVER_RESPONSE; +static const char *response_desc[] = { + "HRR", + "INIT", + "SH", +}; + static char *cert = NULL; static char *privkey = NULL; @@ -307,7 +313,23 @@ { "*brainpoolP256r1:X25519", /* test 43 */ "X25519", SERVER_PREFERENCE, - NEGOTIATION_FAILURE, INIT } + NEGOTIATION_FAILURE, INIT }, + + /* DEFAULT retains tuple structure */ + { "*X25519:secp256r1", + "secp256r1:DEFAULT", /* test 44 */ + SERVER_PREFERENCE, + "secp256r1", HRR }, +#ifndef OPENSSL_NO_DH + { "*ffdhe2048:secp256r1", + "DEFAULT:ffdhe4096", /* test 45 */ + CLIENT_PREFERENCE, + "secp256r1", HRR }, + { "x25519:ffdhe2048:*ffdhe4096", + "DEFAULT:ffdhe4096", /* test 46 */ + SERVER_PREFERENCE, + "x25519", HRR }, +#endif }; static void server_response_check_cb(int write_p, int version, @@ -318,10 +340,12 @@ enum SERVER_RESPONSE *server_response = (enum SERVER_RESPONSE *)arg; /* Prepare check for HRR */ const uint8_t *incoming_random = (uint8_t *)buf + 6; - const uint8_t magic_HRR_random[32] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, + const uint8_t magic_HRR_random[32] = { + 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, - 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C }; + 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C + }; /* Did a server hello arrive? */ if (write_p == 0 && /* Incoming data... */ @@ -450,13 +474,16 @@ group_name_client = SSL_group_to_name(clientssl, negotiated_group_client); if (!TEST_int_eq(negotiated_group_client, negotiated_group_server)) goto end; - if (!TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response)) + if (!TEST_str_eq(response_desc[current_test_vector->expected_server_response], + response_desc[server_response])) goto end; if (TEST_str_eq(group_name_client, current_test_vector->expected_group)) ok = 1; } else { TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)); - if (test_type == TEST_NEGOTIATION_FAILURE && !TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response)) + if (test_type == TEST_NEGOTIATION_FAILURE + && !TEST_str_eq(response_desc[current_test_vector->expected_server_response], + response_desc[server_response])) goto end; ok = 1; } diff -Nru openssl-3.5.5/test/tls-provider.c openssl-3.5.6/test/tls-provider.c --- openssl-3.5.5/test/tls-provider.c 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/test/tls-provider.c 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2163,8 +2163,7 @@ ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) - static X509_PUBKEY - * xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx) +static X509_PUBKEY *xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx) { X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); diff -Nru openssl-3.5.5/util/checkplatformsyms.pl openssl-3.5.6/util/checkplatformsyms.pl --- openssl-3.5.5/util/checkplatformsyms.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/util/checkplatformsyms.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,13 @@ shift(@ARGV); +# Check that object files exist +foreach (@ARGV) { + unless (-f $_ && -r $_) { + die "Path is not a regular readable file: '$_'"; + } +} + my $objlist; my $objfilelist = join(" ", @ARGV); my $expsyms; @@ -36,13 +43,13 @@ { chomp; my $dllfile = $_; - $dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE \2/; + $dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE $2/; if (index($dllfile, "DLLFILE") >= 0) { $currentdll = substr($dllfile, 8); $currentdll =~ s/^\s+|s+$//g; } # filter imports from our own library - if ("$currentdll" ne "libcrypto-3-x64") { + if ("$currentdll" !~ /^libcrypto-[1-9][0-9]*(-x64)?$/) { my $line = $_; $line =~ s/ [0-9a-fA-F]{1,2} /SYMBOL /; if (index($line, "SYMBOL") != -1) { @@ -51,18 +58,28 @@ } } } + + close($OBJFH); + ($? >> 8 == 0) or die "Command '$cmd' has failed."; + + my $ok = 1; foreach (@symlist) { + chomp; if (index($exps, $_) < 0) { print "Symbol $_ not in the allowed platform symbols list\n"; - exit 1; + $ok = 0; } } - exit 0; + exit !$ok; } else { - $cmd = "objdump -t " . $objfilelist . " | grep UND | grep -v \@OPENSSL"; - $cmd = $cmd . " | awk '{print \$NF}' |"; - $cmd = $cmd . " sed -e\"s/@.*\$//\" | sort | uniq"; + $cmd = "objdump -t " . $objfilelist . " | awk " . + "'/\\\\*UND\\\\*/ {" . + "split(\$NF, sym_lib, \"@\");" . + "if (sym_lib[2] !~ \"OPENSSL_[1-9][0-9]*\\\\.[0-9]+\\\\.[0-9]+\$\")" . + "syms[sym_lib[1]] = 1;" . + "}" . + "END { for (s in syms) print s; };'"; open $expsyms, '<', $expectedsyms or die; { @@ -72,13 +89,16 @@ close($expsyms); open($OBJFH, "$cmd|") or die "Cannot open process: $!"; + my $ok = 1; while (<$OBJFH>) { + chomp; if (index($exps, $_) < 0) { print "Symbol $_ not in the allowed platform symbols list\n"; - exit 1; + $ok = 0; } } close($OBJFH); - exit 0; + + exit !(!($? >> 8) || !$ok); } diff -Nru openssl-3.5.5/util/missingcrypto.txt openssl-3.5.6/util/missingcrypto.txt --- openssl-3.5.5/util/missingcrypto.txt 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/util/missingcrypto.txt 2026-04-07 14:26:30.000000000 +0200 @@ -1043,8 +1043,6 @@ X509V3_EXT_get_nid(3) X509V3_EXT_nconf(3) X509V3_EXT_nconf_nid(3) -X509V3_EXT_print(3) -X509V3_EXT_print_fp(3) X509V3_EXT_val_prn(3) X509V3_NAME_from_section(3) X509V3_add_standard_extensions(3) diff -Nru openssl-3.5.5/util/mkerr.pl openssl-3.5.6/util/mkerr.pl --- openssl-3.5.5/util/mkerr.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/util/mkerr.pl 2026-04-07 14:26:30.000000000 +0200 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -339,21 +339,21 @@ */ #ifndef $guard -# define $guard -# pragma once +#define $guard +#pragma once -# include -# include +#include +#include -# ifdef __cplusplus +#ifdef __cplusplus extern \"C\" { -# endif +#endif EOF $indent = ' '; if ($disablable) { print OUT <<"EOF"; -# ifndef OPENSSL_NO_${lib} +#ifndef OPENSSL_NO_${lib} EOF $indent = " "; @@ -380,7 +380,7 @@ $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } - printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z; + printf OUT "#define $i $rcodes{$i}\n"; } print OUT "\n"; } @@ -389,14 +389,14 @@ # brace for 'extern "C" {'. while (length($indent) > 1) { $indent = substr $indent, 0, -1; - print OUT "#${indent}endif\n"; + print OUT "#endif\n"; } print OUT <<"EOF"; -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif #endif EOF close OUT; @@ -408,8 +408,8 @@ my $extra_include = $internal ? ($lib ne 'SSL' - ? "# include \n" - : "# include \n") + ? "#include \n" + : "#include \n") : ''; my $hfile = $hpubinc{$lib}; my $guard = $hfile; @@ -430,46 +430,43 @@ */ #ifndef $guard -# define $guard -# pragma once +#define $guard +#pragma once -# include -# include +#include +#include $extra_include - EOF $indent = ' '; if ( $internal ) { if ($disablable) { print OUT <<"EOF"; -# ifndef OPENSSL_NO_${lib} - +#ifndef OPENSSL_NO_${lib} EOF $indent .= ' '; } } else { print OUT <<"EOF"; -# define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) -# define ERR_R_${lib}_LIB ERR_${lib}_lib() - +#define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE) +#define ERR_R_${lib}_LIB ERR_${lib}_lib() EOF if ( ! $static ) { print OUT <<"EOF"; -# ifdef __cplusplus +#ifdef __cplusplus extern \"C\" { -# endif +#endif int ERR_load_${lib}_strings(void); void ERR_unload_${lib}_strings(void); void ERR_${lib}_error(int function, int reason, const char *file, int line); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif EOF } } - print OUT "\n/*\n * $lib reason codes.\n */\n"; + print OUT "/*\n * $lib reason codes.\n */\n"; foreach my $i ( @reasons ) { my $z = 48 - length($i); $z = 0 if $z < 0; @@ -484,13 +481,13 @@ $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } - printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z; + printf OUT "#define $i $rcodes{$i}\n"; } print OUT "\n"; while (length($indent) > 0) { $indent = substr $indent, 0, -1; - print OUT "#${indent}endif\n"; + print OUT "#endif\n"; } close OUT; } @@ -550,7 +547,7 @@ } } print OUT <<"EOF"; -#${indent}ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR static ${const}ERR_STRING_DATA ${lib}_str_reasons[] = { EOF @@ -568,26 +565,26 @@ $strings{$i} = $rn; } my $lines; - $lines = " {ERR_PACK($pack_lib, 0, $i), \"$rn\"},"; - $lines = " {ERR_PACK($pack_lib, 0, $i),\n \"$rn\"}," - if length($lines) > 80; + $lines = " { ERR_PACK($pack_lib, 0, $i), \"$rn\" },"; + $lines = " { ERR_PACK($pack_lib, 0, $i),\n \"$rn\" }," + if length($lines) > 82; print OUT "$lines\n"; } print OUT <<"EOF"; - {0, NULL} + { 0, NULL } }; -#${indent}endif +#endif EOF if ( $internal ) { print OUT <<"EOF"; int ossl_err_load_${lib}_strings(void) { -#${indent}ifndef OPENSSL_NO_ERR +#ifndef OPENSSL_NO_ERR if (ERR_reason_error_string(${lib}_str_reasons[0].error) == NULL) ERR_load_strings_const(${lib}_str_reasons); -#${indent}endif +#endif return 1; } EOF @@ -642,7 +639,7 @@ while (length($indent) > 1) { $indent = substr $indent, 0, -1; - print OUT "#${indent}endif\n"; + print OUT "#endif\n"; } if ($internal && $disablable) { print OUT <<"EOF"; diff -Nru openssl-3.5.5/util/mkinstallvars.pl openssl-3.5.6/util/mkinstallvars.pl --- openssl-3.5.5/util/mkinstallvars.pl 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/util/mkinstallvars.pl 2026-04-07 14:26:30.000000000 +0200 @@ -29,7 +29,7 @@ LIBDIR => [ qw(ENGINESDIR MODULESDIR PKGCONFIGDIR CMAKECONFIGDIR) ]); # For completeness, other expected variables -my @others = qw(VERSION LDLIBS); +my @others = qw(COMMENT VERSION LDLIBS); my %all = ( ); foreach (@absolutes) { $all{$_} = 1 } @@ -135,9 +135,10 @@ } print <<_____; - \$VERSION \@LDLIBS + \$COMMENT \$VERSION \@LDLIBS ); +our \$COMMENT = '$values{COMMENT}->[0]'; _____ foreach my $k (@absolutes) { diff -Nru openssl-3.5.5/util/platform_symbols/windows-symbols.txt openssl-3.5.6/util/platform_symbols/windows-symbols.txt --- openssl-3.5.5/util/platform_symbols/windows-symbols.txt 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/util/platform_symbols/windows-symbols.txt 2026-04-07 14:26:30.000000000 +0200 @@ -1,236 +1,175 @@ -CryptGenRandom -RegisterEventSourceW -ReportEventW -CryptAcquireContextW -CryptReleaseContext -DeregisterEventSource +AcquireSRWLockExclusive +AcquireSRWLockShared +CertCloseStore CertFindCertificateInStore CertFreeCertificateContext CertOpenSystemStoreW -CertCloseStore -GetUserObjectInformationW -GetProcessWindowStation -MessageBoxW -GetCurrentProcess -ReadConsoleW -ReadConsoleA -SetConsoleMode -GetConsoleMode +CloseHandle +ConvertFiberToThread +ConvertThreadToFiberEx +CreateFiberEx CreateSemaphoreA -GetExitCodeThread -WaitForSingleObject -ReleaseSemaphore -GetCurrentProcessId -TryEnterCriticalSection -LeaveCriticalSection +CryptAcquireContextW +CryptGenRandom +CryptReleaseContext +DeleteCriticalSection +DeleteFiber +DeregisterEventSource +DisableThreadLibraryCalls EnterCriticalSection -InitializeCriticalSection -SystemTimeToFileTime +FindClose +FindFirstFileW +FindNextFileW +FormatMessageA +FreeLibrary +GetACP +GetConsoleMode +GetCurrentProcess +GetCurrentProcessId +GetCurrentThreadId +GetEnvironmentVariableW +GetExitCodeThread +GetFileType +GetLastError +GetModuleHandleExW +GetModuleHandleW +GetProcAddress +GetProcessWindowStation +GetStartupInfoW +GetStdHandle +GetSystemDirectoryA +GetSystemInfo GetSystemTime -TlsFree -TlsSetValue -TlsGetValue GetSystemTimeAsFileTime +GetUserObjectInformationW +InitializeCriticalSection +InitializeSListHead +InitializeSRWLock +IsDebuggerPresent +IsProcessorFeaturePresent +LeaveCriticalSection +LoadLibraryA +LoadLibraryW +MessageBoxW +MultiByteToWideChar +QueryPerformanceCounter +ReadConsoleA +ReadConsoleW +RegisterEventSourceW +ReleaseSRWLockExclusive +ReleaseSRWLockShared +ReleaseSemaphore +ReportEventW RtlCaptureContext RtlLookupFunctionEntry -UnhandledExceptionFilter +RtlVirtualUnwind +SetConsoleMode +SetLastError SetUnhandledExceptionFilter -IsProcessorFeaturePresent -IsDebuggerPresent -GetStartupInfoW -QueryPerformanceCounter -InitializeSListHead -DeleteCriticalSection +Sleep +SwitchToFiber +SystemTimeToFileTime TerminateProcess TlsAlloc -GetCurrentThreadId -AcquireSRWLockShared -AcquireSRWLockExclusive -RtlVirtualUnwind -ConvertFiberToThread -ConvertThreadToFiberEx -SwitchToFiber -DeleteFiber -CreateFiberEx -GetSystemDirectoryA -FreeLibrary -GetProcAddress -LoadLibraryA -FormatMessageA -GetLastError -SetLastError -CloseHandle -LoadLibraryW -GetEnvironmentVariableW -GetStdHandle -GetFileType -WriteFile -GetModuleHandleW -MultiByteToWideChar -WideCharToMultiByte -GetACP -GetModuleHandleExW -GetSystemInfo +TlsFree +TlsGetValue +TlsSetValue +TryEnterCriticalSection +UnhandledExceptionFilter VirtualAlloc -VirtualProtect VirtualFree VirtualLock -FindClose -FindFirstFileW -FindNextFileW -Sleep -InitializeSRWLock -ReleaseSRWLockExclusive -ReleaseSRWLockShared -__current_exception +VirtualProtect +WSAIoctl +WSASocketA +WaitForSingleObject +WideCharToMultiByte +WriteFile __C_specific_handler -wcsstr +__acrt_iob_func +__current_exception __current_exception_context -strlen -strstr -strchr -memmove -strrchr -memcmp -memset -memcpy -memchr __std_type_info_destroy_list -__stdio_common_vsprintf __stdio_common_vfprintf +__stdio_common_vsnprintf_s +__stdio_common_vsprintf +__stdio_common_vsprintf_s __stdio_common_vsscanf -ftell -fseek -fread -_fileno __stdio_common_vswprintf -_wfopen -fopen -setvbuf -fflush -ferror -feof -clearerr -setbuf -fclose -fputs -__acrt_iob_func -__stdio_common_vsprintf_s -fwrite -fgets -_setmode -strtoul -atoi -strtol -tolower -strspn -strcspn -strncpy -strpbrk -strncmp -strcmp -strcat_s -isspace -_strdup -isdigit -strncpy_s -strcpy_s -_gmtime64_s __timezone -_mktime64 -_time64 -qsort -malloc -realloc -calloc -free -terminate -signal -_initialize_narrow_environment _beginthreadex +_cexit +_chmod +_configure_narrow_argv +_crt_at_quick_exit +_crt_atexit +_dclass _endthreadex -_register_onexit_function -strerror_s +_errno _execute_onexit_table -raise -_crt_atexit _exit -_crt_at_quick_exit -_errno -_cexit -_initterm_e -_configure_narrow_argv +_fileno +_fstat64i32 +_get_osfhandle +_gmtime64_s +_initialize_narrow_environment _initialize_onexit_table _initterm +_initterm_e +_mktime64 +_register_onexit_function _seh_filter_dll -_chmod +_setmode _stat64i32 -_fstat64i32 +_strdup +_time64 +_wfopen +atoi +calloc +clearerr +fclose +feof +ferror +fflush +fgets +fopen +fputs +fread +free +fseek +ftell +fwrite getenv -GetStartupInfoW -RtlLookupFunctionEntry -RtlVirtualUnwind -UnhandledExceptionFilter -GetSystemTime -SystemTimeToFileTime -CloseHandle -InitializeCriticalSection -EnterCriticalSection -LeaveCriticalSection -TryEnterCriticalSection -DeleteCriticalSection -ReleaseSemaphore -WaitForSingleObject -WSASocketA -WSAIoctl -GetCurrentThreadId -SetUnhandledExceptionFilter -GetExitCodeThread -CreateSemaphoreA -SetLastError -GetLastError -GetCurrentProcess -TerminateProcess -IsProcessorFeaturePresent -QueryPerformanceCounter -RtlCaptureContext -GetCurrentProcessId -GetSystemTimeAsFileTime -DisableThreadLibraryCalls -InitializeSListHead -IsDebuggerPresent -GetModuleHandleW +isdigit +isspace +malloc +memchr +memcmp memcpy +memmove memset -__current_exception_context +qsort +raise +realloc +setbuf +setvbuf +signal +strcat_s strchr -memcmp -memchr +strcmp +strcpy_s +strcspn +strerror_s +strlen +strncmp +strncpy +strncpy_s +strpbrk +strrchr +strspn strstr -memmove -__std_type_info_destroy_list -__current_exception -__C_specific_handler -_errno -_endthreadex +strtol +strtoul terminate -_initterm -_initterm_e -_seh_filter_dll -_configure_narrow_argv -_initialize_narrow_environment -_initialize_onexit_table -_register_onexit_function -_execute_onexit_table -_crt_atexit -_crt_at_quick_exit -_cexit -_beginthreadex -_time64 -strncmp -strcmp -qsort -_stat64i32 -atoi -__stdio_common_vsprintf -_dclass +tolower +wcsstr diff -Nru openssl-3.5.5/util/wrap.pl.in openssl-3.5.6/util/wrap.pl.in --- openssl-3.5.5/util/wrap.pl.in 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/util/wrap.pl.in 2026-04-07 14:26:30.000000000 +0200 @@ -79,6 +79,7 @@ $std_openssl_conf_include = catdir($there, 'providers'); } +local $ENV{OPENSSL_RUNNING_UNIT_TESTS} = "yes"; local $ENV{OPENSSL_CONF_INCLUDE} = $std_openssl_conf_include if defined $std_openssl_conf_include diff -Nru openssl-3.5.5/VERSION.dat openssl-3.5.6/VERSION.dat --- openssl-3.5.5/VERSION.dat 2026-01-27 14:42:37.000000000 +0100 +++ openssl-3.5.6/VERSION.dat 2026-04-07 14:26:30.000000000 +0200 @@ -1,7 +1,7 @@ MAJOR=3 MINOR=5 -PATCH=5 +PATCH=6 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="27 Jan 2026" +RELEASE_DATE="7 Apr 2026" SHLIB_VERSION=3